/** * savesettings() * * Saves a form into the _options array. * * Use savepoint to set the root array key path. Accepts variable depth, dividing array keys with pound signs. * Ex: $_POST['savepoint'] value something like array_key_name#subkey * <input type="hidden" name="savepoint" value="files#exclusions" /> to set the root to be $this->_options['files']['exclusions'] * * All inputs with the name beginning with pound will act as the array keys to be set in the _options with the associated posted value. * Ex: $_POST['#key_name'] or $_POST['#key_name#subarray_key_name'] value is the array value to set. * <input type="text" name="#name" /> will save to $this->_options['name'] * <input type="text" name="#group#17#name" /> will save to $this->_options['groups'][17]['name'] * * $savepoint_root string Override the savepoint. Same format as the form savepoint. */ function savesettings($savepoint_root = '') { //check_admin_referer( 'backupbuddy-nonce' ); foreach ($_POST as $post_index => $post_value) { $_POST[$post_index] = strip_tags_deep($post_value); // Do not use just strip_tags as it breaks array post vars. } if (!empty($savepoint_root)) { // Override savepoint. $_POST['savepoint'] = $savepoint_root; } if (!empty($_POST['savepoint'])) { $savepoint_root = stripslashes($_POST['savepoint']) . '#'; } else { $savepoint_root = ''; } $posted = stripslashes_deep($_POST); // Unescape all the stuff WordPress escaped. Sigh @ WordPress for being like PHP magic quotes. foreach ($posted as $index => $item) { if (substr($index, 0, 1) == '#') { $savepoint_subsection =& pb_backupbuddy::$options; $savepoint_levels = explode('#', $savepoint_root . substr($index, 1)); foreach ($savepoint_levels as $savepoint_level) { $savepoint_subsection =& $savepoint_subsection[$savepoint_level]; } $savepoint_subsection = $item; } } pb_backupbuddy::save(); }
<?php session_start(); include "app/app.php"; $clean = strip_tags_deep($_POST); if (isset($clean['reading_id']) && isset($clean['priority'])) { $reading_id = (int) $clean['reading_id']; $priority = (int) $clean['priority']; setReadingPriority($c, $reading_id, $priority); }
<?php header('Content-Type: text/html; charset=UTF-8'); require_once "connect.php"; function strip_tags_deep($value) { return is_array($value) ? array_map('strip_tags_deep', $value) : htmlentities(strip_tags($value), ENT_QUOTES, "UTF-8"); } $clean = strip_tags_deep($_GET); foreach ($clean as $key => $val) { if (substr_count($key, "priority")) { $id = substr($key, 8); $priority = $val; $sql = "UPDATE readings SET priority = " . mysqli_real_escape_string($c, $priority) . " WHERE id = " . mysqli_real_escape_string($c, $id) . ";"; //echo $sql; mysqli_query($c, $sql); } else { if (substr_count($key, "notes")) { $id = substr($key, 5); $notes = htmlspecialchars($val); $sql = "UPDATE readings SET notes = \"" . mysqli_real_escape_string($c, $notes) . "\" WHERE id = " . mysqli_real_escape_string($c, $id) . ";"; //echo $sql; mysqli_query($c, $sql); } } } mysqli_close($c); ?> <h2>Processing...</h2> <meta http-equiv="REFRESH" content="0;url=reading_list.php" />
<?php include 'app/app.php'; include 'rest/EBSCOAPI.php'; $clean = strip_tags_deep($_REQUEST); $fail = isset($clean['fail']) ? $clean['fail'] : ''; if ($clean['path'] == "record") { $db = $clean['db']; $an = $clean['an']; $highlight = $clean['highlight']; $query = $clean['query']; $fieldCode = $clean['fieldcode']; $varables = array('path' => 'record', 'db' => $db, 'an' => $an, 'highlight' => $highlight, 'query' => $query, 'fieldCode' => $fieldCode, 'resultId' => $clean['resultId'], 'recordCount' => $clean['recordCount']); } else { if ($clean['path'] == "PDF") { $db = $clean['db']; $an = $clean['an']; $varables = array('path' => 'PDF', 'db' => $db, 'an' => $an); } else { if ($clean['path'] == "HTML") { $db = $clean['db']; $an = $clean['an']; $highlight = $clean['highlight']; $query = $clean['query']; $fieldCode = $clean['fieldcode']; $varables = array('path' => 'HTML', 'db' => $db, 'an' => $an, 'highlight' => $highlight, 'resultId' => $clean['resultId'], 'recordCount' => $clean['recordCount'], 'query' => $query, 'fieldCode' => $fieldCode, 'c' => $c); } else { if ($clean['path'] == "results") { $query = $clean['query']; $fieldCode = $clean['fieldcode']; $varables = array('path' => 'results', 'query' => $query, 'fieldCode' => $fieldCode);
/** * Strip tags from string or array * * @param mixed array or string to strip * * @return mixed stripped value */ function strip_tags_deep($value) { if (is_array($value)) { foreach ($value as $key => $val) { $value[$key] = strip_tags_deep($val); } } elseif (is_string($value)) { $value = strip_tags($value); } return $value; }