/** * Returns BBCode converted to (X)HTML. * * @param string $text A BBCode formatted text. * * @return string (X)HTML. */ public function convert($text) { $text = XH_hsc($text); $this->context = array(); $text = $this->doConvert(array($text, '', '', $text)); $text = $this->convertEmoticons($text); $text = preg_replace('/\\r\\n|\\r|\\n/', tag('br'), $text); $text = str_replace("\v", "\n", $text); return $text; }
/** * Renders a field. * * @param Field $field A field. * * @return string (X)HTML */ protected function renderField(Field $field) { $name = 'advfrm-' . $field->getName(); $o = '<tr><td class="label">' . XH_hsc($field->getLabel()) . '</td><td class="field">'; if (isset($_POST[$name])) { if (is_array($_POST[$name])) { foreach ($_POST[$name] as $val) { $o .= '<div>' . XH_hsc(stsl($val)) . '</div>'; } } else { $o .= $this->nl2br(XH_hsc(stsl($_POST[$name]))); } } elseif (isset($_FILES[$name])) { $o .= stsl($_FILES[$name]['name']); } $o .= '</td></tr>' . PHP_EOL; return $o; }
/** * Renders the filter form. * * @return string (X)HTML. * * @global string The script name. * @global array The localization of the plugins. */ protected function renderFilterForm() { global $sn, $plugin_tx; $url = $sn . '?&realblog&admin=plugin_main&action=plugin_text'; $html = '<form class="realblog_filter" method="post"' . ' action="' . XH_hsc($url) . '">'; $states = array('readyforpublishing', 'published', 'archived'); foreach ($states as $i => $state) { $html .= $this->renderFilterCheckbox($i + 1, $state); } $html .= '<button>' . $plugin_tx['realblog']['btn_filter'] . '</button>' . '</form>'; return $html; }
/** * Renders the search results. * * @param string $what Which search results ('blog' or 'archive'). * @param string $count The number of hits. * * @return string (X)HTML. * * @global string The URL of the current page. * @global array The localization of the plugins. */ protected function renderSearchResults($what, $count) { global $su, $plugin_tx; $key = $what == 'archive' ? 'back_to_archive' : 'search_show_all'; $search = $this->getPgParameter('realblog_search'); $words = '"' . $search . '"'; return '<p>' . $plugin_tx['realblog']['search_searched_for'] . ' <b>' . XH_hsc($words) . '</b></p>' . '<p>' . $plugin_tx['realblog']['search_result'] . '<b> ' . $count . '</b></p>' . '<p><a href="' . XH_hsc($this->url($su)) . '"><b>' . $plugin_tx['realblog'][$key] . '</b></a></p>'; }
/** * Returns a string where all special HTML characters are replaced with entities. * * @param string $string A string. * * @return string */ function Advancedform_hsc($string) { if (function_exists('XH_hsc')) { return XH_hsc($string); } else { return htmlspecialchars($string, ENT_COMPAT, 'UTF-8'); } }
/** * Returns the default view of the form. * * @return string (X)HTML. * * @global array The configuration of the plugins. */ protected function renderDefault() { global $plugin_cf; $pcf = $plugin_cf['advancedform']; $o = ''; $o .= '<div style="overflow:auto">' . PHP_EOL . '<table>' . PHP_EOL; foreach ($this->form->getFields() as $field) { $field = Field::make($field); $label = XH_hsc($field->getLabel('label')); $label = $field->isRequired() ? sprintf($pcf['required_field_mark'], $label) : $label; $hidden = $field->getType() == 'hidden'; $class = $hidden ? ' class="hidden"' : ''; $field_id = 'advfrm-' . $this->form->getName() . '-' . $field->getName(); $labelled = !in_array($field->getType(), array('checkbox', 'radio', 'output')); $o .= '<tr' . $class . '>'; if (!$hidden) { $o .= '<td class="label">' . ($labelled ? '<label for="' . $field_id . '">' : '') . $label . ($labelled ? '</label>' : '') . '</td>'; } else { $o .= '<td></td>'; } $o .= '<td class="field">'; $fieldView = new FieldView($this->form->getName(), $field); $o .= $fieldView->render(); $o .= '</td></tr>' . PHP_EOL; if ($labelled && $pcf['focus_form']) { Controller::focusField($this->form->getName(), 'advfrm-' . $field->getName()); } } $o .= '</table>' . PHP_EOL . '</div>' . PHP_EOL; return $o; }
/** * Renders the edit comments link. * * @return string (X)HTML. * * @global string The script name. * @global array The configuration of the plugins. * @global array The localization of the plugins. */ protected function renderEditCommentsLink() { global $sn, $plugin_cf, $plugin_tx; $bridge = $plugin_cf['realblog']['comments_plugin'] . '_RealblogBridge'; $url = call_user_func(array($bridge, getEditUrl), 'realblog' . $this->id); if ($url) { return '<span class="realblog_button"><a href="' . XH_hsc($url) . '">' . $plugin_tx['realblog']['comment_edit'] . '</a></span>'; } else { return ''; } }
/** * Sends the mail and returns whether that was successful. * * @return bool * * @global string The current language. * @global array The configuration of the plugins. * @global array The localization of the plugins. * @global string The (X)HTML fragment that contains error messages. */ public function send() { global $sl, $plugin_cf, $plugin_tx, $e; $pcf = $plugin_cf['advancedform']; $ptx = $plugin_tx['advancedform']; $type = strtolower($pcf['mail_type']); $this->mail->LE = $pcf['mail_line_ending_*nix'] ? "\n" : "\r\n"; $this->mail->set('CharSet', 'UTF-8'); $this->mail->SetLanguage($sl, $this->pluginFolder . 'phpmailer/language/'); $this->mail->set('WordWrap', 72); if (!$this->determineAddresses()) { return false; } if ($this->isConfirmation) { $this->mail->set('Subject', sprintf($ptx['mail_subject_confirmation'], $this->form->getTitle(), $_SERVER['SERVER_NAME'])); } else { $this->mail->set('Subject', sprintf($ptx['mail_subject'], $this->form->getTitle(), $_SERVER['SERVER_NAME'], $_SERVER['REMOTE_ADDR'])); } $this->mail->IsHtml($type != 'text'); if ($type == 'text') { $this->mail->set('Body', $this->getBody(false)); } else { $body = $this->getBody(true); $this->mail->MsgHTML($body); $this->mail->set('AltBody', $this->getBody(false)); } if (!$this->isConfirmation) { foreach ($this->form->getFields() as $field) { $field = Field::make($field); if ($field->getType() == 'file') { $name = 'advfrm-' . $field->getName(); $this->mail->AddAttachment($_FILES[$name]['tmp_name'], stsl($_FILES[$name]['name'])); } } } if (function_exists('advfrm_custom_mail')) { $customResult = advfrm_custom_mail($this->form->getName(), $this->mail, $this->isConfirmation); if ($customResult === false) { return true; } } $ok = $this->mail->Send(); if (!$this->isConfirmation) { if (!$ok) { $message = !empty($this->mail->ErrorInfo) ? XH_hsc($this->mail->ErrorInfo) : $ptx['error_mail']; $e .= '<li>' . $message . '</li>' . PHP_EOL; } if (function_exists('XH_logMessage')) { $type = $ok ? 'info' : 'error'; $message = $ok ? $ptx['log_success'] : $ptx['log_error']; $message = sprintf($message, $this->mail->From); XH_logMessage($type, 'Advancedform', $this->form->getName(), $message); } } return $ok; }
/** * Validates a filled in field. * * @return string (X)HTML. */ protected function validateFilledInField() { $o = ''; switch ($this->field->getType()) { case 'from': case 'mail': if (!preg_match($this->config['mail_regexp'], stsl($_POST[$this->name]))) { $o .= '<li>' . sprintf($this->l10n['error_invalid_email'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } break; case 'date': $pattern = '/^([0-9]+)\\' . $this->l10n['date_delimiter'] . '([0-9]+)\\' . $this->l10n['date_delimiter'] . '([0-9]+)$/'; $matched = preg_match($pattern, stsl($_POST[$this->name]), $matches); if (count($matches) == 4) { $month = $matches[strpos($this->l10n['date_order'], 'm') + 1]; $day = $matches[strpos($this->l10n['date_order'], 'd') + 1]; $year = $matches[strpos($this->l10n['date_order'], 'y') + 1]; } if (!$matched || !checkdate($month, $day, $year)) { $o .= '<li>' . sprintf($this->l10n['error_invalid_date'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } break; case 'number': if (!ctype_digit(stsl($_POST[$this->name]))) { $o .= '<li>' . sprintf($this->l10n['error_invalid_number'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } break; case 'file': switch ($_FILES[$this->name]['error']) { case UPLOAD_ERR_OK: if ($this->field->getMaxLength() && $_FILES[$this->name]['size'] > $this->field->getMaxLength()) { $o .= '<li>' . sprintf($this->l10n['error_upload_too_large'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $o .= '<li>' . sprintf($this->l10n['error_upload_too_large'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); break; default: $o .= '<li>' . sprintf($this->l10n['error_upload_general'], XH_hsc($this->field->getLabel())) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } $ext = pathinfo($_FILES[$this->name]['name'], PATHINFO_EXTENSION); if ($this->field->getFileTypes() != '' && !in_array($ext, explode(',', $this->field->getFileTypes()))) { $o .= '<li>' . sprintf($this->l10n['error_upload_illegal_ftype'], XH_hsc($this->field->getLabel()), XH_hsc($ext)) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } break; case 'custom': $pattern = $this->field->getConstraint(); if (!empty($pattern) && !preg_match($pattern, stsl($_POST[$this->name]))) { $msg = $this->field->getErrorMessage() != '' ? $this->field->getErrorMessage() : $this->l10n['error_invalid_custom']; $o .= '<li>' . sprintf($msg, $this->field->getLabel()) . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } } return $o; }
/** * Renders the search results. * * @return string (X)HTML. * * @global string The URL of the current page. * @global array The localization of the plugins. * @global Realblog_Controller The plugin controller. */ protected function renderSearchResults() { global $su, $plugin_tx, $_Realblog_controller; $currentMonth = -1; $t = ''; foreach ($this->articles as $key => $article) { $month = date('n', $article->getDate()); $year = date('Y', $article->getDate()); if ($month != $currentMonth) { $t .= '<h4>' . $this->getMonthName($month) . ' ' . $year . '</h4>'; $currentMonth = $month; } $url = $_Realblog_controller->url($su, $article->getTitle(), array('realblogID' => $article->getId())); $t .= '<p>' . date($plugin_tx['realblog']['date_format'], $article->getDate()) . ' <a href="' . XH_hsc($url) . '" title="' . $plugin_tx['realblog']["tooltip_view"] . '">' . $article->getTitle() . '</a></p>'; } return $t; }
/** * Renders the feed items. * * @return string XML. * * @global string The script name. * @global array The localization of the plugins. * @global Realblog_Controller The plugin controller. */ protected function renderItems() { global $sn, $plugin_tx, $_Realblog_controller; $xml = ''; foreach ($this->articles as $article) { $url = CMSIMPLE_URL . substr($_Realblog_controller->url($plugin_tx['realblog']["rss_page"], $article->getTitle(), array('realblogID' => $article->getId())), strlen($sn)); $xml .= '<item>' . '<title>' . XH_hsc($article->getTitle()) . '</title>' . '<link>' . XH_hsc($url) . '</link>' . '<description>' . XH_hsc(evaluate_scripting($article->getTeaser())) . '</description>' . '<pubDate>' . date('r', $article->getDate()) . '</pubDate>' . '</item>'; } return $xml; }
/** * Renders the story (body). * * @return string (X)HTML. * * @global array The localization of the plugins. */ protected function renderStory() { global $plugin_tx; return '<h4>' . $plugin_tx['realblog']['story_label'] . '</h4>' . '<textarea class="realblog_story_field"' . ' name="realblog_story" id="realblog_story" rows="30" cols="80">' . XH_hsc($this->article->getBody()) . '</textarea>'; }
/** * Renders the page of pages. * * @param string $page The number of the current page. * @param int $pageCount A page count. * @param int $back The number of the previous page. * @param int $next The number of the next page. * * @return string (X)HTML. * * @global string The URL of the current page. * @global array The localization of the plugins. * @global Realblog_Controller The plugin controller. */ protected function renderPageOfPages($page, $pageCount, $back, $next) { global $su, $plugin_tx, $_Realblog_controller; $backUrl = $_Realblog_controller->url($su, null, array('realblog_page' => $back)); $nextUrl = $_Realblog_controller->url($su, null, array('realblog_page' => $next)); return '<div class="realblog_page_info">' . $plugin_tx['realblog']['page_label'] . ' : ' . '<a href="' . XH_hsc($backUrl) . '" title="' . $plugin_tx['realblog']['tooltip_previous'] . '">' . '◀</a> ' . $page . '/' . $pageCount . ' ' . '<a href="' . XH_hsc($nextUrl) . '" title="' . $plugin_tx['realblog']['tooltip_next'] . '">' . '▶</a></div>'; }
/** * Renders a non select field. * * @return string (X)HTML. */ protected function renderNonSelectField() { $o = ''; if (function_exists('advfrm_custom_field_default')) { $val = advfrm_custom_field_default($this->form, $this->field->getName(), null, isset($_POST['advfrm'])); } if (!isset($val)) { $val = isset($_POST[$this->name]) ? stsl($_POST[$this->name]) : $this->field->getDefaultValue(); } if ($this->field->getType() == 'textarea') { $cols = $this->field->getColumnCount() ? $this->field->getColumnCount() : 40; $rows = $this->field->getRowCount() ? $this->field->getRowCount() : 4; $o .= '<textarea id="' . $this->id . '" name="' . $this->name . '" cols="' . $cols . '" rows="' . $rows . '">' . XH_hsc($val) . '</textarea>'; } elseif ($this->field->getType() == 'output') { $o .= $val; } else { if ($this->field->getType() == 'date') { $this->initDatePicker(); } $size = $this->field->getType() == 'hidden' || $this->field->getSize() ? ' size="' . $this->field->getSize() . '"' : ''; $maxlen = in_array($this->field->getType(), array('hidden', 'file')) || !$this->field->getMaxLength() ? '' : ' maxlength="' . $this->field->getMaxLength() . '"'; if ($this->field->getType() == 'file' && $this->field->getMaxLength()) { $o .= tag('input type="hidden" name="MAX_FILE_SIZE" value="' . $this->field->getMaxLength() . '"'); } if ($this->field->getType() == 'file') { $value = ''; $accept = ' accept="' . XH_hsc($this->prefixFileExtensionList($val)) . '"'; } else { $value = ' value="' . XH_hsc($val) . '"'; $accept = ''; } $o .= tag('input type="' . $this->getInputElementType() . '" id="' . $this->id . '" name="' . $this->name . '"' . $value . $accept . $size . $maxlen); } return $o; }
/** * Returns the topic view. * * @param string $forum A forum name. * @param string $tid A topic ID. * * @return string The (X)HTML. * * @global string The script name. * @global string The requested page URL. * @global array The paths of system files and folders. * @global bool Whether we're logged in as administrator. * @global array The localization of the plugins. */ protected function viewTopic($forum, $tid) { global $sn, $su, $pth, $adm, $plugin_tx; $ptx = $plugin_tx['forum']; list($title, $topic) = $this->contents->getTopicWithTitle($forum, $tid); $href = "?{$su}#{$forum}"; $editUrl = $sn . '?' . $su . '&forum_actn=edit&forum_topic=' . $tid . '&forum_comment='; $i = 1; $label = array('title' => XH_hsc($title), 'anchor' => $forum, 'edit' => $ptx['lbl_edit'], 'delete' => $ptx['lbl_delete'], 'confirmDelete' => $ptx['msg_confirm_delete'], 'back' => $ptx['msg_back']); $deleteImg = $pth['folder']['plugins'] . 'forum/images/delete.png'; $editImg = $pth['folder']['plugins'] . 'forum/images/edit.png'; foreach ($topic as $cid => &$comment) { $mayDelete = $adm || $comment['user'] == $this->user(); $comment['mayDelete'] = $mayDelete; $comment['class'] = 'forum_' . ($i & 1 ? 'odd' : 'even'); $comment['comment'] = $this->getBbcode()->convert($comment['comment']); $comment['details'] = $this->posted($comment); $comment['editUrl'] = $editUrl . $cid; $i++; } $isUser = $this->user() !== false; $commentForm = $this->commentForm($forum, $tid); $bag = compact('label', 'tid', 'topic', 'su', 'deleteImg', 'editImg', 'href', 'isUser', 'commentForm', '_XH_csrfProtection'); return $this->render('topic', $bag); }
/** * Returns the form editor. * * @param string $id A form ID. * * @return string (X)HTML. * * @global array The paths of system files and folders. * @global string The script name. * @global array The configuration of the plugins. * @global array The localization of the core. * @global array The localization of the plugins. * @global string The (X)HTML fragment containing error messages. * @global object The CSRF protector. */ public static function editForm($id) { global $sn, $plugin_cf, $tx, $plugin_tx, $e, $_XH_csrfProtection; $ptx = $plugin_tx['advancedform']; $form = Data::fetchForm($id); if (!isset($form)) { $e .= '<li><b>' . sprintf($plugin_tx['advancedform']['error_form_missing'], $id) . '</b></li>'; return self::renderFormsAdministration(); } /* * general settings */ $o = '<div id="advfrm-editor">' . PHP_EOL . '<h1>' . $id . '</h1>' . PHP_EOL; $action = $sn . '?advancedform&admin=plugin_main&action=save&form=' . $id; $o .= '<form action="' . $action . '" method="post" accept-charset="UTF-8"' . ' onsubmit="return advfrm_checkForm()">' . PHP_EOL; $o .= '<table id="advfrm-form">' . PHP_EOL; $fields = array('name', 'title', 'to_name', 'to', 'cc', 'bcc', 'captcha', 'store', 'thanks_page'); foreach ($fields as $det) { $name = 'advfrm-' . $det; $o .= '<tr>' . '<td><label for="' . $name . '">' . $ptx['label_' . $det] . '</label></td>'; switch ($det) { case 'captcha': case 'store': $checked = $form->data[$det] ? ' checked="checked"' : ''; $o .= '<td>' . tag('input type="checkbox" id="' . $name . '" name="' . $name . '"' . $checked) . '</td>'; break; case 'thanks_page': $o .= '<td>' . self::renderPageSelect($name, $form->data[$det]) . '</td>'; break; default: $o .= '<td>' . tag('input type="text" id="' . $name . '" name="' . $name . '"' . ' value="' . XH_hsc($form->data[$det]) . '" size="40"') . '</td>'; } $o .= '</tr>' . PHP_EOL; } $o .= '</table>' . PHP_EOL; /* * field settings */ $o .= '<div class="toolbar">'; foreach (array('add', 'delete', 'up', 'down') as $tool) { $o .= '<a onclick="advfrm_' . $tool . '(\'advfrm-fields\')">' . self::renderToolIcon($tool) . '</a>' . PHP_EOL; } $o .= '</div>' . PHP_EOL; $o .= '<table id="advfrm-fields">' . PHP_EOL; $o .= '<thead><tr>' . '<th>' . $ptx['label_field'] . '</th>' . '<th>' . $ptx['label_label'] . '</th>' . '<th colspan="3">' . $ptx['label_type'] . '</th>' . '<th>' . $ptx['label_required'] . '</th>' . '</tr></thead>' . PHP_EOL; foreach ($form->getFields() as $field) { $field = Field::make($field); $o .= '<tr>' . '<td>' . tag('input type="text" size="10" name="advfrm-field[]"' . ' value="' . $field->getName() . '" class="highlightable"') . '</td>' . '<td>' . tag('input type="text" size="10" name="advfrm-label[]" value="' . XH_hsc($field->getLabel()) . '" class="highlightable"') . '</td>' . '<td><select name="advfrm-type[]"' . ' onfocus="this.oldvalue = this.value"' . ' class="highlightable">'; $types = array('text', 'from_name', 'from', 'mail', 'date', 'number', 'textarea', 'radio', 'checkbox', 'select', 'multi_select', 'password', 'file', 'hidden', 'output', 'custom'); foreach ($types as $type) { $sel = $field->getType() == $type ? ' selected="selected"' : ''; $o .= '<option value="' . $type . '"' . $sel . '>' . $ptx['field_' . $type] . '</option>'; } $o .= '</select></td>' . '<td>' . tag('input type="hidden" class="hidden" name="advfrm-props[]"' . ' value="' . XH_hsc($field->getPropertyString()) . '"') . '<td><a>' . self::renderToolIcon('props') . '</a>' . PHP_EOL; $checked = $field->isRequired() ? ' checked="checked"' : ''; $o .= '<td>' . tag('input type="checkbox"' . $checked . ' onchange="this.' . 'nextSibling.value = this.checked ? 1 : 0"') . tag('input type="hidden" name="advfrm-required[]" value="' . $field->isRequired() . '"') . '</td>' . '</tr>' . PHP_EOL; } $o .= '</table>' . PHP_EOL; $o .= tag('input type="submit" class="submit" value="' . ucfirst($tx['action']['save']) . '" style="display:none"'); $o .= $_XH_csrfProtection->tokenInput(); $o .= '</form>' . PHP_EOL . '</div>' . PHP_EOL; /* * property dialogs */ $o .= '<div id="advfrm-text-props" style="display:none">' . PHP_EOL . '<table>' . PHP_EOL; $properties = array('size', 'maxlength', 'default', 'constraint', 'error_msg'); foreach ($properties as $prop) { $o .= '<tr id="advfrm-text-props-' . $prop . '"><td>' . $prop . '</td>' . '<td>' . tag('input type="text" size="30"') . '</td></tr>' . PHP_EOL; } $o .= '</table>' . PHP_EOL . '</div>' . PHP_EOL; $o .= '<div id="advfrm-select-props" style="display:none">' . PHP_EOL; $o .= '<p id="advfrm-select-props-size">' . $ptx['label_size'] . ' ' . tag('input type="text"') . '</p>' . PHP_EOL; $o .= '<p id="advfrm-select-props-orient">' . tag('input type="radio" id="advrm-select-props-orient-horz"' . ' name="advrm-select-props-orient"') . '<label for="advrm-select-props-orient-horz"> ' . $ptx['label_horizontal'] . '</label> ' . tag('input type="radio" id="advrm-select-props-orient-vert"' . ' name="advrm-select-props-orient"') . '<label for="advrm-select-props-orient-vert"> ' . $ptx['label_vertical'] . '</label>' . '</p>' . PHP_EOL; $o .= '<div class="toolbar">'; foreach (array('add', 'delete', 'up', 'down', 'clear_defaults') as $tool) { $o .= '<a onclick="advfrm_' . $tool . '(\'advfrm-prop-fields\')">' . self::renderToolIcon($tool) . '</a>' . PHP_EOL; } $o .= '</div>' . PHP_EOL; $o .= '<table id="advfrm-prop-fields">' . PHP_EOL . '<tr>' . '<td>' . tag('input type="radio" name="advfrm-select-props-default"') . '</td>' . '<td>' . tag('input type="text" name="advfrm-select-props-opt" size="25"' . ' class="highlightable"') . '</td>' . '</tr>' . PHP_EOL . '</table>' . PHP_EOL . '</div>' . PHP_EOL; return $o; }