function appman_post(&$a) { if (!local_user()) { return; } if ($_POST['url']) { $arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'sig' => escape_tags($_REQUEST['sig'])); $_REQUEST['appid'] = app_install(local_user(), $arr); if (app_installed(local_user(), $arr)) { info(t('App installed.') . EOL); } return; } $papp = app_decode($_POST['papp']); if (!is_array($papp)) { notice(t('Malformed app.') . EOL); return; } if ($_POST['install']) { app_install(local_user(), $papp); if (app_installed(local_user(), $papp)) { info(t('App installed.') . EOL); } } if ($_POST['delete']) { app_destroy(local_user(), $papp); } if ($_POST['edit']) { return; } if ($_SESSION['return_url']) { goaway(z_root() . '/' . $_SESSION['return_url']); } goaway(z_root() . '/apps/personal'); }
function feed_init(&$a) { $params = array(); $params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE; $params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : ''; $params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml'; $params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0; $params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0; $params['start'] = x($params, 'start') ? intval($params['start']) : 0; $params['records'] = x($params, 'records') ? intval($params['records']) : 40; $params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc'; $params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : ''; $channel = ''; if (argc() > 1) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1))); if (!($r && count($r))) { killme(); } $channel = $r[0]; if (intval(get_config('system', 'block_public')) && !get_account_id()) { killme(); } logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); echo get_public_feed($channel, $params); killme(); } }
function wallmessage_content(&$a) { if (!get_my_url()) { notice(t('Permission denied.') . EOL); return; } $recipient = $a->argc > 1 ? $a->argv[1] : ''; if (!$recipient) { notice(t('No recipient.') . EOL); return; } $r = q("select * from user where nickname = '%s' limit 1", dbesc($recipient)); if (!count($r)) { notice(t('No recipient.') . EOL); logger('wallmessage: no recipient'); return; } $user = $r[0]; if (!intval($user['unkmail'])) { notice(t('Permission denied.') . EOL); return; } $r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1", intval($user['uid'])); if ($r[0]['total'] > $user['cntunkmail']) { notice(sprintf(t('Number of daily wall messages for %s exceeded. Message failed.', $user['username']))); return; } $tpl = get_markup_template('wallmsg-header.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true), '$editselect' => '/(profile-jot-text|prvmail-text)/', '$nickname' => $user['nickname'], '$linkurl' => t('Please enter a link URL:'))); $tpl = get_markup_template('wallmessage.tpl'); $o .= replace_macros($tpl, array('$header' => t('Send Private Message'), '$subheader' => sprintf(t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.'), $user['username']), '$to' => t('To:'), '$subject' => t('Subject:'), '$recipname' => $user['username'], '$nickname' => $user['nickname'], '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '', '$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '', '$readonly' => '', '$yourmessage' => t('Your message:'), '$select' => $select, '$parent' => '', '$upload' => t('Upload photo'), '$insert' => t('Insert web link'), '$wait' => t('Please wait'))); return $o; }
/** @file */ function notes_init(&$a) { if (!local_channel()) { return; } $ret = array('success' => true); if (array_key_exists('note_text', $_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); // I've had my notes vanish into thin air twice in four years. // Provide a backup copy if there were contents previously // and there are none being saved now. if (!$body) { $old_text = get_pconfig(local_channel(), 'notes', 'text'); if ($old_text) { set_pconfig(local_channel(), 'notes', 'text.bak', $old_text); } } set_pconfig(local_channel(), 'notes', 'text', $body); } // push updates to channel clones if (argc() > 1 && argv(1) === 'sync') { require_once 'include/zot.php'; build_sync_packet(); } logger('notes saved.', LOGGER_DEBUG); json_return_and_die($ret); }
function get() { if (argc() == 2 && argv(1) == 'edit') { $mode = 'edit'; } else { $mode = 'list'; } $_SESSION['return_url'] = \App::$cmd; $apps = array(); if (local_channel()) { import_system_apps(); $syslist = array(); $list = app_list(local_channel(), false, $_GET['cat']); if ($list) { foreach ($list as $x) { $syslist[] = app_encode($x); } } translate_system_apps($syslist); } else { $syslist = get_system_apps(true); } usort($syslist, 'app_name_compare'); // logger('apps: ' . print_r($syslist,true)); foreach ($syslist as $app) { $apps[] = app_render($app, $mode); } return replace_macros(get_markup_template('myapps.tpl'), array('$sitename' => get_config('system', 'sitename'), '$cat' => array_key_exists('cat', $_GET) && $_GET['cat'] ? ' - ' . escape_tags($_GET['cat']) : '', '$title' => t('Apps'), '$apps' => $apps)); }
function post() { if (!local_channel()) { return; } if ($_POST['url']) { $arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'requires' => escape_tags($_REQUEST['requires']), 'system' => intval($_REQUEST['system']), 'sig' => escape_tags($_REQUEST['sig']), 'categories' => escape_tags($_REQUEST['categories'])); $_REQUEST['appid'] = Zlib\Apps::app_install(local_channel(), $arr); if (Zlib\Apps::app_installed(local_channel(), $arr)) { info(t('App installed.') . EOL); } return; } $papp = Zlib\Apps::app_decode($_POST['papp']); if (!is_array($papp)) { notice(t('Malformed app.') . EOL); return; } if ($_POST['install']) { Zlib\Apps::app_install(local_channel(), $papp); if (Zlib\Apps::app_installed(local_channel(), $papp)) { info(t('App installed.') . EOL); } } if ($_POST['delete']) { Zlib\Apps::app_destroy(local_channel(), $papp); } if ($_POST['edit']) { return; } if ($_SESSION['return_url']) { goaway(z_root() . '/' . $_SESSION['return_url']); } goaway(z_root() . '/apps'); }
function message_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } $replyto = x($_POST, 'replyto') ? notags(trim($_POST['replyto'])) : ''; $subject = x($_POST, 'subject') ? notags(trim($_POST['subject'])) : ''; $body = x($_POST, 'body') ? escape_tags(trim($_POST['body'])) : ''; $recipient = x($_POST, 'messageto') ? intval($_POST['messageto']) : 0; $ret = send_message($recipient, $body, $subject, $replyto); switch ($ret) { case -1: notice(t('No recipient selected.') . EOL); break; case -2: notice(t('Unable to locate contact information.') . EOL); break; case -3: notice(t('Message could not be sent.') . EOL); break; case -4: notice(t('Message collection failure.') . EOL); break; default: info(t('Message sent.') . EOL); } }
function lsearch_init(&$a) { $perpage = $_REQUEST['n'] ? $_REQUEST['n'] : 80; $page = $_REQUEST['p'] ? intval($_REQUEST['p'] - 1) : 0; $startrec = ($page + 1) * $perpage - $perpage; $search = trim($_REQUEST['search']); if (!strlen($search)) { killme(); } if ($search) { $search = dbesc(escape_tags($search)); } $sql_extra = strlen($search) ? " AND ( `name` REGEXP '{$search}' OR `homepage` REGEXP '{$search}' OR `tags` REGEXP '{$search}' \n\t\tor `region` REGEXP '{$search}' or `country-name` regexp '{$search}' ) " : ""; $r = q("SELECT COUNT(*) AS `total` FROM `profile` WHERE 1 {$sql_extra} "); if (count($r)) { $total = $r[0]['total']; } $r = q("SELECT * FROM `profile` WHERE 1 {$sql_extra} ORDER BY `name` ASC LIMIT %d, %d ", intval($startrec), intval($perpage)); $results = array(); if (count($r)) { foreach ($r as $rr) { $results[] = array('name' => $rr['name'], 'url' => $rr['homepage'], 'photo' => $a->get_baseurl() . '/photo/' . $rr['id'], 'tags' => $rr['tags']); } } $output = array('total' => $total, 'items_page' => $perpage, 'page' => $page + 1, 'results' => $results); echo json_encode($output); killme(); }
/** * @brief Logs admin page. * * @return string */ function get() { $log_choices = array(LOGGER_NORMAL => 'Normal', LOGGER_TRACE => 'Trace', LOGGER_DEBUG => 'Debug', LOGGER_DATA => 'Data', LOGGER_ALL => 'All'); $t = get_markup_template('admin_logs.tpl'); $f = get_config('system', 'logfile'); $data = ''; if (!file_exists($f)) { $data = t("Error trying to open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} exist and is \n\treadable."); } else { $fp = fopen($f, 'r'); if (!$fp) { $data = t("Couldn't open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} is readable."); } else { $fstat = fstat($fp); $size = $fstat['size']; if ($size != 0) { if ($size > 5000000 || $size < 0) { $size = 5000000; } $seek = fseek($fp, 0 - $size, SEEK_END); if ($seek === 0) { $data = escape_tags(fread($fp, $size)); while (!feof($fp)) { $data .= escape_tags(fread($fp, 4096)); } } } fclose($fp); } } return replace_macros($t, array('$title' => t('Administration'), '$page' => t('Logs'), '$submit' => t('Submit'), '$clear' => t('Clear'), '$data' => $data, '$baseurl' => z_root(), '$logname' => get_config('system', 'logfile'), '$debugging' => array('debugging', t("Debugging"), get_config('system', 'debugging'), ""), '$logfile' => array('logfile', t("Log file"), get_config('system', 'logfile'), t("Must be writable by web server. Relative to your top-level webserver directory.")), '$loglevel' => array('loglevel', t("Log level"), get_config('system', 'loglevel'), "", $log_choices), '$form_security_token' => get_form_security_token('admin_logs'))); }
function post() { if (!local_channel()) { return; } if (\App::$argc != 2) { return; } $contact_id = intval(\App::$argv[1]); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_channel())); if (!count($r)) { notice(t('Contact not found.') . EOL); return; } $contact = $r[0]; $new_contact = intval($_POST['suggest']); $hash = random_string(); $note = escape_tags(trim($_POST['note'])); if ($new_contact) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_channel())); if (count($r)) { $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)\n\t\t\t\t\tVALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_channel()), intval($contact_id), dbesc($r[0]['name']), dbesc($r[0]['url']), dbesc($r[0]['request']), dbesc($r[0]['photo']), dbesc($hash), dbesc(datetime_convert())); $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", dbesc($hash), intval(local_channel())); if (count($r)) { $fsuggest_id = $r[0]['id']; q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_channel())); proc_run('php', 'include/notifier.php', 'suggest', $fsuggest_id); } info(t('Friend suggestion sent.') . EOL); } } }
/** * Pre-Ouput content * * @access public * @return string */ public function pre_output($input, $params) { $parse_tags = !isset($params['allow_tags']) ? 'n' : $params['allow_tags']; $content_type = !isset($params['content_type']) ? 'html' : $params['content_type']; // If this is the admin, show only the source // @TODO This is hacky, there will be times when the admin wants to see a preview or something if (defined('ADMIN_THEME')) { return $input; } // If this isn't the admin and we want to allow tags, // let it through. Otherwise we will escape them. if ($parse_tags == 'y') { $content = $this->CI->parser->parse_string($input, array(), true); } else { $this->CI->load->helper('text'); $content = escape_tags($input); } // Not that we know what content is there, what format should we treat is as? switch ($content_type) { case 'md': $this->CI->load->helper('markdown'); return parse_markdown($content); case 'html': return $content; default: return strip_tags($content); } }
/** * test, that tags are escaped */ public function testEscapeTags() { $invalidstring = '<submit type="button" onclick="alert(\'failed!\');" />'; $validstring = notags($invalidstring); $escapedString = escape_tags($invalidstring); $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring); $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); }
/** * Process before outputting * * @access public * @param array * @return string */ public function pre_output($input) { $this->CI->load->library('encrypt'); $out = $this->CI->encrypt->decode($input); // No PyroCMS tags in your ouput! $this->CI->load->helper('text'); return escape_tags($out); }
/** * Function to display a comment * * Reference is a actually an object reference, a.k.a. categorization of the comments table rows. * The reference id is a further categorization on this. (For example, for example for * * @param int $ref_id The id of the collection of the reference object of the comment (I guess?) * @param bool $reference A module or other reference to pick comments for * @return void */ function display_comments($ref_id = '', $reference = NULL) { if ( ! (Settings::get('enable_comments') && $ref_id)) { return; } $ci =& get_instance(); // Set ref to module if none provided $reference OR $reference = $ci->router->fetch_module(); $ci->lang->load('comments/comments'); $ci->load->model('comments/comments_m'); $comments = $ci->comments_m->get_by_module_item($reference, $ref_id); // loop through the comments and escape {pyro} and html tags foreach ($comments as &$comment) { foreach ($comment as &$body) { $body = escape_tags($body); } } // set the data to send to the view $data['comments'] = $comments; $data['module'] = $reference; $data['id'] = $ref_id; $data['comment'] = $ci->session->flashdata('comment'); /** * The following allows us to load views * without breaking theme overloading **/ $view = 'comments'; if (file_exists($ci->template->get_views_path() . 'modules/comments/' . $view . (pathinfo($view, PATHINFO_EXTENSION) ? '' : EXT))) { // look in the theme for overloaded views $path = $ci->template->get_views_path() . 'modules/comments/'; } else { // or look in the module list($path, $view) = Modules::find($view, 'comments', 'views/'); } $save_path = $ci->load->_ci_view_path; $ci->load->_ci_view_path = $path; // output the comments html $comment_view = $ci->load->_ci_load(array('_ci_view' => $view, '_ci_vars' => ( $data ))); // Put the path back $ci->load->_ci_view_path = $save_path; }
function tasks_post(&$a) { // logger('post: ' . print_r($_POST,true)); if (!local_channel()) { return; } $channel = App::get_channel(); if (argc() > 2 && argv(1) === 'complete' && intval(argv(2))) { $ret = array('success' => false); $r = q("select * from event where `type` = 'task' and uid = %d and id = %d limit 1", intval(local_channel()), intval(argv(2))); if ($r) { $event = $r[0]; if ($event['event_status'] === 'COMPLETED') { $event['event_status'] = 'IN-PROCESS'; $event['event_status_date'] = NULL_DATE; $event['event_percent'] = 0; $event['event_sequence'] = $event['event_sequence'] + 1; $event['edited'] = datetime_convert(); } else { $event['event_status'] = 'COMPLETED'; $event['event_status_date'] = datetime_convert(); $event['event_percent'] = 100; $event['event_sequence'] = $event['event_sequence'] + 1; $event['edited'] = datetime_convert(); } $x = event_store_event($event); if ($x) { $ret['success'] = true; } } json_return_and_die($ret); } if (argc() == 2 && argv(1) === 'new') { $text = escape_tags(trim($_REQUEST['summary'])); if (!$text) { return array('success' => false); } $event = array(); $event['account'] = $channel['channel_account_id']; $event['uid'] = $channel['channel_id']; $event['event_xchan'] = $channel['channel_hash']; $event['type'] = 'task'; $event['nofinish'] = true; $event['created'] = $event['edited'] = $event['start'] = datetime_convert(); $event['adjust'] = 1; $event['allow_cid'] = '<' . $channel['channel_hash'] . '>'; $event['summary'] = escape_tags($_REQUEST['summary']); $x = event_store_event($event); if ($x) { $x['success'] = true; } else { $x = array('success' => false); } json_return_and_die($x); } }
/** * @param array $row * @param array $calendar * @param string $base_path * @return array */ private function jqcal2wdcal($row, $calendar, $base_path) { $not = q("SELECT COUNT(*) num FROM %s%snotifications WHERE `calendar_id` = %d AND `calendarobject_id` = %d", CALDAV_SQL_DB, CALDAV_SQL_PREFIX, IntVal($row["calendar_id"]), IntVal($row["calendarobject_id"])); $editable = $this->getPermissionsItem($calendar["namespace_id"], $row["calendarobject_id"], $row); $end = wdcal_mySql2PhpTime($row["EndTime"]); if ($row["IsAllDayEvent"]) { $end -= 1; } return array("jq_id" => $row["id"], "ev_id" => $row["calendarobject_id"], "summary" => escape_tags($row["Summary"]), "start" => wdcal_mySql2PhpTime($row["StartTime"]), "end" => $end, "is_allday" => $row["IsAllDayEvent"], "is_moredays" => 0, "is_recurring" => $row["IsRecurring"], "color" => is_null($row["Color"]) || $row["Color"] == "" ? $calendar["calendarcolor"] : $row["Color"], "is_editable" => $editable ? 1 : 0, "is_editable_quick" => $editable && !$row["IsRecurring"] ? 1 : 0, "location" => "Loc.", "attendees" => '', "has_notification" => $not[0]["num"] > 0 ? 1 : 0, "url_detail" => $base_path . $row["calendarobject_id"] . "/", "url_edit" => $base_path . $row["calendarobject_id"] . "/edit/", "special_type" => ""); }
function bookmark_add($channel, $sender, $taxonomy, $private, $opts = null) { $menu_id = 0; $menu_name = ''; $ischat = false; if (is_array($opts)) { $menu_id = x($opts, 'menu_id') ? intval($opts['menu_id']) : 0; $menu_name = x($opts, 'menu_name') ? escape_tags($opts['menu_name']) : ''; $ischat = x($opts, 'ischat') ? intval($opts['ischat']) : 0; } $iarr = array(); $channel_id = $channel['channel_id']; if ($private) { $iarr['contact_allow'] = array($channel['channel_hash']); } $iarr['mitem_link'] = $taxonomy['url']; $iarr['mitem_desc'] = $taxonomy['term']; $iarr['mitem_flags'] = $ischat ? MENU_ITEM_CHATROOM : 0; require_once 'include/hubloc.php'; $zrl = is_matrix_url($taxonomy['url']); if ($zrl) { $iarr['mitem_flags'] |= MENU_ITEM_ZID; } $arr = array(); if (!$menu_name) { $arr['menu_name'] = substr($sender['xchan_hash'], 0, 16) . ' ' . $sender['xchan_name']; $arr['menu_desc'] = sprintf(t('%1$s\'s bookmarks'), $sender['xchan_name']); } else { $arr['menu_name'] = $arr['menu_desc'] = $menu_name; } $arr['menu_flags'] = $sender['xchan_hash'] === $channel['channel_hash'] ? MENU_BOOKMARK : MENU_SYSTEM | MENU_BOOKMARK; $arr['menu_channel_id'] = $channel_id; if (!$menu_id) { $x = menu_list($arr['menu_channel_id'], $arr['menu_name'], $arr['menu_flags']); if ($x) { $menu_id = $x[0]['menu_id']; } else { $menu_id = menu_create($arr); } } if (!$menu_id) { logger('bookmark_add: unable to create menu ' . $arr['menu_name']); return; } logger('add_bookmark: menu_id ' . $menu_id); $r = q("select * from menu_item where mitem_link = '%s' and mitem_menu_id = %d and mitem_channel_id = %d limit 1", dbesc($iarr['mitem_link']), intval($menu_id), intval($channel_id)); if ($r) { logger('add_bookmark: duplicate menu entry', LOGGER_DEBUG); } if (!$r) { $r = menu_add_item($menu_id, $channel_id, $iarr); } return $r; }
/** * Returns a specific principal, specified by it's path. * The returned structure should be the exact same as from * getPrincipalsByPrefix. * * @param string $path * @return array */ public function getPrincipalByPath($path) { list($prefixPath, $userName) = Sabre_DAV_URLUtil::splitPath($path); // This backend only support principals in one collection if ($prefixPath !== $this->prefix) { return null; } $r = q("SELECT `nickname` FROM `user` WHERE `nickname` = '%s'", escape_tags($userName)); if (count($r) == 0) { return array(); } return array('uri' => $this->prefix . '/' . strtolower($r[0]['nickname']), '{DAV:}displayname' => $r[0]['nickname']); }
function post() { $channel = \App::get_channel(); check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); $token_errs = 0; if (array_key_exists('token', $_POST)) { $atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0; $name = trim(escape_tags($_POST['name'])); $token = trim($_POST['token']); if (!$name || !$token) { $token_errs++; } if (trim($_POST['expires'])) { $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']); } else { $expires = NULL_DATE; } $max_atokens = service_class_fetch(local_channel(), 'access_tokens'); if ($max_atokens) { $r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel())); if ($r && intval($r[0]['total']) >= $max_tokens) { notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL); return; } } } if ($token_errs) { notice(t('Name and Password are required.') . EOL); return; } if ($atoken_id) { $r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' \n\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id'])); } else { $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires)); } $atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $name; $all_perms = \Zotlabs\Access\Permissions::Perms(); if ($all_perms) { foreach ($all_perms as $perm => $desc) { if (array_key_exists('perms_' . $perm, $_POST)) { set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, intval($_POST['perms_' . $perm])); } else { set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, 0); } } } info(t('Token saved.') . EOL); return; }
/** * Pre-Ouput WYSUWYG content * * @access public * @param string * @return string */ public function pre_output($input, $params) { // Legacy. This was a temp fix for a few things // that I'm sure a few sites are utilizing. $input = str_replace('{{ url:site }}', site_url() . '/', $input); $parse_tags = !isset($params['allow_tags']) ? 'n' : $params['allow_tags']; // If this isn't the admin and we want to allow tags, // let it through. Otherwise we will escape them. if (!defined('ADMIN_THEME') and $parse_tags == 'y') { return $this->CI->parser->parse_string($input, array(), true); } else { $this->CI->load->helper('text'); return escape_tags($input); } }
function pdledit_post(&$a) { if (!local_user()) { return; } if (!$_REQUEST['module']) { return; } if (!trim($_REQUEST['content'])) { del_pconfig(local_user(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl'); goaway(z_root() . '/pdledit/' . $_REQUEST['module']); } set_pconfig(local_user(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl', escape_tags($_REQUEST['content'])); info(t('Layout updated.') . EOL); goaway(z_root() . '/pdledit/' . $_REQUEST['module']); }
/** * Function to display a comment * * Reference is a actually an object reference, a.k.a. categorization of the comments table rows. * The reference id is a further categorization on this. (For example, for example for * * @param int $ref_id The id of the collection of the reference object of the comment (I guess?) * @param bool $reference A module or other reference to pick comments for * @return void */ function display_comments($ref_id = '', $reference = NULL) { if (!(Settings::get('enable_comments') && $ref_id)) { return; } $ci =& get_instance(); // Set ref to module if none provided $reference or $reference = $ci->router->fetch_module(); $ci->lang->load('comments/comments'); $ci->load->model('comments/comments_m'); $comments = $ci->comments_m->get_by_module_item($reference, $ref_id); // loop through the comments and escape {{ foo }} and html tags foreach ($comments as &$comment) { // Override specified website if they are a user if ($comment->website and $comment->user_id and Settings::get('enable_profiles')) { $comment->website = 'user/' . $comment->user_id; } foreach ($comment as &$body) { $body = escape_tags($body); } } // set the data to send to the view $data['comments'] = $comments; $data['module'] = $reference; $data['id'] = $ref_id; $data['comment'] = $ci->session->flashdata('comment'); /** * The following allows us to load views * without breaking theme overloading **/ $view = 'comments'; if (file_exists($ci->template->get_views_path() . 'modules/comments/' . $view . (pathinfo($view, PATHINFO_EXTENSION) ? '' : EXT))) { // look in the theme for overloaded views $path = $ci->template->get_views_path() . 'modules/comments/'; } else { // or look in the module list($path, $view) = Modules::find($view, 'comments', 'views/'); } // save the existing view array so we can restore it $save_path = $ci->load->get_view_paths(); // add this view location to the array $ci->load->set_view_path($path); // output the comments html $comment_view = $ci->load->_ci_load(array('_ci_view' => $view, '_ci_vars' => $data)); // Put the old array back $ci->load->set_view_path($save_path); }
function pubsub_post(&$a) { $sys_disabled = true; if (!get_config('system', 'disable_discover_tab')) { $sys_disabled = get_config('system', 'disable_diaspora_discover_tab'); } $sys = $sys_disabled ? null : get_sys_channel(); if ($sys) { $sys['system'] = true; } $xml = file_get_contents('php://input'); logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . App::$cmd); logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']); logger('pubsub: data: ' . $xml, LOGGER_DATA); $nick = argc() > 1 ? escape_tags(trim(argv(1))) : ''; $contact_id = argc() > 2 ? intval(argv(2)) : 0; $channel = channelx_by_nick($nick); if (!$channel) { http_status_exit(200, 'OK'); } $importer_arr = array($channel); if ($sys) { $importer_arr[] = $sys; } foreach ($importer_arr as $channel) { if (!$channel['system']) { $connections = abook_connections($channel['channel_id'], ' and abook_id = ' . $contact_id); } else { $connections = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d", intval($contact_id)); } if ($connections) { $xchan = $connections[0]; } else { logger('connection ' . $contact_id . ' not found.'); continue; } if (!perm_is_allowed($channel['channel_id'], $xchan['xchan_hash'], 'send_stream') && !$channel['system']) { logger('permission denied.'); continue; } consume_feed($xml, $channel, $xchan, 1); consume_feed($xml, $channel, $xchan, 2); } http_status_exit(200, 'OK'); }
/** @file */ function notes_init(&$a) { if (!local_user()) { return; } $ret = array('success' => true); if ($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { $body = escape_tags($_REQUEST['note_text']); set_pconfig(local_user(), 'notes', 'text', $body); } // push updates to channel clones if (argc() > 1 && argv(1) === 'sync') { require_once 'include/zot.php'; build_sync_packet(); } logger('notes saved.', LOGGER_DEBUG); json_return_and_die($ret); }
function contacts_post(&$a) { if (!local_user()) { return; } $contact_id = intval($a->argv[1]); if (!$contact_id) { return; } $orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_user())); if (!count($orig_record)) { notice(t('Could not access contact record.') . EOL); goaway($a->get_baseurl() . '/contacts'); return; // NOTREACHED } call_hooks('contact_edit_post', $_POST); $profile_id = intval($_POST['profile-assign']); if ($profile_id) { $r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($profile_id), intval(local_user())); if (!count($r)) { notice(t('Could not locate selected profile.') . EOL); return; } } $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if ($priority > 5 || $priority < 0) { $priority = 0; } $info = escape_tags(trim($_POST['info'])); $r = q("UPDATE `contact` SET `profile-id` = %d, `priority` = %d , `info` = '%s',\n\t\t`hidden` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($profile_id), intval($priority), dbesc($info), intval($hidden), intval($contact_id), intval(local_user())); if ($r) { info(t('Contact updated.') . EOL); } else { notice(t('Failed to update contact record.') . EOL); } $r = q("select * from contact where id = %d and uid = %d limit 1", intval($contact_id), intval(local_user())); if ($r && count($r)) { $a->data['contact'] = $r[0]; } return; }
function chatsvc_post(&$a) { $ret = array('success' => false); $room_id = $a->data['chat']['room_id']; $text = escape_tags($_REQUEST['chat_text']); if (!$text) { return; } $sql_extra = permissions_sql($a->data['chat']['uid']); $r = q("select * from chatroom where cr_uid = %d and cr_id = %d {$sql_extra}", intval($a->data['chat']['uid']), intval($a->data['chat']['room_id'])); if (!$r) { json_return_and_die($ret); } $arr = array('chat_room' => $a->data['chat']['room_id'], 'chat_xchan' => get_observer_hash(), 'chat_text' => $text); call_hooks('chat_post', $arr); $x = q("insert into chat ( chat_room, chat_xchan, created, chat_text )\n\t\tvalues( %d, '%s', '%s', '%s' )", intval($a->data['chat']['room_id']), dbesc(get_observer_hash()), dbesc(datetime_convert()), dbesc($arr['chat_text'])); $ret['success'] = true; json_return_and_die($ret); }
function pconfig_form($cat, $k) { $o = '<form action="pconfig" method="post" >'; $o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token('pconfig') . '" />'; $v = get_pconfig(local_channel(), $cat, $k); if (strpos($k, 'password') !== false) { $v = z_unobscure($v); } $o .= '<input type="hidden" name="cat" value="' . $cat . '" />'; $o .= '<input type="hidden" name="k" value="' . $k . '" />'; if (strpos($v, "\n")) { $o .= '<textarea name="v" >' . escape_tags($v) . '</textarea>'; } else { $o .= '<input type="text" name="v" value="' . escape_tags($v) . '" />'; } $o .= EOL . EOL; $o .= '<input type="submit" name="submit" value="' . t('Submit') . '" />'; $o .= '</form>'; return $o; }
function post() { if (!local_channel()) { return; } if (!$_REQUEST['module']) { return; } if (!feature_enabled(local_channel(), 'advanced_theming')) { return; } if (!trim($_REQUEST['content'])) { del_pconfig(local_channel(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl'); goaway(z_root() . '/pdledit/' . $_REQUEST['module']); } set_pconfig(local_channel(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl', escape_tags($_REQUEST['content'])); build_sync_packet(); info(t('Layout updated.') . EOL); goaway(z_root() . '/pdledit/' . $_REQUEST['module']); }
function message_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } $replyto = notags(trim($_POST['replyto'])); $recipient = intval($_POST['messageto']); $subject = notags(trim($_POST['subject'])); $body = escape_tags(trim($_POST['body'])); if (!$recipient) { notice(t('No recipient selected.') . EOL); return; } $me = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1"); $contact = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($recipient)); if (!(count($me) && count($contact))) { notice(t('Unable to locate contact information.') . EOL); return; } $hash = random_string(); $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':1:' . $hash; if (!strlen($replyto)) { $replyto = $uri; } $r = q("INSERT INTO `mail` ( `from-name`, `from-photo`, `from-url`, \n\t\t`contact-id`, `title`, `body`, `delivered`, `seen`, `replied`, `uri`, `parent-uri`, `created`)\n\t\tVALUES ( '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s' )", dbesc($me[0]['name']), dbesc($me[0]['thumb']), dbesc($me[0]['url']), intval($recipient), dbesc($subject), dbesc($body), 0, 1, 0, dbesc($uri), dbesc($replyto), datetime_convert()); $r = q("SELECT * FROM `mail` WHERE `uri` = '%s' LIMIT 1", dbesc($uri)); if (count($r)) { $post_id = $r[0]['id']; } $php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php'; if ($post_id) { proc_close(proc_open("\"{$php_path}\" \"include/notifier.php\" \"mail\" \"{$post_id}\" &", array(), $foo)); notice(t('Message sent.') . EOL); } else { notice(t('Message could not be sent.') . EOL); } return; }
function prate_post(&$a) { if (!local_channel()) { return; } $channel = App::get_channel(); $target = trim($_REQUEST['target']); if (!$target) { return; } if ($target === $channel['channel_hash']) { return; } $rating = intval($_POST['rating']); if ($rating < -10) { $rating = -10; } if ($rating > 10) { $rating = 10; } $rating_text = trim(escape_tags($_REQUEST['rating_text'])); $signed = $target . '.' . $rating . '.' . $rating_text; $sig = base64url_encode(rsa_sign($signed, $channel['channel_prvkey'])); $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target)); if ($z) { $record = $z[0]['xlink_id']; $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s'\n\t\t\twhere xlink_id = %d", intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()), intval($record)); } else { $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($channel['channel_hash']), dbesc($target), intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert())); $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan'])); if ($z) { $record = $z[0]['xlink_id']; } } if ($record) { proc_run('php', 'include/ratenotif.php', 'rating', $record); } json_return_and_die(array('result' => true)); }