static function basic()
{
if (!self::$g) {
self::$g = new CleanHTML();
}
return self::$g;
}
function parse_value($sv, $name, $info)
{
global $Conf, $Me, $Now, $Opt;
if (!isset($sv->req[$name])) {
$xname = str_replace(".", "_", $name);
if (isset($sv->req[$xname])) {
$sv->req[$name] = $sv->req[$xname];
} else {
if ($info->type === "checkbox" || $info->type === "cdate") {
return 0;
} else {
return null;
}
}
}
$v = trim($sv->req[$name]);
if ($info->placeholder && $info->placeholder === $v || $info->invalid_value && $info->invalid_value === $v) {
$v = "";
}
if ($info->type === "checkbox") {
return $v != "" ? 1 : 0;
} else {
if ($info->type === "cdate" && $v == "1") {
return 1;
} else {
if ($info->type === "date" || $info->type === "cdate" || $info->type === "ndate") {
if ($v == "" || !strcasecmp($v, "N/A") || !strcasecmp($v, "same as PC") || $v == "0" || $info->type !== "ndate" && !strcasecmp($v, "none")) {
return -1;
} else {
if (!strcasecmp($v, "none")) {
return 0;
} else {
if (($v = $Conf->parse_time($v)) !== false) {
return $v;
} else {
$err = unparse_setting_error($info, "Invalid date.");
}
}
}
} else {
if ($info->type === "grace") {
if (($v = parseGrace($v)) !== null) {
return intval($v);
} else {
$err = unparse_setting_error($info, "Invalid grace period.");
}
} else {
if ($info->type === "int" || $info->type === "zint") {
if (preg_match("/\\A[-+]?[0-9]+\\z/", $v)) {
return intval($v);
} else {
$err = unparse_setting_error($info, "Should be a number.");
}
} else {
if ($info->type === "string") {
// Avoid storing the default message in the database
if (substr($name, 0, 9) == "mailbody_") {
$t = expandMailTemplate(substr($name, 9), true);
$v = cleannl($v);
if ($t["body"] == $v) {
return "";
}
}
return $v;
} else {
if ($info->type === "simplestring") {
return simplify_whitespace($v);
} else {
if ($info->type === "tag" || $info->type === "tagbase") {
$tagger = new Tagger($Me);
$v = trim($v);
if ($v === "" && $info->optional) {
return $v;
}
$v = $tagger->check($v, $info->type === "tagbase" ? Tagger::NOVALUE : 0);
if ($v) {
return $v;
}
$err = unparse_setting_error($info, $tagger->error_html);
} else {
if ($info->type === "emailheader") {
$v = MimeText::encode_email_header("", $v);
if ($v !== false) {
return $v == "" ? "" : MimeText::decode_header($v);
}
$err = unparse_setting_error($info, "Invalid email header.");
} else {
if ($info->type === "emailstring") {
$v = trim($v);
if ($v === "" && $info->optional) {
return "";
} else {
if (validate_email($v) || $v === $v_active) {
return $v;
} else {
$err = unparse_setting_error($info, "Invalid email.");
}
}
} else {
if ($info->type === "urlstring") {
$v = trim($v);
if ($v === "" && $info->optional || preg_match(',\\A(?:https?|ftp)://\\S+\\z,', $v)) {
return $v;
} else {
$err = unparse_setting_error($info, "Invalid URL.");
}
} else {
if ($info->type === "htmlstring") {
if (($v = CleanHTML::basic_clean($v, $err)) === false) {
$err = unparse_setting_error($info, $err);
} else {
if ($info->message_default && $v === $Conf->message_default_html($info->message_default)) {
return "";
} else {
return $v;
}
}
} else {
if ($info->type === "radio") {
foreach ($info->values as $allowedv) {
if ((string) $allowedv === $v) {
return $allowedv;
}
}
$err = unparse_setting_error($info, "Parse error (unexpected value).");
} else {
return $v;
}
}
}
}
}
}
}
}
}
}
}
}
}
$sv->set_error($name, $err);
return null;
}
function option_request_to_json($sv, &$new_opts, $id, $current_opts)
{
global $Conf;
$name = simplify_whitespace(defval($sv->req, "optn{$id}", ""));
if (!isset($sv->req["optn{$id}"]) && $id[0] !== "n") {
if (get($current_opts, $id)) {
$new_opts[$id] = $current_opts[$id];
}
return;
} else {
if ($name === "" || $sv->req["optfp{$id}"] === "delete" || $id[0] === "n" && ($name === "New option" || $name === "(Enter new option)")) {
return;
}
}
$oarg = ["name" => $name, "id" => (int) $id, "final" => false];
if ($id[0] === "n") {
$nextid = max($Conf->setting("next_optionid", 1), 1);
foreach ($new_opts as $haveid => $o) {
$nextid = max($nextid, $haveid + 1);
}
foreach ($current_opts as $haveid => $o) {
$nextid = max($nextid, $haveid + 1);
}
$oarg["id"] = $nextid;
}
if (get($sv->req, "optd{$id}") && trim($sv->req["optd{$id}"]) != "") {
$t = CleanHTML::basic_clean($sv->req["optd{$id}"], $err);
if ($t !== false) {
$oarg["description"] = $t;
} else {
$sv->set_error("optd{$id}", $err);
}
}
if ($optvt = get($sv->req, "optvt{$id}")) {
if (($pos = strpos($optvt, ":")) !== false) {
$oarg["type"] = substr($optvt, 0, $pos);
if (preg_match('/:final/', $optvt)) {
$oarg["final"] = true;
}
if (preg_match('/:ds_(\\d+)/', $optvt, $m)) {
$oarg["display_space"] = (int) $m[1];
}
} else {
$oarg["type"] = $optvt;
}
} else {
$oarg["type"] = "checkbox";
}
if (PaperOption::type_has_selector($oarg["type"])) {
$oarg["selector"] = array();
$seltext = trim(cleannl(defval($sv->req, "optv{$id}", "")));
if ($seltext != "") {
foreach (explode("\n", $seltext) as $t) {
$oarg["selector"][] = $t;
}
} else {
$sv->set_error("optv{$id}", "Enter selectors one per line.");
}
}
$oarg["visibility"] = defval($sv->req, "optp{$id}", "rev");
if ($oarg["final"]) {
$oarg["visibility"] = "rev";
}
$oarg["position"] = (int) defval($sv->req, "optfp{$id}", 1);
$oarg["display"] = defval($sv->req, "optdt{$id}");
if ($oarg["type"] === "pdf" && $oarg["final"]) {
$oarg["display"] = "submission";
}
$new_opts[$oarg["id"]] = $o = PaperOption::make($oarg);
$o->req_id = $id;
$o->is_new = $id[0] === "n";
}
$errid = isset($update["errid"]) && ctype_alnum("" . $update["errid"]) ? $update["errid"] : false;
if ($errid && $Conf->setting("ignoreupdate_{$errid}", 0) > time()) {
$ok = false;
}
if ($ok) {
$m = "<div class='xmerror'";
if ($errid) {
$m .= " id='softwareupdate_{$errid}'";
}
$m .= " style='font-size:smaller'><div class='dod'><strong>WARNING: Upgrade your HotCRP installation.</strong>";
if (isset($update["vulnid"]) && is_numeric($update["vulnid"])) {
$m .= " (HotCRP-Vulnerability-" . $update["vulnid"] . ")";
}
$m .= "</div>";
if (isset($update["message"]) && is_string($update["message"])) {
$m .= "<div class='bigid'>" . CleanHTML::clean($update["message"], $error) . "</div>";
}
if (isset($update["to"]) && is_string($update["to"])) {
$m .= "<div class='bigid'>First unaffected commit: " . htmlspecialchars($update["to"]);
if ($errid) {
$m .= " <span class='barsep'>·</span> " . "<a href='#' onclick='return check_version.ignore(\"{$errid}\")'>Ignore for two days</a>";
}
$m .= "</div>";
}
$messages[] = $m . "</div>\n";
$_SESSION["updatecheck"] = 0;
}
}
}
if (!count($messages)) {
echo "{\"ok\":true}\n";
public function toHTML()
{
$text = $this->text;
// block
$text = $this->parseBox($text);
$text = $this->parseCode($text);
$text = $this->parseList($text);
$text = $this->parseNotice($text);
$text = $this->parseQuote($text);
$text = $this->parseHeading($text);
$text = $this->clearSpacesBetweenTags($text);
// inline
$text = $this->parseBold($text);
$text = $this->parseCentre($text);
$text = $this->parseColour($text);
$text = $this->parseEmail($text);
$text = $this->parseImage($text);
$text = $this->parseItalic($text);
$text = $this->parseSize($text);
$text = $this->parseSmilies($text);
$text = $this->parseSpoiler($text);
$text = $this->parseStrike($text);
$text = $this->parseUnderline($text);
$text = $this->parseUrl($text);
$text = $this->parseYoutube($text);
$text = $this->parseProfile($text);
$text = preg_replace('/\\n/', "\n<br />", $text);
$text = CleanHTML::purify($text);
return "<div class='bbcode'>{$text}</div>";
}
public function toHTML($ignoreLineHeight = false)
{
$text = $this->text;
// block
$text = $this->parseBox($text);
$text = $this->parseCode($text);
$text = $this->parseList($text);
$text = $this->parseNotice($text);
$text = $this->parseQuote($text);
$text = $this->parseHeading($text);
$text = $this->clearSpacesBetweenTags($text);
// inline
$text = $this->parseAudio($text);
$text = $this->parseBold($text);
$text = $this->parseCentre($text);
$text = $this->parseColour($text);
$text = $this->parseEmail($text);
$text = $this->parseImage($text);
$text = $this->parseItalic($text);
$text = $this->parseSize($text);
$text = $this->parseSmilies($text);
$text = $this->parseSpoiler($text);
$text = $this->parseStrike($text);
$text = $this->parseUnderline($text);
$text = $this->parseUrl($text);
$text = $this->parseYoutube($text);
$text = $this->parseProfile($text);
$text = str_replace("\n", '<br />', $text);
$text = CleanHTML::purify($text);
$className = 'bbcode';
if ($ignoreLineHeight) {
$className .= ' bbcode--normal-line-height';
}
return "<div class='{$className}'>{$text}</div>";
}
public function parse($sv, $si)
{
global $Conf;
$this->nrfj = (object) array();
$option_error = "Review fields with options must have at least two choices, numbered sequentially from 1 (higher numbers are better) or lettered with consecutive uppercase letters (lower letters are better). Example: <pre>1. Low quality\n 2. Medium quality\n 3. High quality</pre>";
$rf = ReviewForm::get();
foreach ($rf->fmap as $fid => $f) {
$fj = (object) array();
$sn = simplify_whitespace(defval($sv->req, "shortName_{$fid}", ""));
if ($sn == "<None>" || $sn == "<New field>" || $sn == "Field name") {
$sn = "";
}
$pos = cvtint(get($sv->req, "order_{$fid}"));
if ($pos > 0 && $sn == "" && trim(defval($sv->req, "description_{$fid}", "")) == "" && trim(defval($sv->req, "options_{$fid}", "")) == "") {
$pos = -1;
}
if ($sn != "") {
$fj->name = $sn;
} else {
if ($pos > 0) {
$sv->set_error("shortName_{$fid}", "Missing review field name.");
}
}
$fj->visibility = get($sv->req, "authorView_{$fid}");
$x = CleanHTML::basic_clean(defval($sv->req, "description_{$fid}", ""), $err);
if ($x === false) {
if (get($f, "description")) {
$fj->description = $f->description;
}
if ($pos > 0) {
$sv->set_error("description_{$fid}", htmlspecialchars($sn) . " description: " . $err);
}
} else {
if (($x = trim($x)) != "") {
$fj->description = $x;
}
}
if ($pos > 0) {
$fj->position = $pos;
}
if ($f->has_options) {
$fj->options = array_values($f->options);
// default
if (!$this->check_options($sv, $fid, $fj) && $pos > 0) {
$sv->set_error("options_{$fid}", "Invalid options.");
if ($option_error) {
$sv->set_error(null, $option_error);
}
$option_error = false;
}
$prefixes = array("sv", "svr", "sv-blpu", "sv-publ", "sv-viridis", "sv-viridisr");
$class_prefix = defval($sv->req, "option_class_prefix_{$fid}", "sv");
$prefix_index = array_search($class_prefix, $prefixes) ?: 0;
if (get($sv->req, "option_class_prefix_flipped_{$fid}")) {
$prefix_index ^= 1;
}
$fj->option_class_prefix = $prefixes[$prefix_index];
}
$fj->round_mask = 0;
if ($rlist = get($sv->req, "round_list_{$fid}")) {
foreach (explode(" ", trim($rlist)) as $round_name) {
$fj->round_mask |= 1 << $Conf->round_number($round_name, false);
}
}
$xf = clone $f;
$xf->assign($fj);
$this->nrfj->{$fid} = $xf->unparse_json();
}
$sv->need_lock["PaperReview"] = true;
return true;
}