function tpl_function_qishi_news_show($params, &$smarty)
{
global $db, $_CFG;
$arr = explode(',', $params['set']);
foreach ($arr as $str) {
$a = explode(':', $str);
switch ($a[0]) {
case "资讯ID":
$aset['id'] = $a[1];
break;
case "列表名":
$aset['listname'] = $a[1];
break;
}
}
$aset = array_map("get_smarty_request", $aset);
$aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
$aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
unset($arr, $str, $a, $params);
$sql = "select id,subsite_id,content,title,seo_keywords,seo_description,type_id,addtime from " . table('article') . " WHERE id=" . intval($aset['id']) . " AND is_display=1 LIMIT 1";
$val = $db->getone($sql);
if (empty($val)) {
header("HTTP/1.1 404 Not Found");
$smarty->display("404.htm");
exit;
}
check_url($val['subsite_id'], $smarty, $_CFG['news_url']);
$val['content'] = htmlspecialchars_decode($val['content'], ENT_QUOTES);
if ($val['seo_keywords'] == "") {
$val['keywords'] = $val['title'];
} else {
$val['keywords'] = $val['seo_keywords'];
}
if ($val['seo_description'] == "") {
$val['description'] = cut_str(strip_tags($val['content']), 60, 0, "");
} else {
$val['description'] = $val['seo_description'];
}
if (intval($_CFG['subsite_id']) > 0) {
$other_wheresql = " AND subsite_id=" . intval($_CFG['subsite_id']) . " ";
}
$prev = $db->getone("select id,subsite_id,title from " . table('article') . " where id<" . $val['id'] . " and type_id=" . $val['type_id'] . $other_wheresql . " order by id desc limit 1");
if (!$prev) {
$val['prev'] = 0;
} else {
$val['prev'] = 1;
$val['prev_title'] = $prev['title'];
$val['prev_url'] = url_rewrite("QS_newsshow", array('id' => $prev['id']), 1, $prev['subsite_id']);
}
$next = $db->getone("select id,subsite_id,title from " . table('article') . " where id>" . $val['id'] . " and type_id=" . $val['type_id'] . $other_wheresql . " limit 1");
if (!$next) {
$val['next'] = "没有了";
} else {
$val['next'] = 1;
$val['next_title'] = $next['title'];
$val['next_url'] = url_rewrite("QS_newsshow", array('id' => $next['id']), 1, $next['subsite_id']);
}
$smarty->assign($aset['listname'], $val);
}
/**
* Customize RSS feed icon
*
* @param $url
* URL for RSS icon to link to
* @param $title
* Title for RSS icon
* @return a string containing the RSS icon output.
*/
function txtconnect_theme_feed_icon($url, $title)
{
if ($image = theme('image', '/misc/feed.png', t('RSS Feed'), $title)) {
$output = '<div id="top-feed-container"><a href="' . check_url($url) . '" class="feed-icon">' . $image . '</a> ';
$output .= '<a href="' . check_url($url) . '" class="feed-icon">RSS Feed</a></div>';
return $output;
}
}
function build_url($url)
{
if (check_url($url)) {
return $url;
} else {
return config::standard_protocol . $url;
}
}
function tpl_function_qishi_curriculum_show($params, &$smarty)
{
global $db, $timestamp, $_CFG;
$arr = explode(',', $params['set']);
foreach ($arr as $str) {
$a = explode(':', $str);
switch ($a[0]) {
case "¿Î³ÌID":
$aset['id'] = $a[1];
break;
case "ÁбíÃû":
$aset['listname'] = $a[1];
break;
case "ÃèÊö³¤¶È":
$aset['brieflylen'] = $a[1];
break;
case "Ìî²¹×Ö·û":
$aset['dot'] = $a[1];
break;
}
}
$aset = array_map("get_smarty_request", $aset);
$aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
$aset['brieflylen'] = isset($aset['brieflylen']) ? intval($aset['brieflylen']) : 0;
$aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
$wheresql = " WHERE id={$aset['id']} ";
$sql = "select id,subsite_id,uid,setmeal_deadline,add_mode,train_id,contents,refreshtime,teacher_id,teacher_cn,trainname,course_name,addtime,click,favour_expenses,train_expenses,classhour,category_cn,starttime,classtype_cn,district_cn,train_object,train_certificate from " . table('course') . $wheresql . " LIMIT 1";
$val = $db->getone($sql);
if (empty($val)) {
header("HTTP/1.1 404 Not Found");
$smarty->display("404.htm");
exit;
} else {
check_url($val['subsite_id'], $smarty, $_CFG['train_url']);
if ($val['setmeal_deadline'] < time() && $val['setmeal_deadline'] != "0" && $val['add_mode'] == "2") {
$val['deadline'] = $val['setmeal_deadline'];
}
$val['course_url'] = url_rewrite('QS_courseshow', array('id' => $val['id']), 1, $val['subsite_id']);
$profile = GetTainProfile($val['train_id']);
$val['train'] = $profile;
$val['expire'] = sub_day($val['deadline'], time());
$val['countapply'] = $db->get_total("SELECT COUNT(*) AS num FROM " . table('personal_course_apply') . " WHERE course_id= '{$val['id']}'");
if ($aset['brieflylen'] > 0) {
$val['briefly'] = cut_str(strip_tags($val['contents']), $aset['brieflylen'], 0, $aset['dot']);
} else {
$val['briefly'] = strip_tags($val['contents']);
}
$val['refreshtime_cn'] = daterange(time(), $val['refreshtime'], 'Y-m-d', "#FF3300");
$val['train_url'] = url_rewrite('QS_train_agencyshow', array('id' => $val['train_id']));
$val['teacher_url'] = url_rewrite('QS_train_lecturershow', array('id' => $val['teacher_id']));
if ($val['train']['logo']) {
$val['train']['logo'] = $_CFG['site_dir'] . "data/train_logo/" . $val['train']['logo'];
} else {
$val['train']['logo'] = $_CFG['site_dir'] . "data/train_logo/no_logo.gif";
}
}
$smarty->assign($aset['listname'], $val);
}
/**
* Checks that harmful protocols are stripped.
*/
function testBadProtocolStripping()
{
// Ensure that check_url() strips out harmful protocols, and encodes for
// HTML.
// Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
// be used to return a plain-text string stripped of harmful protocols.
$url = 'javascript:http://www.example.com/?x=1&y=2';
$expected_plain = 'http://www.example.com/?x=1&y=2';
$expected_html = 'http://www.example.com/?x=1&y=2';
$this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
$this->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\\Drupal\\Component\\Utility\\Url::stripDangerousProtocols() filters a URL and returns plain text.');
}
/**
* Confirms that invalid URLs are filtered in link generating functions.
*/
function testLinkXSS()
{
// Test \Drupal::l().
$text = $this->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = \Drupal::l($text, Url::fromUserInput('/' . $path));
$sanitized_path = check_url(Url::fromUri('base:' . $path)->toString());
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
// Test \Drupal\Core\Url.
$link = Url::fromUri('base:' . $path)->toString();
$sanitized_path = check_url(Url::fromUri('base:' . $path)->toString());
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', ['@path' => $path]));
}
/**
* Confirms that invalid URLs are filtered in link generating functions.
*/
function testLinkXSS()
{
// Test _l().
$text = $this->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = _l($text, $path);
$sanitized_path = check_url(_url($path));
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
// Test _url().
$link = _url($path);
$sanitized_path = check_url(_url($path));
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', ['@path' => $path]));
}
function sci_aggregator_block_item($item, $feed = 0)
{
global $user;
$output = '';
if ($user->uid && module_exists('post') && user_access('create post entries')) {
if ($image = theme('image', 'misc/blog.png', t('post it'), t('post it'))) {
$output .= '<div class="icon">' . l($image, 'node/add/post', array('attributes' => array('title' => t('Comment on this news item in your personal postings.'), 'class' => 'post-it'), 'query' => "iid={$item->iid}", 'html' => TRUE)) . '</div>';
}
}
// Display the external link to the item.
$output .= '<a href="' . check_url($item->link) . '">' . check_plain($item->title) . "</a>\n";
return $output;
}
/**
* Confirms that invalid URLs are filtered in link generating functions.
*/
function testLinkXSS()
{
// Test l().
$text = $this->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by l().', array('@path' => $path)));
// Test #type 'link'.
$link_array = array('#type' => 'link', '#title' => $this->randomMachineName(), '#href' => $path);
$type_link = drupal_render($link_array);
$sanitized_path = check_url(url($path));
$this->assertTrue(strpos($type_link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by #theme', array('@path' => $path)));
}
function admin_user_edit($id)
{
global $db;
if (isset($_POST['submit'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') {
$_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id);
table(ERROR, ACCOUNT_ALLREADY_EXIST);
}
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) {
$_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id);
if (!check_email($_POST['email'])) {
table(ERROR, WRONG_EMAIL);
} else {
table(ERROR, EMAIL_ALLREADY_EXIST);
}
}
$geburtstag = explode('.', $_POST['birthday']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
username = \'%s\',email = \'%s\',country = \'%s\',
sex = \'%s\',signatur = \'%s\',realname = \'%s\',
geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\'
WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])));
if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) {
header1('?section=admin&site=user');
}
} else {
$tpl = new smarty();
$row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`,
`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`,
`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id);
$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->assign('countries', form_country($row['country']));
$tpl->display(DESIGN . '/tpl/admin/user_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ACCOUNT_EDIT, $content, '', 1);
}
}
function main($gj_config)
{
$data = explode('|', $_POST['content']);
array_remove_empty($data);
$url_num = count($data);
$post_data = '';
foreach ($data as $info) {
$tmp = explode('^', $info);
if (empty($tmp[0])) {
continue;
}
$post_data .= 'urlinfo=' . urlencode(base64_encode('url=' . urlencode($tmp[0]) . '&urlSeq=' . $tmp[1])) . '&';
}
echo 'gj_plugin_function.gettype_callback_a(' . check_url($gj_config, $post_data, $url_num) . ')';
}
function admin_settings()
{
global $db, $countries;
if (isset($_POST['submit'])) {
unset($_POST['submit']);
$_POST['SITE_URL'] = strrpos($_POST['SITE_URL'], '/') !== strlen($_POST['SITE_URL']) - 1 ? check_url($_POST['SITE_URL'] . '/') : check_url($_POST['SITE_URL']);
$sql = 'UPDATE ' . DB_PRE . 'ecp_settings SET ';
foreach ($_POST as $key => $value) {
$sql .= $key . ' = "' . strsave($value) . '", ';
}
$sql = substr($sql, 0, strlen($sql) - 2);
if ($db->query($sql)) {
header('Location: ?section=admin&site=settings');
}
} else {
$dir = scan_dir('templates', true);
$designs = '';
foreach ($dir as $value) {
if (is_dir('templates/' . $value)) {
$designs .= '<option ' . ($value == DESIGN ? 'selected="selected"' : '') . ' value="' . $value . '">' . $value . '</option>';
}
}
$tpl = new smarty();
$tpl->assign('designs', $designs);
$tpl->assign('langs', get_languages());
$dir = scan_dir('module', true);
$start = '';
foreach ($dir as $value) {
if (is_dir('module/' . $value)) {
$start .= '<option ' . ('modul|' . $value == STARTSEITE ? 'selected="selected"' : '') . ' value="modul|' . $value . '">' . $value . '</option>';
}
}
$start .= '<option value="">-----' . OWN_SITES . '----</option>';
$db->query('SELECT headline, cmsID FROM ' . DB_PRE . 'ecp_cms ORDER BY headline ASC');
while ($row = $db->fetch_assoc()) {
$title = json_decode($row['headline'], true);
isset($title[LANGUAGE]) ? $title = $title[LANGUAGE] : ($title = $title[DEFAULT_LANG]);
$start .= '<option ' . ('cms|' . $row['cmsID'] == STARTSEITE ? 'selected="selected"' : '') . ' value="cms|' . $row['cmsID'] . '">' . $title . '</option>';
}
$tpl->assign('startseite', $start);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/settings.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SETTINGS, $content, '', 1);
}
}
function get_sonmenu($son_key)
{
global $menu;
echo '<div class="left_nav">';
//计算选中菜单
/*$is_set=0;
for($i=0;$i<count($menu['son_key']);$i++){
$sonmenu=$menu[$i]['sonmenu'];
for($j=0;$j<count($sonmenu);$j++){
$show = check_url($sonmenu[$j]['url']);
if($show){
$is_set=1;
$menu[$i]['selected'] = $show;
$menu[$i]['sonmenu'][$j]['selected']=$show;
}
}
}
if($is_set==0){
$menu[1]['selected'] = 1;
//$menu[0]['sonmenu'][0]['selected']=1;
}*/
//显示菜单
echo '<ul>';
foreach ($menu[$son_key]['sonmenu'] as $k => $a) {
$select = check_url($a['url']);
$selected = $select ? 'selected' : '';
//验证权限
//if(!check_admin_level($a['level']) && !check_group_level($a['level'])) continue;
echo '<li>';
if ($k == 0) {
echo '<a href="" class="menu_1selected" style="background: url(' . $menu[$son_key]['bgimg'] . ') no-repeat">' . $menu[$son_key]['title'] . '</a>';
}
echo '<a href="' . $a['url'] . '" class="menu_2' . $selected . '">' . $a['title'] . '</a>';
//获取子导航的第一个地址。给父导航显示连接地址
/*foreach($a['sonmenu'] as $son){
//验证权限
//if(!check_admin_level($son['level']) && !check_group_level($son['level'])) continue;
if(check_admin_level($son['level']) || check_group_level($son['level'])) {
echo('<a href="'.SITE_PATH.ADMIN_PATH.'/'.$son['url'].'" class="menu_1'.$selected.'" style="background:url('.SITE_PATH.ADMIN_PATH.'/'.$template."/".$a['bgimg'].') 12px 4px no-repeat;">'.$a['title'].'</a>');
break;
}
}*/
echo '</li>';
}
echo '</ul>';
echo '</div>';
}
function check_copyright($html)
{
$html_lower = strtolower($html);
$html_work = $html;
$i = 0;
while ($i < 1) {
$anchor_url = "";
$html_work = extract_first_anchor_url($html, $anchor_url, True);
if ($html_work === False) {
continue;
}
if (check_url($html, $anchor_url) == False) {
return $anchor_url;
}
$i++;
}
return False;
}
function theme221_l($text, $path, $options = array())
{
// Merge in defaults.
$options += array('attributes' => array(), 'html' => TRUE);
// Append active class.
if ($path == $_GET['q'] || $path == '<front>' && drupal_is_front_page()) {
if (isset($options['attributes']['class'])) {
$options['attributes']['class'] .= ' active';
} else {
$options['attributes']['class'] = 'active';
}
}
// Remove all HTML and PHP tags from a tooltip. For best performance, we act only
// if a quick strpos() pre-check gave a suspicion (because strip_tags() is expensive).
if (isset($options['attributes']['title']) && strpos($options['attributes']['title'], '<') !== FALSE) {
$options['attributes']['title'] = strip_tags($options['attributes']['title']);
}
return '<a href="' . check_url(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
}
/**
* {@inheritdoc}
*/
public function viewElements(FieldItemListInterface $items)
{
$elements = parent::viewElements($items);
$path_to_icon = drupal_get_path('module', 'social_profile_field') . '/icons/';
$show_icons = $this->getSetting('icons_show');
foreach ($elements as $delta => $element) {
if ($show_icons) {
$icon_path = $path_to_icon . 'default.png';
$domain_icon = $path_to_icon . parse_url(check_url(trim($items[$delta]->value)), PHP_URL_HOST) . '.png';
if (file_exists($domain_icon)) {
$icon_path = $domain_icon;
}
$elements[$delta]['#title'] = ['#theme' => 'image', '#uri' => $icon_path, '#attributes' => ['class' => ['social-profile-icon']]];
$elements[$delta]['#attached'] = ['library' => ['social_profile_field/social_profile_field.css']];
}
$elements[$delta]['#attributes'] = ['class' => ['social-link']];
}
return $elements;
}
function admin_links_edit($id)
{
ob_end_clean();
global $db;
if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if ($_POST['name'] == '' or $_POST['url'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
$db->setMode(0);
ajax_convert_array($_POST);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id);
if ($db->query($sql)) {
echo 'ok';
}
}
}
die;
}
/**
* @file
* template.php for the vote_up_down.module
*/
function _phptemplate_variables($hook, $vars) {
switch ($hook) {
case 'node':
$vars['storylink_url'] = check_url($vars['node']->vote_storylink_url);
if (arg(1) != 'add' && arg(2) != 'edit') {
$style = variable_get('vote_up_down_widget_style_node', 0) == 1 ? '_alt' : '';
$vars['vote_up_down_widget'] = theme("vote_up_down_widget$style", $vars['node']->nid, 'node');
$vars['vote_up_down_points'] = theme("vote_up_down_points$style", $vars['node']->nid, 'node');
}
$vars['vote_storylink_via'] = theme('vote_storylink_via', $vars['node']->vote_storylink_url);
if (arg(1) == 'top') {
static $count;
$count = is_array($count) ? $count : array();
$count[$hook] = is_int($count[$hook]) ? $count[$hook] : 1;
$vars['seqid'] = $count[$hook]++;
}
break;
}
return $vars;
}
function tpl_function_qishi_notice_show($params, &$smarty)
{
global $db, $_CFG;
$arr = explode(',', $params['set']);
foreach ($arr as $str) {
$a = explode(':', $str);
switch ($a[0]) {
case "公告ID":
$aset['id'] = $a[1];
break;
case "列表名":
$aset['listname'] = $a[1];
break;
}
}
$aset = array_map("get_smarty_request", $aset);
$aset['id'] = $aset['id'] ? intval($aset['id']) : 0;
$aset['listname'] = $aset['listname'] ? $aset['listname'] : "list";
unset($arr, $str, $a, $params);
$sql = "select id,subsite_id,title,content,seo_keywords,seo_description,type_id,addtime from " . table('notice') . " WHERE id=" . intval($aset['id']) . " AND is_display=1 LIMIT 1";
$val = $db->getone($sql);
if (empty($val)) {
header("HTTP/1.1 404 Not Found");
$smarty->display("404.htm");
exit;
}
check_url($val['subsite_id'], $smarty, $_CFG['notice_url']);
if ($val['seo_keywords'] == "") {
$val['keywords'] = $val['title'];
} else {
$val['keywords'] = $val['seo_keywords'];
}
if ($val['seo_description'] == "") {
$val['description'] = cut_str(strip_tags($val['content']), 60, 0, "");
} else {
$val['description'] = $val['seo_description'];
}
$val['content'] = htmlspecialchars_decode($val['content'], ENT_QUOTES);
$smarty->assign($aset['listname'], $val);
}
function iwebkit_textfield($element)
{
$size = empty($element['#size']) ? '' : ' size="' . $element['#size'] . '"';
$maxlength = empty($element['#maxlength']) ? '' : ' maxlength="' . $element['#maxlength'] . '"';
$class = array('form-text');
$extra = '';
$output = '';
if ($element['#autocomplete_path'] && menu_valid_path(array('link_path' => $element['#autocomplete_path']))) {
drupal_add_js('misc/autocomplete.js');
$class[] = 'form-autocomplete';
$extra = '<input class="autocomplete" type="hidden" id="' . $element['#id'] . '-autocomplete" value="' . check_url(url($element['#autocomplete_path'], array('absolute' => TRUE))) . '" disabled="disabled" />';
}
_form_set_class($element, $class);
if (isset($element['#field_prefix'])) {
$output .= '<span class="field-prefix">' . $element['#field_prefix'] . '</span> ';
}
$output .= '<ul class="pageitem"><li class="form"><input placeholder="' . $element['#title'] . '" type="text"' . $maxlength . ' name="' . $element['#name'] . '" id="' . $element['#id'] . '"' . $size . ' value="' . check_plain($element['#value']) . '"' . drupal_attributes($element['#attributes']) . ' /></li></ul>';
if (isset($element['#field_suffix'])) {
$output .= ' <span class="field-suffix">' . $element['#field_suffix'] . '</span>';
}
return theme('form_element', $element, $output) . $extra;
}
function alternator_feed_icon($url)
{
if ($image = theme('image', drupal_get_path('theme', 'dynamo') . '/images/feed.png', t('RSS feed'), t('RSS feed'))) {
// Transform view expose query string in to drupal style arguments -- ?library=1 <-> /1
if ($pos = strpos($url, '?')) {
$base = substr($url, 0, $pos);
$parm = '';
foreach ($_GET as $key => $value) {
if ($key != 'q') {
$parm .= '/' . strtolower($value);
}
}
// Extra fix for event arrangementer?library=x, as it wants taks. id/lib. id
if (isset($_GET['library'])) {
if (arg(1) == '') {
$parm = '/all' . $parm;
}
}
$url = $base . $parm;
}
return '<a href="' . check_url($url) . '" class="feed-icon">' . $image . '<span>' . t('RSS') . '</span></a>';
}
}
public function views($_id)
{
$res = $this->Content->get($_id);
if ($res["state"] == 1 && $res["hidden"] == 0) {
$this->Content->pageview($_id);
$res["com"] = $this->Startup_member->get_by_user($res["user_id"]);
$this->assigns["res"] = $res;
$cat_list = $this->Content_category->list_('', '', 'hidden = 0');
for ($i = 0; $i < sizeof($cat_list); $i++) {
$cat_list[$i]["cnt"] = $this->Content->cnt("c.state = 1 and c.hidden = 0 and category_id = " . $cat_list[$i]["id"]);
}
$this->assigns["cat_list"] = $cat_list;
$this->assigns["curr_cont"] = $this->Content->list_(1, 5, 'c.state = 1 and c.hidden = 0');
$this->assigns["hot_cont"] = $this->Content->list_(1, 5, 'c.en = 0 and c.state = 1 and c.hidden = 0', 'v_cnt DESC');
$og["type"] = 'article';
$og["url"] = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$og["title"] = $res["subject"] . " on D.CAMP";
$og["description"] = strip_tags($res["contents"]);
if (strlen(strip_tags($res["contents"])) > 150) {
$og["description"] = mb_substr(strip_tags($res["contents"]), 0, 150, 'UTF-8') . '...';
}
if ($res["cpic"]) {
$og["image"] = 'http://' . $_SERVER['SERVER_NAME'] . $res["cpic"];
}
if (!$res["cpic"]) {
$og["image"] = check_url($res["img"], '');
}
$this->assigns_layout["og"] = $og;
$this->assigns["acnt"] = $this->Content->cnt("c.state = 1 and c.hidden = 0");
if (!strpos($_SERVER["HTTP_REFERER"], "dcamp.kr")) {
$this->assigns_layout["cards"] = bottom_main();
}
} else {
header("Location: /error_404");
}
}
<div class="main-heading">
<!--<?php
if (!$user->uid) {
?>
<strong class="note">Unlock up-to-the-minute financial news. <a href="/user/register">Sign up today.</a></strong><?php
}
?>
-->
<h2><?php
if (arg(0) == "sector") {
echo ucwords(str_replace("-", " ", check_url(arg(1))));
if (arg(2) && arg(2) != "index") {
echo ": <br/>" . ucwords(str_replace("-", " ", check_plain(arg(2))));
}
} else {
echo "Financial Market News";
}
?>
</h2>
</div>
<?php
print $block->content;
height: 400px;
}
</style>
</head>
<body <?php
print drupal_attributes($attr);
?>
>
<?php
print $skipnav;
?>
<div id='logo' class='clear-block'>
<div class='logo'>
<a href="<?php
echo check_url($front_page);
?>
"><img title="Open Government Platform (OGPL)" src="<?php
print $logo;
?>
" alt="logo" /></a>
</div>
<div class="header-anounced-text">The National Data Portal Beta</div>
<div class="searchPan"></div>
</div>
<div id="menu">
<?php
print $header_top;
?>
</div>
<div class="clear-block"></div>
/**
* Search result preprocessing
*/
function fusion_core_preprocess_search_result(&$vars)
{
static $search_zebra = 'even';
$search_zebra = $search_zebra == 'even' ? 'odd' : 'even';
$vars['search_zebra'] = $search_zebra;
$result = $vars['result'];
$vars['url'] = check_url($result['link']);
$vars['title'] = check_plain($result['title']);
// Check for snippet existence. User search does not include snippets.
$vars['snippet'] = '';
if (isset($result['snippet']) && theme_get_setting('search_snippet')) {
$vars['snippet'] = $result['snippet'];
}
$info = array();
if (!empty($result['type']) && theme_get_setting('search_info_type')) {
$info['type'] = check_plain($result['type']);
}
if (!empty($result['user']) && theme_get_setting('search_info_user')) {
$info['user'] = $result['user'];
}
if (!empty($result['date']) && theme_get_setting('search_info_date')) {
$info['date'] = format_date($result['date'], 'small');
}
if (isset($result['extra']) && is_array($result['extra'])) {
// $info = array_merge($info, $result['extra']); Drupal bug? [extra] array not keyed with 'comment' & 'upload'
if (!empty($result['extra'][0]) && theme_get_setting('search_info_comment')) {
$info['comment'] = $result['extra'][0];
}
if (!empty($result['extra'][1]) && theme_get_setting('search_info_upload')) {
$info['upload'] = $result['extra'][1];
}
}
// Provide separated and grouped meta information.
$vars['info_split'] = $info;
$vars['info'] = implode(' - ', $info);
// Provide alternate search result template.
$vars['template_files'][] = 'search-result-' . $vars['type'];
}
?>
<?php
if ($is_front) {
?>
<h1 class="site-name"><a href="<?php
print check_url($front_page);
?>
"><?php
print $site_name;
?>
</a></h1>
<?php
} else {
?>
<h2 class="site-name"><a href="<?php
print check_url($front_page);
?>
"><?php
print $site_name;
?>
</a></h2>
<?php
}
?>
<?php
}
?>
<?php
if ($site_slogan) {
?>
/**
* Return code that emits an feed icon.
*
* @param $url
* The url of the feed.
*/
function art_feed_icon($url)
{
return '<a href="' . check_url($url) . '" class="art-rss-tag-icon" title="' . t('Syndicate content') . '"></a>';
}
/**
* Renders a video or audio element.
*/
function vozmob_white_label_media_element($file, $href)
{
// @fixme: due to firefox bugginess, sometimes WAV files are not decoded and page render stalls?
// $elements = drupal_map_assoc(array('audio', 'video'));
$elements = drupal_map_assoc(array('video'));
list($element) = explode('/', $file->filemime);
if (isset($elements[$element])) {
return '<' . $element . ' controls="controls" src="' . check_url($href) . '" />';
}
}
if ($system['code'] == 1) {
check_code($_POST['code'], $_SESSION['code']);
}
if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
$clean['password'] = check_modify_password($_POST['password'], 6);
$clean['sex'] = check_sex($_POST['sex']);
$clean['photo'] = check_photo($_POST['photo']);
$clean['email'] = check_email($_POST['email'], 6, 40);
$clean['qq'] = check_qq($_POST['qq']);
$clean['url'] = check_url($_POST['url'], 40);
$clean['switch'] = $_POST['switch'];
$clean['signature'] = check_signature($_POST['signature'], 200);
//修改资料
if (empty($clean['password'])) {
query("UPDATE bbs_users SET \n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n ");
} else {
query("UPDATE bbs_users SET \n bbs_password='******'password']}',\n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n ");
}
//可以生成新的唯一标识符,这样更安全
}
//判断是否修改成功
//当什么都是不修改时,影响条数为0
if (affected_rows() >= 0) {
//关闭数据库
close();
$_SESSION['sysmsg'] = array();
}
if (!x($_SESSION, 'sysmsg_info')) {
$_SESSION['sysmsg_info'] = array();
}
/*
* check_config() is responsible for running update scripts. These automatically
* update the DB schema whenever we push a new one out. It also checks to see if
* any plugins have been added or removed and reacts accordingly.
*/
if ($install) {
$a->module = 'install';
} elseif ($maintenance) {
$a->module = 'maintenance';
} else {
check_url($a);
check_db();
check_plugins($a);
}
nav_set_selected('nothing');
$arr = array('app_menu' => $a->apps);
call_hooks('app_menu', $arr);
$a->apps = $arr['app_menu'];
/**
*
* We have already parsed the server path into $a->argc and $a->argv
*
* $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
* and use it for handling our URL request.
* The module file contains a few functions that we call in various circumstances
* and in the following order:
