function html_to_text($html) { $text = sanitize_html($html); $text = wp_kses($text, array(), array()); $text = html_entity_decode($text, ENT_QUOTES, 'UTF-8'); return $text; }
function show_list($list) { start_table(); echo "\n <tr>\n <th>" . tra("Team name") . "</th>\n <th>" . tra("Description") . "</th>\n <th>" . tra("Average credit") . "</th>\n <th>" . tra("Type") . "</th>\n <th>" . tra("Country") . "</th>\n </tr>\n "; $i = 0; foreach ($list as $team) { $type = team_type_name($team->type); $j = $i++ % 2; echo "<tr class=row{$j}>\n <td><a href=team_display.php?teamid={$team->id}>{$team->name}</a></td>\n <td><span class=note>" . sanitize_html($team->description) . "</span></td>\n <td>" . format_credit($team->expavg_credit) . "</td>\n <td>{$type}</td>\n <td>{$team->country}</td>\n </tr>\n "; } echo "</table>"; }
function hunterslodge_customtitle_run() { require_once "lib/sanitize.php"; require_once "lib/names.php"; global $session; $op = httpget("op"); $free = httpget("free"); page_header("Choose your Custom Title"); switch ($op) { case "change": output("Ready to change your Title? No problem. Enter your desired Title in the box below. You've got 25 characters to play with, including colour codes.`n`n"); titlechange_form(); addnav("Cancel"); addnav("Don't change colours, just go back to the Lodge", "runmodule.php?module=iitems_hunterslodge&op=start"); break; case "confirm": $ntitle = rawurldecode(httppost('newname')); $ntitle = newline_sanitize($ntitle); if ($ntitle == "") { $ntitle = "`0"; } $ntitle = preg_replace("/[`][cHw]/", "", $ntitle); $ntitle = sanitize_html($ntitle); $nname = get_player_basename(); output("`0Your new title will look like this: %s`0`n", $ntitle); output("`0Your entire name will look like: %s %s`0`n`n", $ntitle, $nname); output("Do you want to set the new title now?`n`n"); output("`0Try a different title below, if you like.`n`n"); titlechange_form(); addnav("Confirm"); addnav("Set the new Title", "runmodule.php?module=hunterslodge_customtitle&op=set&free={$free}&newname=" . rawurlencode($ntitle)); addnav("Cancel"); addnav("Don't change your Title, just go back to the Lodge", "runmodule.php?module=iitems_hunterslodge&op=start"); break; case "set": $ntitle = rawurldecode(httpget('newname')); $fromname = $session['user']['name']; $newname = change_player_ctitle($ntitle); $session['user']['ctitle'] = $ntitle; $session['user']['name'] = $newname; output("You are now known as %s!`0`n`n", $session['user']['name']); if (!$free) { $id = has_item("hunterslodge_customtitle"); delete_item($id); } addnav("Return"); addnav("Return to the Lodge", "runmodule.php?module=iitems_hunterslodge&op=start"); break; } page_footer(); }
function show_list($list) { start_table(); echo "<tr>\n\t\t<th>Team name</th>\n\t\t<th>Description</th>\n\t\t<th>Average credit</th>\n\t\t<th>Type</th>\n\t\t<th>Country</th>\n\t\t</tr>"; $i = 0; foreach ($list as $team) { $type = team_type_name($team->type); $j = $i++ % 2; echo '<tr class="row$j"> <td><a href="team_display.php?teamid=$team->id">$team->name</a></td> <td><span class="note">' . sanitize_html($team->description) . '</span></td> <td>' . format_credit($team->expavg_credit) . '</td> <td>$type</td> <td>$team->country</td> </tr> '; } echo "</table>"; }
$user = get_logged_in_user(); $teamid = post_int("teamid"); $team = BoincTeam::lookup_id($teamid); if (!$team) { error_page("no such team"); } require_admin($user, $team); $team_url = BoincDb::escape_string(strip_tags(post_str("url", true))); $x = strstr($team_url, "http://"); if ($x) { $team_url = substr($team_url, 7); } $team_name = BoincDb::escape_string(strip_tags(post_str("name"))); $team_name_lc = strtolower($team_name); $tnh = post_str("name_html", true); $team_name_html = sanitize_html($tnh); $team_name_html = BoincDb::escape_string($team_name_html); $team_description = BoincDb::escape_string(post_str("description", true)); $type = BoincDb::escape_string(post_str("type", true)); $country = BoincDb::escape_string(post_str("country", true)); if ($country == "") { $country = "International"; } if (!is_valid_country($country)) { error_page("bad country"); } $joinable = post_str('joinable', true) ? 1 : 0; $t = BoincTeam::lookup("name='{$team_name}'"); if ($t && $t->id != $teamid) { error_page("The name '{$team_name}' is being used by another team."); }
function fix_text($text) { $text = sanitize_html($text); $text = image_as_bb($text); $text = link_as_bb($text); $text = formatting_as_bb($text); return $text; }
/** * Sanitizes a comment. */ private function sanitize() { global $is_index, $index, $content; // Sanitize user input $this->message = sanitize_html($_POST['comment-message']); $this->name = sanitize_string($_POST['comment-name']); $this->email = $_POST['comment-email']; $this->website = sanitize_url($_POST['comment-website']); // Get date, time $this->date = current_date(); $this->time = current_time(); }
function show_list($list) { start_table(); echo "\n <tr>\n <th>" . tra("Team name") . "</th>\n "; if (defined("SHOW_NONVALIDATED_TEAMS")) { echo "<th>Validated?</th>\n"; } echo "\n <th>" . tra("Description") . "</th>\n <th>" . tra("Average credit") . "</th>\n <th>" . tra("Type") . "</th>\n <th>" . tra("Country") . "</th>\n </tr>\n "; $i = 0; foreach ($list as $team) { $type = team_type_name($team->type); $j = $i++ % 2; echo "<tr class=row{$j}>\n <td><a href=team_display.php?teamid={$team->id}>{$team->name}</a></td>\n "; if (defined("SHOW_NONVALIDATED_TEAMS")) { $user = BoincUser::lookup_id($team->userid); echo "<td>"; echo $user->email_validated ? "Yes" : "No"; echo "</td>\n"; } echo "\n <td><p class=\"text-muted\">" . sanitize_html($team->description) . "</p></td>\n <td>" . format_credit($team->expavg_credit) . "</td>\n <td>{$type}</td>\n <td>{$team->country}</td>\n </tr>\n "; } echo "</table>"; }
/** * Convert from Events Manager event to a event format defined * by ShoutEm Data Exchange Protocol @link http://fiveminutes.jira.com/wiki/display/SE/Data+Exchange+Protocol */ private function convert_to_se_event($event) { $new_em_plugin = property_exists($event, 'event_id'); if (!$new_em_plugin) { $remaped_event = self::convert_old_em_event_to_se_event($event); } else { //new event manager $remaped_event = array('post_id' => $event->event_id, 'start_time' => $event->event_start_date . ' ' . $event->event_start_time, 'end_time' => $event->event_end_date . ' ' . $event->event_end_time, 'name' => $event->name, 'description' => $event->post_content, 'image_url' => $event->image_url); $user_id = $event->event_owner; if ($user_id > 0) { $user = get_userdata($user_id); $remaped_event['owner'] = array('id' => $user_id, 'name' => $user->user_nicename); } $venue = array(); $location = EM_Locations::get(array($event->location_id)); if (is_array($location) && count($location) > 0) { $location = $location[$event->location_id]; $venue = array('id' => '', 'name' => $location->location_name, 'street' => $location->location_address, 'city' => $location->location_town, 'state' => $location->location_state, 'country' => $location->location_country, 'latitude' => $location->location_latitude, 'longitude' => $location->location_longitude); } $remaped_event['place'] = $venue; } $striped_attachments = array(); $remaped_event['description'] = sanitize_html($remaped_event['description'], $striped_attachments); if (property_exists($event, 'post_id')) { $this->include_leading_image_in_attachments($striped_attachments, $event->post_id); } $remaped_event['body'] = $remaped_event['description']; $remaped_event['summary'] = html_to_text($remaped_event['description']); $remaped_event['attachments'] = $striped_attachments; return $remaped_event; }
private function get_post($post, $params) { $attachments = array('images' => array(), 'videos' => array(), 'audio' => array()); $this->attachments =& $attachments; $is_user_logged_in = isset($params['session_id']); $include_raw_post = isset($params['include_raw_post']); $is_reqistration_required = '1' == get_option('comment_registration'); $remaped_post = $this->array_remap_keys($post, array('ID' => 'post_id', 'post_date_gmt' => 'published_at', 'post_title' => 'title', 'post_excerpt' => 'summary', 'post_content' => 'body', 'comment_status' => 'commentable', 'comment_count' => 'comments_count')); $post_categories = wp_get_post_categories($remaped_post['post_id']); $categories = array(); $tags = array(); foreach ($post_categories as $category) { $cat = get_category($category); $categories[] = array('id' => $cat->cat_ID, 'name' => $cat->name); } $remaped_post['categories'] = $categories; //*** ACTION shoutem_get_post_start ***// //Integration with external plugins will usually hook to this action to //substitute shortcodes or generate appropriate attachments from the content. //For example: @see ShoutemNGGDao, @see ShoutemFlaGalleryDao. do_action('shoutem_get_post_start', array('wp_post' => $post, 'attachments_ref' => &$attachments)); $body = apply_filters('the_content', do_shortcode($remaped_post['body'])); if ($include_raw_post) { $remaped_post['raw_post'] = $body; } $striped_attachments = array(); $remaped_post['body'] = sanitize_html($body, $striped_attachments); $user_data = get_userdata($post->post_author); $remaped_post['author'] = $user_data->display_name; $remaped_post['likeable'] = 0; $remaped_post['likes_count'] = 0; $remaped_post['link'] = get_permalink($remaped_post['post_id']); $this->include_leading_image_in_attachments($attachments, $post->ID); $attachments['images'] = array_merge($attachments['images'], $striped_attachments['images']); $attachments['videos'] = array_merge($attachments['videos'], $striped_attachments['videos']); $attachments['audio'] = array_merge($attachments['audio'], $striped_attachments['audio']); sanitize_attachments($attachments); $remaped_post['attachments'] = $attachments; $remaped_post['image_url'] = ''; $images = $attachments['images']; if (count($images) > 0) { $remaped_post['image_url'] = $images[0]['src']; } $post_commentable = $remaped_post['commentable'] == 'open'; if (!$this->options['enable_wp_commentable']) { $remaped_post['commentable'] = 'no'; } else { if (array_key_exists('commentable', $params)) { $remaped_post['commentable'] = $params['commentable']; } else { $remaped_post['commentable'] = $this->get_commentable($post_commentable, $is_user_logged_in, $is_reqistration_required); } } if ($this->options['enable_fb_commentable']) { $remaped_post['fb_commentable'] = 'yes'; } if (!$remaped_post['summary']) { $remaped_post['summary'] = wp_trim_excerpt(apply_filters('the_excerpt', get_the_excerpt())); $remaped_post['summary'] = html_to_text($remaped_post['summary']); } $remaped_post['title'] = html_to_text($remaped_post['title']); $remaped_posts[] = $remaped_post; return $remaped_post; }
function titlechange_run() { require_once "lib/sanitize.php"; require_once "lib/names.php"; global $session; $op = httpget("op"); page_header("Hunter's Lodge"); $pointsavailable = $session['user']['donation'] - $session['user']['donationspent']; $permcost = get_module_setting("permanent"); if ($op == "permanent") { page_header("Unlimited Title Changes"); output("For %s Donator Points, you can change your Title as often as you like without paying again.`n`n", $permcost); addnav("Unlimited Changes"); if ($pointsavailable >= $permcost) { addnav(array("Get permanent free Title changes (%s Points)", $permcost), "runmodule.php?module=titlechange&op=permanentconfirm"); } else { addnav(array("Sorry, but you need %s more Donator Points for this option.", $permcost - $pointsavailable), ""); } addnav("Cancel", "lodge.php"); page_footer(); } if ($op == "permanentconfirm") { page_header("Unlimited Title Changes"); output("You've got unlimited Title Changes!"); addnav("Back to the Lodge", "lodge.php"); set_module_pref("permanent", 1); $session['user']['donationspent'] += $permcost; page_footer(); } if ($op == "titlechange") { if (get_module_pref("timespurchased")) { $cost = get_module_setting("extrapoints"); } else { $cost = get_module_setting("initialpoints"); } if (get_module_pref("permanent")) { $cost = 0; } if ($cost <= $session['user']['donation'] - $session['user']['donationspent']) { output("`3`bCustomize Title`b`0`n`n"); output("`7Because you have earned sufficient points, you have been granted the ability to set a custom title of your choosing."); output("The title must be appropriate, and the admin of the game can reset if it isn't (as well as penalize you for abusing the game)."); output("The title may not be more than 25 characters long including any characters used for colorization!.`n`n"); $otitle = get_player_title(); if ($otitle == "`0") { $otitle = ""; } output("`7Your title is currently`^ "); rawoutput($otitle); output_notl("`0`n"); output("`7which looks like %s`n`n", $otitle); if (httpget("err") == 1) { output("`\$Please enter a title.`n"); } output("`7How would you like your title to look?`n"); rawoutput("<form action='runmodule.php?module=titlechange&op=titlepreview' method='POST'>"); rawoutput("<input id='input' name='newname' width='25' maxlength='25' value='" . htmlentities($otitle, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "'>"); rawoutput("<input type='submit' class='button' value='Preview'>"); rawoutput("</form>"); addnav("", "runmodule.php?module=titlechange&op=titlepreview"); } else { output("Sorry, but you don't have enough points to do that!`n`n"); } } elseif ($op == "titlepreview") { $ntitle = rawurldecode(httppost('newname')); $ntitle = newline_sanitize($ntitle); if ($ntitle == "") { if (get_module_setting("blank")) { $ntitle = "`0"; } else { redirect("runmodule.php?module=titlechange&op=titlechange&err=1"); } } if (!get_module_setting("bold")) { $ntitle = str_replace("`b", "", $ntitle); } if (!get_module_setting("italics")) { $ntitle = str_replace("`i", "", $ntitle); } $ntitle = sanitize_colorname(get_module_setting("spaceinname"), $ntitle); $ntitle = preg_replace("/[`][cHw]/", "", $ntitle); $ntitle = sanitize_html($ntitle); $nname = get_player_basename(); output("`7Your new title will look like this: %s`0`n", $ntitle); output("`7Your entire name will look like: %s %s`0`n`n", $ntitle, $nname); output("`7Is this how you wish it to look?"); addnav("`bConfirm Custom Title`b"); addnav("Yes", "runmodule.php?module=titlechange&op=changetitle&newname=" . rawurlencode($ntitle)); addnav("No", "runmodule.php?module=titlechange&op=titlechange"); } elseif ($op == "changetitle") { $ntitle = rawurldecode(httpget('newname')); $fromname = $session['user']['name']; $newname = change_player_ctitle($ntitle); $session['user']['ctitle'] = $ntitle; $session['user']['name'] = $newname; addnews("%s`^ has become known as %s.", $fromname, $session['user']['name']); // modifications by sixf00t4 if (!get_module_pref("permanent")) { if (get_module_setting("take")) { $cost = 0; if (get_module_pref("timespurchased")) { $cost = get_module_setting("extrapoints"); debuglog("bought another custom title for {$cost} points"); } else { $cost = get_module_setting("initialpoints"); debuglog("bought first custom title for {$cost} points"); } $session['user']['donationspent'] += $cost; } } set_module_pref("timespurchased", get_module_pref("timespurchased") + 1); output("Your custom title has been set."); modulehook("namechange", array()); } addnav("L?Return to the Lodge", "lodge.php"); page_footer(); }
function process_create_profile($user, $profile) { global $config; $response1 = post_str('response1', true); $response2 = post_str('response2', true); $language = post_str('language', true); $privatekey = parse_config($config, "<recaptcha_private_key>"); if ($privatekey) { $recaptcha = new ReCaptcha($privatekey); $resp = $recaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); if (!$resp->success) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your ReCaptcha response was not correct. Please try again.")); return; } } if (!akismet_check($user, $response1)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your first response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (!akismet_check($user, $response2)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your second response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (isset($_POST['delete_pic'])) { $delete_pic = $_POST['delete_pic']; } else { $delete_pic = "off"; } if (strlen($response1) == 0 && strlen($response2) == 0 && $delete_pic != "on" && !is_uploaded_file($_FILES['picture']['tmp_name'])) { error_page(tra("Your profile submission was empty.")); exit; } if ($delete_pic == "on") { delete_user_pictures($profile->userid); $profile->has_picture = false; $profile->verification = 0; } $profile ? $has_picture = $profile->has_picture : ($has_picture = false); if (is_uploaded_file($_FILES['picture']['tmp_name'])) { $has_picture = true; if ($profile) { $profile->verification = 0; } // echo "<br>Name: " . $_FILES['picture']['name']; // echo "<br>Type: " . $_FILES['picture']['type']; // echo "<br>Size: " . $_FILES['picture']['size']; // echo "<br>Temp name: " . $_FILES['picture']['tmp_name']; $images = getImages($_FILES['picture']['tmp_name']); // Write the original image file to disk. // TODO: define a constant for image quality. ImageJPEG($images[0], IMAGE_PATH . $user->id . '.jpg'); ImageJPEG($images[1], IMAGE_PATH . $user->id . '_sm.jpg'); } $response1 = sanitize_html($response1); $response2 = sanitize_html($response2); $has_picture = $has_picture ? 1 : 0; if ($profile) { $query = " response1 = '" . BoincDb::escape_string($response1) . "'," . " response2 = '" . BoincDb::escape_string($response2) . "'," . " language = '" . BoincDb::escape_string($language) . "'," . " has_picture = {$has_picture}," . " verification = {$profile->verification}" . " WHERE userid = {$user->id}"; $result = BoincProfile::update_aux($query); if (!$result) { error_page(tra("Could not update the profile: database error")); } } else { $query = 'SET ' . " userid={$user->id}," . " language = '" . BoincDb::escape_string($language) . "'," . " response1 = '" . BoincDb::escape_string($response1) . "'," . " response2 = '" . BoincDb::escape_string($response2) . "'," . " has_picture = {$has_picture}," . " recommend=0, " . " reject=0, " . " posts=0, " . " uotd_time=0, " . " verification=0"; $result = BoincProfile::insert($query); if (!$result) { error_page(tra("Could not create the profile: database error")); } } $user->update("has_profile=1"); page_head(tra("Profile saved")); echo tra("Congratulations! Your profile was successfully entered into our database.") . "<br><br>" . "<a href=\"view_profile.php?userid=" . $user->id . "\">" . tra("View your profile") . "</a><br>"; page_tail(); }
/** * Render shaare contents through Markdown parser. * 1. Remove HTML generated by Shaarli core. * 2. Reverse the escape function. * 3. Generate markdown descriptions. * 4. Sanitize sensible HTML tags for security. * 5. Wrap description in 'markdown' CSS class. * * @param string $description input description text. * * @return string HTML processed $description. */ function process_markdown($description) { $parsedown = new Parsedown(); $processedDescription = $description; $processedDescription = reverse_text2clickable($processedDescription); $processedDescription = reverse_nl2br($processedDescription); $processedDescription = reverse_space2nbsp($processedDescription); $processedDescription = unescape($processedDescription); $processedDescription = $parsedown->setMarkupEscaped(false)->setBreaksEnabled(true)->text($processedDescription); $processedDescription = sanitize_html($processedDescription); if (!empty($processedDescription)) { $processedDescription = '<div class="markdown">' . $processedDescription . '</div>'; } return $processedDescription; }
function logd_error_notify($errno, $errstr, $errfile, $errline, $backtrace) { global $session; $sendto = explode(";", getsetting("notify_address", "")); $howoften = getsetting("notify_every", 30); reset($sendto); $data = datacache("error_notify", 86400); if (!is_array($data)) { $data = array('firstrun' => true, 'errors' => array()); } else { $data['firstrun'] = false; } $do_notice = false; if (!array_key_exists($errstr, $data['errors'])) { $do_notice = true; } elseif (strtotime("now") - $data['errors'][$errstr] > $howoften * 60) { $do_notice = true; } if ($data['firstrun']) { debug("First run, not notifying users."); } else { if ($do_notice) { /*** * Set up the mime bits **/ require_once "sanitize.php"; $notice_text = "This is a multi-part message in MIME format."; $userstr = ""; if ($session && isset($session['user']['name']) && isset($sesson['user']['acctid'])) { $userstr = "Error triggered by user " . $session['user']['name'] . " (" . $session['user']['acctid'] . ")\n"; } $plain_text = "{$userstr}{$errstr} in {$errfile} ({$errline})\n" . sanitize_html($backtrace); $html_text = "<html><body>{$errstr} in {$errfile} ({$errline})<hr>{$backtrace}</body></html>"; $semi_rand = md5(time()); $mime_boundary = "==MULTIPART_BOUNDARY_{$semi_rand}"; $mime_boundary_header = chr(34) . $mime_boundary . chr(34); $subject = "{$_SERVER['HTTP_HOST']} {$level}"; $body = "{$notice_text}\r\n\r\n--{$mime_boundary}\r\nContent-Type: text/plain; charset=us-ascii\r\nContent-Transfer-Encoding: 7bit\r\n\r\n{$plain_text}\r\n\r\n--{$mime_boundary}\r\nContent-Type: text/html; charset=us-ascii\r\nContent-Transfer-Encoding: 7bit\r\n\r\n{$html_text}\r\n\r\n--{$mime_boundary}--"; /*** * Mime bits are set up, **/ while (list($key, $email) = each($sendto)) { debug("Notifying {$email} of this error."); mail($email, $subject, $body, "From: " . $from . "\n" . "MIME-Version: 1.0\n" . "Content-Type: multipart/alternative;\n" . " boundary=" . $mime_boundary_header); } //mark the time that notice was last sent for this error. $data['errors'][$errstr] = strtotime("now"); } else { debug("Not notifying users for this error, it's only been " . round((strtotime("now") - $data['errors'][$errstr]) / 60, 2) . " minutes."); } } updatedatacache("error_notify", $data); debug($data); }
$sql .= "name = \"" . addslashes($newname) . "\","; output("Changed player name to %s`0 due to changed dragonkill title`n", $newname); debuglog($session['user']['name'] . "`0 changed player name to {$newname}`0 due to changed dragonkill title", $userid); $oldvalues['name'] = $newname; if ($session['user']['acctid'] == $userid) { $session['user']['name'] = $newname; } } if ($session['user']['acctid'] == $userid) { $session['user']['title'] = $tmp; } } elseif ($key == "ctitle" && stripslashes($val) != $oldvalues[$key]) { $updates++; $tmp = sanitize_colorname(true, stripslashes($val), true); $tmp = preg_replace("/[`][cHw]/", "", $tmp); $tmp = sanitize_html($tmp); if ($tmp != stripslashes($val)) { output("`\$Illegal characters removed from custom title!`0`n"); } if (soap($tmp) != $tmp) { output("`^The new custom title doesn't pass the bad word filter!`0"); } $newname = change_player_ctitle($tmp, $oldvalues); $sql .= "{$key} = \"{$val}\","; output("Changed player ctitle from %s`0 to %s`0`n", $oldvalues['ctitle'], $tmp); $oldvalues[$key] = $tmp; if ($newname != $oldvalues['name']) { $sql .= "name = \"" . addslashes($newname) . "\","; output("Changed player name to %s`0 due to changed custom title`n", $newname); debuglog($session['user']['name'] . "`0 changed player name to {$newname}`0 due to changed custom title", $userid); $oldvalues['name'] = $newname;
c r i p t : a l e r t ( ' X S S ' ) " > <<SCRIPT>alert("XSS");//<</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <IMG SRC="javascript:alert('XSS')" <A HREF="h tt\tp://6	6.000146.0x7.147/">XSS</A> EOT; echo sanitize_html($html) . "\n\n"; ?> </body> </html>
/** * Sanitizes a comment. */ private function sanitize() { // Sanitize user input $this->message = sanitize_html($_POST['cf-message']); $this->name = sanitize_string($_POST['cf-name']); $this->email = $_POST['cf-email']; $this->website = sanitize_url($_POST['cf-website']); }
function modulehook($hookname, $args = false, $allowinactive = false, $only = false) { global $navsection, $mostrecentmodule; global $blocked_modules, $block_all_modules, $unblocked_modules; global $output, $session, $modulehook_queries; global $currenthook; $lasthook = $currenthook; $currenthook = $hookname; static $hookcomment = array(); if ($args === false) { $args = array(); } $active = ""; if (!$allowinactive) { $active = " " . db_prefix("modules") . ".active=1 AND"; } if (!is_array($args)) { $where = $mostrecentmodule; if (!$where) { global $SCRIPT_NAME; $where = $SCRIPT_NAME; } debug("Args parameter to modulehook {$hookname} from {$where} is not an array."); } if ($session['user']['superuser'] & SU_DEBUG_OUTPUT && !isset($hookcomment[$hookname])) { rawoutput("<!--Module Hook: {$hookname}; allow inactive: " . ($allowinactive ? "true" : "false") . "; only this module: " . ($only !== false ? $only : "any module")); if (!is_array($args)) { $arg = $args . " (NOT AN ARRAY!)"; rawoutput(" arg: {$arg}"); } else { reset($args); while (list($key, $val) = each($args)) { $arg = $key . " = "; if (is_array($val)) { $arg .= "array(" . count($val) . ")"; } elseif (is_object($val)) { $arg .= "object(" . get_class($val) . ")"; } else { $arg .= htmlentities(substr($val, 0, 25), ENT_COMPAT, getsetting("charset", "ISO-8859-1")); } rawoutput(" arg: {$arg}"); } } rawoutput(" -->"); $hookcomment[$hookname] = true; } if (isset($modulehook_queries[$hookname]) && $allowinactive == false) { $result = $modulehook_queries[$hookname]; } else { $sql = "SELECT\n\t\t\t\t" . db_prefix("module_hooks") . ".modulename,\n\t\t\t\t" . db_prefix("module_hooks") . ".location,\n\t\t\t\t" . db_prefix("module_hooks") . ".function,\n\t\t\t\t" . db_prefix("module_hooks") . ".whenactive\n\t\t\tFROM\n\t\t\t\t" . db_prefix("module_hooks") . "\n\t\t\tINNER JOIN\n\t\t\t\t" . db_prefix("modules") . "\n\t\t\tON\t" . db_prefix("modules") . ".modulename = " . db_prefix("module_hooks") . ".modulename\n\t\t\tWHERE\n\t\t\t\t{$active}\n\t\t\t\t" . db_prefix("module_hooks") . ".location='{$hookname}'\n\t\t\tORDER BY\n\t\t\t\t" . db_prefix("module_hooks") . ".priority,\n\t\t\t\t" . db_prefix("module_hooks") . ".modulename"; $result = db_query_cached($sql, "hook-" . $hookname); } // $args is an array passed by value and we take the output and pass it // back through // Try at least and fix up a bogus arg so it doesn't cause additional // problems later. if (!is_array($args)) { $args = array('bogus_args' => $args); } // Save off the mostrecent module since having that change can change // behaviour especially if a module calls modulehooks itself or calls // library functions which cause them to be called. $mod = $mostrecentmodule; while ($row = db_fetch_assoc($result)) { // If we are only running hooks for a specific module, skip all // others. if ($only !== false && $row['modulename'] != $only) { continue; } // Skip any module invocations which should be blocked. if (!array_key_exists($row['modulename'], $blocked_modules)) { $blocked_modules[$row['modulename']] = false; } if (!array_key_exists($row['modulename'], $unblocked_modules)) { $unblocked_modules[$row['modulename']] = false; } if (($block_all_modules || $blocked_modules[$row['modulename']]) && !$unblocked_modules[$row['modulename']]) { continue; } if (injectmodule($row['modulename'], $allowinactive)) { $oldnavsection = $navsection; tlschema("module-{$row['modulename']}"); // Pass the args into the function and reassign them to the // result of the function. // Note: each module gets the previous module's modified return // value if more than one hook here. // Order of operations could become an issue, modules are called // in alphabetical order by their module name (not display name). // Test the condition code if (!array_key_exists('whenactive', $row)) { $row['whenactive'] = ''; } $cond = trim($row['whenactive']); if ($cond == "" || module_condition($cond) == true) { // call the module's hook code $outputbeforehook = $output; $output = ""; /*******************************************************/ $starttime = getmicrotime(); /*******************************************************/ if (function_exists($row['function'])) { $res = $row['function']($hookname, $args); } else { trigger_error("Unknown function {$row['function']} for hoookname {$hookname} in module {$row['module']}.", E_USER_WARNING); } /*******************************************************/ $endtime = getmicrotime(); if ($endtime - $starttime >= 1.0 && $session['user']['superuser'] & SU_DEBUG_OUTPUT) { debug("Slow Hook (" . round($endtime - $starttime, 2) . "s): {$hookname} - {$row['modulename']}`n"); } /*******************************************************/ $outputafterhook = $output; $output = $outputbeforehook; // test to see if we had any output and if the module allows // us to collapse it $testout = trim(sanitize_html($outputafterhook)); if (!is_array($res)) { trigger_error("<b>{$row['function']}</b> did not return an array in the module <b>{$row['modulename']}</b> for hook <b>{$hookname}</b>.", E_USER_WARNING); $res = $args; } if ($testout > "" && $hookname != "collapse{" && $hookname != "}collapse" && $hookname != "collapse-nav{" && $hookname != "}collapse-nav" && !array_key_exists('nocollapse', $res)) { //restore the original output's reference modulehook("collapse{", array("name" => 'a-' . $row['modulename'])); $output .= $outputafterhook; modulehook("}collapse"); } else { $output .= $outputafterhook; } // Clear the collapse flag unset($res['nocollapse']); //handle return arguments. if (is_array($res)) { $args = $res; } } //revert the translation namespace tlschema(); //revert nav section after we're done here. $navsection = $oldnavsection; } } $mostrecentmodule = $mod; $currenthook = $lasthook; // And hand them back so they can be used. return $args; }
function display_parts($structure) { global $lang; global $smarty; $primary = strtolower(trim($structure->ctype_primary)); $secondary = strtolower(trim($structure->ctype_secondary)); $ctype = $primary . "/" . $secondary; $messagepart = ""; $message_charset = get_charset($structure); switch ($primary) { case "multipart": if (!array_key_exists('parts', $structure)) { $ret = "[" . $lang['text_invalid'] . "]<br>"; break; } // Recursively decode each of the sub-parts of this // part in turn. foreach ($structure->parts as $part) { $messagepart .= display_parts($part); } $smarty->assign("messagepart", $messagepart); $smarty->assign("contenttype", $ctype); $ret = $smarty->fetch("view-message.tpl"); break; case "text": switch ($secondary) { // Simple text, just word-wrap it to keep it to // a sane width. case "plain": $messagepart = "<pre>" . sanitize_html(wordwrap(iconv($message_charset, 'utf-8', $structure->body), 70)) . "</pre>"; $smarty->assign("messagepart", $messagepart); $smarty->assign("contenttype", $ctype); $ret = $smarty->fetch("view-message.tpl"); break; // HTML content, clean it up a bit and display it. // HTML content, clean it up a bit and display it. case "html": $messagepart = sanitize_html(iconv($message_charset, 'utf-8', $structure->body)); $smarty->assign("messagepart", $messagepart); $smarty->assign("contenttype", $ctype); $ret = $smarty->fetch("view-message.tpl"); break; // Some other odd text format we don't support, ignore it. // Some other odd text format we don't support, ignore it. default: $ret = "[" . $lang['text_unsupported'] . ": " . $ctype . "]<br>"; } break; default: // An unsupported content type, ignore it. $ret = "[" . $lang['text_unsupported'] . ": " . $ctype . "]<br>"; } return $ret; }