function ws_init() { global $admin_can_add_user, $admin_can_delete_user, $site_extras, $user_inc; // Load include files. define('__WC_BASEDIR', '..'); // Points to the base WebCalendar directory // relative to current working directory. define('__WC_INCLUDEDIR', '../includes'); include_once __WC_INCLUDEDIR . '/translate.php'; require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class'; require_once __WC_INCLUDEDIR . '/classes/Event.class'; require_once __WC_INCLUDEDIR . '/classes/RptEvent.class'; $WebCalendar =& new WebCalendar(__FILE__); include_once __WC_INCLUDEDIR . '/config.php'; include_once __WC_INCLUDEDIR . '/dbi4php.php'; include_once __WC_INCLUDEDIR . '/access.php'; include_once __WC_INCLUDEDIR . '/functions.php'; $WebCalendar->initializeFirstPhase(); include_once __WC_INCLUDEDIR . '/' . $user_inc; include_once __WC_INCLUDEDIR . '/validate.php'; include_once __WC_INCLUDEDIR . '/site_extras.php'; $WebCalendar->initializeSecondPhase(); load_global_settings(); load_user_preferences(); $WebCalendar->setLanguage(); }
$self = $PHP_SELF; } preg_match("/\\/(\\w+\\.php)/", $self, $match); $SCRIPT = $match[1]; // Several files need a no-cache header and some of the same code $special = array('month.php', 'day.php', 'week.php', 'week_details.php', 'year.php'); $DMW = in_array($SCRIPT, $special); // Unset some variables that shouldn't be set unset($user_inc); include_once 'includes/config.php'; include_once 'includes/php-dbi.php'; include_once 'includes/functions.php'; include_once "includes/{$user_inc}"; include_once 'includes/validate.php'; include_once 'includes/connect.php'; load_global_settings(); if (empty($ovrd)) { load_user_preferences(); } include_once 'includes/translate.php'; // error-check some commonly used form variable names $id = getValue("id", "[0-9]+", true); $user = getValue("user", "[A-Za-z0-9_\\.=@,\\-]*", true); $date = getValue("date", "[0-9]+"); $year = getValue("year", "[0-9]+"); $month = getValue("month", "[0-9]+"); $hour = getValue("hour", "[0-9]+"); $minute = getValue("minute", "[0-9]+"); $cat_id = getValue("cat_id", "[0-9]+"); $friendly = getValue("friendly", "[01]"); if (empty($public_access)) {
function save_pref($prefs, $src) { global $error, $my_theme, $prad; if (!$prad) { global $prefuser; } $pos = $prad ? 6 : 5; while (list($key, $value) = each($prefs)) { if ($src == 'post') { $prefix = substr($key, 0, $pos); $setting = substr($key, $pos); if (!$prad && $prefix != 'pref_' || $prad && $key == 'currenttab') { continue; } // . // Validate key name. // If $prad not true, should start with "pref_" // else should start with "admin_", // and not include any unusual characters that might be an SQL injection attack. if (!$prad && !preg_match('/pref_[A-Za-z0-9_]+$/', $key) || $prad && !preg_match('/admin_[A-Za-z0-9_]+$/', $key)) { die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.'))); } } else { $prefix = $prad ? 'admin_' : 'pref_'; $setting = $key; } if (strlen($setting) > 0 && $prefix == 'pref_' || $prefix == 'admin_') { if ($setting == 'THEME' && $value != 'none') { $my_theme = strtolower($value); } if ($prad) { $setting = strtoupper($setting); $sql = 'DELETE FROM webcal_config WHERE cal_setting = ?'; if (!dbi_execute($sql, array($setting))) { $error = db_error(false, $sql); break; } if (strlen($value) > 0) { $sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( ?, ? )'; if (!dbi_execute($sql, array($setting, $value))) { $error = db_error(false, $sql); break; } } } else { dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ? AND cal_setting = ?', array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value ) VALUES ( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } } // Reload preferences so any CSS changes will take effect. load_global_settings(); load_user_preferences(); }