function myOwnStripInput($searchString)
{
if ($searchString !== '') {
// Remove escape characters
$searchString = stripslashes($searchString);
// Remove modx sensitive tags
$searchString = stripTags($searchString);
// Remove +something+ substring too
$searchString = stripOtherTags($searchString);
// Strip HTML tags
$searchString = stripHtml($searchString);
}
return $searchString;
}
public function showdetail()
{
global $G, $lang;
$tid = intval($_GET['tid']);
$task = $this->t('task')->where(array('tid' => $tid))->selectOne();
if ($task) {
$task['pic'] = image($task['pic']);
$task['distance'] = getDistance($this->longitude, $this->latitude, $task['longitude'], $task['latitude']);
if ($_GET['datatype'] == 'json') {
$task['content'] = stripHtml($task['content']);
$this->showAppData($task);
} else {
include template('task_detail', 'app');
}
}
}
public function showlist()
{
global $G;
$pagesize = isset($_GET['pagesize']) ? intval($_GET['pagesize']) : 20;
$shoplist = $this->t('shop')->field('*,dsx_distance(' . $this->longitude . ',' . $this->latitude . ',longitude,latitude) as distance')->page($G['page'], $pagesize)->order('distance ASC,shopid ASC')->select();
if ($shoplist) {
$newlist = array();
foreach ($shoplist as $list) {
$list['pic'] = image($list['pic']);
$list['distance'] = distance($list['distance']);
$list['description'] = stripHtml($list['description']);
$newlist[] = $list;
}
$shoplist = $newlist;
} else {
$shoplist = array();
}
$this->showAppData($shoplist);
}
/**
* 更新文章
*/
public function update()
{
global $G;
if ('POST' != $_SERVER['REQUEST_METHOD']) {
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
exit;
}
if (!isset($_GET['formsubmit']) || $_GET['formsubmit'] != 'yes') {
$this->showError('undefined_action');
}
$id = intval($_GET['id']);
$newpost = $_GET['newpost'];
$content = $_GET['content'];
if (is_array($newpost)) {
$newpost['uid'] = $this->uid;
$newpost['username'] = $this->username;
if (empty($newpost['title']) || !isset($newpost['title'])) {
$this->showError('title_empty');
}
if (!$newpost['catid']) {
$this->showError('category_empty');
}
$where['id'] = $id;
if (!$this->account['adminid']) {
$where['uid'] = $this->uid;
}
$newpost['modified'] = TIMESTAMP;
$newpost['author'] = isset($newpost['author']) && !empty($newpost['author']) ? $newpost['author'] : $this->username;
$newpost['from'] = isset($newpost['from']) ? $newpost['from'] : '';
$newpost['fromurl'] = isset($newpost['fromurl']) ? $newpost['fromurl'] : '';
$newpost['tags'] = $newpost['tags'] ? serialize($newpost['tags']) : '';
$newpost['allowcomment'] = isset($newpost['allowcomment']) ? trim($newpost['allowcomment']) : 1;
$newpost['summary'] = $newpost['summary'] ? $newpost['summary'] : '';
$newpost['summary'] = $newpost['summary'] ? $newpost['summary'] : cutstr(stripHtml($content), 400);
$newpost['summary'] = str_replace('&', '&', $newpost['summary']);
$newpost['summary'] = str_replace(' ', '', $newpost['summary']);
$newpost['summary'] = preg_replace('/\\s| /', '', $newpost['summary']);
$this->t('post_title')->where($where)->update($newpost);
$this->t('post_content')->where(array('aid' => $id))->delete();
if (!in_array($newpost['type'], array('image', 'video', 'music', 'goods', 'active'))) {
$newpost['type'] = 'article';
}
if ($newpost['type'] == 'article') {
$content = $content ? $content : $_GET['content'];
$contentlist = preg_split('/###Pagebreak###/', $content);
if (count($contentlist) == 1) {
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
} else {
foreach ($contentlist as $key => $value) {
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $value, 'pageorder' => $key + 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
}
}
}
if ($newpost['type'] == 'image') {
$piclist = isset($_GET['piclist']) ? $_GET['piclist'] : array();
if (!empty($piclist)) {
$content = serialize($piclist);
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
}
}
if ($newpost['type'] == 'video') {
$videourl = trim($_GET['videourl']);
if ($videourl) {
$videodata = \Core\ParseVideoUrl::ParseUrl($videourl);
$videodata['content'] = $content ? $content : trim($_GET['content']);
$content = serialize($videodata);
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
if (empty($newpost['pic'])) {
$this->t('post_title')->where(array('id' => $id))->update(array('pic' => $videodata['img']));
}
}
}
if ($newpost['type'] == 'music') {
$musicarray['songs'] = trim($_GET['songs']);
$musicarray['content'] = $content ? $content : $_GET['content'];
$content = serialize($musicarray);
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
}
if ($newpost['type'] == 'goods') {
$attributelist = isset($_GET['attribute']) ? $_GET['attribute'] : array();
foreach ($attributelist as $attribute) {
$attribute['aid'] = $id;
$this->t('post_goods_attribute')->insert($attribute);
}
$content = $content ? $content : $_GET['content'];
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
}
if ($newpost['type'] == 'active') {
$active = isset($_GET['active']) ? $_GET['active'] : array('begin' => time(), 'end' => '');
$active['aid'] = $id;
$active['begin'] = strtotime($active['begin']);
$active['end'] = strtotime($active['end']);
$this->t('post_active')->insert($active);
$content = $content ? $content : $_GET['content'];
$contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time());
$this->t('post_content')->insert($contentarray);
}
$links = array(array('text' => 'reedit', 'url' => '/?m=home&c=post&a=edit&id=' . $id), array('text' => 'view', 'url' => '/?m=post&c=detail&id=' . $id, 'target' => '_blank'));
$this->showSuccess('modi_succeed', '', $links, '', true);
} else {
$this->showError('undefined_error');
}
}
function get_config($posted_value)
{
$d = stripHtml($this->_get_description());
global $SEPARATOR;
return "\n" . $SEPARATOR . str_replace("\n", "\n; ", $d) . "\n" . $this->default_value;
}
/**
* Save comment in database
* @param $moduleId Module id to add comment to.
* @param $moduleContentTypeId Identifier of content type.
* @param $moduleContentId Identifier of content.
* @return List of errors if any.
*/
function saveComment($moduleId, $moduleContentTypeId, $moduleContentId)
{
global $dbi, $errors, $login, $referer, $settings, $spamFilter;
global $lComment, $lEditComment;
// Check if data is submitted from the form
checkSubmitter();
// Get user ip
$ip = getenv("REMOTE_ADDR");
// Get values
$this->moduleId = $moduleId;
$this->moduleContentTypeId = $moduleContentTypeId;
$this->moduleContentId = $moduleContentId;
$this->name = parseString(stripHtml(getValue("name")));
$this->mail = parseString(stripHtml(getValue("mail")));
$this->link = parseString(stripHtml(getValue("link")));
$this->subject = parseString(stripHtml(getValue("subject")));
$this->message = parseString(stripHtml(getValue("message")));
$this->spam = getValue("spam");
$this->userId = getValue("userId");
// Get default name
$defaultName = parseString(getPostValue("defaultName"));
// Validate comment data
if (empty($this->id)) {
if (!$this->hasCommentPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
}
if (!$login->isLoggedIn()) {
if ($settings->commentsRequireValidation) {
if (!audit()) {
$errors->addError("validation", $lComment["WrongValidation"]);
}
}
if (empty($this->name) || $this->name == $defaultName) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
} else {
if (!$this->hasEditPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
} else {
if (empty($this->name) && empty($this->userId)) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
}
if (empty($this->subject)) {
$errors->addError("subject", $lEditComment["MissingSubject"]);
}
if (empty($this->message)) {
$errors->addError("message", $lEditComment["MissingText"]);
}
// Check if message could be classified as spam
$spam = $spamFilter->isSpam($this->name, $this->mail, $this->subject, $this->message);
// Check if this ip has been spam before
if (!$spam) {
$result = $dbi->query("SELECT COUNT(*) FROM " . commentTableName . " WHERE spam=1 AND ip=" . $dbi->quote($ip));
if ($result->rows()) {
list($count) = $result->fetchrow_array();
if ($count != 0) {
$spam = true;
}
}
}
// If there were no errors insert or update comment
if (!$errors->hasErrors()) {
if (empty($this->id)) {
// Insert into comment database
$dbi->query("INSERT INTO " . commentTableName . "(moduleId,moduleContentTypeId,moduleContentId,userId,name,mail,link,subject,message,ip,posted,spam,trash) VALUES(" . $dbi->quote($moduleId) . "," . $dbi->quote($moduleContentTypeId) . "," . $dbi->quote($moduleContentId) . "," . ($login->isLoggedIn() ? $login->id : 0) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->mail) . "," . $dbi->quote($this->link) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->message) . "," . $dbi->quote($ip) . ",NOW()," . $dbi->quote($spam) . ",0)");
// Get new comment id
$this->id = $dbi->getInsertId();
} else {
// Update values in database
$dbi->query("UPDATE " . commentTableName . " SET name=" . $dbi->quote($this->name) . ",mail=" . $dbi->quote($this->mail) . ",link=" . $dbi->quote($this->link) . ",subject=" . $dbi->quote($this->subject) . ",message=" . $dbi->quote($this->message) . ",posted=posted,spam=" . $dbi->quote($spam) . " WHERE (id=" . $dbi->quote($this->id) . ")");
}
// Remember poster
$remember = getValue("remember");
if (!empty($remember)) {
$poster["name"] = stripslashes($this->name);
$poster["mail"] = stripslashes($this->mail);
$poster["link"] = stripslashes($this->link);
$poster["remember"] = stripslashes($remember);
setcookie("commentPoster", addslashes(serialize($poster)), time() + 31536000);
}
}
// Return errors if any
return $errors;
}
function setMetaKeywords($metaKeywords)
{
$metaKeywords = stripHtml(validateTextLength(parseString($metaKeywords), 300));
$this->metaKeywords = $metaKeywords;
}
// Include common functions and declarations
require_once "../../include/common.php";
require_once "../include/config.php";
// Create blog object
$blog = new Blog(!empty($_GET["blogId"]) ? $_GET["blogId"] : 0);
if (!empty($blog->id)) {
// Include language
include scriptPath . "/" . folderBlog . "/include/language/" . $blog->language . "/general.php";
// Protect page
if (!empty($blog->userlevel)) {
protectPage($blog->userlevel);
}
// Get the post list
$items = array();
$result = $dbi->query("SELECT id FROM " . blogPostTableName . " WHERE blogId=" . $blog->id . " AND draft=0 ORDER BY posted DESC LIMIT 15");
for ($i = 0; list($id) = $result->fetchrow_array(); $i++) {
$post = new Post($id);
// Get categories
$categories = array();
for ($i = 0; $i < sizeof($post->categories); $i++) {
$categories[] = $post->categories[$i][1];
}
// Create new item
$item = new RSSItem($post->id, $post->user->name, $categories, $post->getPostLink() . "#comments", scriptUrl . "/" . folderBlog . "/" . fileBlogCommentRSS . "?postId=" . $post->id, $post->getPostLink(), stripHtml(!empty($post->text) ? $post->text : $post->summary), $post->printRSSPostSummary(), $post->posted, $post->subject);
$items[] = $item;
}
// Print feed
$rss = new RSS($blog->title, $blog->description, $blog->getBlogLink(), scriptUrl . "/" . folderBlog . "/" . fileBlogPostRSS . "?blogId=" . $blog->id, $items);
$rss->printRSSFeed();
}
/**
* Default user StripInput function
*
* @param string $searchString term searched
*/
function defaultStripInput($searchString, $pgCharset = 'UTF-8')
{
if ($searchString !== '') {
// Remove escape characters
$searchString = stripslashes($searchString);
// Remove js tags
$searchString = stripJscripts($searchString);
// Remove modx sensitive tags
$searchString = stripTags($searchString);
// Strip HTML tags
$searchString = stripHtml($searchString);
// and finally prevent JS XSS
// The double_encode parameter was added with version 5.2.3
if (version_compare(PHP_VERSION, '5.2.3', '>=')) {
$searchString = htmlspecialchars($searchString, ENT_COMPAT, $pgCharset, False);
} else {
$searchString = $this->php_compat_htmlspecialchars($searchString, ENT_COMPAT, $pgCharset, False);
}
}
return $searchString;
}
