/** * Removes script tags and their content from the given string or array thereof * @param mixed $raw The original string or array * @return mixed The string or array with script tags removed * @todo Check for event handlers */ function contrexx_remove_script_tags($raw) { if (is_array($raw)) { $arr = array(); foreach ($raw as $i => $_raw) { $arr[$i] = contrexx_remove_script_tags($_raw); } return $arr; } // Remove closed script tags and content $result = preg_replace('/<\\s*script[^>]*>.*?<\\s*\\/script\\s*>/is', '', $raw); // Remove unclosed script tags $result = preg_replace('/<\\s*script[^>]*>/is', '', $result); return $result; }
private function fetchSubmittedData() { // set default values $data['newsText'] = ''; $data['newsTeaserText'] = ''; $data['newsTitle'] = ''; $data['newsRedirect'] = 'http://'; $data['newsSource'] = 'http://'; $data['newsUrl1'] = 'http://'; $data['newsUrl2'] = 'http://'; $data['newsCat'] = ''; $data['newsType'] = ''; $data['newsTypeRedirect'] = 0; if (!isset($_POST['submitNews'])) { return array(false, $data); } $objValidator = new \FWValidator(); // set POST data $data['newsTitle'] = contrexx_input2raw(html_entity_decode($_POST['newsTitle'], ENT_QUOTES, CONTREXX_CHARSET)); $data['newsTeaserText'] = contrexx_input2raw(html_entity_decode($_POST['newsTeaserText'], ENT_QUOTES, CONTREXX_CHARSET)); $data['newsRedirect'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsRedirect'], ENT_QUOTES, CONTREXX_CHARSET))); $data['newsText'] = contrexx_remove_script_tags($this->filterBodyTag(contrexx_input2raw(html_entity_decode($_POST['newsText'], ENT_QUOTES, CONTREXX_CHARSET)))); $data['newsSource'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsSource'], ENT_QUOTES, CONTREXX_CHARSET))); $data['newsUrl1'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsUrl1'], ENT_QUOTES, CONTREXX_CHARSET))); $data['newsUrl2'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsUrl2'], ENT_QUOTES, CONTREXX_CHARSET))); $data['newsCat'] = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array(); $data['newsType'] = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0; $data['newsTypeRedirect'] = !empty($_POST['newsTypeRedirect']) ? true : false; $data['enableRelatedNews'] = !empty($this->arrSettings['use_related_news']) ? 1 : 0; $data['relatedNews'] = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array(); $data['enableTags'] = !empty($this->arrSettings['news_use_tags']) ? 1 : 0; $data['newsTags'] = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array(); return array(true, $data); }
function csvAdditionalinfo() { global $_CORELANG, $_ARRAYLANG, $objDatabase; $id = contrexx_input2raw($_GET['id']); $CsvData = ''; if (!empty($id)) { $objDatasurvey = $objDatabase->Execute('SELECT `title` FROM `' . DBPREFIX . 'module_survey_surveygroup` WHERE id = ' . $id . ' ORDER BY id'); $CsvData .= "Survey Title:"; $CsvData .= trim(contrexx_remove_script_tags($objDatasurvey->fields['title'])); $objDateuser = $objDatabase->Execute('SELECT * FROM `' . DBPREFIX . 'module_survey_addtionalfields` WHERE survey_id = ' . $id . ' ORDER BY id'); $i = 1; $CsvData .= "\n\n\n" . "No;Date;Salutation;Nickname;Forename;Surname;Age-group;E-mail;Telephone;Street;Zipcode;City;"; /* * Fetch question info */ $Questionquery = 'SELECT `id` as `QuestionId`, `Question`, `QuestionType`, `isCommentable`, `column_choice` FROM `' . DBPREFIX . 'module_survey_surveyQuestions` WHERE `survey_id` = ' . $id . ' ORDER BY `id`'; $objQuestion = $objDatabase->Execute($Questionquery); $Qno = 1; while (!$objQuestion->EOF) { $CsvData .= "Question" . $Qno . ";"; $query = 'SELECT `answer` FROM `' . DBPREFIX . 'module_survey_surveyAnswers` WHERE `question_id` = ' . $objQuestion->fields['QuestionId'] . ' ORDER BY id'; $objAnswer = $objDatabase->Execute($query); $answer = ''; while (!$objAnswer->EOF) { $answer = trim($objAnswer->fields['answer'], "\r"); if ($answer != '') { $CsvData .= $answer . ";"; } $objAnswer->MoveNext(); } if ($objQuestion->fields['isCommentable'] == 1) { $CsvData .= "Comment;"; } $Qno++; $objQuestion->MoveNext(); } while (!$objDateuser->EOF) { $CsvData .= "\n"; $date = trim(contrexx_raw2xhtml($objDateuser->fields['added_date'])); $Salutation = trim(contrexx_raw2xhtml($objDateuser->fields['salutation'])); $Nickname = trim(contrexx_raw2xhtml($objDateuser->fields['nickname'])); $Forename = trim(contrexx_raw2xhtml($objDateuser->fields['forename'])); $Surname = trim(contrexx_raw2xhtml($objDateuser->fields['surname'])); $Agegroup = trim(contrexx_raw2xhtml($objDateuser->fields['agegroup'])); $Telephone = trim(contrexx_raw2xhtml($objDateuser->fields['phone'])); $Street = trim(contrexx_raw2xhtml($objDateuser->fields['street'])); $Zipcode = trim(contrexx_raw2xhtml($objDateuser->fields['zip'])); $Email = trim(contrexx_raw2xhtml($objDateuser->fields['email'])); $City = trim(contrexx_raw2xhtml($objDateuser->fields['city'])); $CsvData .= "{$i};{$date};{$Salutation};{$Nickname};{$Forename};{$Surname};{$Agegroup};{$Email};{$Telephone};{$Street};{$Zipcode};{$City};"; $objQuestion = $objDatabase->Execute($Questionquery); while (!$objQuestion->EOF) { $CsvData .= $objQuestion->fields['Question'] . ";"; $choiceArr = explode(';', $objQuestion->fields['column_choice']); $query = "SELECT `comment`, `answers` FROM `" . DBPREFIX . "module_survey_poll_result`\n WHERE `user_id` = " . $objDateuser->fields['id'] . "\n AND `question_id` = " . $objQuestion->fields['QuestionId'] . "\n LIMIT 1"; $objPollResult = $objDatabase->Execute($query); $query = 'SELECT `id` as `answer_id`, `answer` FROM `' . DBPREFIX . 'module_survey_surveyAnswers` WHERE `question_id` = ' . $objQuestion->fields['QuestionId'] . ' ORDER BY id'; $objAnswer = $objDatabase->Execute($query); $multiQno = 0; while (!$objAnswer->EOF) { $answer_id = $objAnswer->fields['answer_id']; $poll_result = $objPollResult->fields['answers']; switch ($objQuestion->fields['QuestionType']) { case '1': if ($answer_id == $poll_result) { $CsvData .= "x;"; } else { $CsvData .= ";"; } break; case '2': $result = json_decode($poll_result); if ($result != null) { if (in_array($answer_id, $result)) { $CsvData .= "x;"; } else { $CsvData .= ";"; } } else { $CsvData .= ";"; } break; case '3': $result = json_decode($poll_result); $ansArr = array(); $choArr = array(); if (is_array($result)) { foreach ($result as $val) { $valArr = explode('_', $val); $ansArr[] = $valArr[0]; $choArr[] = isset($valArr[1]) ? $valArr[1] : ''; } } if ($result != null) { if (in_array($answer_id, $ansArr)) { $ansKey = array_keys($ansArr, $answer_id); $choKey = $choArr[$ansKey[0]]; $CsvData .= trim($choiceArr[$choKey[0]], "\r") . ";"; } else { $CsvData .= ";"; } } else { $CsvData .= ";"; } break; case '4': $json_result = json_decode($poll_result); $poll_result_str = is_array($json_result) ? serialize($json_result) : ''; if (strlen($poll_result_str) != 0) { $found = 0; foreach ($json_result as $result) { $ansCount = 0; $ansArr = array(); $choArr = array(); if (is_array($result)) { foreach ($result as $val) { $valArr = explode('_', $val); $ansArr[] = $valArr[0]; $choArr[] = $valArr[1]; } } if (in_array($answer_id, $ansArr)) { $ansKey = array_keys($ansArr, $answer_id); $temp = array(); $choKey = array(); foreach ($ansKey as $key) { $temp[] = $choArr[$key]; } foreach ($temp as $key) { $choKey[] = trim($choiceArr[$key], "\r"); } if ($found == 1) { $CsvData = substr_replace($CsvData, "", -1); } $CsvData .= implode(',', $choKey) . ";"; $found = 1; } if (empty($ansArr) && $found == 0) { $CsvData .= ";"; $found = 1; } } } else { $CsvData .= ";"; } break; case 5: $CsvData .= $poll_result . ";"; break; case 6: $result = json_decode($poll_result); $CsvData .= $result[$multiQno++] . ";"; break; default: $CsvData .= ";"; } $objAnswer->MoveNext(); } if ($objQuestion->fields['isCommentable'] == 1) { $CsvData .= preg_replace("/\n|\r/", " ", $objPollResult->fields['comment']) . ";"; } $objQuestion->MoveNext(); } $i++; $objDateuser->MoveNext(); } \Cx\Core\Csrf\Controller\Csrf::header("Content-Type: text/csv"); \Cx\Core\Csrf\Controller\Csrf::header("Content-Disposition: Attachment; filename=\"exportAdditionaldetails.csv\""); echo utf8_decode($CsvData); exit; } }
/** * Creates an array containing all values of the surveys. Example: $arrValue[randomIndex]['xxx']. * * @global object $objDatabase * @return array $arrReturn */ function createSurveyValuesArray() { global $objDatabase; $arrReturn = array(); $objResult = $objDatabase->Execute('SELECT id, redirect, created, lastvote, participant, isActive, isExtended, isCommentable, isHomeBox FROM ' . DBPREFIX . 'module_survey_groups ORDER BY created DESC'); $intIndex = 0; if ($objResult) { while (!$objResult->EOF) { $arrReturn[$intIndex] = array('id' => $objResult->fields['id'], 'redirect' => contrexx_remove_script_tags($objResult->fields['redirect']), 'created' => date(ASCMS_DATE_FORMAT, $objResult->fields['created']), 'lastvote' => intval($objResult->fields['lastvote']) == 0 ? 'Keine Teilnehmer.' : date(ASCMS_DATE_FORMAT, $objResult->fields['lastvote']), 'participant' => intval($objResult->fields['participant']), 'isActive' => intval($objResult->fields['isActive']), 'isExtended' => intval($objResult->fields['isExtended']), 'isCommentable' => intval($objResult->fields['isCommentable']), 'isHomeBox' => intval($objResult->fields['isHomeBox'])); ++$intIndex; $objResult->MoveNext(); } } return $arrReturn; }
/** * Show Thanks Message Attend this survey * * @access Authendicated */ function SurveyAttend() { global $_ARRAYLANG, $objDatabase; $thanksMSG = ""; if (!empty($_GET['id'])) { $query = "SELECT thanksMSG FROM " . DBPREFIX . "module_survey_surveygroup WHERE id='" . contrexx_input2raw($_GET['id']) . "'"; } else { $query = "SELECT thanksMSG FROM " . DBPREFIX . "module_survey_surveygroup WHERE isHomeBox='1'"; } $objResult = $objDatabase->Execute($query); if (!empty($objResult->fields['thanksMSG'])) { $thanksMSG = $objResult->fields['thanksMSG']; } //Query to get the Question and answer details. // Static Place holders for labels $this->_objTpl->setVariable(array('THANKS_MSG' => contrexx_remove_script_tags($thanksMSG), 'TXT_SURVEY_OK_TXT' => '<a href="index.php?section=Survey&cmd=activesurveys"><input type="submit" name="submit_survey" value="' . $_ARRAYLANG['TXT_SURVEY_OK_TXT'] . '" > </a>')); }