<?php // Display the biography specified by bio_id-argument $relPath = '../../pinc/'; include_once $relPath . 'base.inc'; include_once $relPath . 'theme.inc'; include_once $relPath . 'misc.inc'; // html_safe() include_once 'authors.inc'; include_once 'menu.inc'; require_login(); $bio_id = get_integer_param($_GET, 'bio_id', null, 0, null, true); $message = @$_GET['message']; // argument provided? if (isset($bio_id)) { $id = $bio_id; } else { output_header(_('No biography-id specified')); echo _('An error occurred.') . ' ' . _('No biography-id was specified.') . ' '; echo sprintf(_('You may return to the <a href="%1$s">authors-listing</a>.'), 'listing.php'); exit; } // try to get bio $result = mysql_query("SELECT author_id, bio FROM biographies WHERE bio_id={$id};"); if (!$result || mysql_num_rows($result) == 0) { output_header(_('Invalid biography-id specified')); echo _('An error occurred.') . ' ' . _('The specified biography-id was invalid.') . ' '; echo sprintf(_('You may return to the <a href="%1$s">authors-listing</a>.'), 'listing.php'); exit; } $author_id = mysql_result($result, 0, 'author_id');
<?php $relPath = "./pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'theme.inc'; include_once $relPath . 'project_states.inc'; include_once $relPath . 'list_projects.inc'; include_once $relPath . 'misc.inc'; // undo_all_magic_quotes() undo_all_magic_quotes(); $x = get_enumerated_param($_GET, 'x', 'g', array('g', 's', 'b')); $sort = get_integer_param($_GET, 'sort', 0, 0, 5); $per_page = get_integer_param($_GET, 'per_page', 20, 1, NULL); $offset = get_integer_param($_GET, 'offset', 0, 0, NULL); $boilerplate = _("These e-texts are the product of hundreds of hours of labor donated by all of our volunteers. The list is sorted with the most recently submitted e-texts at the top. You can sort them based upon your own preferences by clicking below. Enjoy!!"); if ($x == "g") { $type = "Gold"; $title = _("Completed Gold E-Texts"); $state = SQL_CONDITION_GOLD; $info = _("Below is the list of Gold e-texts that have been produced on this site. Gold e-texts are books that have passed through all phases of proofreading, formatting, and post-processing. They have been submitted to Project Gutenberg and are now available for your enjoyment and download."); } elseif ($x == "s") { $type = "Silver"; $title = _("In Progress Silver E-Texts"); $state = SQL_CONDITION_SILVER; $info = _("Below is the list of Silver e-texts that have almost completed processing on our site. Silver e-texts are books that have passed through all phases of proofreading and formatting and are now in the post-processing phase. Post-processing is the final assembly stage in which one volunteer performs a series of checks for consistency and correctness before the e-book is submitted to Project Gutenberg for your enjoyment and download."); } elseif ($x == "b") { $type = "Bronze"; $title = _("Now Proofreading Bronze E-Texts"); $state = SQL_CONDITION_BRONZE; $info = _("Below is the list of Bronze e-texts that are currently available for proofreading on this site. Bronze e-texts are what our newest volunteers see and what you can work on now by logging in. These e-texts are in the initial stages of proofreading where everyone has a chance to correct any OCR errors which may be found. After going through a number of other phases, the e-text then goes to an experienced volunteer for final assembly (post-processing), after which the e-text is submitted to Project Gutenberg for your enjoyment and download."); } else {
<?php $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'metarefresh.inc'; include_once '../includes/team.inc'; require_login(); $tid = get_integer_param($_GET, 'tid', null, 0, null); if ($userP['team_1'] == $tid || $userP['team_2'] == $tid || $userP['team_3'] == $tid) { $quitQuery = "UPDATE users SET "; if ($userP['team_1'] == $tid) { $quitQuery .= "team_1 = '0'"; } if ($userP['team_2'] == $tid) { $quitQuery .= "team_2 = '0'"; } if ($userP['team_3'] == $tid) { $quitQuery .= "team_3 = '0'"; } $quitQuery .= " WHERE username='******' AND u_id='" . $userP['u_id'] . "'"; $teamResult = mysql_query($quitQuery); mysql_query("UPDATE user_teams SET active_members = active_members-1 WHERE id='" . $tid . "'"); dpsession_set_preferences_from_db(); $title = _("Quit the Team"); $desc = _("Quitting the team...."); metarefresh(0, "../teams/tdetail.php?tid=" . $tid . "", $title, $desc); } else { $title = _("Not a member"); $desc = _("Unable to quit team...."); metarefresh(3, "../teams/tdetail.php?tid=" . $tid . "", $title, $desc); }
include_once $relPath . 'misc.inc'; // xmlencode() include_once $relPath . 'page_tally.inc'; include_once $relPath . 'forum_interface.inc'; // get_url_to_view_topic include_once '../includes/team.inc'; include_once '../includes/member.inc'; if (empty($_GET["id"])) { include_once $relPath . 'theme.inc'; output_header(_("Error!")); echo "<br><center>"; echo sprintf(_("A team id must specified in the following format: %s"), "{$code_url}/stats/teams/teams_xml.php?id=*****"); echo "</center>"; exit; } $req_team_id = get_integer_param($_GET, 'id', null, 0, null); //Try our best to make sure no browser caches the page header("Content-Type: text/xml"); header("Expires: Sat, 1 Jan 2000 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); $result = select_from_teams("id = {$req_team_id}"); $curTeam = mysql_fetch_assoc($result); $team_id = $curTeam['id']; //Team info portion of $data $result = mysql_query("SELECT COUNT(id) AS totalTeams FROM user_teams"); $totalTeams = mysql_result($result, 0, "totalTeams"); $data = "<teaminfo id='{$team_id}'>\n <teamname>" . xmlencode($curTeam['teamname']) . "</teamname>\n <datecreated>" . date("m/d/Y", $curTeam['created']) . "</datecreated>\n <createdby>" . xmlencode($curTeam['createdby']) . "</createdby>\n <leader>" . xmlencode(get_username_for_uid($curTeam['owner'])) . "</leader>\n <description>" . xmlencode($curTeam['team_info']) . "</description>\n <website>" . xmlencode($curTeam['webpage']) . "</website>\n <forums>" . xmlencode(get_url_to_view_topic($curTeam['topic_id'])) . "</forums>\n <totalmembers>" . $curTeam['member_count'] . "</totalmembers>\n <currentmembers>" . $curTeam['active_members'] . "</currentmembers>\n <retiredmembers>" . ($curTeam['member_count'] - $curTeam['active_members']) . "</retiredmembers>"; foreach ($page_tally_names as $tally_name => $tally_title) { $teams_tallyboard = new TallyBoard($tally_name, 'T');
function _create_mysql_update_string($source_array, $string_fields = array(), $numeric_fields = array()) { $fields = array_merge($string_fields, $numeric_fields); $update_fields = array(); foreach ($fields as $field) { if (in_array($field, $string_fields)) { $value = "'" . mysql_real_escape_string(array_get($source_array, $field, "")) . "'"; } else { $value = get_integer_param($source_array, $field, 0, NULL, NULL); } array_push($update_fields, "{$field} = {$value}"); } return implode(", ", $update_fields); }
<?php $relPath = '../../pinc/'; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; // get_enumerated_param include_once $relPath . 'quizzes.inc'; // get_quiz_page_id_param include_once '../small_theme.inc'; // output_small_header $quiz_page_id = get_quiz_page_id_param($_REQUEST, 'quiz_page_id'); $error = get_param_matching_regex($_REQUEST, 'error', NULL, '/^\\w+$/'); $number = get_integer_param($_REQUEST, 'number', NULL, 0, NULL); include "./quiz_page.inc"; // qp_echo_hint_html $quiz = get_Quiz_containing_page($quiz_page_id); output_small_header($quiz); // A margin echo "<div style='margin: .5em;'>"; qp_echo_hint_html($error, $number); echo " </div>\n"; // vim: sw=4 ts=4 expandtab
<?php // DP includes $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'project_states.inc'; include_once $relPath . 'forum_interface.inc'; // topic_create & get_url_to_view_topic require_login(); // Which team? $team_id = get_integer_param($_GET, 'team', null, 0, null); // Get info about team $team_result = mysql_query("SELECT teamname,team_info, webpage, createdby, owner, topic_id FROM user_teams WHERE id={$team_id}"); $row = mysql_fetch_array($team_result); $topic_id = $row['topic_id']; //Determine if there is an existing topic or not; if not, create one if ($topic_id == "" || $topic_id == 0) { $tname = $row['teamname']; $towner_name = $row['createdby']; $towner_id = $row['owner']; $tinfo = $row['team_info']; $message = "\nTeam Name: {$tname}\nCreated By: {$towner_name}\nInfo: {$tinfo}\nTeam Page: [url]" . $code_url . "/stats/teams/tdetail.php?tid=" . $team_id . "[/url]\nUse this area to have a discussion with your fellow teammates! :-D\n\n"; // appropriate forum to create thread in $forum_id = $teams_forum_idx; $post_subject = $tname; $topic_id = topic_create($forum_id, $post_subject, $message, $towner_name, TRUE, FALSE); //Update user_teams with topic_id so it won't be created again $update_team = mysql_query("UPDATE user_teams SET topic_id={$topic_id} WHERE id={$team_id}"); } // By here, either we had a topic or we've just created one, so redirect to it $redirect_url = get_url_to_view_topic($topic_id);
<?php $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; include_once $relPath . 'privacy.inc'; include_once $relPath . 'theme.inc'; include_once $relPath . 'metarefresh.inc'; include_once $relPath . 'forum_interface.inc'; include_once '../includes/team.inc'; include_once '../includes/member.inc'; $order = get_enumerated_param($_GET, 'order', 'u_id', array('u_id', 'username', 'date_created')); $direction = get_enumerated_param($_GET, 'direction', 'asc', array('asc', 'desc')); $mstart = get_integer_param($_GET, 'mstart', 0, 0, null); $uname = @$_REQUEST['uname']; $uexact = @$_REQUEST['uexact']; if (!empty($uname)) { if ($uexact == 'yes') { $where_clause = "WHERE username='******'"; } else { $where_clause = "WHERE username LIKE '%" . addcslashes($uname, "%_") . "%'"; } $mResult = mysql_query("\n SELECT u_id, username, date_created, u_privacy\n FROM users\n {$where_clause}\n ORDER BY {$order} {$direction}\n LIMIT {$mstart},20\n "); $mRows = mysql_num_rows($mResult); if ($mRows == 1) { metarefresh(0, "mdetail.php?id=" . mysql_result($mResult, 0, "u_id") . "", '', ''); exit; } $uname = "uname=" . $uname . "&"; } else { $mResult = mysql_query("\n SELECT u_id, username, date_created, u_privacy\n FROM users\n ORDER BY {$order} {$direction}\n LIMIT {$mstart},20\n ");
/** * @expectedException InvalidArgumentException */ public function testIntegerMoreThanMax() { $default = NULL; $min = 0; $max = 9; $result = get_integer_param($this->GET, 'i10', $default, $min, $max); }
function set_from_post() { if (get_magic_quotes_gpc()) { // Values in $_POST come with backslashes added. // We want the fields of $this to be unescaped strings, // so we strip the slashes. $_POST = array_map('stripslashes', $_POST); } if (isset($_POST['projectid'])) { $this->projectid = validate_projectID('projectid', @$_POST['projectid']); $ucep_result = user_can_edit_project($this->projectid); if ($ucep_result == PROJECT_DOES_NOT_EXIST) { return array(_("parameter 'projectid' is invalid: no such project") . ": '{$this->projectid}'"); } else { if ($ucep_result == USER_CANNOT_EDIT_PROJECT) { return array(_("You are not authorized to manage this project.") . ": '{$this->projectid}'"); } else { if ($ucep_result == USER_CAN_EDIT_PROJECT) { // fine } else { return array(_("unexpected return value from user_can_edit_project") . ": '{$ucep_result}'"); } } } } $this->projectid = validate_projectID('projectid', @$_POST['projectid']); $this->good_words = @$_POST['good_words']; $this->bad_words = @$_POST['bad_words']; $this->gwl_timestamp = get_integer_param($_POST, 'gwl_timestamp', null, null, null); $this->bwl_timestamp = get_integer_param($_POST, 'bwl_timestamp', null, null, null); return array(); }
<?php $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; include_once $relPath . 'page_tally.inc'; // $page_tally_names get_pages_per_day_for_past_n_days include_once 'common.inc'; $valid_tally_names = array_keys($page_tally_names); $tally_name = get_enumerated_param($_GET, 'tally_name', null, $valid_tally_names); $holder_type = get_enumerated_param($_GET, 'holder_type', null, array('U', 'T')); $holder_id = get_integer_param($_GET, 'holder_id', null, 0, null); if (@$_GET['days_back'] == 'all') { $days_back = 'all'; } else { $days_back = get_integer_param($_GET, 'days_back', 30, 1, null); } // Initialize the graph before anything else. // This makes use of the jpgraph cache if enabled. // Last argument to init_simple_bar_graph is the cache timeout in minutes. $graph = init_simple_bar_graph(600, 300, 60); $pages_per_day = get_pages_per_day_for_past_n_days($tally_name, $holder_type, $holder_id, $days_back); $datax = array_keys($pages_per_day); $datay = array_values($pages_per_day); $x_text_tick_interval = calculate_text_tick_interval('daily', count($datax)); if (empty($datax) || empty($datay)) { $specimen = $holder_type == 'U' ? 'user' : 'team'; dpgraph_error("This {$specimen} has not completed any pages in this round.", 600, 300); die; } draw_simple_bar_graph($graph, $datax, $datay, $x_text_tick_interval, _('Pages Completed per Day'), _('Pages'));
<?php $relPath = '../../pinc/'; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; include_once $relPath . 'slim_header.inc'; include_once $relPath . 'Project.inc'; require_login(); $default_percent = array_get(@$_SESSION["displayimage"], 'percent', 100); // get variables passed into page $projectid = validate_projectID('project', @$_GET['project']); $imagefile = validate_page_image_filename('imagefile', @$_GET['imagefile'], true); $percent = get_integer_param($_GET, 'percent', $default_percent, 1, 999); $showreturnlink = get_integer_param($_GET, 'showreturnlink', 1, 0, 1); $preload = get_enumerated_param($_GET, 'preload', '', array('', 'prev', 'next')); $width = 10 * $percent; $_SESSION["displayimage"]["percent"] = $percent; // Get a list of images in the project so we can populate the prev and // next <link rel=... href=...> tags in <head> if needed. // NB The query results are used later to populate a popup menu too. $res = mysql_query("SELECT image FROM {$projectid} ORDER BY image ASC") or die(mysql_error()); $num_rows = mysql_num_rows($res); $prev_image = ""; $next_image = ""; for ($row = 0; $row < $num_rows; $row++) { $this_val = mysql_result($res, $row, "image"); if ($this_val == $imagefile) { if ($row != 0) { $prev_image = mysql_result($res, $row - 1, "image"); } if ($row != $num_rows - 1) {
require_login(); define("LAYOUT_HORIZ", 1); define("LAYOUT_VERT", 2); set_time_limit(0); // no time limit $projectid = validate_projectID('projectid', @$_GET['projectid']); $encWord = @$_GET["word"]; $word = rtrim(decode_word($encWord)); enforce_edit_authorization($projectid); // get the right layout $layout = array_get($_GET, "layout", @$_SESSION["show_word_context"]["layout"]); if (empty($layout)) { $layout = LAYOUT_HORIZ; } $_SESSION["show_word_context"]["layout"] = $layout; $wordInstances = get_integer_param($_GET, 'wordInstances', 20, 0, null); // $frame determines which frame we're operating from // 'master' - we're the master frame // 'left' - we're the left frame with the text // 'right' - we're the right frame for the image $frame = get_enumerated_param($_GET, 'frame', 'master', array('master', 'left', 'right')); if ($frame == "master") { slim_header_frameset(_("Word Context")); if ($layout == LAYOUT_HORIZ) { $frameSpec = 'rows="30%,70%"'; } else { $frameSpec = 'cols="30%,70%"'; } ?> <frameset <?php echo $frameSpec;
<?php $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'stages.inc'; include_once $relPath . 'theme.inc'; include_once $relPath . 'Project.inc'; include_once $relPath . 'links.inc'; include_once $relPath . "DifferenceEngineWrapper.inc"; require_login(); $projectid = validate_projectID('project', @$_GET['project']); $image = validate_page_image_filename('image', @$_GET['image'], true); $L_round_num = get_integer_param($_GET, 'L_round_num', null, 0, MAX_NUM_PAGE_EDITING_ROUNDS); $R_round_num = get_integer_param($_GET, 'R_round_num', null, 0, MAX_NUM_PAGE_EDITING_ROUNDS); $project = new Project($projectid); $state = $project->state; $project_title = $project->nameofwork; $navigation_text = ""; if (!$project->pages_table_exists) { // This shouldn't normally happen -- // if the page table doesn't exist, a "diff" link shouldn't be shown. // But a user might have a bookmarked or otherwise saved a 'diff' URL. echo "<p>", _("Page details are not available for this project."), "</p>\n"; echo "<p>", _("Project ID"), ": {$projectid}</p>\n"; echo "<p>", _("Title"), ":{$project_title}</p>\n"; exit; } // -------------------------------------------------------------- // get information about this diff if ($L_round_num == 0) { $L_text_column_name = 'master_text';
$projectid_[$which] = validate_projectID("projectid_[{$which}]", $projectid); } } $from_image_ = array_get($_POST, 'from_image_', NULL); if (is_array($from_image_)) { foreach ($from_image_ as $which => $filename) { if ($filename) { validate_page_image_filename("from_image_[{$which}]", $filename); } } } $action = get_enumerated_param($_POST, 'action', 'showform', array('showform', 'showagain', 'check', 'docopy')); $page_name_handling = get_enumerated_param($_POST, 'page_name_handling', null, array('PRESERVE_PAGE_NAMES', 'RENUMBER_PAGES'), true); $transfer_notifications = get_integer_param($_POST, 'transfer_notifications', 0, 0, 1); $add_deletion_reason = get_integer_param($_POST, 'add_deletion_reason', 0, 0, 1); $merge_wordcheck_files = get_integer_param($_POST, 'merge_wordcheck_files', 0, 0, 1); $repeat_project = get_enumerated_param($_POST, 'repeat_project', null, array('TO', 'FROM', 'NONE'), true); switch ($action) { case 'showform': display_form($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, $repeat_project, FALSE); break; case 'showagain': display_form($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, $repeat_project, TRUE); break; case 'check': do_stuff($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, TRUE); echo "<form method='post' action='" . attr_safe($copy_pages_url) . "'>\n"; display_hiddens($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files); echo "\n<input type='hidden' name='action' value='docopy'>"; echo "\n<input type='submit' name='submit_button' value='" . attr_safe(_("Do it")) . "'>"; echo "\n</form>";
echo ">{$round}</option>\n"; } echo "</select>"; if (!$project) { echo " " . _("(optional)"); } echo " <input type='submit' value='" . attr_safe(_("View")) . "'>"; if ($project) { echo " <input type='submit' name='reset' value='" . attr_safe(_("Reset")) . "'>"; } echo "</form>"; exit; } elseif ($frame == "image") { slim_header(_("Image Frame")); if (!count($error_messages)) { $percent = get_integer_param($_GET, 'percent', 100, 1, 999); $width = 10 * $percent; ?> <form method="get" action="view_page_text_image.php"> <input type="hidden" name="projectid" value="<?php echo $projectid; ?> "> <input type="hidden" name="page" value="<?php echo $page; ?> "> <input type="text" maxlength="3" name="percent" size="3" value="<?php echo $percent; ?> ">%
function handle_action_on_a_specified_task() { global $pguser, $requester_u_id; global $now_sse, $date_str, $time_of_day_str; global $action; // Default 'action' when a task is specified: if (is_null($action)) { $action = 'show'; } $task_id = get_integer_param($_REQUEST, 'task_id', null, 1, null); // Fetch the state of the specified task // before any requested changes. $result = mysql_query("SELECT * FROM tasks WHERE task_id = {$task_id}"); if (mysql_num_rows($result) == 0) { TaskHeader("Task #{$task_id} does not exist"); ShowNotification("Task #{$task_id} was not found!"); return; } $pre_task = mysql_fetch_object($result); // Note that currently task_summary and task_details are stored HTML escaped and slashed // in the database. This needs to be undone to produce the 'raw' string. $pre_task->task_summary = htmlspecialchars_decode(stripslashes($pre_task->task_summary)); $pre_task->task_details = htmlspecialchars_decode(stripslashes($pre_task->task_details), ENT_QUOTES); TaskHeader(title_string_for_task($pre_task)); if ($action == 'show') { TaskDetails($task_id); } elseif ($action == 'show_editing_form') { if (user_is_a_sitemanager() || user_is_taskcenter_mgr() || $pre_task->opened_by == $requester_u_id && empty($pre_task->closed_reason)) { // The user wants to edit an existing task. // Initialize the form with the current values of the task's properties. TaskForm($pre_task); } else { ShowNotification("The user {$pguser} does not have permission to edit this task."); TaskDetails($task_id); } } elseif ($action == 'reopen') { NotificationMail($task_id, "This task was reopened by {$pguser} on {$date_str} at {$time_of_day_str}.\n"); wrapped_mysql_query("\n UPDATE tasks\n SET\n task_status = 15,\n edited_by = {$requester_u_id},\n date_edited = {$now_sse},\n date_closed = 0,\n closed_by = 0,\n closed_reason = 0\n WHERE task_id = {$task_id}\n "); TaskDetails($task_id); } elseif ($action == 'edit') { // The user is supplying values for the properties of a pre-existing task. if (empty($_POST['task_summary']) || empty($_POST['task_details'])) { ShowNotification("You must supply a Task Summary and Task Details.", true); } else { // Update a pre-existing task. NotificationMail($task_id, "There has been an edit made to this task by {$pguser} on {$date_str} at {$time_of_day_str}.\n"); global $tasks_array; global $categories_array; global $tasks_status_array; global $task_assignees_array; global $severity_array; global $priority_array; global $os_array; global $browser_array; global $versions_array; global $percent_complete_array; $edit_type = (int) get_enumerated_param($_POST, 'task_type', null, array_keys($tasks_array)); $edit_category = (int) get_enumerated_param($_POST, 'task_category', null, array_keys($categories_array)); $edit_status = (int) get_enumerated_param($_POST, 'task_status', null, array_keys($tasks_status_array)); $edit_assignee = (int) get_enumerated_param($_POST, 'task_assignee', null, array_keys($task_assignees_array)); $edit_severity = (int) get_enumerated_param($_POST, 'task_severity', null, array_keys($severity_array)); $edit_priority = (int) get_enumerated_param($_POST, 'task_priority', null, array_keys($priority_array)); $edit_os = (int) get_enumerated_param($_POST, 'task_os', null, array_keys($os_array)); $edit_browser = (int) get_enumerated_param($_POST, 'task_browser', null, array_keys($browser_array)); $edit_version = (int) get_enumerated_param($_POST, 'task_version', null, array_keys($versions_array)); $edit_percent = (int) get_enumerated_param($_POST, 'percent_complete', null, array_keys($percent_complete_array)); $sql_query = "\n UPDATE tasks\n SET\n task_summary = '" . addslashes(htmlspecialchars($_POST['task_summary'])) . "',\n task_type = {$edit_type},\n task_category = {$edit_category},\n task_status = {$edit_status},\n task_assignee = {$edit_assignee},\n task_severity = {$edit_severity},\n task_priority = {$edit_priority},\n task_os = {$edit_os},\n task_browser = {$edit_browser},\n task_version = {$edit_version},\n task_details = '" . addslashes(htmlspecialchars($_POST['task_details'], ENT_QUOTES)) . "',\n date_edited = {$now_sse},\n edited_by = {$requester_u_id},\n percent_complete = {$edit_percent}\n WHERE task_id = {$task_id}\n "; wrapped_mysql_query($sql_query); set_window_title("All Open Tasks"); list_all_open_tasks(); } } elseif ($action == 'close') { global $tasks_close_array; if (user_is_a_sitemanager() || user_is_taskcenter_mgr()) { $tc_reason = (int) get_enumerated_param($_POST, 'closed_reason', null, array_keys($tasks_close_array)); NotificationMail($task_id, "This task was closed by {$pguser} on {$date_str} at {$time_of_day_str}.\n\nThe reason for closing was: " . $tasks_close_array[$tc_reason] . ".\n"); wrapped_mysql_query("\n UPDATE tasks\n SET\n percent_complete = 100,\n task_status = 14,\n date_closed = {$now_sse},\n closed_by = {$requester_u_id},\n closed_reason = {$tc_reason},\n date_edited = {$now_sse},\n edited_by = {$requester_u_id}\n WHERE task_id = {$task_id}\n "); set_window_title("All Open Tasks"); list_all_open_tasks(); } else { ShowNotification("The user {$pguser} does not have permission to close tasks."); } } elseif ($action == 'add_comment') { if (!empty($_POST['task_comment'])) { NotificationMail($task_id, "There has been a comment added to this task by {$pguser} on {$date_str} at {$time_of_day_str}.\n"); wrapped_mysql_query("\n INSERT INTO tasks_comments (task_id, u_id, comment_date, comment)\n VALUES ({$task_id}, {$requester_u_id}, {$now_sse}, '" . addslashes(htmlspecialchars($_POST['task_comment'], ENT_QUOTES)) . "')\n "); wrapped_mysql_query("\n UPDATE tasks\n SET date_edited = {$now_sse}, edited_by = {$requester_u_id}\n WHERE task_id = {$task_id}\n "); TaskDetails($task_id); } else { ShowNotification("You must supply a comment before clicking Add Comment."); TaskDetails($task_id); } } elseif ($action == 'add_related_task') { process_related_task($pre_task, 'add', @$_POST['related_task']); } elseif ($action == 'remove_related_task') { process_related_task($pre_task, 'remove', @$_POST['related_task']); } elseif ($action == 'add_related_topic') { process_related_topic($pre_task, 'add', @$_POST['related_posting']); } elseif ($action == 'remove_related_topic') { process_related_topic($pre_task, 'remove', @$_POST['related_posting']); } elseif ($action == 'add_metoo') { global $os_array, $browser_array; $sameOS = get_integer_param($_REQUEST, 'sameOS', null, 0, 1); $sameBrowser = get_integer_param($_REQUEST, 'sameBrowser', null, 0, 1); $os_param_name = $sameOS ? 'task_os' : 'metoo_os'; $browser_param_name = $sameBrowser ? 'task_browser' : 'metoo_browser'; $vote_os = (int) get_enumerated_param($_POST, $os_param_name, null, array_keys($os_array)); $vote_browser = (int) get_enumerated_param($_POST, $browser_param_name, null, array_keys($browser_array)); // Do not insert twice the same vote if the user refreshes the browser $meTooCheck = mysql_query("\n SELECT 1 FROM tasks_votes WHERE task_id = {$task_id} and u_id = {$requester_u_id} LIMIT 1\n "); if (mysql_num_rows($meTooCheck) == 0) { wrapped_mysql_query("\n INSERT INTO tasks_votes \n (task_id, u_id, vote_os, vote_browser) \n VALUES ({$task_id}, {$requester_u_id}, {$vote_os}, {$vote_browser})\n "); } mysql_free_result($meTooCheck); // No need to display a different error message if the user was refreshing ShowNotification("Thank you for your report! It has been recorded below.", false, "info"); TaskDetails($task_id); } elseif ($action == 'notify_me') { $userSettings =& Settings::get_Settings($pguser); $userSettings->add_value('taskctr_notice', $task_id); TaskDetails($task_id); } elseif ($action == 'unnotify_me') { $userSettings =& Settings::get_Settings($pguser); $userSettings->remove_value('taskctr_notice', $task_id); TaskDetails($task_id); } else { die("shouldn't be able to reach here"); } }
<?php $relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; include_once $relPath . 'theme.inc'; include_once $relPath . 'Project.inc'; include_once 'page_table.inc'; require_login(); $projectid = validate_projectID('project', @$_GET['project']); $show_image_size = get_integer_param($_GET, 'show_image_size', 0, 0, 1); $project = new Project($projectid); if (isset($_GET['select_by_user'])) { $sbu = $_GET['select_by_user']; if (empty($sbu)) { // Show just the current user's pages. $username_for_page_selection = $pguser; } else { // Explicitly specify a particular user. // This is only available to PFs & SAs. // (Yes, even though it merely filters // information that is available to all.) if (user_is_a_sitemanager() || user_is_proj_facilitator()) { $username_for_page_selection = $sbu; } else { // Just show the current user's pages. $username_for_page_selection = $pguser; } } } else { // No 'select_by_user' parameter, so show all pages.
function show_item_editor($news_page_id) { if (isset($_GET['action']) && $_GET['action'] == "edit") { $item_id = get_integer_param($_GET, 'item_id', null, null, null); $result = mysql_query("SELECT * FROM news_items WHERE id={$item_id}"); $initial_content = mysql_result($result, 0, "content"); $action_to_request = "edit_update"; $submit_button_label = _("Edit News Item"); } else { $item_id = ""; $initial_content = ""; $action_to_request = "add"; $submit_button_label = _("Add News Item"); } echo "<form action='sitenews.php?news_page_id={$news_page_id}&action={$action_to_request}' method='post'>"; echo "<center>"; echo "<textarea name='content' cols='80' rows='8'>" . html_safe($initial_content) . "</textarea>"; echo "<br>\n"; echo "<input type='submit' value='{$submit_button_label}' name='submit'>"; echo "</center>"; echo "<br>\n"; echo "<br>\n"; echo "<input type='hidden' name='item_id' value='{$item_id}'>"; echo "</form>"; }
<?php $relPath = '../../pinc/'; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; // html_safe() require_login(); // Create xml data for all authors unless either // an author_id is supplied (only that author) // or // a timestamp is supplied (only authors edited after that time) $author_id = get_integer_param($_GET, 'author_id', null, 0, null, true); $modified_since = get_integer_param($_GET, 'modified_since', null, 0, null, true); if (isset($author_id)) { $clause = "WHERE author_id = {$author_id}"; $wrap_in_big_tag = false; } else { if (isset($modified_since)) { // Pad timestamp with zeroes. // This means a date, e.g. 20040810, will be sent to // the parser as a timestamp, e.g. 20040810000000 $last_modified = str_pad($_GET['modified_since'], 14, '0'); $clause = "WHERE last_modified >= {$last_modified}"; $wrap_in_big_tag = true; } else { $clause = ''; $wrap_in_big_tag = true; } } header("Content-Type: text/xml"); echo "<?xml version=\"1.0\" encoding=\"{$charset}\" ?>\n";
// TRANSLATORS: This is a strftime-formatted string for the date and time $date_format = _("%A, %B %e, %Y"); // TRANSLATORS: This is a strftime-formatted string for the time $time_format = _("%X"); error_reporting(E_ALL); // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX // Usually, the user arrives here by clicking on the title of a project // in a list of projects. // But there are lots of other less-used pages that link here. $MIN_DETAIL_LEVEL = 1; $MAX_DETAIL_LEVEL = 4; $DEFAULT_DETAIL_LEVEL = 3; // Validate all the input $projectid = validate_projectID('id', @$_GET['id']); $expected_state = get_enumerated_param($_GET, 'expected_state', null, $PROJECT_STATES_IN_ORDER, true); $detail_level = get_integer_param($_GET, 'detail_level', $DEFAULT_DETAIL_LEVEL, $MIN_DETAIL_LEVEL, $MAX_DETAIL_LEVEL); // ----------------------------------------------------------------------------- $project = new Project($projectid); // TRANSLATORS: this is the project page title. // In a tabbed browser, the page-title passed to output_header() will appear // in the tab, which tends to be small, as soon as you have a few of them. // So, put the distinctive part of the page-title (i.e. the name of the // project) first. $title_for_theme = sprintf(_('"%s" project page'), $project->nameofwork); $title = sprintf(_("Project Page for '%s'"), $project->nameofwork); // ----------------------------------------------------------------------------- if (!$user_is_logged_in) { // Guests see a reduced version of the project page. output_header($title_for_theme, NO_STATSBAR); echo "<h1>{$title}</h1>\n"; list($top_blurb, $bottom_blurb) = decide_blurbs();
enforce_edit_authorization($projectid); // get the correct layout $default_layout = @$_SESSION["show_good_word_suggestions_detail"]["layout"]; if (is_null($default_layout)) { // The normal case for the session's first visit. $default_layout = LAYOUT_HORIZ; } else { if ($default_layout === LAYOUT_HORIZ || $default_layout === LAYOUT_VERT) { // The normal case for the session's subsequent visits. } else { // I don't know how this could happen. $default_layout = LAYOUT_HORIZ; // Alternatively, we could raise an error or warning. } } $layout = get_integer_param($_GET, 'layout', $default_layout, LAYOUT_HORIZ, LAYOUT_VERT); $_SESSION["show_good_word_suggestions_detail"]["layout"] = $layout; // $frame determines which frame we're operating from // 'master' - we're the master frame // 'left' - we're the left frame with the text // 'right' - we're the right frame for the image $frame = get_enumerated_param($_GET, 'frame', 'master', array('master', 'left', 'right')); if ($frame == "master") { slim_header_frameset(_("Suggestion Detail")); if ($layout == LAYOUT_HORIZ) { $frameSpec = 'rows="30%,70%"'; } else { $frameSpec = 'cols="30%,70%"'; } ?> <frameset <?php
if (isset($NEWS_PAGES[$news_page_id])) { $news_subject = get_news_subject($news_page_id); output_header(sprintf(_("Recent Site News Items for %s"), $news_subject)); echo "<br>"; } else { echo _("Error") . ": <b>" . $news_page_id . "</b> " . _("Unknown news_page_id specified, exiting."); exit; } } else { echo _("No news_page_id specified, exiting."); exit; } // echo "<center>Feeds: <a href='$code_url/feeds/backend.php?content=news'><img src='$code_url/graphics/xml.gif'></a>"; // echo "<a href='$code_url/feeds/backend.php?content=news&type=rss'><img src='$code_url/graphics/rss.gif'></a>"; // echo "</center>"; $num = get_integer_param($_GET, 'num', 0, 0, NULL); if ($num == 0) { // Invoking this script with num=0 (or without // the 'num' parameter) means "no limit". $limit_clause = ""; } else { $limit_clause = "LIMIT {$num}"; echo "<a href='pastnews.php?news_page_id={$news_page_id}'>" . sprintf(_("Show All %s News"), $news_subject) . "</a>"; } $result = mysql_query(sprintf("\n SELECT * FROM news_items \n WHERE news_page_id = '%s' AND \n status = 'recent'\n ORDER BY id DESC\n {$limit_clause}\n", mysql_real_escape_string($news_page_id))); if (mysql_numrows($result) == 0) { echo "<br><br>" . sprintf(_("No recent news items for %s"), $news_subject); } else { while ($news_item = mysql_fetch_array($result)) { $date_posted = strftime(_("%A, %B %e, %Y"), $news_item['date_posted']); echo "<br><a name='" . $news_item['id'] . "'><b>{$date_posted}</b><br>" . $news_item['content'] . "<br><hr align='center' width='75%'><br>";
$relPath = "./../../pinc/"; include_once $relPath . 'base.inc'; include_once $relPath . 'wordcheck_engine.inc'; include_once $relPath . 'Project.inc'; include_once $relPath . 'theme.inc'; include_once './post_files.inc'; include_once "./word_freq_table.inc"; require_login(); $datetime_format = "%A, %B %e, %Y %X"; set_time_limit(0); // no time limit $projectid = validate_projectID('projectid', @$_REQUEST['projectid']); $fileObject = get_project_word_file($projectid, "good"); $timeCutoff = get_integer_param($_REQUEST, 'timeCutoff', $fileObject->mod_time, 0, null); $freqCutoff = get_integer_param($_REQUEST, 'freqCutoff', 5, 0, null); enforce_edit_authorization($projectid); if ($timeCutoff == 0) { $time_cutoff_text = _("<b>All proofreader suggestions</b> are included in the results."); } else { $time_cutoff_text = sprintf(_("Only proofreader suggestions made <b>after %s</b> are included in the results."), strftime($datetime_format, $timeCutoff)); } // $format determines what is presented from this page: // 'html' - page is rendered with frequencies included // 'file' - all words and frequencies are presented as a // downloaded file // 'update' - update the list $format = get_enumerated_param($_REQUEST, 'format', 'html', array('html', 'file', 'update')); if ($format == "update") { $postedWords = parse_posted_words($_POST); $words = load_project_good_words($projectid);
include_once $relPath . 'base.inc'; include_once $relPath . 'wordcheck_engine.inc'; include_once $relPath . 'slim_header.inc'; include_once $relPath . 'misc.inc'; // attr_safe() include_once $relPath . 'Stopwatch.inc'; include_once './post_files.inc'; include_once "./word_freq_table.inc"; require_login(); $datetime_format = _("%A, %B %e, %Y at %X"); $watch = new Stopwatch(); $watch->start(); set_time_limit(0); // no time limit $freqCutoff = get_integer_param($_REQUEST, 'freqCutoff', 5, 0, null); $timeCutoff = get_integer_param($_REQUEST, 'timeCutoff', -1, -1, null); // load the PM $pm = array_get($_REQUEST, "pm", $pguser); if (!user_is_a_sitemanager() && !user_is_proj_facilitator()) { $pm = $pguser; } // $frame determines which frame we're operating from // none - we're the master frame // 'left' - we're the left frame with the text // 'right' - we're the right frame for the context info // 'update' - not a frame at all - process the incoming data $frame = get_enumerated_param($_REQUEST, 'frame', 'master', array('master', 'left', 'right', 'update')); if ($frame == "update") { $newProjectWords = array(); foreach ($_POST as $key => $val) { if (preg_match("/cb_(projectID[0-9a-f]{13})_(\\d+)/", $key, $matches)) {
include_once $relPath . 'project_states.inc'; include_once $relPath . 'stages.inc'; include_once $relPath . 'Project.inc'; include_once './post_files.inc'; require_login(); $valid_round_ids = array_keys($Round_for_round_id_); array_unshift($valid_round_ids, '[OCR]'); if (@$_REQUEST['projectid'] == 'many') { $projectid = 'many'; } else { $projectid = validate_projectID('projectid', @$_REQUEST['projectid']); } $round_id = get_enumerated_param($_REQUEST, 'round_id', null, $valid_round_ids); $which_text = get_enumerated_param($_REQUEST, 'which_text', null, array('EQ', 'LE')); $include_proofers = get_integer_param($_REQUEST, 'include_proofers', 0, 0, 1); $save_files = get_integer_param($_REQUEST, 'save_files', 0, 0, 1); // only sitemanagers are allowed to save files if ($save_files && !user_is_a_sitemanager()) { echo _('You are not authorized to invoke this script.'); exit; } // only people who can see names on the page details page // can see names here. $project = new Project($projectid); if ($include_proofers && !$project->names_can_be_seen_by_current_user) { echo _('You are not authorized to invoke this script.'); exit; } // if we are not saving files, then we are just downloading the zip. // don't send anything out other than the headers and zip file contents. if ($save_files) {
} else { $byear = get_integer_param($_POST, 'byear', null, 0, null); } $bmonth = get_integer_param($_POST, 'bmonth', null, 0, 12); $bday = get_integer_param($_POST, 'bday', null, 0, 31); $bcomments = @$_POST['bcomments']; $byearRadio = get_integer_param($_POST, 'byearRadio', null, 0, 1); if (@$_POST['dyear'] == '') { $dyear = null; } else { $dyear = get_integer_param($_POST, 'dyear', null, 0, null); } $dmonth = get_integer_param($_POST, 'dmonth', null, 0, 12); $dday = get_integer_param($_POST, 'dday', null, 0, 31); $dcomments = @$_POST['dcomments']; $dyearRadio = get_integer_param($_POST, 'dyearRadio', null, 0, 1); // years are specified using radio-buttons and text-fields. // a little logic to get the right data // also, years might be negated by checking 'B. C.' if ($byearRadio == '0') { $byear = 0; } elseif (isset($_POST['bbc'])) { $bbc = TRUE; $byear = -$byear; } if ($dyearRadio == '0') { $dyear = 0; } elseif (isset($_POST['dbc'])) { $dbc = TRUE; $dyear = -$dyear; }