/** * Executes StringUtil::encodeHTML on the given text if disableEncoding is false. * @see \wcf\util\StringUtil::encodeHTML() */ protected function encodeHTML($text) { if (!$this->disableEncoding) { $text = StringUtil::encodeHTML($text); } return $text; }
/** * Parses search keywords. * * @param string $keywordString */ protected function parseKeywords($keywordString) { // convert encoding if necessary if (!StringUtil::isUTF8($keywordString)) { $keywordString = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $keywordString); } // remove bad wildcards $keywordString = preg_replace('/(?<!\\w)\\*/', '', $keywordString); // remove search operators $keywordString = preg_replace('/[\\+\\-><()~]+/', '', $keywordString); if (mb_substr($keywordString, 0, 1) == '"' && mb_substr($keywordString, -1) == '"') { // phrases search $keywordString = StringUtil::trim(mb_substr($keywordString, 1, -1)); if (!empty($keywordString)) { $this->keywords = array_merge($this->keywords, array(StringUtil::encodeHTML($keywordString))); } } else { // replace word delimiters by space $keywordString = str_replace(array('.', ','), ' ', $keywordString); $keywords = ArrayUtil::encodeHTML(ArrayUtil::trim(explode(' ', $keywordString))); if (!empty($keywords)) { $this->keywords = array_merge($this->keywords, $keywords); } } }
/** * @see \wcf\data\user\avatar\IUserAvatar::getImageTag() */ public function getImageTag($size = null) { if ($size === null) { $size = $this->size; } return '<img src="' . StringUtil::encodeHTML($this->getURL($size)) . '" style="width: ' . $size . 'px; height: ' . $size . 'px" alt="" class="userAvatarImage" />'; }
/** * @see \wcf\system\option\user\IUserOptionOutput::getOutput() */ public function getOutput(User $user, UserOption $option, $value) { if (empty($value)) { return ''; } return '<img src="' . StringUtil::encodeHTML($value) . '" alt="" />'; }
/** * @see \wcf\system\bbcode\IBBCode::getParsedTag() */ public function getParsedTag(array $openingTag, $content, array $closingTag, BBCodeParser $parser) { $src = ''; if (isset($openingTag['attributes'][0])) { $src = $openingTag['attributes'][0]; } if ($parser->getOutputType() == 'text/html') { $float = ''; if (isset($openingTag['attributes'][1])) { $float = $openingTag['attributes'][1]; } $style = ''; if ($float == 'left' || $float == 'right') { $style = 'float: ' . $float . '; margin: ' . ($float == 'left' ? '0 15px 7px 0' : '0 0 7px 15px') . ';'; } $width = 0; if (isset($openingTag['attributes'][2])) { $width = $openingTag['attributes'][2]; $style .= 'width: ' . $width . 'px;'; } return '<img src="' . $src . '" class="jsResizeImage" alt=""' . ($style ? ' style="' . $style . '"' : '') . ' />'; } else { if ($parser->getOutputType() == 'text/simplified-html') { $src = StringUtil::decodeHTML($src); $path = parse_url($src, PHP_URL_PATH); if ($path !== false) { return StringUtil::encodeHTML(basename($path)); } return ''; } } }
/** * @see \wcf\system\option\user\IUserOptionOutput::getOutput() */ public function getOutput(User $user, UserOption $option, $value) { if (empty($value) || $value == 'http://') { return ''; } $value = self::getURL($value); $value = StringUtil::encodeHTML($value); return '<a href="' . $value . '" class="externalURL"' . (EXTERNAL_LINK_REL_NOFOLLOW ? ' rel="nofollow"' : '') . (EXTERNAL_LINK_TARGET_BLANK ? ' target="_blank"' : '') . '>' . $value . '</a>'; }
/** * @see \wcf\system\bbcode\highlighter\Highlighter::cacheQuotes() */ protected function cacheQuotes($string) { if ($this->quotesRegEx !== null) { $string = $this->quotesRegEx->replace($string, new Callback(function (array $matches) { return StringStack::pushToStringStack('<span class="hlQuotes">' . StringUtil::encodeHTML($matches[0]) . '</span>', 'highlighterQuotes', ""); })); } return $string; }
/** * @see \wcf\system\option\user\IUserOptionOutput::getOutput() */ public function getOutput(User $user, UserOption $option, $value) { if (empty($value)) { return ''; } $url = StringUtil::encodeHTML('https://plus.google.com/' . $value . '/posts'); $value = StringUtil::encodeHTML($value); return '<a href="' . $url . '" class="externalURL"' . (EXTERNAL_LINK_REL_NOFOLLOW ? ' rel="me nofollow"' : ' rel="me"') . (EXTERNAL_LINK_TARGET_BLANK ? ' target="_blank"' : '') . '>' . $value . '</a>'; }
/** * @see \wcf\system\bbcode\highlighter\Highlighter::cacheQuotes() */ protected function cacheQuotes($string) { $string = parent::cacheQuotes($string); // highlight CDATA-Tags as quotes $string = Regex::compile('<!\\[CDATA\\[.*?\\]\\]>', Regex::DOT_ALL)->replace($string, new Callback(function (array $matches) { return StringStack::pushToStringStack('<span class="hlQuotes">' . StringUtil::encodeHTML($matches[0]) . '</span>', 'highlighterQuotes'); })); return $string; }
/** * Returns the formatted username. * * @return string */ public function getFormattedUsername() { $username = StringUtil::encodeHTML($this->username); if ($this->userOnlineMarking && $this->userOnlineMarking != '%s') { $username = str_replace('%s', $username, $this->userOnlineMarking); } if ($this->canViewOnlineStatus == 3) { $username .= WCF::getLanguage()->get('wcf.user.usersOnline.invisible'); } return $username; }
/** * Returns the image of this user rank. * * @return string html code */ public function getImage() { if ($this->rankImage) { $image = '<img src="' . (!preg_match('~^(/|https?://)~i', $this->rankImage) ? WCF::getPath() : '') . StringUtil::encodeHTML($this->rankImage) . '" alt="" />'; if ($this->repeatImage > 1) { $image = str_repeat($image, $this->repeatImage); } return $image; } return ''; }
/** * Converts html special characters in the given array. * * @param array $array * @return array */ public static function encodeHTML($array) { if (!is_array($array)) { return StringUtil::encodeHTML($array); } else { foreach ($array as $key => $val) { $array[$key] = self::encodeHTML($val); } return $array; } }
/** * Sets option values for a specific user. * * @param \wcf\data\user\User $user */ public function setOptionValue(User $user) { $userOption = 'userOption' . $this->optionID; $optionValue = $user->{$userOption}; // use output class if ($this->outputClass) { $outputObj = $this->getOutputObject(); $this->optionValue = $outputObj->getOutput($user, $this->getDecoratedObject(), $optionValue); } else { $this->optionValue = StringUtil::encodeHTML($optionValue); } }
/** * @see wcf\system\template\IBlockTemplatePlugin::execute() */ public function execute($tagArgs, $blockContent, TemplateEngine $tplObj) { if (!isset($tagArgs['controller'])) { throw new SystemException("missing 'controller' argument in link tag"); } if (!isset($tagArgs['application']) || empty($tagArgs['application'])) { $tagArgs['application'] = 'wcf'; } if (isset($tagArgs['encode']) && !$tagArgs['encode']) { return LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent); } return StringUtil::encodeHTML(LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent)); }
/** * @see \wcf\system\option\IOptionType::getFormElement() */ public function getFormElement(Option $option, $value) { // get selected group $selectedGroups = explode(',', $value); // get all groups $groups = UserGroup::getGroupsByType(); // generate html $html = ''; foreach ($groups as $group) { $html .= '<label><input type="checkbox" name="values[' . StringUtil::encodeHTML($option->optionName) . '][]" value="' . $group->groupID . '" ' . (in_array($group->groupID, $selectedGroups) ? 'checked="checked" ' : '') . '/> ' . $group->getName() . '</label>'; } return $html; }
/** * Generates the select list. * * @param integer $parentID id of the parent template group * @param integer $depth current list depth * @param array $ignore list of template group ids to ignore in result */ protected static function makeSelectList($parentID = 0, $depth = 0, $ignore = array()) { if (!isset(self::$templateGroupStructure[$parentID])) return; foreach (self::$templateGroupStructure[$parentID] as $templateGroup) { if (!empty($ignore) && in_array($templateGroup->templateGroupID, $ignore)) continue; // we must encode html here because the htmloptions plugin doesn't do it $title = StringUtil::encodeHTML($templateGroup->templateGroupName); if ($depth > 0) $title = str_repeat(' ', $depth). ' ' . $title; self::$selectList[$templateGroup->templateGroupID] = $title; self::makeSelectList($templateGroup->templateGroupID, $depth + 1, $ignore); } }
/** * @see \wcf\system\payment\method\IPaymentMethod::getPurchaseButton() */ public function getPurchaseButton($cost, $currency, $name, $token, $returnURL, $cancelReturnURL, $isRecurring = false, $subscriptionLength = 0, $subscriptionLengthUnit = '') { if ($isRecurring) { // subscribe button return '<form method="post" action="https://www.' . (ENABLE_DEBUG_MODE ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr"> <input type="hidden" name="a3" value="' . $cost . '" /> <input type="hidden" name="p3" value="' . $subscriptionLength . '" /> <input type="hidden" name="t3" value="' . $subscriptionLengthUnit . '" /> <input type="hidden" name="src" value="1" /> <input type="hidden" name="business" value="' . StringUtil::encodeHTML(PAYPAL_EMAIL_ADDRESS) . '" /> <input type="hidden" name="cancel_return" value="' . StringUtil::encodeHTML($cancelReturnURL) . '" /> <input type="hidden" name="charset" value="utf-8" /> <input type="hidden" name="cmd" value="_xclick-subscriptions" /> <input type="hidden" name="currency_code" value="' . $currency . '" /> <input type="hidden" name="custom" value="' . StringUtil::encodeHTML($token) . '" /> <input type="hidden" name="email" value="' . StringUtil::encodeHTML(WCF::getUser()->email) . '" /> <input type="hidden" name="item_name" value="' . StringUtil::encodeHTML($name) . '" /> <input type="hidden" name="lc" value="' . strtoupper(WCF::getLanguage()->languageCode) . '" /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="no_shipping" value="1" /> <input type="hidden" name="notify_url" value="' . StringUtil::encodeHTML(LinkHandler::getInstance()->getLink('PaypalCallback', array('appendSession' => false))) . '" /> <input type="hidden" name="quantity" value="1" /> <input type="hidden" name="return" value="' . StringUtil::encodeHTML($returnURL) . '" /> <button class="small" type="submit">' . WCF::getLanguage()->get('wcf.payment.paypal.button.subscribe') . '</button> </form>'; } else { return '<form method="post" action="https://www.' . (ENABLE_DEBUG_MODE ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr"> <input type="hidden" name="amount" value="' . $cost . '" /> <input type="hidden" name="business" value="' . StringUtil::encodeHTML(PAYPAL_EMAIL_ADDRESS) . '" /> <input type="hidden" name="cancel_return" value="' . StringUtil::encodeHTML($cancelReturnURL) . '" /> <input type="hidden" name="charset" value="utf-8" /> <input type="hidden" name="cmd" value="_xclick" /> <input type="hidden" name="currency_code" value="' . $currency . '" /> <input type="hidden" name="custom" value="' . StringUtil::encodeHTML($token) . '" /> <input type="hidden" name="email" value="' . StringUtil::encodeHTML(WCF::getUser()->email) . '" /> <input type="hidden" name="item_name" value="' . StringUtil::encodeHTML($name) . '" /> <input type="hidden" name="lc" value="' . strtoupper(WCF::getLanguage()->languageCode) . '" /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="no_shipping" value="1" /> <input type="hidden" name="notify_url" value="' . StringUtil::encodeHTML(LinkHandler::getInstance()->getLink('PaypalCallback', array('appendSession' => false))) . '" /> <input type="hidden" name="quantity" value="1" /> <input type="hidden" name="return" value="' . StringUtil::encodeHTML($returnURL) . '" /> <button class="small" type="submit">' . WCF::getLanguage()->get('wcf.payment.paypal.button.purchase') . '</button> </form>'; } }
/** * @see wcf\system\template\IBlockTemplatePlugin::execute() */ public function execute($tagArgs, $blockContent, TemplateEngine $tplObj) { if (!array_key_exists('controller', $tagArgs)) { $tagArgs['controller'] = null; } if (!isset($tagArgs['application']) || empty($tagArgs['application'])) { $tagArgs['application'] = 'wcf'; } if (isset($tagArgs['encode']) && !$tagArgs['encode']) { unset($tagArgs['encode']); return LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent); } return StringUtil::encodeHTML(LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent)); }
/** * Adds or replaces a meta tag. * * @param string $identifier * @param string $name * @param string $value * @param boolean $isProperty */ public function addTag($identifier, $name, $value, $isProperty = false) { if (!$this->regex->match($value)) { $value = StringUtil::encodeHTML($value); } $this->objects[$identifier] = array( 'isProperty' => $isProperty, 'name' => $name, 'value' => $value ); // replace description if Open Graph Protocol tag was given if ($name == 'og:description') { $this->objects['description']['value'] = $value; } $this->indexToObject[] = $identifier; }
/** * @see \wcf\system\bbcode\IBBCode::getParsedTag() */ public function getParsedTag(array $openingTag, $content, array $closingTag, BBCodeParser $parser) { $content = StringUtil::trim($content); if ($parser->getOutputType() == 'text/html') { foreach (BBCodeMediaProvider::getCache() as $provider) { if ($provider->matches($content)) { return $provider->getOutput($content); } } } if ($parser->getOutputType() == 'text/simplified-html') { foreach (BBCodeMediaProvider::getCache() as $provider) { if ($provider->matches($content)) { return StringUtil::getAnchorTag($content); } } } return StringUtil::encodeHTML($content); }
/** * @see \wcf\system\bbcode\highlighter\Highlighter::highlight() */ public function highlight($data) { $lines = explode("\n", $data); foreach ($lines as $key => $val) { if (in_array(mb_substr($val, 0, 1), $this->info) || in_array($val, $this->splitter)) { $lines[$key] = '<span class="hlComments">' . StringUtil::encodeHTML($val) . '</span>'; } else { if (in_array(mb_substr($val, 0, 1), $this->add)) { $lines[$key] = '<span class="hlAdded">' . StringUtil::encodeHTML($val) . '</span>'; } else { if (in_array(mb_substr($val, 0, 1), $this->delete)) { $lines[$key] = '<span class="hlRemoved">' . StringUtil::encodeHTML($val) . '</span>'; } else { $lines[$key] = StringUtil::encodeHTML($val); } } } } $data = implode("\n", $lines); return $data; }
/** * Sets option values for a specific user. * * @param wcf\data\user\User $user * @param string $outputType */ public function setOptionValue(User $user, $outputType = 'normal') { $userOption = 'userOption' . $this->optionID; $optionValue = $user->{$userOption}; // use output class if ($this->outputClass) { $outputObj = $this->getOutputObject(); if ($outputObj instanceof IUserOptionOutputContactInformation) { $this->outputData = $outputObj->getOutputData($user, $this->getDecoratedObject(), $optionValue); } if ($outputType == 'normal') { $this->optionValue = $outputObj->getOutput($user, $this->getDecoratedObject(), $optionValue); } else { if ($outputType == 'short') { $this->optionValue = $outputObj->getShortOutput($user, $this->getDecoratedObject(), $optionValue); } else { $outputType = $outputObj->getMediumOutput($user, $this->getDecoratedObject(), $optionValue); } } } else { $this->optionValue = StringUtil::encodeHTML($optionValue); } }
/** * @see \wcf\data\user\avatar\IUserAvatar::getCropImageTag() */ public function getCropImageTag($size = null) { $imageTag = $this->getImageTag($size); // append CSS classes and append title $title = StringUtil::encodeHTML(WCF::getLanguage()->get('wcf.user.avatar.type.custom.crop')); return str_replace('class="userAvatarImage"', 'class="userAvatarImage userAvatarCrop jsTooltip" title="' . $title . '"', $imageTag); }
/** * Prints the error page. */ public function show() { $this->information .= '<b>sql type:</b> ' . StringUtil::encodeHTML($this->getDBType()) . '<br />'; $this->information .= '<b>sql error:</b> ' . StringUtil::encodeHTML($this->getErrorDesc()) . '<br />'; $this->information .= '<b>sql error number:</b> ' . StringUtil::encodeHTML($this->getErrorNumber()) . '<br />'; $this->information .= '<b>sql version:</b> ' . StringUtil::encodeHTML($this->getSQLVersion()) . '<br />'; if ($this->preparedStatement !== null) { $this->information .= '<b>sql query:</b> ' . StringUtil::encodeHTML($this->preparedStatement->getSQLQuery()) . '<br />'; $parameters = $this->preparedStatement->getSQLParameters(); if (!empty($parameters)) { foreach ($parameters as $index => $parameter) { $this->information .= '<b>sql query parameter ' . $index . ':</b>' . StringUtil::encodeHTML($parameter) . '<br />'; } } } parent::show(); }
/** * Returns a list of the users online markings. * * @return array */ public function getUsersOnlineMarkings() { if ($this->usersOnlineMarkings === null) { $this->usersOnlineMarkings = $priorities = array(); // get groups foreach (UserGroup::getGroupsByType() as $group) { if ($group->userOnlineMarking != '%s') { $priorities[] = $group->priority; $this->usersOnlineMarkings[] = str_replace('%s', StringUtil::encodeHTML(WCF::getLanguage()->get($group->groupName)), $group->userOnlineMarking); } } // sort list array_multisort($priorities, SORT_DESC, $this->usersOnlineMarkings); } return $this->usersOnlineMarkings; }
/** * Return text. * * @return string */ public function getText() { if ($this->type == self::TYPE_HTML) { return $this->text; } else { if ($this->type == self::TYPE_BBCODE) { return MessageParser::getInstance()->parse($this->text); } else { return StringUtil::encodeHTML($this->text); } } }
/** * @see \Iterator::current() */ public function current() { $tag = $this->objects[$this->indexToObject[$this->index]]; return '<meta ' . ($tag['isProperty'] ? 'property' : 'name') . '="' . $tag['name'] . '" content="' . StringUtil::encodeHTML($tag['value']) . '" />'; }
/** * Gets the list of results. */ protected function readUsers() { // get user ids $userIDs = array(); $sql = "SELECT\t\tuser_table.userID\n\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t" . (isset($this->options[$this->sortField]) ? "LEFT JOIN wcf" . WCF_N . "_user_option_value user_option_value ON (user_option_value.userID = user_table.userID)" : '') . "\n\t\t\t" . $this->conditions . "\n\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'user_option_value.userOption' . $this->options[$this->sortField]['optionID'] : $this->sortField) . " " . $this->sortOrder; $statement = WCF::getDB()->prepareStatement($sql, $this->itemsPerPage, ($this->pageNo - 1) * $this->itemsPerPage); $statement->execute($this->conditions->getParameters()); while ($row = $statement->fetchArray()) { $userIDs[] = $row['userID']; } // get user data if (count($userIDs)) { $userToGroups = array(); // get group ids $conditions = new PreparedStatementConditionBuilder(); $conditions->add("user_table.userID IN (?)", array($userIDs)); $sql = "SELECT\tuserID, groupID\n\t\t\t\tFROM\twcf" . WCF_N . "_user_to_group user_table\n\t\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditions->getParameters()); while ($row = $statement->fetchArray()) { $userToGroups[$row['userID']][] = $row['groupID']; } $sql = "SELECT\t\toption_value.*, user_table.*\n\t\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value\n\t\t\t\tON\t\t(option_value.userID = user_table.userID)\n\t\t\t\t" . $conditions . "\n\t\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'option_value.userOption' . $this->options[$this->sortField]['optionID'] : 'user_table.' . $this->sortField) . " " . $this->sortOrder; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditions->getParameters()); while ($row = $statement->fetchArray()) { $row['groupIDs'] = implode(',', $userToGroups[$row['userID']]); $accessible = UserGroup::isAccessibleGroup($userToGroups[$row['userID']]); $row['accessible'] = $accessible; $row['deletable'] = $accessible && WCF::getSession()->getPermission('admin.user.canDeleteUser') && $row['userID'] != WCF::getUser()->userID ? 1 : 0; $row['editable'] = $accessible && WCF::getSession()->getPermission('admin.user.canEditUser') ? 1 : 0; $row['isMarked'] = intval(in_array($row['userID'], $this->markedUsers)); $this->users[] = new User(null, $row); } // get special columns foreach ($this->users as $key => $user) { foreach ($this->columns as $column) { switch ($column) { case 'email': $this->columnValues[$user->userID][$column] = '<a href="mailto:' . StringUtil::encodeHTML($user->email) . '">' . StringUtil::encodeHTML($user->email) . '</a>'; break; case 'registrationDate': $this->columnValues[$user->userID][$column] = DateUtil::format(DateUtil::getDateTimeByTimestamp($user->{$column}), DateUtil::DATE_FORMAT); break; default: if (isset($this->options[$column])) { if ($this->options[$column]->outputClass) { $this->options[$column]->setOptionValue($user); $outputObj = $this->options[$column]->getOutputObject(); $this->columnValues[$user->userID][$column] = $outputObj->getOutput($user, $this->options[$column]->getDecoratedObject(), $user->{$column}); } else { $this->columnValues[$user->userID][$column] = StringUtil::encodeHTML($user->{$column}); } } break; } } } } }
/** * @see \wcf\system\option\user\IUserOptionOutput::getOutput() */ public function getOutput(User $user, UserOption $option, $value) { return nl2br(StringUtil::encodeHTML($value)); }
/** * @see \wcf\system\bbcode\highlighter\Highlighter::highlight() */ public function highlight($code) { return StringUtil::encodeHTML($code); }