function display($value) { $config = $this->getConfiguration(); if ($config['html']) { return Format::safe_html($value); } else { return Format::htmlchars($value); } }
function faq($id, $format = 'html') { //XXX: user ajax->getThisStaff() (nolint) global $thisstaff; include_once INCLUDE_DIR . 'class.faq.php'; if (!($faq = FAQ::lookup($id))) { return null; } //TODO: $f*g->getJSON() for json format. (nolint) $resp = sprintf('<div style="width:650px;"> <strong>%s</strong><p>%s</p> <div class="faded">Last updated %s</div> <hr> <a href="faq.php?id=%d">View</a> | <a href="faq.php?id=%d">Attachments (%s)</a>', $faq->getQuestion(), Format::safe_html($faq->getAnswer()), Format::db_daydatetime($faq->getUpdateDate()), $faq->getId(), $faq->getId(), $faq->getNumAttachments()); if ($thisstaff && $thisstaff->canManageFAQ()) { $resp .= sprintf(' | <a href="faq.php?id=%d&a=edit">Edit</a>', $faq->getId()); } $resp .= '</div>'; return $resp; }
<?php if (!defined('OSTCLIENTINC') || !$category || !$category->isPublic()) { die('Access Denied'); } ?> <div class="container topheader"> <div class="row"> <div class="span8"> <h2><strong><?php echo $category->getLocalName(); ?> </strong></h2> <p> <?php echo Format::safe_html($category->getLocalDescriptionWithImages()); ?> </p> <hr> <div class="panel panel-default faqlist"> <?php $faqs = FAQ::objects()->filter(array('category' => $category))->exclude(array('ispublished' => FAQ::VISIBILITY_PRIVATE))->annotate(array('has_attachments' => SqlAggregate::COUNT(SqlCase::N()->when(array('attachments__inline' => 0), 1)->otherwise(null))))->order_by('-ispublished', 'question'); if ($faqs->exists(true)) { echo ' <div class="panel-heading"> <h2 class="panel-title">' . __('Frequently Asked Questions') . '</h2> </div> <div class="panel-body"> <div id="faq"> <ol>'; foreach ($faqs as $F) {
</div>'; } else { echo '<strong class="faded">'.__('The search did not match any FAQs.').'</strong>'; } } else { //Category Listing. $sql='SELECT cat.category_id, cat.name, cat.description, cat.ispublic, count(faq.faq_id) as faqs ' .' FROM '.FAQ_CATEGORY_TABLE.' cat ' .' LEFT JOIN '.FAQ_TABLE.' faq ON(faq.category_id=cat.category_id) ' .' GROUP BY cat.category_id ' .' ORDER BY cat.name'; if(($res=db_query($sql)) && db_num_rows($res)) { echo '<div>'.__('Click on the category to browse FAQs or manage its existing FAQs.').'</div> <ul id="kb">'; while($row=db_fetch_array($res)) { echo sprintf(' <li> <h4><a href="kb.php?cid=%d">%s (%d)</a> - <span>%s</span></h4> %s </li>',$row['category_id'],$row['name'],$row['faqs'], ($row['ispublic']?__('Public'):__('Internal')), Format::safe_html($row['description'])); } echo '</ul>'; } else { echo __('NO FAQs found'); } } ?> </div>
function save($id, $vars, &$errors, $validation = false) { //Cleanup. $vars['name'] = Format::striptags(trim($vars['name'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Try again'; } if (!$vars['name']) { $errors['name'] = 'Category name is required'; } elseif (strlen($vars['name']) < 3) { $errors['name'] = 'Name is too short. 3 chars minimum'; } elseif (($cid = self::findIdByName($vars['name'])) && $cid != $id) { $errors['name'] = 'Category already exists'; } if (!$vars['description']) { $errors['description'] = 'Category description is required'; } if ($errors) { return false; } /* validation only */ if ($validation) { return true; } //save $sql = ' updated=NOW() ' . ',ispublic=' . db_input(isset($vars['ispublic']) ? $vars['ispublic'] : 0) . ',name=' . db_input($vars['name']) . ',description=' . db_input(Format::safe_html($vars['description'])) . ',notes=' . db_input($vars['notes']); if ($id) { $sql = 'UPDATE ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ' WHERE category_id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = 'Unable to update FAQ category.'; } else { $sql = 'INSERT INTO ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to create FAQ category. Internal error'; } return false; }
function save($id, $vars, &$errors, $validation = false) { //Cleanup. $vars['question'] = Format::striptags(trim($vars['question'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Try again'; } if (!$vars['question']) { $errors['question'] = 'Question required'; } elseif (($qid = self::findIdByQuestion($vars['question'])) && $qid != $id) { $errors['question'] = 'Question already exists'; } if (!$vars['category_id'] || !($category = Category::lookup($vars['category_id']))) { $errors['category_id'] = 'Category is required'; } if (!$vars['answer']) { $errors['answer'] = 'FAQ answer is required'; } if ($errors || $validation) { return !$errors; } //save $sql = ' updated=NOW() ' . ', question=' . db_input($vars['question']) . ', answer=' . db_input(Format::safe_html($vars['answer'])) . ', category_id=' . db_input($vars['category_id']) . ', ispublished=' . db_input(isset($vars['ispublished']) ? $vars['ispublished'] : 0) . ', notes=' . db_input($vars['notes']); if ($id) { $sql = 'UPDATE ' . FAQ_TABLE . ' SET ' . $sql . ' WHERE faq_id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = 'Unable to update FAQ.'; } else { $sql = 'INSERT INTO ' . FAQ_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to create FAQ. Internal error'; } return false; }
"><?php echo $category->getName(); ?> </a> </div> <div style="width:700px;padding-top:2px;" class="pull-left"> <strong style="font-size:16px;"><?php echo $faq->getQuestion(); ?> </strong> </div> <div class="pull-right flush-right" style="padding-top:5px;padding-right:5px;"></div> <div class="clear"></div> <p> <?php echo Format::safe_html($faq->getAnswerWithImages()); ?> </p> <p> <?php if ($faq->getNumAttachments()) { ?> <div><span class="faded"><b><?php echo __('Attachments'); ?> :</b></span> <?php echo $faq->getAttachmentsLinks(); ?> </div> <?php }
Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ if (!defined('OSTCLIENTINC') || !$status) { die('Access Denied'); } ?> <h1><strong><?php echo $status->getName(); ?> </strong></h1> <p> <?php echo \Format::safe_html($status->getDescription()); ?> </p> <hr> <?php $sql = 'SELECT equipment.equipment_id as equipment_id, equipment.asset_id as Equipment, status.name as Status, status.color as color' . ' FROM ' . EQUIPMENT_TABLE . ' equipment ' . ' LEFT JOIN ' . EQUIPMENT_STATUS_TABLE . ' status ON(status.status_id=equipment.status_id) ' . ' WHERE equipment.ispublished=1 AND equipment.status_id=' . db_input($status->getId()) . ' GROUP BY equipment.equipment_id'; if (($res = db_query($sql)) && db_num_rows($res)) { echo ' <h2>Equpment</h2> <div id="equipment"> <ol>'; while ($row = db_fetch_array($res)) { echo sprintf(' <li> <a href="equipment.php?id=%d" %s>%s %s</a></li>', $row['equipment_id'], 'style="color:' . $row['color'] . '"', \Format::htmlchars($row['Equipment']), $row['Status']); }
die('Access Denied'); } ?> <div style="width:700;padding-top:10px; float:left;"> <h2>Frequently Asked Questions</h2> </div> <div style="float:right;text-align:right;padding-top:5px;padding-right:5px;"> </div> <div class="clear"></div> <br> <div><strong><?php echo $category->getName(); ?> </strong></div> <p> <?php echo Format::safe_html($category->getDescription()); ?> </p> <hr> <?php $sql = 'SELECT faq.faq_id, question ' . ' FROM ' . FAQ_TABLE . ' faq ' . ' LEFT JOIN ' . FAQ_ATTACHMENT_TABLE . ' attach ON(attach.faq_id=faq.faq_id) ' . ' WHERE faq.ispublished=1 AND faq.category_id=' . db_input($category->getId()) . ' GROUP BY faq.faq_id'; if (($res = db_query($sql)) && db_num_rows($res)) { echo '<div id="faq"> <ol>'; while ($row = db_fetch_array($res)) { echo sprintf(' <li><a href="faq.php?id=%d" >%s</a></li>', $row['faq_id'], Format::htmlchars($row['question'])); } echo ' </ol> </div>'; } else {
echo $category->getId(); ?> "><?php echo $category->getName(); ?> </a> </div> <div style="width:700;padding-top:2px; float:left;"> <strong style="font-size:16px;"><?php echo $equipment->getAsset_id(); ?> </strong> </div> <div style="float:right;text-align:right;padding-top:5px;padding-right:5px;"></div> <div class="clear"></div> <p> <img src="<?php echo "images/" . $equipment->getStatus()->getImage(); ?> " width="20" height="20"/> <?php echo Format::safe_html($equipment->getStatus()); ?> </p> <hr> <div class="faded"> Last updated <?php echo Format::db_daydatetime($category->getUpdated()); ?> </div>
function save($id, $vars, &$errors) { //Cleanup. $vars['name'] = Format::striptags(trim($vars['name'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Try again'; } if (!$vars['type']) { $errors['type'] = 'Type required'; } elseif (!in_array($vars['type'], array('landing', 'offline', 'thank-you', 'other'))) { $errors['type'] = 'Invalid selection'; } if (!$vars['name']) { $errors['name'] = 'Name required'; } elseif (($pid = self::getIdByName($vars['name'])) && $pid != $id) { $errors['name'] = 'Name already exists'; } if (!$vars['body']) { $errors['body'] = 'Page body is required'; } if ($errors) { return false; } //save $sql = ' updated=NOW() ' . ', `type`=' . db_input($vars['type']) . ', name=' . db_input($vars['name']) . ', body=' . db_input(Format::safe_html($vars['body'])) . ', isactive=' . db_input($vars['isactive'] ? 1 : 0) . ', notes=' . db_input($vars['notes']); if ($id) { $sql = 'UPDATE ' . PAGE_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = 'Unable to update page.'; } else { $sql = 'INSERT INTO ' . PAGE_TABLE . ' SET ' . $sql . ', created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to create page. Internal error'; } return false; }
if (!$errors && $cfg->allowOnlineAttachments() && $_FILES['attachments']) { $vars['files'] = AttachmentFile::format($_FILES['attachments'], true); } //Ticket::create...checks for errors.. if ($ticket = Ticket::create($vars, $errors, SOURCE)) { $msg = 'Support ticket request created'; //Logged in...simply view the newly created ticket. if ($thisclient && $thisclient->isValid()) { if (!$cfg->showRelatedTickets()) { $_SESSION['_client']['key'] = $ticket->getExtId(); } //Resetting login Key to the current ticket! session_write_close(); session_regenerate_id(); @header('Location: tickets.php?id=' . $ticket->getExtId()); } } else { $errors['err'] = $errors['err'] ? $errors['err'] : 'Unable to create a ticket. Please correct errors below and try again!'; } } //page $nav->setActiveNav('new'); require CLIENTINC_DIR . 'header.inc.php'; if ($ticket && (($topic = $ticket->getTopic()) && ($page = $topic->getPage()) || ($page = $cfg->getThankYouPage()))) { //Thank the user and promise speedy resolution! //Hide ticket number - it should only be delivered via email for security reasons. echo Format::safe_html($ticket->replaceVars(str_replace(array('%{ticket.number}', '%{ticket.extId}', '%{ticket}'), array_fill(0, 3, 'XXXXXX'), $page->getBody()))); } else { require CLIENTINC_DIR . 'open.inc.php'; } require CLIENTINC_DIR . 'footer.inc.php';
function getBody($mid) { $body = ''; if ($body = $this->getPart($mid, 'TEXT/PLAIN', $this->charset)) { // The Content-Type was text/plain, so escape anything that // looks like HTML $body = Format::htmlchars($body); } elseif ($body = $this->getPart($mid, 'TEXT/HTML', $this->charset)) { //Convert tags of interest before we striptags $body = str_replace("</DIV><DIV>", "\n", $body); $body = str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body); $body = Format::safe_html($body); //Balance html tags & neutralize unsafe tags. } return $body; }
function getBody($mid) { global $cfg; if ($cfg->isHtmlThreadEnabled()) { if ($html = $this->getPart($mid, 'text/html', $this->charset)) { $body = new HtmlThreadBody($html); } elseif ($text = $this->getPart($mid, 'text/plain', $this->charset)) { $body = new TextThreadBody($text); } } elseif ($text = $this->getPart($mid, 'text/plain', $this->charset)) { $body = new TextThreadBody($text); } elseif ($html = $this->getPart($mid, 'text/html', $this->charset)) { $body = new TextThreadBody(Format::html2text(Format::safe_html($html), 100, false)); } if (!isset($body)) { $body = new TextThreadBody(''); } if ($cfg->stripQuotedReply()) { $body->stripQuotedReply($cfg->getReplySeparator()); } return $body; }
<ol>'; while ($row = db_fetch_array($res)) { echo sprintf(' <li><a href="faq.php?id=%d" class="previewfaq">%s</a> - <span>%s</span></li>', $row['faq_id'], $row['question'], $row['ispublished'] ? 'Published' : 'Internal'); } echo ' </ol> </div>'; } else { echo '<strong class="faded">The search did not match any FAQs.</strong>'; } } else { //Category Listing. $sql = 'SELECT cat.category_id, cat.name, cat.description, cat.ispublic, count(faq.faq_id) as faqs ' . ' FROM ' . FAQ_CATEGORY_TABLE . ' cat ' . ' LEFT JOIN ' . FAQ_TABLE . ' faq ON(faq.category_id=cat.category_id) ' . ' GROUP BY cat.category_id ' . ' ORDER BY cat.name'; if (($res = db_query($sql)) && db_num_rows($res)) { echo '<div>Click on the category to browse FAQs.</div> <ul id="kb">'; while ($row = db_fetch_array($res)) { echo sprintf(' <li> <h4><a href="kb.php?cid=%d">%s (%d)</a> - <span>%s</span></h4> %s </li>', $row['category_id'], $row['name'], $row['faqs'], $row['ispublic'] ? 'Public' : 'Internal', Format::safe_html($row['description'])); } echo '</ul>'; } else { echo 'NO FAQs found'; } } ?> </div>
while ($row = db_fetch_array($res)) { echo sprintf(' <li><a href="faq.php?id=%d" class="previewfaq">%s</a></li>', $row['faq_id'], $row['question'], $row['ispublished'] ? 'Published' : 'Internal'); } echo ' </ol> </div>'; } else { echo '<strong class="faded">The search did not match any FAQs.</strong>'; } } else { //Category Listing. $sql = 'SELECT cat.category_id, cat.name, cat.description, cat.ispublic, count(faq.faq_id) as faqs ' . ' FROM ' . FAQ_CATEGORY_TABLE . ' cat ' . ' LEFT JOIN ' . FAQ_TABLE . ' faq ON(faq.category_id=cat.category_id AND faq.ispublished=1) ' . ' WHERE cat.ispublic=1 ' . ' GROUP BY cat.category_id ' . ' HAVING faqs>0 ' . ' ORDER BY cat.name'; if (($res = db_query($sql)) && db_num_rows($res)) { echo '<div>Click on the category to browse FAQs.</div> <ul id="kb">'; while ($row = db_fetch_array($res)) { echo sprintf(' <li> <i></i> <h4><a href="faq.php?cid=%d">%s (%d)</a></h4> %s </li>', $row['category_id'], Format::htmlchars($row['name']), $row['faqs'], Format::safe_html($row['description'])); } echo '</ul>'; } else { echo 'NO FAQs found'; } } ?> </div>
function sanitize($text, $striptags = false) { //balance and neutralize unsafe tags. $text = Format::safe_html($text); $text = self::localizeInlineImages($text); //If requested - strip tags with decoding disabled. return $striptags ? Format::striptags($text, false) : $text; }
if(!defined('OSTCLIENTINC') || !$faq || !$faq->isPublished()) die('Access Denied'); $category=$faq->getCategory(); ?> <h1>Frequently Asked Questions</h1> <div id="breadcrumbs"> <a href="index.php">All Categories</a> » <a href="faq.php?cid=<? echo $category->getId(); ?>"><? echo $category->getName(); ?></a> </div> <div style="width:700;padding-top:2px; float:left;"> <strong style="font-size:16px;"><?php echo $faq->getQuestion() ?></strong> </div> <div style="float:right;text-align:right;padding-top:5px;padding-right:5px;"></div> <div class="clear"></div> <p> <?php echo Format::safe_html($faq->getAnswer()); ?> </p> <p> <?php if($faq->getNumAttachments()) { ?> <div><span class="faded"><b>Attachments:</b></span> <?php echo $faq->getAttachmentsLinks(); ?></div> <? }?> <div><span class="faded"><b>Help Topics:</b></span> <?php echo ($topics=$faq->getHelpTopics())?implode(', ',$topics):' '; ?> </div> </p> <hr> <div class="faded"> Last updated <?php echo Format::db_daydatetime($category->getUpdateDate()); ?></div>
function getBody() { $body = ''; if ($body = $this->getPart($this->struct, 'text/plain')) { $body = Format::htmlchars($body); } elseif ($body = $this->getPart($this->struct, 'text/html')) { //Cleanup the html. $body = str_replace("</DIV><DIV>", "\n", $body); $body = str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body); $body = Format::safe_html($body); //Balance html tags & neutralize unsafe tags. } return $body; }