Esempio n. 1
0
function linkenize($str)
{
    $str = trim($str);
    $str = sanitize_html_string($str);
    $str = preg_replace('=([^\\s]*:\\/\\/)(www.)?([^<\\s]{0,60})([0-9;&#]*)([^<\\s]*)=', '<a href="http://\\2\\3\\4\\5" target=\'_new\'>\\1\\2\\3\\4..</a>', $str);
    return $str;
}
Esempio n. 2
0
$tpl->assign("theme", $theme);
$tpl->assign("title", $title);
$tpl->assign("headingtitletxt", $headingtitletxt);
$tpl->assign("addentrytxt", $addentrytxt);
$tpl->assign("viewguestbooktxt", $viewguestbooktxt);
$tpl->assign("newpostfirsttxt", $newpostfirsttxt);
$tpl->assign("newpostlasttxt", $newpostlasttxt);
$tpl->assign("searchlabeltxt", $searchlabeltxt);
$tpl->assign("searchbuttontxt", $searchbuttontxt);
$tpl->assign("currentyear", date("Y"));
$tpl->assign("goback", $goback);
$search = sanitize_html_string($_POST['search_term']);
$pageNum = sanitize_int($_GET['page'], 0, 9000);
// Set Search Variables
if ($search == "") {
    $search = sanitize_html_string($_GET['search_term']);
}
if ($pageNum == "") {
    $pageNum = 0;
}
// If no search term then exit
if ($search == "") {
    $tpl->assign("error_msg", $msgnosearchterm);
    $html = $tpl->draw('error', $return_string = true);
    echo $html;
    exit;
}
// Check that the data file contains entries
$filename = "data/list.txt";
$handle = fopen($filename, "r");
if (filesize($filename) == 0) {
function check($input, $flags, $min = '', $max = '')
{
    $oldput = $input;
    if ($flags & UTF8) {
        $input = my_utf8_decode($input);
    }
    if ($flags & PARANOID) {
        $input = sanitize_paranoid_string($input, $min, $max);
    }
    if ($flags & INT) {
        $input = sanitize_int($input, $min, $max);
    }
    if ($flags & FLOAT) {
        $input = sanitize_float($input, $min, $max);
    }
    if ($flags & HTML) {
        $input = sanitize_html_string($input, $min, $max);
    }
    if ($flags & LDAP) {
        $input = sanitize_ldap_string($input, $min, $max);
    }
    if ($flags & SYSTEM) {
        $input = sanitize_system_string($input, $min, $max, TRUE);
    }
    if ($input != $oldput) {
        return FALSE;
    }
    return TRUE;
}
    <?php 
}
?>
    </div>
<div style='clear: both'></div>
<?php 
foreach ($data as $row) {
    if (Permission::model()->hasSurveyPermission($surveyid, 'responses', 'read')) {
        ?>
    <div class='statisticscolumnid col-sm-1'>
        <a href='<?php 
        echo Yii::app()->getController()->createUrl("admin/responses/sa/view/surveyid/" . $surveyid . "/id/" . $row['id']);
        ?>
' target='_blank' title='<?php 
        eT("View response");
        ?>
' data-toggle="tooltip" data-placement="top">
            <span class="fa fa-search"></span>
        </a>
    </div>
<?php 
    }
    ?>
<div class='statisticscolumndata col-sm-11 text-left' >
    <?php 
    echo sanitize_html_string($row['value']);
    ?>
</div>

<?php 
}
                                                            <em>
                                                                <?php
                                                                    templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid);
                                                                    echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
                                                                ?>
                                                            </em>
                                                        </span>
                                                    </div>

                                                <!-- Other questions -->
                                                <?php else: ?>
                                                    <a href="<?php echo $this->createUrl("/admin/questions/sa/view/surveyid/$iSurveyId/gid/".$aGroup->gid."/qid/".$question->qid); ?>" class="question-link" >
                                                        <span class="question-collapse-title">
                                                            <span class="glyphicon glyphicon-list"></span>
                                                            <strong>
                                                                <?php echo sanitize_html_string(strip_tags($question->title));?>
                                                            </strong>
                                                            <br/>
                                                            <em>
                                                                <?php
                                                                    templatereplace($question->question, array(),$aReplacementData,'Unspecified', false ,$question->qid);
                                                                    echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
                                                                ?>
                                                            </em>
                                                        </span>
                                                    </a>
                                                <?php endif; ?>
                                            <?php endif; ?>
                                        <?php endforeach;?>
                                    <?php else:?>
                                        <a href="" onclick="event.preventDefault();" style="cursor: default;">
Esempio n. 6
0
         $message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . " | " . sanitize_html_string($yourmessage) . "\n";
         $fp = fopen("data/message_spam.log", "a");
         fwrite($fp, $message_log_string);
         fclose($fp);
         $tpl->assign("error_msg", $msgspamdetected);
         $html = $tpl->draw('error', $return_string = true);
         echo $html;
         exit;
     }
 }
 // Log visitor IP Number and IP Address if option is set by guestbook administrator ---------------
 if ($gbIPLogKey == 1) {
     $message_ip_log = $_SERVER['REMOTE_ADDR'];
     $message_ip_address_log = gethostbyaddr($_SERVER['REMOTE_ADDR']);
     $message_time_log = $date;
     $message_log_string = $message_time_log . " | " . $message_ip_log . " | " . $message_ip_address_log . " | " . sanitize_html_string($yourname) . "\n";
     $fp = fopen("data/message_post.log", "a");
     fwrite($fp, $message_log_string);
     fclose($fp);
 }
 // Notify administrator of new email if option is selected ----------------------------------------
 if ($notify_admin == 1) {
     mail("{$notify_admin_email}", "{$notify_subject}", "{$notify_message}");
 }
 // Smiley face insertion into the message ---------------------------------------------------------
 $yourname = clean_message(stripslashes($yourname));
 $yourmessage = clean_message(stripslashes($yourmessage));
 // Call for filtering bad words -------------------------------------------------------------------
 if ($gbBadWordsKey == 1) {
     $yourmessage = swapBadWords($yourmessage);
 }
 private function _saveSettings()
 {
     if ($_POST['action'] !== "globalsettingssave") {
         return;
     }
     if (!Permission::model()->hasGlobalPermission('settings', 'update')) {
         $this->getController()->redirect(array('/admin'));
     }
     Yii::app()->loadHelper('surveytranslator');
     $iPDFFontSize = sanitize_int($_POST['pdffontsize']);
     if ($iPDFFontSize < 1) {
         $iPDFFontSize = 9;
     }
     $iPDFLogoWidth = sanitize_int($_POST['pdflogowidth']);
     if ($iPDFLogoWidth < 1) {
         $iPDFLogoWidth = 50;
     }
     $maxemails = $_POST['maxemails'];
     if (sanitize_int($_POST['maxemails']) < 1) {
         $maxemails = 1;
     }
     $defaultlang = sanitize_languagecode($_POST['defaultlang']);
     $aRestrictToLanguages = explode(' ', sanitize_languagecodeS($_POST['restrictToLanguages']));
     if (!in_array($defaultlang, $aRestrictToLanguages)) {
         // Force default language in restrictToLanguages
         $aRestrictToLanguages[] = $defaultlang;
     }
     if (count(array_diff(array_keys(getLanguageData(false, Yii::app()->session['adminlang'])), $aRestrictToLanguages)) == 0) {
         $aRestrictToLanguages = '';
     } else {
         $aRestrictToLanguages = implode(' ', $aRestrictToLanguages);
     }
     setGlobalSetting('defaultlang', $defaultlang);
     setGlobalSetting('restrictToLanguages', trim($aRestrictToLanguages));
     setGlobalSetting('sitename', strip_tags($_POST['sitename']));
     setGlobalSetting('defaulthtmleditormode', sanitize_paranoid_string($_POST['defaulthtmleditormode']));
     setGlobalSetting('defaultquestionselectormode', sanitize_paranoid_string($_POST['defaultquestionselectormode']));
     setGlobalSetting('defaulttemplateeditormode', sanitize_paranoid_string($_POST['defaulttemplateeditormode']));
     if (!Yii::app()->getConfig('demoMode')) {
         $sTemplate = Yii::app()->getRequest()->getPost("defaulttemplate");
         if (array_key_exists($sTemplate, getTemplateList())) {
             setGlobalSetting('defaulttemplate', $sTemplate);
         }
     }
     // we set the admin theme
     $sAdmintheme = sanitize_paranoid_string($_POST['admintheme']);
     setGlobalSetting('admintheme', $sAdmintheme);
     // we check if it's a user theme
     $usertemplatethemerootdir = Yii::app()->getConfig("uploaddir") . '/admintheme/' . $sAdmintheme;
     if ($usertemplatethemerootdir && file_exists($usertemplatethemerootdir) && is_dir($usertemplatethemerootdir)) {
         $adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/upload/admintheme/{$sAdmintheme}/images/";
         setGlobalSetting('adminimagebaseurl', $adminimagebaseurl);
         setGlobalSetting('adminimageurl', $adminimagebaseurl . 'images/14/');
     } else {
         $adminimagebaseurl = Yii::app()->getBaseUrl(true) . "/styles/{$sAdmintheme}/images/";
         setGlobalSetting('adminimagebaseurl', $adminimagebaseurl);
         setGlobalSetting('adminimageurl', $adminimagebaseurl . '/14/');
     }
     //setGlobalSetting('adminthemeiconsize', trim(file_get_contents(Yii::app()->getConfig("styledir").DIRECTORY_SEPARATOR.sanitize_paranoid_string($_POST['admintheme']).DIRECTORY_SEPARATOR.'iconsize')));
     setGlobalSetting('emailmethod', strip_tags($_POST['emailmethod']));
     setGlobalSetting('emailsmtphost', strip_tags(returnGlobal('emailsmtphost')));
     if (returnGlobal('emailsmtppassword') != 'somepassword') {
         setGlobalSetting('emailsmtppassword', strip_tags(returnGlobal('emailsmtppassword')));
     }
     setGlobalSetting('bounceaccounthost', strip_tags(returnGlobal('bounceaccounthost')));
     setGlobalSetting('bounceaccounttype', strip_tags(returnGlobal('bounceaccounttype')));
     setGlobalSetting('bounceencryption', strip_tags(returnGlobal('bounceencryption')));
     setGlobalSetting('bounceaccountuser', strip_tags(returnGlobal('bounceaccountuser')));
     if (returnGlobal('bounceaccountpass') != 'enteredpassword') {
         setGlobalSetting('bounceaccountpass', strip_tags(returnGlobal('bounceaccountpass')));
     }
     setGlobalSetting('emailsmtpssl', sanitize_paranoid_string(Yii::app()->request->getPost('emailsmtpssl', '')));
     setGlobalSetting('emailsmtpdebug', sanitize_int(Yii::app()->request->getPost('emailsmtpdebug', '0')));
     setGlobalSetting('emailsmtpuser', strip_tags(returnGlobal('emailsmtpuser')));
     setGlobalSetting('filterxsshtml', strip_tags($_POST['filterxsshtml']));
     $warning = '';
     // make sure emails are valid before saving them
     if (Yii::app()->request->getPost('siteadminbounce', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminbounce'))) {
         setGlobalSetting('siteadminbounce', strip_tags(Yii::app()->request->getPost('siteadminbounce')));
     } else {
         $warning .= gT("Warning! Admin bounce email was not saved because it was not valid.") . '<br/>';
     }
     if (Yii::app()->request->getPost('siteadminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminemail'))) {
         setGlobalSetting('siteadminemail', strip_tags(Yii::app()->request->getPost('siteadminemail')));
     } else {
         $warning .= gT("Warning! Admin email was not saved because it was not valid.") . '<br/>';
     }
     setGlobalSetting('siteadminname', strip_tags($_POST['siteadminname']));
     setGlobalSetting('shownoanswer', sanitize_int($_POST['shownoanswer']));
     setGlobalSetting('showxquestions', $_POST['showxquestions']);
     setGlobalSetting('showgroupinfo', $_POST['showgroupinfo']);
     setGlobalSetting('showqnumcode', $_POST['showqnumcode']);
     $repeatheadingstemp = (int) $_POST['repeatheadings'];
     if ($repeatheadingstemp == 0) {
         $repeatheadingstemp = 25;
     }
     setGlobalSetting('repeatheadings', $repeatheadingstemp);
     setGlobalSetting('maxemails', sanitize_int($maxemails));
     $iSessionExpirationTime = (int) $_POST['iSessionExpirationTime'];
     if ($iSessionExpirationTime == 0) {
         $iSessionExpirationTime = 7200;
     }
     setGlobalSetting('iSessionExpirationTime', $iSessionExpirationTime);
     setGlobalSetting('ipInfoDbAPIKey', $_POST['ipInfoDbAPIKey']);
     setGlobalSetting('pdffontsize', $iPDFFontSize);
     setGlobalSetting('pdfshowheader', $_POST['pdfshowheader']);
     setGlobalSetting('pdflogowidth', $iPDFLogoWidth);
     setGlobalSetting('pdfheadertitle', $_POST['pdfheadertitle']);
     setGlobalSetting('pdfheaderstring', $_POST['pdfheaderstring']);
     setGlobalSetting('googleMapsAPIKey', $_POST['googleMapsAPIKey']);
     setGlobalSetting('googleanalyticsapikey', $_POST['googleanalyticsapikey']);
     setGlobalSetting('googletranslateapikey', $_POST['googletranslateapikey']);
     setGlobalSetting('force_ssl', $_POST['force_ssl']);
     setGlobalSetting('surveyPreview_require_Auth', $_POST['surveyPreview_require_Auth']);
     setGlobalSetting('RPCInterface', $_POST['RPCInterface']);
     setGlobalSetting('rpc_publish_api', (bool) $_POST['rpc_publish_api']);
     $savetime = (double) $_POST['timeadjust'] * 60 . ' minutes';
     //makes sure it is a number, at least 0
     if (substr($savetime, 0, 1) != '-' && substr($savetime, 0, 1) != '+') {
         $savetime = '+' . $savetime;
     }
     setGlobalSetting('timeadjust', $savetime);
     setGlobalSetting('usercontrolSameGroupPolicy', strip_tags($_POST['usercontrolSameGroupPolicy']));
     // Boxes
     for ($i = 1; $i < 7; $i++) {
         $box = Boxes::model()->find(array('condition' => 'position=:positionId', 'params' => array(':positionId' => $i)));
         $box->url = sanitize_html_string($_POST['box-url-' . $i]);
         $box->title = sanitize_html_string($_POST['box-title-' . $i]);
         $box->ico = sanitize_html_string($_POST['box-ico-' . $i]);
         $box->desc = sanitize_html_string($_POST['box-desc-' . $i]);
         $box->save();
     }
     Yii::app()->session['flashmessage'] = $warning . gT("Global settings were saved.");
     // Redirect if user clicked save-and-close-button
     if (isset($_POST['saveandclose'])) {
         $url = htmlspecialchars_decode(Yii::app()->session['refurl']);
         if ($url) {
             Yii::app()->getController()->redirect($url);
         } else {
             $url = Yii::app()->createUrl('admin');
             Yii::app()->getController()->redirect($url);
         }
     }
 }
Esempio n. 8
0
function sanitize($input, $flags, $min = '', $max = '')
{
    if ($flags & UTF8) {
        $input = my_utf8_decode($input);
    }
    if ($flags & PARANOID) {
        $input = sanitize_paranoid_string($input, $min, $max);
    }
    if ($flags & INT) {
        $input = sanitize_int($input, $min, $max);
    }
    if ($flags & FLOAT) {
        $input = sanitize_float($input, $min, $max);
    }
    if ($flags & HTML) {
        $input = sanitize_html_string($input, $min, $max);
    }
    if ($flags & SQL) {
        $input = sanitize_sql_string($input, $min, $max);
    }
    if ($flags & LDAP) {
        $input = sanitize_ldap_string($input, $min, $max);
    }
    if ($flags & SYSTEM) {
        $input = sanitize_system_string($input, $min, $max);
    }
    return $input;
}
Esempio n. 9
0
include "views/not_logged_in.php";
?>
</li>
            </ul>
        </nav>
    </div>
    <br />

    <?php 
// If the user has specified an email, show recovery questions.
if (isset($_POST['email'])) {
    ?>
        <form method="POST">
            <p>If you answer your security questions correctly, your password will be changed to your Date of Birth in mmddyyyy format.</p>
            <input type="hidden" value="<?php 
    echo sanitize_html_string($_POST['email']);
    ?>
" name="forgot-email" />
            <table><tr>
                <td><label>What is the name of your first pet?</label></td>
                <td><input type="text" class="form-control" autofocus name="q1" /></td>
            </tr><tr>
                <td><label>What is the make of your first car?</label></td>
                <td><input type="text" class="form-control" name="q2" /></td>
            </tr><tr>
                <td><label>What is the name of your first employer?</label></td>
                <td><input type="text" class="form-control" name="q3" /></td>
            </tr></table>
            <button class="btn btn-info">Submit</button>
        </form>
Esempio n. 10
0
         $error = 'You must type a comment first.';
     } else {
         add_comment($cleanHTML, $destinationID, $userAdding);
         header('Location: ?action=viewDestination&destinationID=' . $destinationID);
     }
 } else {
     if ($action == 'editComment') {
         //loads the edit comment page
         $commentID = $_POST['commentID'];
         $comment = get_comment_By_ID($commentID);
         include 'views/edit.php';
     } else {
         if ($action == 'commentEdited') {
             //Edits the desired comment and saves it to the databse then reloads the vacation spots page
             $newContent = nl2br($_POST['content']);
             $cleanHTML = sanitize_html_string($newContent);
             $commentID = $_POST['commentID'];
             $destinationID = $_POST['destinationID'];
             edit_comment($cleanHTML, $commentID);
             header('Location: ?action=viewDestination&destinationID=' . $destinationID);
         } else {
             if ($action == 'deleteComment') {
                 //Deletes the desired comment
                 $commentID = $_POST['commentID'];
                 $destinationID = $_POST['destinationID'];
                 delete_comment($commentID);
                 header('Location: ?action=viewDestination&destinationID=' . $destinationID);
             } else {
                 if ($action == 'logIn') {
                     //loads the log in page
                     if (isset($_POST['action'])) {