/** * Applies output filters, adds XSS protection to POST forms * Note: XSS can be switched off by adding "xp-off" class to form * * @param string $output * @return string */ function cot_outputfilters($output) { /* === Hook === */ foreach (cot_getextplugins('output') as $pl) { include realpath(dirname(__FILE__) . '/..') . '/' . $pl; } /* ==== */ $output = preg_replace_callback('#<form\\s+[^>]*method=["\']?post["\']?[^>]*>#i', function ($m) { return $m[0] . (preg_match('/class\\s*=\\s*["\']?.*?[\\s"\']xp-off[\\s"\'].*?["\']?/i', $m[0]) ? '' : cot_xp()); }, $output); return $output; }
/** * Standard SED output filters, adds XSS protection to forms * * @param unknown_type $output * @return unknown */ function cot_outputfilters($output) { /* === Hook === */ foreach (cot_getextplugins('output') as $pl) { include realpath(dirname(__FILE__) . '/..') . '/' . $pl; } /* ==== */ $output = preg_replace('#<form\\s+[^>]*method=["\']?post["\']?[^>]*>#i', '$0' . cot_xp(), $output); return $output; }
* Subscribe widget form template * * @package Subscribe * @author Kalnov Alexey <*****@*****.**> * @copyright (c) Portal30 Studio http://portal30.ru */ /** @var subscribe_model_Subscribe $subscribe */ $subscribe = $this->subscribe; if (!empty($subscribe)) { ?> <div id="subscribe-me-<?php echo $subscribe->id; ?> " class="subscribe-me"> <?php echo cot_xp(); ?> <div class="input-group marginbottom10"> <input type="text" name="email" class="form-control" placeholder="<?php echo cot::$L['Email']; ?> ..."> <span class="input-group-btn"> <button class="btn btn-default subscribe-me-submit" type="button"><?php echo cot::$L['subscribe_to_subscribe']; ?> </button> </span> </div> </div> <?php
/** * Used with cot_outputfilters * It is needed because php 5.2 does not support anonymous functions. So during the installation we can not even show * an error message. * @param $m * @return string */ function cot_outputfilters_callback($m) { return $m[0] . (preg_match('/class\\s*=\\s*["\']?.*?[\\s"\']xp-off[\\s"\'].*?["\']?/i', $m[0]) ? '' : cot_xp()); }
require_once cot_incfile($n, $is_module ? 'module' : 'plug'); } } if (!empty($a) && file_exists(cot_incfile('cateditor', 'plug', 'admin.' . $sub . '.' . $a))) { require_once cot_incfile('cateditor', 'plug', 'admin.' . $sub . '.' . $a); } elseif ($id > 0) { require_once cot_incfile('cateditor', 'plug', 'admin.edit'); $status['editor'] = form_structure_editor($id); } else { $parentid = cot_import('parentid', 'G', 'INT'); require_once cot_incfile('cateditor', 'plug', 'admin.new'); $status['editor'] = form_structure_new($parentid); } /* if (file_exists(cot_incfile('cateditor', 'plug', 'admin.'.$sub))) { $t = new XTemplate(cot_tplfile('cateditor.admin.'.$sub, 'plug')); require_once cot_incfile('cateditor', 'plug', 'admin.'.$sub); $t->parse('MAIN'); $adminmain = $t->text('MAIN'); } */ if ($status['editor']) { $status['editor'] = preg_replace('#<form\\s+[^>]*method=["\']?post["\']?[^>]*>#i', '$0' . cot_xp(), $status['editor']); } cot_sendheaders('application/json'); $status['id'] = (int) $id; $status['x'] = $sys['xk']; //cot_watch($status, $_GET); echo json_encode($status); exit;
/** * Чекбокс "Добавить к сравнению * * @param advboard_model_Advert $item * @param string $title * @return string */ function adv_compare_checkbox($item, $title = null) { static $loaded = false; $choosen = false; if ($item instanceof advboard_model_Advert) { $id = $item->id; } else { $id = $item; } if ($id == 0) { return ''; } if (!empty($_SESSION['advboard_compare']) && !empty($_SESSION['advboard_compare'][cot::$sys['site_id']])) { if (isset($_SESSION['advboard_compare'][cot::$sys['site_id']][$id]) && !empty($_SESSION['advboard_compare'][cot::$sys['site_id']][$id])) { $choosen = true; } } if (is_null($title)) { $title = cot::$L['advboard_compare_add']; } $ret = cot_checkbox($choosen, 'advboard_comp[]', $title, array('class' => 'advboard_compare'), $id, 'input_check'); if (!$loaded) { Resources::linkFileFooter(cot::$cfg["modules_dir"] . '/advboard/js/advboard.compare.form.js'); $loaded = true; $ret .= cot_xp(); } return $ret; }