/** * This action handles the feed configuration page. * * It displays the feed configuration page. * If this action is reached through a POST request, it stores all new * configuraiton values then sends a notification to the user. * * The options available on the page are: * - name * - description * - website URL * - feed URL * - category id (default: default category id) * - CSS path to article on website * - display in main stream (default: 0) * - HTTP authentication * - number of article to retain (default: -2) * - refresh frequency (default: -2) * Default values are empty strings unless specified. */ public function feedAction() { if (Minz_Request::param('ajax')) { $this->view->_useLayout(false); } $feedDAO = FreshRSS_Factory::createFeedDao(); $this->view->feeds = $feedDAO->listFeeds(); $id = Minz_Request::param('id'); if ($id === false || !isset($this->view->feeds[$id])) { Minz_Error::error(404); return; } $this->view->feed = $this->view->feeds[$id]; Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · '); if (Minz_Request::isPost()) { $user = Minz_Request::param('http_user', ''); $pass = Minz_Request::param('http_pass', ''); $httpAuth = ''; if ($user != '' || $pass != '') { $httpAuth = $user . ':' . $pass; } $cat = intval(Minz_Request::param('category', 0)); $values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)), 'ttl' => intval(Minz_Request::param('ttl', -2))); invalidateHttpCache(); $url_redirect = array('c' => 'subscription', 'params' => array('id' => $id)); if ($feedDAO->updateFeed($id, $values) !== false) { $this->view->feed->_category($cat); $this->view->feed->faviconPrepare(); Minz_Request::good(_t('feedback.sub.feed.updated'), $url_redirect); } else { Minz_Request::bad(_t('feedback.sub.feed.error'), $url_redirect); } } }
public function index($pageSlug = false) { list($pageId, $slug) = explode('-', trim($pageSlug)); if (!is_numeric($pageId)) { $this->redirect(URL("")); } $page = $this->model()->getById((int) $pageId); // Stop here with a 404 header if the page wasn't found. if (!$page) { $this->render404(T("message.pageNotFound"), true); return false; } elseif (!ET::$session->userId and $page['hideFromGuests']) { $this->render404(T("message.pageNotFound"), true); return false; } $this->title = $page["title"]; if (strlen($page['content']) > 155) { $description = substr($page['content'], 0, 155) . " ..."; $description = str_replace(array("\n\n", "\n"), " ", $description); } else { $description = $page["content"]; } $this->addToHead("<meta name='description' content='" . sanitizeHTML($description) . "'>"); $this->data("page", $page); $this->render($this->plugin()->getView("page")); }
/** * Format an attachment to be outputted on the page, either in the attachment list * at the bottom of the post or embedded inside the post. * * @param array $attachment The attachment details. * @param bool $expanded Whether or not the attachment should be displayed in its * full form (i.e. whether or not the attachment is embedded in the post.) * @return string The HTML to output. */ function formatAttachment($attachment, $expanded = false) { $extension = strtolower(pathinfo($attachment["filename"], PATHINFO_EXTENSION)); $url = URL("attachment/" . $attachment["attachmentId"] . "_" . $attachment["filename"]); $filename = sanitizeHTML($attachment["filename"]); $displayFilename = ET::formatter()->init($filename)->highlight(ET::$session->get("highlight"))->get(); // For images, either show them directly or show a thumbnail. if (in_array($extension, array("jpg", "jpeg", "png", "gif"))) { if ($expanded) { return "<span class='attachment attachment-image'><img src='" . $url . "' alt='" . $filename . "' title='" . $filename . "'></span>"; } else { return "<a href='" . $url . "' class='' target='_blank'><img src='" . URL("attachment/thumb/" . $attachment["attachmentId"]) . "' alt='" . $filename . "' title='" . $filename . "'></a>"; } } // Embed video. if (in_array($extension, array("mp4", "mov", "mpg", "avi", "m4v")) and $expanded) { return "<video width='400' height='225' controls><source src='" . $url . "'></video>"; } // Embed audio. if (in_array($extension, array("mp3", "mid", "wav")) and $expanded) { return "<audio controls><source src='" . $url . "'></video>"; } $icons = array("pdf" => "file-text-alt", "doc" => "file-text-alt", "docx" => "file-text-alt", "zip" => "archive", "rar" => "archive", "gz" => "archive"); $icon = isset($icons[$extension]) ? $icons[$extension] : "file"; return "<a href='" . $url . "' class='attachment' target='_blank'><i class='icon-{$icon}'></i><span class='filename'>" . $displayFilename . "</span></a>"; }
/** * Initialize the formatter with a content string on which all subsequent operations will be performed. * * @param string $content The content string. * @param bool $sanitize Whether or not to sanitize HTML in the content. * @return ETFormat */ public function init($content, $sanitize = true) { // Clean up newline characters - make sure the only ones we are using are \n! $content = strtr($content, array("\r\n" => "\n", "\r" => "\n")) . "\n"; // Set the content, and sanitize if necessary. $this->content = $sanitize ? sanitizeHTML($content) : $content; return $this; }
function processRecaptchaField($form, $key, &$data) { // Declare the response var. $resp = null; // Sanatize the $_POST data. $gRecaptchaResponse = sanitizeHTML($_POST["g-recaptcha-response"]); // Check for reCaptcha. $recaptcha = new \ReCaptcha\ReCaptcha(C('plugin.reCAPTCHA.secretkey')); $resp = $recaptcha->verify($gRecaptchaResponse, $_SERVER["REMOTE_ADDR"]); // If no valid captcha is submitted, show them an error. if (!$resp->isSuccess()) { $form->error("recaptcha", T("message.invalidCAPTCHA")); } }
public function feedAction() { $catDAO = new FreshRSS_CategoryDAO(); $this->view->categories = $catDAO->listCategories(false); $feedDAO = new FreshRSS_FeedDAO(); $this->view->feeds = $feedDAO->listFeeds(); $id = Minz_Request::param('id'); if ($id == false && !empty($this->view->feeds)) { $id = current($this->view->feeds)->id(); } $this->view->flux = false; if ($id != false) { $this->view->flux = $this->view->feeds[$id]; if (!$this->view->flux) { Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found')))); } else { if (Minz_Request::isPost() && $this->view->flux) { $user = Minz_Request::param('http_user', ''); $pass = Minz_Request::param('http_pass', ''); $httpAuth = ''; if ($user != '' || $pass != '') { $httpAuth = $user . ':' . $pass; } $cat = intval(Minz_Request::param('category', 0)); $values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2))); if ($feedDAO->updateFeed($id, $values)) { $this->view->flux->_category($cat); $this->view->flux->faviconPrepare(); $notif = array('type' => 'good', 'content' => Minz_Translate::t('feed_updated')); } else { $notif = array('type' => 'bad', 'content' => Minz_Translate::t('error_occurred_update')); } invalidateHttpCache(); Minz_Session::_param('notification', $notif); Minz_Request::forward(array('c' => 'configure', 'a' => 'feed', 'params' => array('id' => $id)), true); } Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' — ' . $this->view->flux->name() . ' · '); } } else { Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' · '); } }
} /** * Default master view. Displays a HTML template with a header and footer. * * @package esoTalk */ ?> <!DOCTYPE html> <html> <head> <meta charset='<?php echo T("charset", "utf-8"); ?> '> <title><?php echo sanitizeHTML($data["pageTitle"]); ?> </title> <?php echo $data["head"]; ?> <link rel="icon" type="image/png" href="<?php echo getResource("core/skin/favicon.png"); ?> "> +v<link rel="apple-touch-icon" href="<?php echo getResource("core/skin/apple-touch-icon.png"); ?> "> <link rel="apple-touch-icon" href="<?php echo getResource("core/skin/apple-touch-icon.png"); ?>
/** * Format post data into an array which can be used to display the post template view (conversation/post). * * @param array $post The post data. * @param array $conversation The details of the conversation which the post is in. * @return array A formatted array which can be used in the post template view. */ public function formatPostForTemplate($post, $conversation) { $canEdit = ET::postModel()->canEditPost($post, $conversation); $avatar = avatar($post); // Construct the post array for use in the post view (conversation/post). $formatted = array("id" => "p" . $post["postId"], "title" => memberLink($post["memberId"], $post["username"]), "avatar" => (!$post["deleteTime"] and $avatar) ? "<a href='" . URL(memberURL($post["memberId"], $post["username"])) . "'>{$avatar}</a>" : false, "class" => $post["deleteTime"] ? array("deleted") : array(), "info" => array(), "controls" => array(), "body" => !$post["deleteTime"] ? $this->displayPost($post["content"]) : false, "footer" => array(), "data" => array("id" => $post["postId"], "memberid" => $post["memberId"])); $date = smartTime($post["time"], true); // Add the date/time to the post info as a permalink. $formatted["info"][] = "<a href='" . URL(postURL($post["postId"])) . "' class='time' title='" . _strftime(T("date.full"), $post["time"]) . "' data-timestamp='" . $post["time"] . "'>" . (!empty($conversation["searching"]) ? T("Show in context") : $date) . "</a>"; // If the post isn't deleted, add a lot of stuff! if (!$post["deleteTime"]) { // Add the user's online status / last action next to their name. if (empty($post["preferences"]["hideOnline"])) { $lastAction = ET::memberModel()->getLastActionInfo($post["lastActionTime"], $post["lastActionDetail"]); if ($lastAction[0]) { $lastAction[0] = " (" . sanitizeHTML($lastAction[0]) . ")"; } if ($lastAction) { array_unshift($formatted["info"], "<" . (!empty($lastAction[1]) ? "a href='{$lastAction[1]}'" : "span") . " class='online' title='" . T("Online") . "{$lastAction[0]}'><i class='icon-circle'></i></" . (!empty($lastAction[1]) ? "a" : "span") . ">"); } } // Show the user's group type. $formatted["info"][] = "<span class='group'>" . memberGroup($post["account"], $post["groups"]) . "</span>"; $formatted["class"][] = "group-" . $post["account"]; foreach ($post["groups"] as $k => $v) { if ($k) { $formatted["class"][] = "group-" . $k; } } // If the post has been edited, show the time and by whom next to the controls. if ($post["editMemberId"]) { $formatted["controls"][] = "<span class='editedBy'>" . sprintf(T("Edited %s by %s"), "<span title='" . _strftime(T("date.full"), $post["editTime"]) . "' data-timestamp='" . $post["editTime"] . "'>" . relativeTime($post["editTime"], true) . "</span>", memberLink($post["editMemberId"], $post["editMemberName"])) . "</span>"; } // If the user can reply, add a quote control. if ($conversation["canReply"]) { $formatted["controls"][] = "<a href='" . URL(conversationURL($conversation["conversationId"], $conversation["title"]) . "/?quote=" . $post["postId"] . "#reply") . "' title='" . T("Quote") . "' class='control-quote'><i class='icon-quote-left'></i></a>"; } // If the user can edit the post, add edit/delete controls. if ($canEdit) { $formatted["controls"][] = "<a href='" . URL("conversation/editPost/" . $post["postId"]) . "' title='" . T("Edit") . "' class='control-edit'><i class='icon-edit'></i></a>"; $formatted["controls"][] = "<a href='" . URL("conversation/deletePost/" . $post["postId"] . "?token=" . ET::$session->token) . "' title='" . T("Delete") . "' class='control-delete'><i class='icon-remove'></i></a>"; } elseif (!$conversation["locked"] && !ET::$session->isSuspended() && $post["memberId"] == ET::$session->userId && (!$post["deleteMemberId"] || $post["deleteMemberId"] == ET::$session->userId) && C("esoTalk.conversation.editPostTimeLimit") == "reply") { $formatted["controls"][] = "<span title='" . sanitizeHTML(T("message.cannotEditSinceReply")) . "' class='control-edit disabled'><i class='icon-edit'></i></span>"; $formatted["controls"][] = "<span title='" . sanitizeHTML(T("message.cannotEditSinceReply")) . "' class='control-delete disabled'><i class='icon-remove'></i></span>"; } } else { // Add the "deleted by" information. if ($post["deleteMemberId"]) { $formatted["controls"][] = "<span>" . sprintf(T("Deleted %s by %s"), "<span title='" . _strftime(T("date.full"), $post["deleteTime"]) . "' data-timestamp='" . $post["deleteTime"] . "'>" . relativeTime($post["deleteTime"], true) . "</span>", memberLink($post["deleteMemberId"], $post["deleteMemberName"])) . "</span>"; } // If the user can edit the post, add a restore control. if ($canEdit) { $formatted["controls"][] = "<a href='" . URL("conversation/restorePost/" . $post["postId"] . "?token=" . ET::$session->token) . "' title='" . T("Restore") . "' class='control-restore'><i class='icon-reply'></i></a>"; } } $this->trigger("formatPostForTemplate", array(&$formatted, $post, $conversation)); return $formatted; }
* Displays the conversation list, including the filter area (search form, gambits, and channel breadcrumb.) * * @package esoTalk */ ?> <div id='conversationsFilter' class='bodyHeader'> <form class='search big' id='search' action='<?php echo URL("conversations/" . $data["channelSlug"]); ?> ' method='get'> <fieldset> <i class='icon-search'></i> <input name='search' type='text' class='text' value='<?php echo sanitizeHTML($data["searchString"]); ?> ' spellcheck='false' placeholder='<?php echo T("Search conversations..."); ?> ' style="margin-bottom: 3px;"/> <a class='control-reset' href='<?php echo URL("conversations/" . $data["channelSlug"]); ?> ' style="visibility: hidden;"><i class='icon-remove'></i></a> </fieldset> </form> <ul id='channels' class='channels tabs'> <li class='channelListItem'><a href='<?php echo URL("channels");
)"><?php print $_LANG['send_pm']; ?> </a></td> </tr> <tr> <td class="userinfoentry">.</td> <td class="userinfoentry" style="text-align: right"> <a href="<?php print BASEDIR; ?> messagesByUser.<?php print PHPEXT; ?> ?user_id=<?php print $id; ?> "><?php print $_LANG['messages_by_user'] . sanitizeHTML($user[0]['username']); ?> </a></td> </tr> </table> <?php require_once ABSOLUTE_BASEPATH . '/footer.' . PHPEXT; ?>
public function handler_format_format($sender) { $from = $to = array(); foreach ($this->icons as $k => $v) { $quoted = preg_quote(sanitizeHTML($k), "/"); $from[] = "/(?<=^|[\\s.,!<>]){$quoted}(?=[\\s.,!<>)]|\$)/i"; $to[] = "<span class='emoticon' style='{$v}'>{$k}</span>"; } $sender->content = preg_replace($from, $to, $sender->content); }
<div class='col-member'> <?php echo avatar($member, "thumb"); ?> <strong><?php echo memberLink($member["memberId"], $member["username"]); ?> </strong> <?php // Online indicator. if (empty($member["preferences"]["hideOnline"])) { $lastAction = ET::memberModel()->getLastActionInfo($member["lastActionTime"], $member["lastActionDetail"]); if ($lastAction) { echo "<" . (!empty($lastAction[1]) ? "a href='{$lastAction[1]}'" : "span") . " class='online' title='" . T("Online") . ($lastAction[0] ? " (" . sanitizeHTML($lastAction[0]) . ")" : "") . "'><i class='icon-circle'></i></" . (!empty($lastAction[1]) ? "a" : "span") . ">"; } } ?> <span class='group subText'><?php echo memberGroup($member["account"], $member["groups"]); ?> </span> </div> <div class='col-lastActive'> <span class='subText'><?php printf(T("Last active %s"), empty($member["preferences"]["hideOnline"]) ? "<span title='" . date(T("date.full"), $member["lastActionTime"]) . "'>" . relativeTime($member["lastActionTime"], true) . "</span>" : "[" . T("hidden") . "]"); ?>
* @package esoTalk */ $conversation = $data["conversation"]; ?> <ul class='channels tabs'> <li class='pathItem selected pathEnd'> <?php foreach ($conversation["channelPath"] as $channel) { ?> <a href='<?php echo URL("conversations/" . $channel["slug"]); ?> ' data-channel='<?php echo $channel["slug"]; ?> ' title='<?php echo sanitizeHTML(strip_tags($channel["description"])); ?> ' class='channel channel-<?php echo $channel["channelId"]; ?> '><?php echo $channel["title"]; ?> </a> <?php } ?> </li> </ul>
/** * Display a list of conversations, optionally filtered by channel(s) and a search string. * * @return void */ public function action_index($channelSlug = false) { if (!$this->allowed()) { return; } list($channelInfo, $currentChannels, $channelIds, $includeDescendants) = $this->getSelectedChannels($channelSlug); // Now we need to construct some arrays to determine which channel "tabs" to show in the view. // $channels is a list of channels with the same parent as the current selected channel(s). // $path is a breadcrumb trail to the depth of the currently selected channel(s). $channels = array(); $path = array(); // Work out what channel we will use as the "parent" channel. This will be the last item in $path, // and its children will be in $channels. $curChannel = false; // If channels have been selected, use the first of them. if (count($currentChannels)) { $curChannel = $channelInfo[$currentChannels[0]]; } // If the currently selected channel has no children, or if we're not including descendants, use // its parent as the parent channel. if ($curChannel and $curChannel["lft"] >= $curChannel["rgt"] - 1 or !$includeDescendants) { $curChannel = @$channelInfo[$curChannel["parentId"]]; } // If no channel is selected, make a faux parent channel. if (!$curChannel) { $curChannel = array("lft" => 0, "rgt" => PHP_INT_MAX, "depth" => -1); } // Now, finally, go through all the channels and add ancestors of the "parent" channel to the $path, // and direct children to the list of $channels. Make sure we don't include any channels which // the user has unsubscribed to. foreach ($channelInfo as $channel) { if ($channel["lft"] > $curChannel["lft"] and $channel["rgt"] < $curChannel["rgt"] and $channel["depth"] == $curChannel["depth"] + 1 and empty($channel["unsubscribed"])) { $channels[] = $channel; } elseif ($channel["lft"] <= $curChannel["lft"] and $channel["rgt"] >= $curChannel["rgt"]) { $path[] = $channel; } } // Store the currently selected channel in the session, so that it can be automatically selected // if "New conversation" is clicked. if (!empty($currentChannels)) { ET::$session->store("searchChannelId", $currentChannels[0]); } // Get the search string request value. $searchString = R("search"); // Last, but definitely not least... perform the search! $search = ET::searchModel(); $conversationIDs = $search->getConversationIDs($channelIds, $searchString, count($currentChannels) or !ET::$session->userId); // If this page was originally accessed at conversations/markAsRead/all?search=whatever (the // markAsRead method simply calls the index method), then mark the results as read. if ($this->controllerMethod == "markasread" and ET::$session->userId) { ET::conversationModel()->markAsRead($conversationIDs, ET::$session->userId); } $results = $search->getResults($conversationIDs); // Were there any errors? Show them as messages. if ($search->errorCount()) { $this->messages($search->errors(), "warning dismissable"); } else { $this->highlight($search->fulltext); } // Pass on a bunch of data to the view. $this->data("results", $results); $this->data("limit", $search->limit); $this->data("showViewMoreLink", $search->areMoreResults()); $this->data("channelPath", $path); $this->data("channelTabs", $channels); $this->data("currentChannels", $currentChannels); $this->data("channelInfo", $channelInfo); $this->data("channelSlug", $channelSlug = $channelSlug ? $channelSlug : "all"); $this->data("searchString", $searchString); $this->data("fulltextString", implode(" ", $search->fulltext)); // Construct a canonical URL and add to the breadcrumb stack. $slugs = array(); foreach ($currentChannels as $channel) { $slugs[] = $channelInfo[$channel]["slug"]; } $url = "conversations/" . urlencode(($k = implode(" ", $slugs)) ? $k : "all") . ($searchString ? "?search=" . urlencode($searchString) : ""); $this->pushNavigation("conversations", "search", URL($url)); $this->canonicalURL = URL($url, true); // If we're loading the page in full... if ($this->responseType === RESPONSE_TYPE_DEFAULT) { // Update the user's last action. ET::memberModel()->updateLastAction("search"); // Add a link to the RSS feed in the bar. // $this->addToMenu("meta", "feed", "<a href='".URL(str_replace("conversations/", "conversations/index.atom/", $url))."' id='feed'>".T("Feed")."</a>"); $controls = ETFactory::make("menu"); // Mark as read controls if (ET::$session->user) { $controls->add("markAllAsRead", "<a href='" . URL("conversations/markAllAsRead/?token=" . ET::$session->token . "' id='control-markAllAsRead'><i class='icon-check'></i> " . T("Mark all as read") . "</a>")); $controls->add("markListedAsRead", "<a href='" . URL("conversations/{$channelSlug}/?search=" . urlencode($searchString) . "&markAsRead=1&token=" . ET::$session->token . "' id='control-markListedAsRead'><i class='icon-list'></i> " . T("Mark listed as read") . "</a>")); } // Add the default gambits to the gambit cloud: gambit text => css class to apply. $gambits = array("main" => array(T("gambit.sticky") => array("gambit-sticky", "icon-pushpin")), "time" => array(T("gambit.order by newest") => array("gambit-orderByNewest", "icon-list-ol"), T("gambit.active last ? hours") => array("gambit-activeLastHours", "icon-time"), T("gambit.active last ? days") => array("gambit-activeLastDays", "icon-calendar"), T("gambit.active today") => array("gambit-activeToday", "icon-asterisk"), T("gambit.dead") => array("gambit-dead", "icon-remove"), T("gambit.locked") => array("gambit-locked", "icon-lock")), "member" => array(T("gambit.author:") . T("gambit.member") => array("gambit-author", "icon-user"), T("gambit.contributor:") . T("gambit.member") => array("gambit-contributor", "icon-user")), "replies" => array(T("gambit.has replies") => array("gambit-hasReplies", "icon-comment"), T("gambit.has >10 replies") => array("gambit-replies", "icon-comments"), T("gambit.order by replies") => array("gambit-orderByReplies", "icon-list-ol")), "text" => array(T("gambit.title:") . " ?" => array("gambit-title", "icon-font")), "misc" => array(T("gambit.random") => array("gambit-random", "icon-random"), T("gambit.reverse") => array("gambit-reverse", "icon-exchange"))); // Add some more personal gambits if there is a user logged in. if (ET::$session->user) { addToArrayString($gambits["main"], T("gambit.private"), array("gambit-private", "icon-envelope-alt"), 1); addToArrayString($gambits["main"], T("gambit.starred"), array("gambit-starred", "icon-star"), 2); addToArrayString($gambits["main"], T("gambit.draft"), array("gambit-draft", "icon-pencil"), 3); addToArrayString($gambits["main"], T("gambit.ignored"), array("gambit-ignored", "icon-eye-close"), 4); addToArrayString($gambits["time"], T("gambit.unread"), array("gambit-unread", "icon-inbox"), 0); addToArrayString($gambits["member"], T("gambit.author:") . T("gambit.myself"), array("gambit-authorMyself", "icon-smile"), 0); addToArrayString($gambits["member"], T("gambit.contributor:") . T("gambit.myself"), array("gambit-contributorMyself", "icon-smile"), 2); } $this->trigger("constructGambitsMenu", array(&$gambits)); // Construct the gambits menu based on the above arrays. $gambitsMenu = ETFactory::make("menu"); $linkPrefix = "conversations/" . $channelSlug . "/?search=" . urlencode(!empty($searchString) ? $searchString . " + " : ""); foreach ($gambits as $section => $items) { foreach ($items as $gambit => $classes) { $gambitsMenu->add($classes[0], "<a href='" . URL($linkPrefix . urlencode("#" . $gambit)) . "' class='{$classes[0]}' data-gambit='{$gambit}'>" . (!empty($classes[1]) ? "<i class='{$classes[1]}'></i> " : "") . "{$gambit}</a>"); } end($gambits); if ($section !== key($gambits)) { $gambitsMenu->separator(); } } $this->data("controlsMenu", $controls); $this->data("gambitsMenu", $gambitsMenu); // Construct a list of keywords to use in the meta tags. $keywords = array(); foreach ($channelInfo as $c) { if ($c["depth"] == 0) { $keywords[] = strtolower($c["title"]); } } // Add meta tags to the header. $this->addToHead("<meta name='keywords' content='" . sanitizeHTML(($k = C("esoTalk.meta.keywords")) ? $k : implode(",", $keywords)) . "'>"); $lastKeyword = reset(array_splice($keywords, count($keywords) - 1, 1)); $this->addToHead("<meta name='description' content='" . sanitizeHTML(($d = C("esoTalk.meta.description")) ? $d : sprintf(T("forumDescription"), C("esoTalk.forumTitle"), implode(", ", $keywords), $lastKeyword)) . "'>"); // If this is not technically the homepage (if it's a search page) the we don't want it to be indexed. if ($searchString) { $this->addToHead("<meta name='robots' content='noindex, noarchive'>"); } // Add JavaScript language definitions and variables. $this->addJSLanguage("Starred", "Unstarred", "gambit.member", "gambit.more results", "Filter conversations", "Jump to last"); $this->addJSVar("searchUpdateInterval", C("esoTalk.search.updateInterval")); $this->addJSVar("currentSearch", $searchString); $this->addJSVar("currentChannels", $currentChannels); $this->addJSFile("core/js/lib/jquery.cookie.js"); $this->addJSFile("core/js/autocomplete.js"); $this->addJSFile("core/js/search.js"); // Add an array of channels in the form slug => id for the JavaScript to use. $channels = array(); foreach ($channelInfo as $id => $c) { $channels[$id] = $c["slug"]; } $this->addJSVar("channels", $channels); // Get a bunch of statistics... $queries = array("post" => ET::SQL()->select("COUNT(*)")->from("post")->get(), "conversation" => ET::SQL()->select("COUNT(*)")->from("conversation")->get(), "member" => ET::SQL()->select("COUNT(*)")->from("member")->get()); $sql = ET::SQL(); foreach ($queries as $k => $query) { $sql->select("({$query}) AS {$k}"); } $stats = $sql->exec()->firstRow(); // ...and show them in the footer. foreach ($stats as $k => $v) { $stat = Ts("statistic.{$k}", "statistic.{$k}.plural", number_format($v)); if ($k == "member" and (C("esoTalk.members.visibleToGuests") or ET::$session->user)) { $stat = "<a href='" . URL("members") . "'>{$stat}</a>"; } $this->addToMenu("statistics", "statistic-{$k}", $stat, array("before" => "statistic-online")); } $this->render("conversations/index"); } elseif ($this->responseType === RESPONSE_TYPE_VIEW) { $this->render("conversations/results"); } elseif ($this->responseType === RESPONSE_TYPE_AJAX) { $this->json("channels", $this->getViewContents("channels/tabs", $this->data)); $this->render("conversations/results"); } elseif ($this->responseType === RESPONSE_TYPE_JSON) { $this->json("results", $results); $this->render(); } }
?> <div class='col-conversation'><?php $conversationURL = conversationURL($conversation["conversationId"], $conversation["title"]); // Output the conversation's labels. echo "<span class='labels'>"; foreach ($conversation["labels"] as $label) { echo label($label, $label == "draft" ? URL($conversationURL . "#reply") : ""); } echo "</span> "; // Output the conversation title, highlighting search keywords. echo "<strong class='title'><a href='" . URL($conversationURL . ((ET::$session->user and $conversation["unread"]) ? "/unread" : "")) . "'>"; if (SWC_MAIN_THUMB_DISPLAY && $menuImgUrl) { // メニュー画像サムネイル出力 echo "<img src='" . $menuImgUrl . "' width='28' height='20' alt='' title=''>"; } echo highlight(sanitizeHTML($conversation["title"]), ET::$session->get("highlight")) . "</a></strong> "; // If we're highlighting search terms (i.e. if we did a fulltext search), then output a "show matching posts" link. if (ET::$session->get("highlight")) { echo "<span class='controls'><a href='" . URL($conversationURL . "/?search=" . urlencode($data["fulltextString"])) . "' class='showMatchingPosts'>" . T("Show matching posts") . "</a></span>"; } // If this conversation is stickied, output an excerpt from its first post. if ($conversation["sticky"]) { echo "<div class='excerpt'>" . ET::formatter()->init($conversation["firstPost"])->inline(true)->firstLine()->clip(200)->format()->get() . "</div>"; } ?> </div> <div class='col-channel'><?php $channel = $data["channelInfo"][$conversation["channelId"]]; echo "<a href='" . URL(searchURL("", $channel["slug"])) . "' class='channel channel-{$conversation["channelId"]}' data-channel='{$channel["slug"]}'>{$channel["title"]}</a>"; ?> </div>
/** * Render the debug area at the bottom of the page. * * @return void */ function handler_pageEnd($sender) { // Don't proceed if the user is not permitted to see the debug information! //if (!ET::$session->isAdmin()) return; // Stop the page loading timer. $end = microtime(true); $time = round($end - PAGE_START_TIME, 4); // Output the debug area. echo "<div id='debug'>\n\t<div id='debugHdr'><h2>" . sprintf(T("Page loaded in %s seconds"), $time) . "</h2></div>"; // Include the geshi library so we can syntax-highlight MySQL queries. include "geshi/geshi.php"; echo "<h3><a href='#' onclick='\$(\"#debugQueries\").slideToggle(\"fast\");return false'>" . T("MySQL queries") . " (<span id='debugQueriesCount'>" . count($this->queries) . "</span>)</a></h3>\n\t\t<div id='debugQueries' class='section'>"; foreach ($this->queries as $query) { $geshi = new GeSHi(trim($query[0]), "mysql"); $geshi->set_header_type(GESHI_HEADER_PRE); echo "<div><strong>" . $query[2] . "</strong> <span class='queryTime subText" . ($query[1] > 0.5 ? " warning" : "") . "'>" . $query[1] . "s</span>" . $geshi->parse_code() . "</div>"; } $this->queries = array(); // Output POST + GET + FILES information. echo "</div>\n\t\t<h3><a href='#' onclick='\$(\"#debugPostGetFiles\").slideToggle(\"fast\");return false'>" . T("POST + GET + FILES information") . "</a></h3>\n\t\t<div id='debugPostGetFiles' class='section'>\n\t\t<p style='white-space:pre' class='fixed' id='debugPost'>\$_POST = "; echo sanitizeHTML(print_r($_POST, true)); echo "</p><p style='white-space:pre' class='fixed' id='debugGet'>\$_GET = "; echo sanitizeHTML(print_r($_GET, true)); echo "</p><p style='white-space:pre' class='fixed' id='debugFiles'>\$_FILES = "; echo sanitizeHTML(print_r($_FILES, true)); echo "</p>\n\t\t</div>"; // Output SESSION + COOKIE information. echo "<h3><a href='#' onclick='\$(\"#debugSessionCookie\").slideToggle(\"fast\");return false'>" . T("SESSION + COOKIE information") . "</a></h3>\n\t\t<div id='debugSessionCookie' class='section'><p style='white-space:pre' class='fixed' id='debugSession'>\$_SESSION = "; echo sanitizeHTML(print_r($_SESSION, true)); echo "</p><p style='white-space:pre' class='fixed' id='debugCookie'>\$_COOKIE = "; echo sanitizeHTML(print_r($_COOKIE, true)); echo "</p></div>"; // Hide all panels by default. echo "<script>\n\t\t\$(function() {\n\t\t\t\$('#debug .section').hide();\n\t\t});\n\t\t</script>"; }
if (count($data["members"])) { ?> <div class='section' id='onlineList'> <ul class='list'> <?php foreach ($data["members"] as $member) { ?> <li> <span class='action'> <?php echo avatar($member["memberId"], $member["avatarFormat"], "thumb"), " ", memberLink($member["memberId"], $member["username"]), " "; $action = ET::memberModel()->getLastActionInfo($member["lastActionTime"], $member["lastActionDetail"]); if ($action[0]) { printf(T("is %s"), (!empty($action[1]) ? "<a href='{$action[1]}'>" : "") . lcfirst(sanitizeHTML($action[0])) . (!empty($action[1]) ? "</a>" : "")); } ?> </span> </li> <?php } ?> </ul> </div> <?php // Otherwise, display a 'no members online' message. } else { ?>
/** * Displays a sheet to delete a channel. * * @package esoTalk */ $channel = $data["channel"]; $form = $data["form"]; ?> <div class='sheet' id='deleteChannelSheet'> <div class='sheetContent'> <h3><?php echo T("Delete Channel"); ?> : <?php echo sanitizeHTML($channel["title"]); ?> </h3> <?php echo $form->open(); ?> <div class='section form'> <p class='help'><?php echo T("message.deleteChannelHelp"); ?> </p> <p class='radio'>
while (($file = readdir($dir2)) && !$theme_ok) { if ($file == 'style.css') { $theme_ok = true; } } closedir($dir2); } } if ($theme_ok) { ?> <option value="<?php print sanitizeHTML($theme); ?> "><?php print sanitizeHTML($theme); ?> </option> <?php } } ?> </select> </td> </tr> <?php closedir($dir); }
/** * Returns a formatted email subject+body for the "post" activity type. * * @see mentionEmail() for parameter and return information. */ public static function postEmail($item, $member) { $content = ET::formatter()->init($item["data"]["content"])->format()->get(); $url = URL(conversationURL($item["data"]["conversationId"], $item["data"]["title"]) . "/unread", true); return array(sprintf(T("email.post.subject"), $item["data"]["title"]), sprintf(T("email.post.body"), name($item["fromMemberName"]), sanitizeHTML($item["data"]["title"]), $content, "<a href='{$url}'>{$url}</a>")); }
<?php // Title ?> <h1 id='conversationTitle'><?php if ($conversation["canModerate"] or $conversation["startMemberId"] == ET::$session->userId) { ?> <a href='<?php echo URL("conversation/edit/" . $conversation["conversationId"]); ?> '><?php echo sanitizeHTML($conversation["title"]); ?> </a><?php } else { echo sanitizeHTML($conversation["title"]); } ?> </h1> <?php // Channel $this->renderView("conversation/channelPath", array("conversation" => $conversation)); // Labels ?> <span class='labels'> <?php $this->renderView("conversation/labels", array("labels" => $conversation["labels"])); ?> </span> </div>
if ($_POST['username'] && $_POST['password']) { $db = new nullBB_Database($_CONF, $_LANG); $user = sanitizeQuery($_POST['username']); $res = $db->query('select * from ' . $_CONF['dbprefix'] . "users where username='******' " . "and user_password='******'password'])) . "'"); if (empty($res)) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['wrong_user_pass'], $_SERVER['HTTP_REFERER'], 3); die; } else { if ($res[0]['user_group'] > USERLEV_ADMIN) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'] . ' -> ' . $res[0]['user_group'], $_SERVER['HTTP_REFERER'], 3); die; } setcookie('admin_sid', sha1(md5($res[0]['username'] . $res[0]['user_password']))); $user = sanitizeHTML($user); notification($_LANG['login_ok'] . ' ' . $user, $_SERVER['HTTP_REFERER'], 3); exit(0); } } if (!$session->logged) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } if ($userinfo['user_group'] > USERLEV_ADMIN || $userinfo['user_disabled']) { require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT; notification($_LANG['insufficient_privileges'], $_SERVER['HTTP_REFERER'], 3); die; } if (!$_COOKIE['admin_sid'] || $_COOKIE['admin_sid'] != sha1(md5($userinfo['username'] . $userinfo['user_password']))) {
public function handler_format_format($sender) { $styles = array(); $styles[":)"] = "background-position:0 0"; $styles["=)"] = "background-position:0 0"; $styles[":D"] = "background-position:0 -20px"; $styles["=D"] = "background-position:0 -20px"; $styles["^_^"] = "background-position:0 -40px"; $styles["^^"] = "background-position:0 -40px"; $styles[":("] = "background-position:0 -60px"; $styles["=("] = "background-position:0 -60px"; $styles["-_-"] = "background-position:0 -80px"; $styles[";)"] = "background-position:0 -100px"; $styles["^_-"] = "background-position:0 -100px"; $styles["~_-"] = "background-position:0 -100px"; $styles["-_^"] = "background-position:0 -100px"; $styles["-_~"] = "background-position:0 -100px"; $styles["^_^;"] = "background-position:0 -120px; width:18px"; $styles["^^;"] = "background-position:0 -120px; width:18px"; $styles[">_<"] = "background-position:0 -140px"; $styles[":/"] = "background-position:0 -160px"; $styles["=/"] = "background-position:0 -160px"; $styles[":\\"] = "background-position:0 -160px"; $styles["=\\"] = "background-position:0 -160px"; $styles[":x"] = "background-position:0 -180px"; $styles["=x"] = "background-position:0 -180px"; $styles[":|"] = "background-position:0 -180px"; $styles["=|"] = "background-position:0 -180px"; $styles["'_'"] = "background-position:0 -180px"; $styles["<_<"] = "background-position:0 -200px"; $styles[">_>"] = "background-position:0 -220px"; $styles["x_x"] = "background-position:0 -240px"; $styles["o_O"] = "background-position:0 -260px"; $styles["O_o"] = "background-position:0 -260px"; $styles["o_0"] = "background-position:0 -260px"; $styles["0_o"] = "background-position:0 -260px"; $styles[";_;"] = "background-position:0 -280px"; $styles[":'("] = "background-position:0 -280px"; $styles[":O"] = "background-position:0 -300px"; $styles["=O"] = "background-position:0 -300px"; $styles[":o"] = "background-position:0 -300px"; $styles["=o"] = "background-position:0 -300px"; $styles[":P"] = "background-position:0 -320px"; $styles["=P"] = "background-position:0 -320px"; $styles[";P"] = "background-position:0 -320px"; $styles[":["] = "background-position:0 -340px"; $styles["=["] = "background-position:0 -340px"; $styles[":3"] = "background-position:0 -360px"; $styles["=3"] = "background-position:0 -360px"; $styles["._.;"] = "background-position:0 -380px; width:18px"; $styles["<(^.^)>"] = "background-position:0 -400px; width:19px"; $styles["(>'.')>"] = "background-position:0 -400px; width:19px"; $styles["(>^.^)>"] = "background-position:0 -400px; width:19px"; $styles["-_-;"] = "background-position:0 -420px; width:18px"; $styles["(o^_^o)"] = "background-position:0 -440px"; $styles["(^_^)/"] = "background-position:0 -460px; width:19px"; $styles[">:("] = "background-position:0 -480px"; $styles[">:["] = "background-position:0 -480px"; $styles["._."] = "background-position:0 -500px"; $styles["T_T"] = "background-position:0 -520px"; $styles["XD"] = "background-position:0 -540px"; $styles["('<"] = "background-position:0 -560px"; $styles["B)"] = "background-position:0 -580px"; $styles["XP"] = "background-position:0 -600px"; $styles[":S"] = "background-position:0 -620px"; $styles["=S"] = "background-position:0 -620px"; $styles[">:)"] = "background-position:0 -640px"; $styles[">:D"] = "background-position:0 -640px"; $from = $to = array(); foreach ($styles as $k => $v) { $quoted = preg_quote(sanitizeHTML($k), "/"); $from[] = "/(?<=^|[\\s.,!<>]){$quoted}(?=[\\s.,!<>)]|\$)/i"; $to[] = "<span class='emoticon' style='{$v}'>{$k}</span>"; } $sender->content = preg_replace($from, $to, $sender->content); }
?> '> <?php if (ET::$session->user) { ?> <div class='col-star'><?php echo star($conversation["conversationId"], $conversation["starred"]); ?> </div> <?php } ?> <div class='col-conversation'><?php $conversationURL = conversationURL($conversation["conversationId"], $conversation["title"]); // Output the conversation title, highlighting search keywords. echo "<strong class='title'><a href='" . URL($conversationURL . ((ET::$session->user and $conversation["unread"]) ? "/unread" : "")) . "'>" . highlight(sanitizeHTML($conversation["title"]), ET::$session->get("highlight")) . "</a></strong> "; // Output the conversation's labels. echo "<span class='labels'>"; foreach ($conversation["labels"] as $label) { if ($label == "draft") { echo "<a href='" . URL($conversationURL . "#reply") . "' class='label label-{$label}'>" . T("label.{$label}") . "</a> "; } else { echo "<span class='label label-{$label}'>" . T("label.{$label}") . "</span> "; } } echo "</span> "; // Output controls which apply to this conversation. echo "<span class='controls'>"; // If we're highlighting search terms (i.e. if we did a fulltext search), then output a "show matching posts" link. if (ET::$session->get("highlight")) { echo " <a href='" . URL($conversationURL . "/?search=" . urlencode($data["fulltextString"])) . "' class='showMatchingPosts'>" . T("Show matching posts") . "</a>";
<?php // Online indicator. if (empty($member["preferences"]["hideOnline"])) { $lastAction = ET::memberModel()->getLastActionInfo($member["lastActionTime"], $member["lastActionDetail"]); if ($lastAction) { echo "<" . (!empty($lastAction[1]) ? "a href='{$lastAction[1]}'" : "span") . " class='online' title='" . T("Online") . ($lastAction[0] ? " (" . sanitizeHTML($lastAction[0]) . ")" : "") . "'><i class='icon-circle'></i></" . (!empty($lastAction[1]) ? "a" : "span") . ">"; } } ?> <?php // Output the email if the viewer is an admin. if (ET::$session->isAdmin()) { ?> <p class='subText'><?php echo sanitizeHTML($member["email"]); ?> </p><?php } ?> <p id='memberGroup' class='subText'><?php echo memberGroup($member["account"], $member["groups"], true); ?> </p> <p id='memberLastActive' class='subText'><?php printf(T("Last active %s"), empty($member["preferences"]["hideOnline"]) ? "<span title='" . date(T("date.full"), $member["lastActionTime"]) . "'>" . relativeTime($member["lastActionTime"], true) . "</span>" : "[" . T("hidden") . "]"); ?> </p> </div>
/************************************************************************************************** * nullBB - Light CMS forum * * Copyright (C) 2009, BlackLight * * * * This program is free software: you can redistribute it and/or modify it under the terms of the * * GNU General Public License as published by the Free Software Foundation, either version 3 of * * the License, or (at your option) any later version. This program is distributed in the hope * * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * **************************************************************************************************/ require_once '../config.ini'; require_once ABSOLUTE_BASEPATH . '/db.' . PHPEXT; require_once ABSOLUTE_BASEPATH . '/utils.' . PHPEXT; if (!$_GET['user']) { die; } $db = new nullBB_Database($_CONF, $_LANG); $user = sanitizeQuery($_GET['user']); $user = str_replace('*', '%', $user); $res = $db->query("select user_id, username from " . $_CONF['dbprefix'] . 'users ' . "where username like '" . $user . "'"); if (empty($res)) { die; } foreach ($res as $row) { print getInt($row['user_id']) . ' # ' . sanitizeHTML($row['username']) . "\n"; } unset($res); $db->freeResult(); $db->close();
/** * Get the HTML that opens the form. Includes the <form> tag and any hidden inputs (a token one is * automatically included.) * * @return string */ public function open() { $this->addHidden("token", ET::$session->token); $hidden = ""; foreach ($this->hiddenInputs as $field) { $hidden .= "<input type='hidden' name='{$field}' value='" . htmlentities($this->getValue($field), ENT_QUOTES, "UTF-8") . "'/>\n"; } return "<form action='" . sanitizeHTML($this->action) . "' method='post' enctype='multipart/form-data'>\n" . $hidden; }
/** * Print HTML of text/html MIME entity * $param The body of a mime structure object */ function MsgBodyHtmlText($text) { echo sanitizeHTML($text); }
?> '> <?php if (ET::$session->user) { ?> <div class='col-star'><?php echo star($conversation["conversationId"], $conversation["starred"]); ?> </div> <?php } ?> <div class='col-conversation'><?php $conversationURL = conversationURL($conversation["conversationId"], $conversation["title"]); // Output the conversation title, highlighting search keywords. echo "<strong class='title'><a href='" . URL($conversationURL) . "'>" . highlight(sanitizeHTML($conversation["title"]), ET::$session->get("highlight")) . "</a></strong> "; // Output the conversation's labels. echo "<span class='labels'>"; foreach ($conversation["labels"] as $label) { echo "<span class='label label-{$label}'>" . T("label.{$label}") . "</span> "; } echo "</span> "; // Output an "unread indicator", showing the number of unread posts. if (ET::$session->user and $conversation["unread"]) { echo "<a href='" . URL("conversation/markAsRead/" . $conversation["conversationId"] . "?token=" . ET::$session->token . "&return=" . urlencode(ET::$controller->selfURL)) . "' class='unreadIndicator' title='" . T("Mark as read") . "'>" . $conversation["unread"] . "</a> "; } // Output controls which apply to this conversation. echo "<span class='controls'>"; // A Jump to last/unread link, depending on the user and the unread state. if (ET::$session->user and $conversation["unread"]) { echo "<a href='" . URL($conversationURL . "/unread") . "' class='jumpToUnread'>" . T("Jump to unread") . "</a>";
* they are in.) * * @package esoTalk */ $member = $data["member"]; $form = $data["form"]; ?> <div class='sheet' id='permissionsSheet'> <div class='sheetContent'> <?php echo $form->open(); ?> <h3><?php printf(T("Change %s's Permissions"), sanitizeHTML($member["username"])); ?> </h3> <div class='section' id='permissionForm'> <ul class='form'> <li><label><?php echo T("Account type"); ?> </label> <?php $options = array(); foreach ($data["accounts"] as $account) { $options[$account] = groupName($account); } echo $form->select("account", $options);