function http_test_string($name, $method, $arg = array())
{
if ($method == "get") {
$value = @$_GET[$name];
if ($value == "") {
$value = http_get($name);
}
} else {
if ($method == "post") {
$value = @$_POST[$name];
} else {
if ($method == "cookie") {
$value = @$_COOKIE[$name];
} else {
$value = $name;
}
}
}
$value = trim($value);
if (array_key_exists("len", $arg)) {
$len = $arg["len"];
} else {
$len = 0;
}
if (array_key_exists("required", $arg)) {
$required = $arg["required"];
} else {
$required = true;
}
if (array_key_exists("valid", $arg)) {
$valid = $arg["valid"];
} else {
$valid = "[a-z][A-Z][0-9]`~!@#\$%^&*()_+-=[]\\{}|;':\",./<>? ";
}
if ($value == "") {
if (array_key_exists("default", $arg)) {
return $arg["default"];
} else {
if ($required) {
default_error("value not found - method [{$method}] type [text] name [{$name}]");
} else {
return "";
}
}
}
if (!string_uses($value, $valid)) {
default_error("invalid value - method [{$method}] type [string] name [{$name}] value [{$value}]");
}
if ($len > 0 && strlen($value) > $len) {
return substr($value, 0, $len);
}
return $value;
}
function clean_entities($dirty)
{
$a = array();
// math
$a[] = "forall";
$a[] = "part";
$a[] = "exist";
$a[] = "empty";
$a[] = "nabla";
$a[] = "isin";
$a[] = "notin";
$a[] = "ni";
$a[] = "prod";
$a[] = "sub";
$a[] = "minus";
$a[] = "lowast";
$a[] = "radic";
$a[] = "prop";
$a[] = "infin";
$a[] = "ang";
$a[] = "and";
$a[] = "or";
$a[] = "cap";
$a[] = "cup";
$a[] = "int";
$a[] = "there4";
$a[] = "sim";
$a[] = "cong";
$a[] = "asymp";
$a[] = "ne";
$a[] = "equiv";
$a[] = "le";
$a[] = "ge";
$a[] = "sub";
$a[] = "sup";
$a[] = "nsub";
$a[] = "sube";
$a[] = "supe";
$a[] = "oplus";
$a[] = "otimes";
$a[] = "perp";
$a[] = "plusmn";
$a[] = "frac14";
$a[] = "frac12";
$a[] = "frac34";
$a[] = "divide";
// greek
$a[] = "Alpha";
$a[] = "Beta";
$a[] = "Gamma";
$a[] = "Delta";
$a[] = "Epsilon";
$a[] = "Zeta";
$a[] = "Eta";
$a[] = "Theta";
$a[] = "Iota";
$a[] = "Kappa";
$a[] = "Lambda";
$a[] = "Mu";
$a[] = "Nu";
$a[] = "Xi";
$a[] = "Omicron";
$a[] = "Pi";
$a[] = "Rho";
$a[] = "Sigma";
$a[] = "Tau";
$a[] = "Upsilon";
$a[] = "Phi";
$a[] = "Chi";
$a[] = "Psi";
$a[] = "Omega";
$a[] = "alpha";
$a[] = "beta";
$a[] = "gamma";
$a[] = "delta";
$a[] = "epsilon";
$a[] = "zeta";
$a[] = "eta";
$a[] = "theta";
$a[] = "iota";
$a[] = "kappa";
$a[] = "lambda";
$a[] = "mu";
$a[] = "nu";
$a[] = "xi";
$a[] = "omnicron";
$a[] = "pi";
$a[] = "rho";
$a[] = "sigmaf";
$a[] = "sigma";
$a[] = "tau";
$a[] = "upsilon";
$a[] = "phi";
$a[] = "chi";
$a[] = "psi";
$a[] = "omega";
$a[] = "thetasym";
$a[] = "upsih";
$a[] = "straightphi";
$a[] = "piv";
$a[] = "Gammad";
$a[] = "gammad";
$a[] = "varkappa";
$a[] = "varrho";
$a[] = "straightepsilon";
$a[] = "backepsilon";
// latin
$a[] = "Agrave";
$a[] = "Aacute";
$a[] = "Acirc";
$a[] = "Atilde";
$a[] = "Auml";
$a[] = "Aring";
$a[] = "AElig";
$a[] = "Ccedil";
$a[] = "Egrave";
$a[] = "Eacute";
$a[] = "Ecirc";
$a[] = "Euml";
$a[] = "Igrave";
$a[] = "Iacute";
$a[] = "Icirc";
$a[] = "Iuml";
$a[] = "ETH";
$a[] = "Ntilde";
$a[] = "Ograve";
$a[] = "Oacute";
$a[] = "Ocirc";
$a[] = "Otilde";
$a[] = "Ouml";
$a[] = "times";
$a[] = "Oslash";
$a[] = "Ugrave";
$a[] = "Uacute";
$a[] = "Ucirc";
$a[] = "Uuml";
$a[] = "Yacute";
$a[] = "THORN";
$a[] = "szlig";
$a[] = "agrave";
$a[] = "aacute";
$a[] = "acirc";
$a[] = "atilde";
$a[] = "auml";
$a[] = "aring";
$a[] = "aelig";
$a[] = "ccedil";
$a[] = "egrave";
$a[] = "eacute";
$a[] = "ecirc";
$a[] = "euml";
$a[] = "igrave";
$a[] = "iacute";
$a[] = "icirc";
$a[] = "iuml";
$a[] = "eth";
$a[] = "ntilde";
$a[] = "ograve";
$a[] = "oacute";
$a[] = "ocirc";
$a[] = "otilde";
$a[] = "ouml";
$a[] = "oslash";
$a[] = "ugrave";
$a[] = "uacute";
$a[] = "ucirc";
$a[] = "uuml";
$a[] = "yacute";
$a[] = "thorn";
$a[] = "yuml";
$a[] = "OElig";
$a[] = "oelig";
$a[] = "Scaron";
$a[] = "scaron";
$a[] = "Yuml";
$a[] = "fnof";
$a[] = "circ";
$a[] = "tilde";
$a[] = "Alpha";
// currency
$a[] = "euro";
$a[] = "cent";
$a[] = "pound";
$a[] = "yen";
$a[] = "curren";
// other
$a[] = "copy";
$a[] = "reg";
$a[] = "trade";
$a[] = "sup1";
$a[] = "sup2";
$a[] = "sup3";
// symbols
$a[] = "deg";
$a[] = "micro";
$a[] = "para";
$a[] = "middot";
$a[] = "dagger";
$a[] = "Dagger";
$a[] = "bull";
$a[] = "hellip";
$a[] = "permil";
$a[] = "prime";
$a[] = "Prime";
// punctuation
$a[] = "quot";
$a[] = "amp";
$a[] = "apos";
$a[] = "lt";
$a[] = "gt";
$a[] = "nbsp";
$a[] = "iexcl";
$a[] = "brvbar";
$a[] = "sect";
$a[] = "ordf";
$a[] = "iquest";
$a[] = "sdot";
$a[] = "vellip";
// quotes
$a[] = "laquo";
$a[] = "raquo";
$a[] = "lsquo";
$a[] = "rsquo";
$a[] = "sbquo";
$a[] = "ldquo";
$a[] = "rdquo";
$a[] = "bdquo";
$a[] = "lsaquo";
$a[] = "rsaquo";
$a[] = "lceil";
$a[] = "rceil";
$a[] = "lfloor";
$a[] = "rfloor";
$a[] = "lang";
$a[] = "rang";
$len = mb_strlen($dirty);
$inside = false;
$s = "";
$t = "";
for ($i = 0; $i < $len; $i++) {
$c = mb_substr($dirty, $i, 1);
if ($inside) {
if ($c == "&") {
// nested ampersand
$s .= "&" . $t;
$t = "";
} else {
if ($c == ";") {
$inside = false;
if (@mb_substr($t, 0, 1) == "#") {
// numerical entity - nuke it
//writeln("numerical");
} else {
if (in_array($t, $a)) {
// valid entity
//writeln("valid");
$s .= "&" . $t . ";";
} else {
// invalid entity
//writeln("invalid");
}
}
} else {
if (!string_uses($c, "[A-Z][a-z][0-9]#")) {
// dangling entity
//writeln("dangling [$c] [$i]");
$s .= "&" . $t . $c;
$inside = false;
} else {
$t .= $c;
}
}
}
} else {
if ($c == "&") {
$t = "";
$inside = true;
} else {
$s .= $c;
}
}
}
return $s;
}
//
// Pipecode is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Pipecode is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode. If not, see <http://www.gnu.org/licenses/>.
//
$pid = (int) $s2;
if (!string_uses($pid, "[0-9]")) {
die("error: invalid pid [{$pid}]");
}
if (!http_post()) {
die("error: post method required");
}
if (!db_has_rec("pipe", $pid)) {
die("error: pipe not found [{$pid}]");
}
//var_dump($_POST);
//if (!empty(@$_POST["up_x"]) || !empty(@$_POST["down_x"])) {
if (array_key_exists("up_x", $_POST) || array_key_exists("down_x", $_POST) || array_key_exists("undo_x", $_POST)) {
$redirect = true;
$up = array_key_exists("up_x", $_POST);
//die("up");
} else {
function clean_url($dirty)
{
$dirty = str_replace("<b>", "", $dirty);
$dirty = str_replace("</b>", "", $dirty);
$dirty = str_replace("<i>", "", $dirty);
$dirty = str_replace("</i>", "", $dirty);
$dirty = str_replace("<s>", "", $dirty);
$dirty = str_replace("</s>", "", $dirty);
$dirty = str_replace("<q>", "", $dirty);
$dirty = str_replace("</q>", "", $dirty);
$clean = "";
for ($i = 0; $i < strlen($dirty); $i++) {
$c = substr($dirty, $i, 1);
if (string_uses($c, "[a-z][A-Z][0-9] ")) {
$clean .= $c;
}
}
$clean = str_replace(" ", "-", strtolower(trim($clean)));
return $clean;
}
$user_conf["joined"] = time();
db_set_conf("user_conf", $user_conf, $zid);
db_del_rec("email_challenge", $email_challenge["challenge"]);
print_header("User Created");
writeln('<h1>User Created</h1>');
writeln('<p>Welcome to ' . $server_title . '!</p>');
writeln('<p>' . $zid . "</p>");
print_footer();
die;
}
$username = http_post_string("username", array("len" => 20, "valid" => "[a-z][0-9]"));
$mail_1 = http_post_string("mail_1", array("len" => 50, "valid" => "[a-z][A-Z][0-9]@.-_+"));
$mail_2 = http_post_string("mail_2", array("len" => 50, "valid" => "[a-z][A-Z][0-9]@.-_+"));
$answer = http_post_string("answer", array("required" => false));
$luser = strtolower($username);
if (string_uses(substr($username, 0, 1), "[0-9]")) {
die("user_name may not start with a number [{$username}]");
}
if (strlen($username) < 3) {
die("user_name must be at least 3 characters [{$username}]");
}
$rfc_2142 = array("info", "marketing", "sales", "support", "abuse", "noc", "security", "postmaster", "hostmaster", "usenet", "news", "webmaster", "www", "uucp", "ftp");
if (in_array($luser, $rfc_2142)) {
die("username is reserved [{$username}]");
}
$reserved_usernames = array("admin", "administrator", "anonymous", "blog", "bugs", "code", "donate", "feed", "feedback", "forum", "git", "img", "legal", "list", "lists", "mail", "pipe", "pipecode", "pipedot", "pipeline", "root", "scm", "ssladmin", "wiki");
if (in_array($luser, $reserved_usernames)) {
die("username is reserved [{$username}]");
}
if ($mail_1 != $mail_2) {
die("email addresses do not match [{$mail_1}] [{$mail_2}]");
// Pipecode is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Pipecode is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode. If not, see <http://www.gnu.org/licenses/>.
//
include "render.php";
include "story.php";
if (string_uses($s2, "[0-9]")) {
$sid = (int) $s2;
} else {
$date = $s2;
$ctitle = $s3;
$time_beg = strtotime($date);
if ($time_beg === false) {
die("invalid date [{$date}]");
}
$time_end = $time_beg + 86400;
$row = run_sql("select sid from story where time > ? and time < ? and ctitle = ?", array($time_beg, $time_end, $ctitle));
if (count($row) == 0) {
die("story not found - date [{$date}] title [{$ctitle}]");
}
$sid = $row[0]["sid"];
}
return;
}
}
}
$comment_vote = array();
$comment_vote["cid"] = $cid;
$comment_vote["zid"] = $zid;
$comment_vote["rid"] = $rid;
$comment_vote["time"] = time();
db_set_rec("comment_vote", $comment_vote);
}
$k = array_keys($_POST);
for ($i = 0; $i < count($k); $i++) {
$a = explode("_", $k[$i]);
if (count($a) == 2) {
if ($a[0] == "cid" && string_uses($a[1], "[0-9]") && string_uses($_POST[$k[$i]], "[0-9]-")) {
$cid = (int) $a[1];
$rid = (int) $_POST[$k[$i]];
if ($rid >= 0 && $rid <= 10) {
moderate($cid, $auth_zid, $rid);
}
}
}
}
$sid = http_post_int("sid", array("required" => false));
$pid = http_post_int("pid", array("required" => false));
$qid = http_post_int("qid", array("required" => false));
if ($sid > 0) {
header("Location: /story/{$sid}");
} else {
if ($pid > 0) {
die("invalid aid [" . $aids[$i] . "]");
}
$poll_answer = db_get_rec("poll_answer", $aids[$i]);
if ($qid != $poll_answer["qid"]) {
die("answer [" . $aids[$i] . "] not on question [{$qid}]");
}
}
} else {
if ($type_id == 3) {
$row = run_sql("select count(*) as answer_count from poll_answer where qid = ?", array($qid));
$max = $row[0]["answer_count"];
$aids = @$_POST["aid"];
$keys = array_keys($aids);
$scores = array();
for ($i = 0; $i < count($keys); $i++) {
if (!string_uses($keys[$i], "[0-9]")) {
die("invalid aid [" . $keys[$i] . "]");
}
$poll_answer = db_get_rec("poll_answer", $keys[$i]);
if ($qid != $poll_answer["qid"]) {
die("answer [" . $keys[$i] . "] not on question [{$qid}]");
}
$aid = $keys[$i];
$score = (int) $aids[$aid];
if ($aids[$aid] === "0" || $score > $max) {
die("score out of bounds [{$score}]");
}
if ($score > 0) {
$scores[] = $score;
}
}
//
// Pipecode is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Pipecode is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode. If not, see <http://www.gnu.org/licenses/>.
//
include "../include/common.php";
if (!string_uses($request_script, "[a-z][0-9]_-/")) {
die("invalid request [{$request_script}]");
}
$a = explode("/", $request_script);
if (count($a) >= 2) {
$s1 = $a[1];
} else {
$s1 = "";
}
if (count($a) >= 3) {
$s2 = $a[2];
} else {
$s2 = "";
}
if (count($a) >= 4) {
$s3 = $a[3];
