function cn_extrn_morefields($t, $e) { $mb = member_get($e['u']); // Personal info if (preg_match_all('/\\{personal\\-(.*?)\\}/i', $t, $c, PREG_SET_ORDER)) { foreach ($c as $v) { if (isset($mb['more'][$v[1]])) { $r = $mb['more'][$v[1]]; } else { $r = ''; } $t = str_replace($v[0], cn_htmlspecialchars($r), $t); } } if (isset($e['mf'])) { $mf = join('|', array_keys($e['mf'])); // Common purpose more fields if (preg_match_all('/\\{(' . $mf . ')\\}/i', $t, $c, PREG_SET_ORDER)) { foreach ($c as $v) { $t = str_replace($v[0], $e['mf'][$v[1]], $t); } } } return $t; }
<?php echo $widget_settings; ?> <hr/> <div><input type="submit" name="submit_widget" value="Submit changes" /></div> <?php } elseif ($plugin_current) { ?> <h1>"<?php echo ucfirst($plugin_current); ?> " plugin settings</h1> <input type="hidden" name="plugin_name" value="<?php echo cn_htmlspecialchars($plugin_current); ?> " /> <hr> <div><input type="checkbox" name="delete" style="vertical-align: middle;"> Remove plugin</div> <hr> <div><input type="submit" name="submit_plugin" value="Submit changes" /></div> <?php } else { ?> <p>Select widget or plugin...</p> <?php }
echo isset($user['name']) ? cn_url_modify('user_name=' . $user['name']) : ''; ?> "><?php echo isset($user['name']) ? cn_htmlspecialchars($user['name']) : ''; ?> </td> <td align="center"><?php echo isset($user['id']) ? date('Y-m-d H:i', $user['id']) : ''; ?> </td> <td align="center"><?php echo isset($user['cnt']) ? intval($user['cnt']) : 0; ?> </td> <td align="center"><?php echo isset($user['acl']) && isset($grp[$user['acl']]['N']) ? cn_htmlspecialchars(ucfirst($grp[$user['acl']]['N'])) : ''; ?> </td> </tr> <?php } } else { ?> <tr><td colspan="5">No users found</td> </tr><?php } ?> </table> <!-- paginate --> <?php cn_snippet_paginate($st, $per_page, count($users));
echo '<a href="' . cn_url_modify('mod=editnews', 'add_category_filter=' . join(',', $entry['cats'])) . '" title="' . join(', ', $_cat_name) . '"><b>multiply</b></a>'; } ?> </td> <td align="center" title="<?php echo $entry['date_full']; ?> "><nobr><?php echo $entry['date']; ?> </nobr></td> <td align="center"><a href="<?php echo cn_url_modify('mod=editnews', 'add_user_filter=' . $entry['user']); ?> "><?php echo cn_htmlspecialchars($entry['user']); ?> </a><sup></td> <?php hook('template/editnews/list_item_after', array($ID, $entry)); ?> <td align="center"><?php if ($entry['can']) { ?> <input name="selected_news[]" value="<?php echo $ID; ?> " style="border:0;" type='checkbox'><?php } ?> </td>
echo $name; ?> " type="checkbox" name="acl[]" <?php if ($desc['c']) { echo 'checked'; } ?> value="<?php echo $name; ?> " /> <?php if ($desc['t']) { echo '<a href="#" title="' . cn_htmlspecialchars($desc['t']) . '" onclick="return (tiny_msg(this));">' . cn_htmlspecialchars($desc['d']) . '</a>'; } else { echo cn_htmlspecialchars($desc['d']); } ?> </span> <?php } ?> <td> </tr> <?php } ?> <tr><td></td><td><hr/></td></tr> <tr> <td> </td>
<option <?php if ($pw['dir'] == 'A') { echo 'selected'; } ?> value="A">asc</option> </select> </td> </tr> <tr><td>$page_alias</td> <td><input type="text" name="pw[page_alias]" value="<?php echo isset($pw['page_alias']) ? cn_htmlspecialchars($pw['page_alias']) : ''; ?> "></td></tr> <tr><td>$tag</td> <td><input type="text" name="pw[tag]" value="<?php echo isset($pw['tag']) ? cn_htmlspecialchars($pw['tag']) : ''; ?> "></td></tr> <tr><td>$static</td> <td><input type="checkbox" name="pw[static]" value="Y" <?php if (isset($pw['static']) && $pw['static']) { echo ' checked="checked" '; } ?> /></td></tr> <tr><td>$reverse</td> <td><input type="checkbox" name="pw[reverse]" value="Y" <?php if (isset($pw['reverse']) && $pw['reverse']) { echo ' checked="checked" '; } ?> /></td></tr>
<option <?php if ($codepage == 'koi8-r') { echo 'selected'; } ?> value="koi8-r">KOI8-R</option> <option <?php if ($codepage == 'koi8-u') { echo 'selected'; } ?> value="koi8-u">KOI8-U</option> </select> Old ID <input type="text" name="sample_id" value="<?php echo cn_htmlspecialchars($sample_id); ?> " /> </td> </tr> <tr><td style="text-align: right;"><input type="checkbox" name="conv[users]" value="Y" /></td><td>Convert users (<b>first</b>)</td></tr> <tr><td style="text-align: right;"><input type="checkbox" name="conv[news]" value="Y" /></td><td>Convert all news, comments, more fields</td></tr> <tr><td style="text-align: right;"><input type="checkbox" name="conv[archives]" value="Y" /></td><td>Convert archives</td></tr> <tr> <td style="text-align: right;"><input type="checkbox" name="conv[sc]" value="Y" /><br/> </td> <td> Convert sysconf (configs, category, ipban, templates, replace words)*<br/> <input type="checkbox" name="conv[ovconf]" value="Y" /> Overwrite current system settings </td> </tr>
<tr> <td>Groups</td> <td> <?php foreach ($groups as $id => $name) { ?> <input type="checkbox" name="category_acl[]" <?php if ($category_acl && in_array($id, $category_acl)) { echo 'checked'; } ?> value="<?php echo $id; ?> "/> <?php echo cn_htmlspecialchars($name['N']); ?> <?php } ?> </td> </tr> <tr><td></td><td><hr/></td></tr> <tr><td> </td> <td> <div style="float:left;"> <?php if (!$category_id) { ?>
function dashboard_script() { list($snippet, $text) = GET('snippet, text'); if ($snippet == '') { $snippet = 'sandbox'; } // Prevent subfoldering $snippet = preg_replace('/[^a-z0-9\\-\\.]/i', '_', $snippet); if (request_type('POST')) { cn_dsi_check(); // Click select only if (!REQ('select', 'POST')) { if (REQ('delete', 'POST')) { $_t = getoption('#snippets'); unset($_t[$snippet]); setoption('#snippets', $_t); $snippet = 'sandbox'; } else { // Create new snippet if (REQ('create', 'POST')) { $snippet = REQ('create'); } setoption('#snippets/' . $snippet, $text); cn_throw_message('Changes saved'); } } else { cn_throw_message('Select snippet [' . cn_htmlspecialchars($snippet) . ']'); } } $list = getoption('#snippets'); if (empty($list)) { $list['sandbox'] = ''; } $opt_txt = getoption('#snippets/' . $snippet); $params = array('list' => $list, 'text' => !empty($opt_txt) ? $opt_txt : '', 'can_delete' => $snippet !== 'sandbox' ? TRUE : FALSE, 'snippet' => $snippet, 'snippets' => getoption('#snippets')); echoheader('-@dashboard/style.css', 'HTML Scripts'); echo exec_tpl('dashboard/script', $params); echofooter(); }
<?php list($catlist) = _GL('catlist'); foreach ($catlist as $id => $var) { ?> <input style="vertical-align: middle;" type="checkbox" name="__append[cats][<?php echo $id; ?> ]" value="Y" /> <?php echo cn_htmlspecialchars($var['name']); ?> <?php }
?> </div> </td> <td align="center"><?php if ($opt_vars[0] == 'label') { echo cn_htmlspecialchars($opt_vars['var']); } elseif ($opt_vars[0] == 'text') { echo '<input type="text" name="config[' . $opt_id . ']" style="width: 400px;" value="' . cn_htmlspecialchars($opt_vars['var']) . '"/>'; } elseif ($opt_vars[0] == 'int') { echo '<input type="text" name="config[' . $opt_id . ']" size="8" value="' . intval($opt_vars['var']) . '"/>'; } elseif ($opt_vars[0] == 'Y/N') { echo '<input type="checkbox" name="config[' . $opt_id . ']" ' . ($opt_vars['var'] ? 'checked="checked"' : '') . ' value="Y"/>'; } elseif ($opt_vars[0] == 'select') { echo '<select name="config[' . $opt_id . ']"/>'; foreach ($opt_vars[2] as $_id => $_var) { echo '<option value="' . cn_htmlspecialchars($_id) . '" ' . ($_id == $opt_vars['var'] ? 'selected="selected"' : '') . '>' . cn_htmlspecialchars($_var) . '</option>'; } echo '</select>'; } ?> </td> </tr> <?php } ?> <tr> <td> </td> <td align="center"><input type="submit" style="font-weight:bold;font-size:120%;" value="Save changes" /></td> </tr> </table> </form>
<td bgcolor="#F7F6F4" colspan=2 ><input name="rss_encoding" value="<?php echo cn_htmlspecialchars($rss_encoding); ?> " size=20></td> </tr> <tr> <td>Language (default: <i>en-us</i>)</td> <td><input name="rss_language" value="<?php echo cn_htmlspecialchars($rss_language); ?> " size=5></td> </tr> <tr> <td bgcolor="#F7F6F4">Number of articles to be shown in the RSS (default:10):</td> <td bgcolor="#F7F6F4"><input id=number size=5 type="text" size="20" name="rss_number" value="<?php echo cn_htmlspecialchars(REQ('rss_number')); ?> "></td> </tr> <tr> <td valign="top"><b>Show articles only from these categories:</b></td> <td align="center" rowspan="2"> <?php if ($categories) { ?> <select <?php if (REQ('rss_allcategory')) { echo 'style="display: none;"';
function media_invoke() { $popup_form = ''; list($path, $opt) = GET('folder, opt', 'GETPOST'); list($do_action, $pending) = GET('do_action, pending', 'POST'); // Change default uploads dir $udir = cn_path_construct(SERVDIR, 'uploads'); if (getoption('uploads_dir')) { $udir = preparation_path(getoption('uploads_dir')); } $edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads'; $dfile = cn_path_construct($udir, $path); // Remove root identifier $path = preparation_path($path); // Path detection $path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path); $root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR; $just_uploaded = array(); // Get path struct $pathes = spsep($path, DIRECTORY_SEPARATOR); if (isset($pathes[0]) && $pathes[0] === '') { unset($pathes[0]); } // Do upload files if (request_type('POST')) { cn_dsi_check(); // Allowed Exts. $AE = spsep(getoption('allowed_extensions')); // Generate thumbnail after upload $thumbnail_with_upload = getoption('thumbnail_with_upload'); // UPLOAD FILES if (REQ('upload', 'POST')) { list($overwrite) = GET('overwrite'); $is_uploaded = FALSE; // Try for fopen url upload if ($upload_from_inet = REQ('upload_from_inet')) { if (ini_get('allow_url_fopen')) { // Get filename $url_name = spsep($upload_from_inet, '/'); $url_name = $url_name[count($url_name) - 1]; $url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name); $url_name = str_replace('%', '_', $url_name); // resolve filename $c_file = $dfile . $url_name; // Overwrite [if can], or add file if ($overwrite && file_exists($c_file) || !file_exists($c_file)) { // Use context for disable error notices if (function_exists('stream_context_create')) { $context = stream_context_create(array('http' => array('ignore_errors' => true))); $fw = fopen($upload_from_inet, 'rb', false, $context); } else { // Read file $fw = fopen($upload_from_inet, 'rb'); } // --------- (fetch content) ------ ob_start(); fpassthru($fw); $file_image = ob_get_clean(); fclose($fw); // --------- // write2disk if ($wf = fopen($c_file, 'w')) { fwrite($wf, $file_image); fclose($wf); } // check image list($w, $h) = getimagesize($c_file); if ($w && $h) { cn_throw_message('File uploaded'); $max_width = getoption('max_thumbnail_width'); if ($w > $max_width && $thumbnail_with_upload) { $resize_result = resize_image($c_file, $max_width, 0); cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w'); } $is_uploaded = TRUE; $just_uploaded[$url_name] = TRUE; } else { cn_throw_message("Wrong image file", 'e'); unlink($c_file); } } else { cn_throw_message("Can't overwrite or save", 'e'); } } else { cn_throw_message('allow_url_fopen=0, check server configurations'); } } // Upload from local foreach ($_FILES['upload_file']['name'] as $id => $name) { if ($name) { $ext = NULL; if (preg_match('/\\.(\\w+)$/i', $name, $c)) { $ext = strtolower($c[1]); } // Check allowed ext if ($ext && in_array($ext, $AE)) { // encode url $name = str_replace('%2F', '/', urlencode($name)); // encoded? replace filename if (strpos($name, '%') !== FALSE) { $name = str_replace('%', '', strtolower($name)); } // check file for exist if (file_exists($c_file = $dfile . $name)) { if ($overwrite) { cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w'); } else { cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e'); continue; } } // Upload file to server if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) { $just_uploaded[$name] = TRUE; cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]'); $max_width = getoption('max_thumbnail_width'); list($w, $h) = getimagesize($c_file); if ($w > $max_width && $thumbnail_with_upload) { $resize_result = resize_image($c_file, $max_width, 0); cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w'); } } else { cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e'); } } else { cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e'); } } elseif (!$is_uploaded) { cn_throw_message('No selected files for upload', 'e'); } } } elseif ($do_action || $pending) { list($rm) = GET('rm', 'POST'); // action --> delete entries if ($do_action == 'delete') { if (empty($rm)) { cn_throw_message('No files selected', 'w'); } else { foreach ($rm as $file) { if (file_exists($cfile = $dfile . $file)) { if (is_dir($cfile)) { rmdir($cfile); } else { //get thumbnail path $path_parts = pathinfo($cfile); $thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename']; if (file_exists($thumbnail_path)) { unlink($thumbnail_path); } unlink($cfile); } } if (file_exists($cfile)) { cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e'); } else { cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully'); } } } } elseif ($do_action == 'create') { $popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />'; } elseif ($pending == 'create') { $new_dir_arr = GET('new_dir', 'POST'); $new_folder = array_pop($new_dir_arr); $new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder); if ($new_folder) { $cfile = $dfile . $new_folder; if (is_dir($cfile)) { cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e'); } else { mkdir($cfile); if (!is_dir($cfile)) { cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e'); } else { cn_throw_message('Folder [' . $new_folder . '] created!'); } } } else { cn_throw_message('Specify folder name', 'w'); } $popup_form = ''; } elseif ($do_action == 'rename') { if ($rm) { $popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>'; $popup_form .= i18n('Tip: Write new file name') . '<br />'; $popup_form .= '<table>'; foreach ($rm as $id => $fn) { $hfn = cn_htmlspecialchars($fn); $popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>'; $popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>'; $popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> '; $popup_form .= '</td></tr>'; } $popup_form .= '</table>'; } else { cn_throw_message('Select files to rename', 'w'); } } elseif ($pending == 'rename') { // ... list($ids, $place) = GET('ids, place', 'POST'); // prevent illegal moves $safe_dir = scan_dir($root_dir); foreach ($safe_dir as $id => $v) { $safe_dir[$id] = md5($v); } // do move all files / dirs foreach ($ids as $id => $file) { if (in_array(md5($file), $safe_dir)) { $filename = $place[$id]; if (strpos($filename, '\\') || strpos($filename, '/')) { cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e'); continue; } $renameto = $root_dir . $filename; $thumb = $root_dir . '.thumb.' . $file; // do move if (rename($root_dir . $file, $renameto)) { if (file_exists($thumb)) { rename($thumb, $root_dir . '.thumb.' . $filename); } cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename))); } else { cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e'); } } } } elseif ($do_action == 'move') { if ($rm) { $popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>'; $popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />'; $popup_form .= '<table>'; $folders = array(); $dirs = scan_dir($root_dir); foreach ($dirs as $entry) { if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) { $folders[] = $entry; } } foreach ($rm as $id => $fn) { $hfn = cn_htmlspecialchars($fn); $popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>'; $popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>'; $popup_form .= '<td>'; $cnt_folders = count($folders); if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) { $popup_form .= '<select name="place_folder_' . $id . '">'; foreach ($folders as $dirn) { if ($dirn != $hfn) { $popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>'; } } $popup_form .= '</select>'; } if ($root_dir != $udir) { $popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>'; } else { $popup_form .= '<nobr> X Move up (You are in root folder)</nobr>'; } $popup_form .= '</td></tr>'; } $popup_form .= '</table>'; } else { cn_throw_message('Select files to move', 'w'); } } elseif ($pending == 'move') { // ... list($ids, $moveup) = GET('ids, moveup', 'POST'); // prevent illegal moves $safe_dir = scan_dir($root_dir); foreach ($safe_dir as $id => $v) { $safe_dir[$id] = md5($v); } // do move all files / dirs foreach ($ids as $id => $file) { list($place_folder) = GET('place_folder_' . $id); if (in_array(md5($file), $safe_dir)) { $NF = ''; $foldername = preg_replace('/\\.\\//i', '', $place_folder); // move this file up if (isset($moveup[$id]) && count($pathes) > 0) { $nwfolder = dirname($root_dir); $foldername = 'up folder'; } else { $nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername; if ($rm[0]) { $NF = $rm[0] . DIRECTORY_SEPARATOR; } } $moveto = $nwfolder . DIRECTORY_SEPARATOR . $file; //check for image thumbnail $thumb = $root_dir . '.thumb.' . $file; // do move if (rename($root_dir . $file, $moveto)) { if (file_exists($thumb)) { rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file); } cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername))); } else { cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e'); } } } } elseif ($do_action == 'thumb') { if (!empty($_POST['rm'])) { $popup_form = get_sizes_form('Make thumbnails', $do_action); } else { cn_throw_message('Select files to make thumbnail', 'w'); } } elseif ($pending == 'thumb') { do_resize_image($root_dir); } elseif ($do_action == 'resize') { if (!empty($_POST['rm'])) { $popup_form = get_sizes_form('Resize source image', $do_action); } else { cn_throw_message('Select files to resize', 'w'); } } elseif ($pending == 'resize') { do_resize_image($root_dir, false); } elseif (!hook('media/post_action')) { msg_info("Action error"); } } } // Check dir exists if (is_dir($root_dir)) { $raw_files = scan_dir($root_dir); } else { cn_throw_message('Dir not exists', 'e'); $raw_files = array(); } $dirs = $files = array(); foreach ($raw_files as $file) { if (preg_match('/avatar_/', $file)) { continue; } $file_location = "{$root_dir}/{$file}"; if (is_dir($file_location)) { $dirs[] = array('url' => "{$path}/{$file}", 'name' => $file); } elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) { list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file); $is_thumb = preg_match('/\\.thumb\\./', $file); $files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1)); } } uasort($dirs, 'usort_by_name_asc'); uasort($files, 'usort_by_name_asc'); // Top level (dashboard) cn_bc_add('Dashboard', cn_url_modify(array('reset'))); cn_bc_add('Media manager', cn_url_modify()); cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir); if ($opt === 'inline') { echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general')); } else { echoheader('-@media/style.css', 'Media manager'); echo exec_tpl('media/general'); echofooter(); } }
<?php cn_form_open('mod, opt, sub'); ?> <div><textarea name="text" style="width: 770px; height: 400px;"><?php echo cn_htmlspecialchars($__text); ?> </textarea></div> <br/> <div class="panel"> <input type="submit" value="Save changes" /> <select name="snippet"> <?php foreach ($__list as $id => $_t) { echo '<option ' . ($id == $__snippet ? 'selected' : '') . '>' . cn_htmlspecialchars($id) . '</option>'; } ?> </select> <input type="submit" name="select" value="Select" /> <input type="text" value="" name="create" style="width: 250px;"/> <input type="submit" value="Create new" /> <?php if ($__can_delete) { ?> <input type="submit" name="delete" value="Delete snippet" /> <?php }
<input type="submit" name="create" value="Clone template" /> <?php if ($can_delete) { ?> <input type="submit" name="delete" value="Delete" /> <?php } else { ?> <input type="submit" name="reset" value="Reset" /> <?php } ?> <?php echo cn_htmlspecialchars(ucfirst($template)); ?> </div> <?php } ?> </form> <div style="text-align: right; margin: 16px 0 0 0"> <a href="#" onclick="<?php echo cn_snippet_open_win(PHP_SELF . '?mod=help§ion=templates'); ?> " class="external">Understanding Templates</a>
<td><?php echo cn_htmlspecialchars($u); ?> </td> <td> <?php if (is_array($v)) { echo '<a href="' . cn_url_modify('path=' . $path . '/' . $u) . '">click to expand →</a>'; $edit = FALSE; } elseif (is_numeric($v)) { echo $v; $edit = TRUE; } elseif (strlen($v) > 128) { echo cn_htmlspecialchars(clever_truncate($v, 128)); $edit = TRUE; } else { echo cn_htmlspecialchars($v); $edit = TRUE; } if ($edit) { echo ' [<a href="#" onclick="' . cn_snippet_open_win(cn_url_modify('edit=' . $u), array('w' => 800, 'h' => 550, 'l' => 'auto')) . '" class="external">edit</a>]'; } ?> </td> </tr> <?php } ?> </table>
?> <?php if ($item['req']) { echo '<span class="req">*</span>'; } ?> </span> </div> <?php } ?> <?php if ($item['desc']) { echo '<div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">' . cn_htmlspecialchars($item['desc']) . '</div>'; } ?> <?php } ?> <?php if ($section !== '#basic') { ?> </div><?php } ?> <?php }
function cn_modify_bb_comm_submit($e, $t) { $echo = '<input type="submit" value="' . cn_htmlspecialchars($t) . '" class="cn_submit_bb"/>'; if ((test('Mea') || test('Mes')) && intval(REQ('edit_id'))) { $echo .= '<input type="submit" name="cm_edit_comment" value="Edit comment" class="cn_edit_bb"/>'; } return $echo; }
<tr <?php if ($id == $exid) { echo 'class="row_selected"'; } ?> > <td><a href="<?php echo cn_url_modify('lang_token=' . $lang_token, 'exid=' . $id); ?> "><?php echo $id; ?> </a></td> <td><?php echo cn_htmlspecialchars($tran); ?> </td> </tr> <?php } ?> </table> <br/> <div><input type="submit" name="submit" value="Submit" /></div> </form>
} if (empty($files)) { ?> <tr><td colspan="6" align="center"><b>Files not found</b></td></tr><?php } ?> </table> <!-- Action not work with popup --> <?php if ($popup_form) { ?> <input type="hidden" name="pending" value="<?php echo cn_htmlspecialchars(REQ('do_action', 'POST')); ?> " /> <div class="media_popup_form"><?php echo $popup_form; ?> <input type="submit" value="Submit"></div> <?php } else { ?> <div class="media_rgt_button"> Action <select name="do_action"> <option value="move">Move</option>
<tr> <th width="75">Date</th> <th>Message</th> </tr> <?php foreach ($logs as $item) { ?> <tr> <td width="75" style="color: #707070;"><nobr><?php echo $item['date']; ?> </nobr></td> <td><?php echo cn_htmlspecialchars($item['msg']); ?> </td> </tr> <?php } ?> </table> <p style='color: #808080;'>You may manually clean log there ./cdata/log/<?php if (!$section) { echo "error_dump.log"; } else { echo 'user.log'; }
</nobr></td> <td><?php if (!$item[2]['id']) { echo ' ---comment deleted--- '; } else { echo '<a target="_blank" href="' . $item[3] . '">' . cn_htmlspecialchars(clever_truncate($item[2]['c'])) . '</a>'; } ?> </td> <td align="center"><?php echo cn_htmlspecialchars($item[2]['ip']); ?> </td> <td><?php echo cn_htmlspecialchars($item[2]['e']); ?> </td> <td><?php echo cn_htmlspecialchars($item[2]['u']); ?> </td> </tr> <?php } ?> </table> <p>Total written comments: <b><?php echo $__count; ?> </b></p>
<td width=85>Password: <span class="required">*</span></td> <td> <div><input tabindex="1" type="password" name=regpassword id="regpassword" onkeyup="password_strength();" style="width:134px" size="20"></div> <div id="password_strength"></div></td> <td> <input type="text" style="border: none; width: 150px;" id="pass_msg" disabled="true" value="Enter password"></td> </tr> <tr> <td width=85>Confirm: <span class="required">*</span></td> <td colspan="2"><input tabindex="1" type="password" name="confirm" style="width:134px" size="20"></td> </tr> <tr> <td width=85>Email: <span class="required">*</span></td> <td colspan="2"><input tabindex="1" type="text" name="regemail" value="<?php echo cn_htmlspecialchars($regemail); ?> " style="width:134px" size="20"></td> </tr> <tr> <td width=85>Captcha: <span class="required">*</span></td> <td colspan="2"><input tabindex="1" type="text" name="captcha" style="width:134px" size="20"></td> </tr> <tr> <td width=85><a href="#" style="border-bottom: 1px dotted #000080;" onclick="getId('capcha').src='captcha.php?r='+Math.random(); return(false);">Refresh code</a></td> <td colspan="2"><img src="captcha.php" id="capcha" alt=""></td> </tr> <tr>
?> <input type="text" style="width: 500px;" name="more[<?php echo $name; ?> ]" value="<?php echo isset($pdata['value']) ? cn_htmlspecialchars($pdata['value']) : ''; ?> "> <?php } elseif ($pdata['type'] == 'textarea') { ?> <textarea style="width: 500px; height: 100px;" name="more[<?php echo $name; ?> ]"><?php echo isset($pdata['value']) ? cn_htmlspecialchars($pdata['value']) : ''; ?> </textarea> <?php } ?> </td> </tr> <?php } } ?> <tr> <td> </td>
- {input_username} - {input_email} - {input_commentbox} - {smiles} - [captcha] ... {captcha} ... [/captcha] - if captcha enabled only - [submit]..[/submit] - make submit box */ $member = member_get(); if ($member && test('Mac') || !$member) { $comment_url = getoption('rw_engine') ? $_SERVER['REQUEST_URI'] : PHP_SELF; echo '<form name="comment_frm" action="' . $comment_url . '" method="POST"/>'; echo '<input type="hidden" name="id" value="' . $id . '" />'; echo '<input type="hidden" name="subaction" value="addcomment" />'; echo '<input type="hidden" name="popup" value="' . cn_htmlspecialchars(REQ('popup')) . '" />'; echo '<input type="hidden" name="referer" value="' . cn_htmlspecialchars($_SERVER['REQUEST_URI']) . '" />'; $edit_id = intval(REQ('edit_id')); if ($edit_id) { echo '<input id="edt_comm_mode" type="hidden" name="edit_id" value="' . intval($edit_id) . '" />'; } if ($is_encode) { $comments = $entry['co']; foreach ($comments as $item) { $ni = iconv('UTF-8', $user_encoding . '//TRANSLIT', $item['c']); if ($ni) { $entry['co'][$item['id']]['c'] = $ni; } } } $echo = entry_make($entry, 'form', $template, 'comm'); // Keep [bb]codes[/bb]
if ($user && !$user != $item['u']) { continue; } // Query string not found if (!preg_match('/' . join('.*?', $_query) . '/uis', $Fs . $Ss)) { continue; } $st++; if ($st < $search_st) { continue; } if ($found == 0) { echo "<p class='cutenews_found_news'>" . i18n('Search results for') . " "" . cn_htmlspecialchars($search) . ""</p><div class='cn_search_body'>"; } $found++; $title = cn_htmlspecialchars($item['t']); // Call: id, archiveid, template if (getoption('rw_engine')) { $url = cn_rewrite('full_story', cn_put_alias($id)); if (getoption('search_hl')) { $url .= "?qhl=" . urlencode($search); } } else { if (getoption('search_hl')) { $url = cn_url_modify($_static_qr, 'id=' . $id, "qhl=" . urlencode($search)); } else { $url = cn_url_modify($_static_qr, 'id=' . $id); } } $itemid++; echo "<div class='cutenews_search_item'>{$itemid} <b><a href='{$url}'>{$title}</a></b> (" . date("d F, Y", $id) . ")</div>";
} if (preg_match($regex_site, $comment)) { echo '<div class="cn_error_comment">' . i18n('Your not allowed to put URL\'s in the comments field.') . '. <a href="' . $refer . '">Go back</a></div>'; return FALSE; } if (getoption('only_registered_comment') && !$logged_as_member) { echo '<div class="cn_error_comment">' . i18n('Only registered users can post comments') . '. <a href="' . $refer . '">Go back</a></div>'; return FALSE; } // Check ip/nick ban filter ---- $block_list = getoption('#ipban'); foreach ($block_list as $ip_test => $_t) { // Create test string $match = '/' . str_replace('\\x2a', '.*?', preg_sanitize($ip_test)) . '/'; if (preg_match($match, CLIENT_IP) || !$logged_as_member && preg_match($match, $name)) { echo '<div class="cn_error_comment">' . i18n('Sorry but you have been blocked from posting comments') . ' (IP=' . cn_htmlspecialchars(CLIENT_IP) . '). <a href="' . $refer . '">Go back</a></div>'; return FALSE; } } // Check for flood (if enabled) if ($flood_time = getoption('flood_time')) { if (!file_exists($fn = cn_path_construct(SERVDIR, 'cdata') . 'flood.txt')) { fclose(fopen($fn, 'w+')); } $flood = file($fn); $found = FALSE; $w = fopen($fn, 'w+'); flock($w, LOCK_EX); foreach ($flood as $item) { list($ip, $time) = explode('|', $item); if (time() <= intval($time)) {
<?php if (!defined('EXEC_TIME')) { die('Access restricted'); } // Loading filters require_once SERVDIR . '/core/modules/hooks/common.php'; // Require module ----- $_module = REQ('mod', 'GPG'); // Loading all modules (internal + external) $_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => ''))); // Required module not exist if (!isset($_init_modules[$_module])) { // external module chk $_module = hook('modules/init', 'main', $_module); } // Check restrictions, if user is authorized if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') { if (test($_init_modules[$_module]['acl'])) { // Request module $_mod_cfg = $_init_modules[$_module]; include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php'; } else { //check user for ban group if ($user['acl'] == ACL_LEVEL_BANNED) { global $_SESS; $_SESSION = array(); } msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF); } }
<td><?php echo cn_htmlspecialchars($var); ?> </td> </tr> <?php } } else { ?> <tr><td colspan="2">Entries not found</td></tr><?php } ?> </table> <br/> <table class="panel"> <tr><td align="right">Word</td> <td><input type="text" style="width: 350px;" name="word" value="<?php echo cn_htmlspecialchars($word); ?> "/></td></tr> <tr><td align="right">Replace</td> <td><input type="text" style="width: 350px;" name="replace" value="<?php echo cn_htmlspecialchars($replace); ?> "/></td></tr> <tr><td align="right"><input type="checkbox" name="delete" value="Y"/></td> <td>Delete word</td></tr> <tr><td> </td> <td><input type="submit" name="submit" value="Submit"/></td></tr> </table> </form>
<div class="name">Article meta [<a href="#" onclick="return(tiny_msg(this));" title="Some additional optional data">?</a>]</div> <hr/> <div class="name">Page alias</div> <div><input type="text" style="width: 100%" value="<?php echo cn_htmlspecialchars($vPage); ?> " name="page" tabindex=4></div> <div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">The unique name of the page. Use $page_alias parameter before include show_news.php, charset [a-zA-Z0-9_-]</div> <!-- tags line --> <div class="section"> <div class="name">Tagline</div> <div><input type="text" style="width: 100%" value="<?php echo cn_htmlspecialchars($vTags); ?> " name="tags" tabindex=5></div> <div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">List the tags for news, separated by commas</div> </div> </div> <?php hook('template/AdditionalFieldsBottom'); ?> <div class="section" id="options"> <div class="name">Article options</div> <hr/>