function linkenize($str) { $str = trim($str); $str = sanitize_html_string($str); $str = preg_replace('=([^\\s]*:\\/\\/)(www.)?([^<\\s]{0,60})([0-9;&#]*)([^<\\s]*)=', '<a href="http://\\2\\3\\4\\5" target=\'_new\'>\\1\\2\\3\\4..</a>', $str); return $str; }
$tpl->assign("theme", $theme); $tpl->assign("title", $title); $tpl->assign("headingtitletxt", $headingtitletxt); $tpl->assign("addentrytxt", $addentrytxt); $tpl->assign("viewguestbooktxt", $viewguestbooktxt); $tpl->assign("newpostfirsttxt", $newpostfirsttxt); $tpl->assign("newpostlasttxt", $newpostlasttxt); $tpl->assign("searchlabeltxt", $searchlabeltxt); $tpl->assign("searchbuttontxt", $searchbuttontxt); $tpl->assign("currentyear", date("Y")); $tpl->assign("goback", $goback); $search = sanitize_html_string($_POST['search_term']); $pageNum = sanitize_int($_GET['page'], 0, 9000); // Set Search Variables if ($search == "") { $search = sanitize_html_string($_GET['search_term']); } if ($pageNum == "") { $pageNum = 0; } // If no search term then exit if ($search == "") { $tpl->assign("error_msg", $msgnosearchterm); $html = $tpl->draw('error', $return_string = true); echo $html; exit; } // Check that the data file contains entries $filename = "data/list.txt"; $handle = fopen($filename, "r"); if (filesize($filename) == 0) {
function check($input, $flags, $min = '', $max = '') { $oldput = $input; if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max, TRUE); } if ($input != $oldput) { return FALSE; } return TRUE; }
<?php } ?> </div> <div style='clear: both'></div> <?php foreach ($data as $row) { if (Permission::model()->hasSurveyPermission($surveyid, 'responses', 'read')) { ?> <div class='statisticscolumnid col-sm-1'> <a href='<?php echo Yii::app()->getController()->createUrl("admin/responses/sa/view/surveyid/" . $surveyid . "/id/" . $row['id']); ?> ' target='_blank' title='<?php eT("View response"); ?> ' data-toggle="tooltip" data-placement="top"> <span class="fa fa-search"></span> </a> </div> <?php } ?> <div class='statisticscolumndata col-sm-11 text-left' > <?php echo sanitize_html_string($row['value']); ?> </div> <?php }
<em> <?php templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid); echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression()); ?> </em> </span> </div> <!-- Other questions --> <?php else: ?> <a href="<?php echo $this->createUrl("/admin/questions/sa/view/surveyid/$iSurveyId/gid/".$aGroup->gid."/qid/".$question->qid); ?>" class="question-link" > <span class="question-collapse-title"> <span class="glyphicon glyphicon-list"></span> <strong> <?php echo sanitize_html_string(strip_tags($question->title));?> </strong> <br/> <em> <?php templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid); echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression()); ?> </em> </span> </a> <?php endif; ?> <?php endif; ?> <?php endforeach;?> <?php else:?> <a href="" onclick="event.preventDefault();" style="cursor: default;">
$message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . " | " . sanitize_html_string($yourmessage) . "\n"; $fp = fopen("data/message_spam.log", "a"); fwrite($fp, $message_log_string); fclose($fp); $tpl->assign("error_msg", $msgspamdetected); $html = $tpl->draw('error', $return_string = true); echo $html; exit; } } // Log visitor IP Number and IP Address if option is set by guestbook administrator --------------- if ($gbIPLogKey == 1) { $message_ip_log = $_SERVER['REMOTE_ADDR']; $message_ip_address_log = gethostbyaddr($_SERVER['REMOTE_ADDR']); $message_time_log = $date; $message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . "\n"; $fp = fopen("data/message_post.log", "a"); fwrite($fp, $message_log_string); fclose($fp); } // Notify administrator of new email if option is selected ---------------------------------------- if ($notify_admin == 1) { mail("{$notify_admin_email}", "{$notify_subject}", "{$notify_message}"); } // Smiley face insertion into the message --------------------------------------------------------- $yourname = clean_message(stripslashes($yourname)); $yourmessage = clean_message(stripslashes($yourmessage)); // Call for filtering bad words ------------------------------------------------------------------- if ($gbBadWordsKey == 1) { $yourmessage = swapBadWords($yourmessage); }
private function _saveSettings() { if ($_POST['action'] !== "globalsettingssave") { return; } if (!Permission::model()->hasGlobalPermission('settings', 'update')) { $this->getController()->redirect(array('/admin')); } Yii::app()->loadHelper('surveytranslator'); $iPDFFontSize = sanitize_int($_POST['pdffontsize']); if ($iPDFFontSize < 1) { $iPDFFontSize = 9; } $iPDFLogoWidth = sanitize_int($_POST['pdflogowidth']); if ($iPDFLogoWidth < 1) { $iPDFLogoWidth = 50; } $maxemails = $_POST['maxemails']; if (sanitize_int($_POST['maxemails']) < 1) { $maxemails = 1; } $defaultlang = sanitize_languagecode($_POST['defaultlang']); $aRestrictToLanguages = explode(' ', sanitize_languagecodeS($_POST['restrictToLanguages'])); if (!in_array($defaultlang, $aRestrictToLanguages)) { // Force default language in restrictToLanguages $aRestrictToLanguages[] = $defaultlang; } if (count(array_diff(array_keys(getLanguageData(false, Yii::app()->session['adminlang'])), $aRestrictToLanguages)) == 0) { $aRestrictToLanguages = ''; } else { $aRestrictToLanguages = implode(' ', $aRestrictToLanguages); } setGlobalSetting('defaultlang', $defaultlang); setGlobalSetting('restrictToLanguages', trim($aRestrictToLanguages)); setGlobalSetting('sitename', strip_tags($_POST['sitename'])); setGlobalSetting('defaulthtmleditormode', sanitize_paranoid_string($_POST['defaulthtmleditormode'])); setGlobalSetting('defaultquestionselectormode', sanitize_paranoid_string($_POST['defaultquestionselectormode'])); setGlobalSetting('defaulttemplateeditormode', sanitize_paranoid_string($_POST['defaulttemplateeditormode'])); if (!Yii::app()->getConfig('demoMode')) { $sTemplate = Yii::app()->getRequest()->getPost("defaulttemplate"); if (array_key_exists($sTemplate, getTemplateList())) { setGlobalSetting('defaulttemplate', $sTemplate); } } // we set the admin theme $sAdmintheme = sanitize_paranoid_string($_POST['admintheme']); setGlobalSetting('admintheme', $sAdmintheme); // we check if it's a user theme $usertemplatethemerootdir = Yii::app()->getConfig("uploaddir") . '/admintheme/' . $sAdmintheme; if ($usertemplatethemerootdir && file_exists($usertemplatethemerootdir) && is_dir($usertemplatethemerootdir)) { $adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/upload/admintheme/{$sAdmintheme}/images/"; setGlobalSetting('adminimagebaseurl', $adminimagebaseurl); setGlobalSetting('adminimageurl', $adminimagebaseurl . 'images/14/'); } else { $adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/styles/{$sAdmintheme}/images/"; setGlobalSetting('adminimagebaseurl', $adminimagebaseurl); setGlobalSetting('adminimageurl', $adminimagebaseurl . '/14/'); } //setGlobalSetting('adminthemeiconsize', trim(file_get_contents(Yii::app()->getConfig("styledir").DIRECTORY_SEPARATOR.sanitize_paranoid_string($_POST['admintheme']).DIRECTORY_SEPARATOR.'iconsize'))); setGlobalSetting('emailmethod', strip_tags($_POST['emailmethod'])); setGlobalSetting('emailsmtphost', strip_tags(returnGlobal('emailsmtphost'))); if (returnGlobal('emailsmtppassword') != 'somepassword') { setGlobalSetting('emailsmtppassword', strip_tags(returnGlobal('emailsmtppassword'))); } setGlobalSetting('bounceaccounthost', strip_tags(returnGlobal('bounceaccounthost'))); setGlobalSetting('bounceaccounttype', strip_tags(returnGlobal('bounceaccounttype'))); setGlobalSetting('bounceencryption', strip_tags(returnGlobal('bounceencryption'))); setGlobalSetting('bounceaccountuser', strip_tags(returnGlobal('bounceaccountuser'))); if (returnGlobal('bounceaccountpass') != 'enteredpassword') { setGlobalSetting('bounceaccountpass', strip_tags(returnGlobal('bounceaccountpass'))); } setGlobalSetting('emailsmtpssl', sanitize_paranoid_string(Yii::app()->request->getPost('emailsmtpssl', ''))); setGlobalSetting('emailsmtpdebug', sanitize_int(Yii::app()->request->getPost('emailsmtpdebug', '0'))); setGlobalSetting('emailsmtpuser', strip_tags(returnGlobal('emailsmtpuser'))); setGlobalSetting('filterxsshtml', strip_tags($_POST['filterxsshtml'])); $warning = ''; // make sure emails are valid before saving them if (Yii::app()->request->getPost('siteadminbounce', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminbounce'))) { setGlobalSetting('siteadminbounce', strip_tags(Yii::app()->request->getPost('siteadminbounce'))); } else { $warning .= gT("Warning! Admin bounce email was not saved because it was not valid.") . '<br/>'; } if (Yii::app()->request->getPost('siteadminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminemail'))) { setGlobalSetting('siteadminemail', strip_tags(Yii::app()->request->getPost('siteadminemail'))); } else { $warning .= gT("Warning! Admin email was not saved because it was not valid.") . '<br/>'; } setGlobalSetting('siteadminname', strip_tags($_POST['siteadminname'])); setGlobalSetting('shownoanswer', sanitize_int($_POST['shownoanswer'])); setGlobalSetting('showxquestions', $_POST['showxquestions']); setGlobalSetting('showgroupinfo', $_POST['showgroupinfo']); setGlobalSetting('showqnumcode', $_POST['showqnumcode']); $repeatheadingstemp = (int) $_POST['repeatheadings']; if ($repeatheadingstemp == 0) { $repeatheadingstemp = 25; } setGlobalSetting('repeatheadings', $repeatheadingstemp); setGlobalSetting('maxemails', sanitize_int($maxemails)); $iSessionExpirationTime = (int) $_POST['iSessionExpirationTime']; if ($iSessionExpirationTime == 0) { $iSessionExpirationTime = 7200; } setGlobalSetting('iSessionExpirationTime', $iSessionExpirationTime); setGlobalSetting('ipInfoDbAPIKey', $_POST['ipInfoDbAPIKey']); setGlobalSetting('pdffontsize', $iPDFFontSize); setGlobalSetting('pdfshowheader', $_POST['pdfshowheader']); setGlobalSetting('pdflogowidth', $iPDFLogoWidth); setGlobalSetting('pdfheadertitle', $_POST['pdfheadertitle']); setGlobalSetting('pdfheaderstring', $_POST['pdfheaderstring']); setGlobalSetting('googleMapsAPIKey', $_POST['googleMapsAPIKey']); setGlobalSetting('googleanalyticsapikey', $_POST['googleanalyticsapikey']); setGlobalSetting('googletranslateapikey', $_POST['googletranslateapikey']); setGlobalSetting('force_ssl', $_POST['force_ssl']); setGlobalSetting('surveyPreview_require_Auth', $_POST['surveyPreview_require_Auth']); setGlobalSetting('RPCInterface', $_POST['RPCInterface']); setGlobalSetting('rpc_publish_api', (bool) $_POST['rpc_publish_api']); $savetime = (double) $_POST['timeadjust'] * 60 . ' minutes'; //makes sure it is a number, at least 0 if (substr($savetime, 0, 1) != '-' && substr($savetime, 0, 1) != '+') { $savetime = '+' . $savetime; } setGlobalSetting('timeadjust', $savetime); setGlobalSetting('usercontrolSameGroupPolicy', strip_tags($_POST['usercontrolSameGroupPolicy'])); // Boxes for ($i = 1; $i < 7; $i++) { $box = Boxes::model()->find(array('condition' => 'position=:positionId', 'params' => array(':positionId' => $i))); $box->url = sanitize_html_string($_POST['box-url-' . $i]); $box->title = sanitize_html_string($_POST['box-title-' . $i]); $box->ico = sanitize_html_string($_POST['box-ico-' . $i]); $box->desc = sanitize_html_string($_POST['box-desc-' . $i]); $box->save(); } Yii::app()->session['flashmessage'] = $warning . gT("Global settings were saved."); // Redirect if user clicked save-and-close-button if (isset($_POST['saveandclose'])) { $url = htmlspecialchars_decode(Yii::app()->session['refurl']); if ($url) { Yii::app()->getController()->redirect($url); } else { $url = Yii::app()->createUrl('admin'); Yii::app()->getController()->redirect($url); } } }
function sanitize($input, $flags, $min = '', $max = '') { if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & SQL) { $input = sanitize_sql_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max); } return $input; }
include "views/not_logged_in.php"; ?> </li> </ul> </nav> </div> <br /> <?php // If the user has specified an email, show recovery questions. if (isset($_POST['email'])) { ?> <form method="POST"> <p>If you answer your security questions correctly, your password will be changed to your Date of Birth in mmddyyyy format.</p> <input type="hidden" value="<?php echo sanitize_html_string($_POST['email']); ?> " name="forgot-email" /> <table><tr> <td><label>What is the name of your first pet?</label></td> <td><input type="text" class="form-control" autofocus name="q1" /></td> </tr><tr> <td><label>What is the make of your first car?</label></td> <td><input type="text" class="form-control" name="q2" /></td> </tr><tr> <td><label>What is the name of your first employer?</label></td> <td><input type="text" class="form-control" name="q3" /></td> </tr></table> <button class="btn btn-info">Submit</button> </form>
$error = 'You must type a comment first.'; } else { add_comment($cleanHTML, $destinationID, $userAdding); header('Location: ?action=viewDestination&destinationID=' . $destinationID); } } else { if ($action == 'editComment') { //loads the edit comment page $commentID = $_POST['commentID']; $comment = get_comment_By_ID($commentID); include 'views/edit.php'; } else { if ($action == 'commentEdited') { //Edits the desired comment and saves it to the databse then reloads the vacation spots page $newContent = nl2br($_POST['content']); $cleanHTML = sanitize_html_string($newContent); $commentID = $_POST['commentID']; $destinationID = $_POST['destinationID']; edit_comment($cleanHTML, $commentID); header('Location: ?action=viewDestination&destinationID=' . $destinationID); } else { if ($action == 'deleteComment') { //Deletes the desired comment $commentID = $_POST['commentID']; $destinationID = $_POST['destinationID']; delete_comment($commentID); header('Location: ?action=viewDestination&destinationID=' . $destinationID); } else { if ($action == 'logIn') { //loads the log in page if (isset($_POST['action'])) {