function blog_filter_csv_line($line) { $o = ''; foreach ($line as $field) { if (strlen($field) > 50) { $field = substr($field, 47) . '...'; } $o .= '<td>' . Template::sanitize($field) . '</td>'; } return $o; }
/** * Override the getter for head to include the description * and keywords fields as meta tags. */ public function __get($key) { if ($key == 'head') { $head = ''; if (isset($this->data['description'])) { $head .= '<meta name="description" content="' . Template::sanitize($this->data['description']) . "\" />\n"; } if (isset($this->data['keywords'])) { $head .= '<meta name="keywords" content="' . Template::sanitize($this->data['keywords']) . "\" />\n"; } return $head; } return parent::__get($key); }
echo $tpl->render('admin/locked', $lock->info()); return; } else { $lock->add(); } $f = new Form('post', 'designer/editlayout'); $f->verify_csrf = false; if ($f->submit()) { if (@file_put_contents($_GET['file'], $_POST['body'])) { $this->add_notification(__('Layout saved.')); try { @chmod($_GET['file'], 0666); } catch (Exception $e) { } $lock->remove(); $this->redirect('/designer'); } $page->title = __('Saving Layout Failed'); echo '<p>' . __('Check that your permissions are correct and try again.') . '</p>'; } else { $page->window_title = __('Edit Layout') . ': ' . Template::sanitize($_GET['file']); } $o = new StdClass(); $o->file = $_GET['file']; $o->body = @file_get_contents($_GET['file']); $o->failed = $f->failed; $o = $f->merge_values($o); $this->run('admin/util/i18n'); $page->add_script('/apps/designer/css/layout.css'); $page->add_script('/apps/designer/js/jquery.bindWithDelay.js'); echo $tpl->render('designer/edit/layout', $o);
/** * Generate a text input in a template: * * <?= Form::textarea ('name', $data, 50, 4) ?> * * This will generate the following HTML: * * <textarea name="name" cols="50" rows="4">Value from $data</textarea> */ public static function textarea($name, $data, $cols = null, $rows = null) { $out = '<textarea name="' . $name . '"'; if ($cols !== null) { $out .= '" cols="' . $cols . '"'; } if ($rows !== null) { $out .= '" rows="' . $rows . '"'; } $out .= '>'; $out .= Template::sanitize($data->{$name}); $out .= '</textarea>'; return $out; }
function test_sanitize() { $this->assertEquals(Template::sanitize('<script type="text/javascript">eval ("alert (typeof window)")</script>'), '<script type="text/javascript">eval ("alert (typeof window)")</script>'); }
$page->layout = 'admin'; $this->require_acl ('admin', 'user'); if (! isset ($_GET['id'])) { $this->redirect ('/user/admin'); } $user = new User ($_GET['id']); if ($user->error) { $page->title = __ ('Account not found'); printf ('<p><a href="/user/admin">« %s</a></p>', __ ('Back')); return; } $user = $user->orig (); $tabs = Appconf::options ('user'); foreach ($tabs as $handler => $name) { $user->tabs[$name] = $this->run ($handler, array ('user' => $user->id)); } $page->title = Template::sanitize ($user->name); $page->add_style ('/apps/user/css/details.css'); $page->add_script ('/js/jquery-ui/jquery-ui.min.js'); $page->add_script ('/apps/user/js/jquery.tools.min.js'); $page->add_script ('/apps/user/js/react/react.js'); $page->add_script ('/apps/user/js/build/links.js'); $page->add_script ('/apps/user/js/build/notes.js'); echo $tpl->render ('user/details', $user);
/** * Show a variable for the debug output. */ public static function show_variable($value, $tabs = 0) { if (is_numeric($value)) { // Render a numeric value echo $value; } elseif (is_bool($value)) { // Render a boolean value if ($value) { echo 'true'; } else { echo 'false'; } } elseif (is_string($value)) { // Render a string value echo '"' . Template::sanitize($value) . '"'; } elseif (is_array($value)) { // Render an array echo 'array ('; if (empty($value)) { echo ")"; return; } if (Debugger::is_assoc($value)) { // Associative array $first = true; foreach ($value as $key => $val) { if (!$first) { echo ","; $first = false; } echo "\n"; echo str_pad('', ($tabs + 1) * 4); printf("\"%s\" => ", $key); Debugger::show_variable($val, $tabs + 1); } } else { // Ordinary array $first = true; foreach ($value as $val) { if (!$first) { echo ","; $first = false; } print "\n"; echo str_pad('', ($tabs + 1) * 4); Debugger::show_variable($val, $tabs + 1); } } echo "\n"; echo str_pad('', $tabs * 4); echo ")"; } elseif (is_object($value)) { // Render an object $vars = get_object_vars($value); if (count($vars) === 0) { echo get_class($value) . ' ()'; return; } echo get_class($value) . " (\n"; foreach (get_object_vars($value) as $key => $val) { echo str_pad('', ($tabs + 1) * 4); printf("\$%s = ", $key); Debugger::show_variable($val, $tabs + 1); echo ";\n"; } echo ")"; } else { // Render unknown values as-is echo $value; } }
if (count($res) > 0) { $headers = array_keys((array) $res[0]); } else { $headers = array(); } printf("<p><a href='/dbman/index'>« %s</a> | <a href='/dbman/add?table=%s'>%s</a></p>\n", i18n_get('Back'), $_GET['table'], i18n_get('Add Item')); echo '<p style="float: left">' . $count . ' ' . i18n_get('results') . ":</p>\n"; if ($count > $limit) { echo '<div style="float: right">' . $this->run('navigation/pager', array('style' => 'numbers', 'url' => '/dbman/browse?table=' . $_GET['table'] . '&num=%d', 'total' => $count, 'count' => count($res), 'limit' => $limit)) . '</div>'; } echo "<p style='clear: both'><table width='100%'><tr>\n"; foreach ($headers as $header) { printf("<th>%s</th>\n", $header); } echo "<th> </th></tr>\n"; foreach ($res as $row) { echo "<tr>\n"; foreach ((array) $row as $k => $v) { if (strlen($v) > 48) { printf("<td title=\"%s\">%s...</td>\n", Template::sanitize($v), Template::sanitize(substr($v, 0, 45))); } else { printf("<td>%s</td>\n", Template::sanitize($v)); } } printf("<td><a href='/dbman/edit?table=%s&key=%s'>%s</a> | <a href='/dbman/delete?table=%s&key=%s' onclick=\"return confirm ('Are you sure you want to delete this item?')\">%s</a></td>\n", $_GET['table'], $row->{$pkey}, i18n_get('Edit'), $_GET['table'], $row->{$pkey}, i18n_get('Delete')); echo "</tr>\n"; } echo "</table></p>\n"; if ($count > $limit) { echo $this->run('navigation/pager', array('style' => 'numbers', 'url' => '/dbman/browse?table=' . $_GET['table'] . '&num=%d', 'total' => $count, 'count' => count($res), 'limit' => $limit)); }
} } echo '</div>'; } $translatable = TranslatableEmail::fromToken($token); $translation = $translatable->translate($lang); /* * Do not call Template::sanitizeOutput on email contents after that because * TranslatableEmail::translate calls Translation::replace which itself calls * Utilities::sanitizeOutput, use Template::sanitize instead ! */ $subject = array_filter($translation->subject->out()); ?> <dl> <dt data-property="subject">{tr:subject} :</dt> <dd data-property="subject"><?php echo Template::sanitize(array_pop($subject)); ?> </dd> <dt data-property="message">{tr:message}</dt> <dd data-property="message"><?php echo Template::sanitize($translation->html); ?> </dd> </dl> <script type="text/javascript" src="{path:js/translate_email_page.js}"></script> </div>
$f = new Form('post', 'designer/editstylesheet'); $f->verify_csrf = false; if ($f->submit()) { if (@file_put_contents($_GET['file'], $_POST['body'])) { $this->add_notification(__('Stylesheet saved.')); try { @chmod($_GET['file'], 0666); } catch (Exception $e) { } $lock->remove(); $this->redirect('/designer'); } $page->title = __('Saving Stylesheet Failed'); echo '<p>' . __('Check that your permissions are correct and try again.') . '</p>'; } else { $page->window_title = __('Edit Stylesheet') . ': ' . Template::sanitize($_GET['file']); } $o = new StdClass(); $o->file = $_GET['file']; $o->body = @file_get_contents($_GET['file']); $o->layouts = array(); $files = glob('layouts/*.html'); if (is_array($files)) { foreach ($files as $layout) { $o->layouts[] = basename($layout, '.html'); } } $files = glob('layouts/*/*.html'); if (is_array($files)) { foreach ($files as $layout) { $o->layouts[] = basename($layout, '.html');
<?php //Imports require_once 'session.php'; require_once 'db/db_conn.php'; require_once 'db/SELECT.php'; require_once 'db/UPDATE.php'; require_once 'classes/Template.php'; $con = connect_db(); $ADK_MSG_TMPL = new Template(); $ADK_MSG_TMPL->populateFromUpdate(); if (!$ADK_MSG_TMPL->isValid()) { $con->close(); http_response_code(400); echo $ADK_MSG_TMPL->err; exit; } $ADK_MSG_TMPL->sanitize(); $ADK_MSG_TMPL->update($con); $ADK_MSG_TMPLS = new Templates(); $ADK_MSG_TMPLS->get($con, $_SESSION['ADK_USER_ID']); $con->close(); echo json_encode($ADK_MSG_TMPLS); http_response_code(200);
$obj = new $class($_GET['id']); if ($obj->error) { // deleted item $obj->{$obj->key} = $_GET['id']; $deleted = true; } } else { $obj = $class; } $history = Versions::history($obj, $limit, $offset); $count = Versions::history($obj, true); } else { $history = array(); $count = 0; } function admin_filter_user_name($id) { $u = new User($id); if ($u->error) { return __('Nobody'); } return $u->name; } $name = Versions::display_name($_GET['type']); $plural = Versions::plural_name($_GET['type']); if (!empty($_GET['id'])) { $page->title .= __('Versions of') . ' ' . Template::sanitize(__($name)) . ' / ' . Template::sanitize($_GET['id']); } else { $page->title = __('Versions') . ' - ' . Template::sanitize(__($plural)); } echo $tpl->render('admin/versions', array('id' => !empty($_GET['id']) ? $_GET['id'] : false, 'type' => $_GET['type'], 'name' => $name, 'plural' => $plural, 'classes' => $classes, 'history' => $history, 'limit' => $limit, 'total' => $count, 'count' => count($history), 'url' => sprintf('/admin/versions?type=%s&id=%s&offset=%%d', $_GET['type'], $_GET['id']), 'deleted' => $deleted));
<?php $this->require_acl('admin', 'translator'); $page->layout = false; $index = unserialize(file_get_contents('lang/_index.php')); if (!isset($index[$_GET['string']])) { printf('<p>%s</p>', __('String not found.')); return; } $string = $index[$_GET['string']]; $string['src'] = is_array($string['src']) ? $string['src'] : array($string['src']); $contexts = array(); foreach ($string['src'] as $source) { $lines = file($source); foreach ($lines as $line => $text) { if (strpos($text, $_GET['string']) !== false) { $start = $line >= 2 ? $line - 2 : 0; $slice = array_slice($lines, $start, 5); $code = ''; foreach ($slice as $n => $single) { $code .= '<span class="line-number">' . ($start + $n + 1) . '.</span> ' . Template::sanitize($single); } $code = str_replace($_GET['string'], '<span class="trans-text">' . $_GET['string'] . '</span>', $code); $contexts[] = (object) array('file' => $source, 'code' => $code); } } } echo View::render('translator/sources', array('contexts' => $contexts));
if (!isset($_GET['current'])) { $this->redirect('/admin'); } if (!in_array($_GET['current'], array('yes', 'no'))) { $this->redirect('/admin'); } $is_current = $_GET['current'] === 'yes' ? true : false; $is_deleted = false; $ver = new Versions($_GET['id']); $old = $ver->restore(); $class = $ver->class; $cur = new $class($ver->pkey); if ($cur->error) { // deleted item $is_deleted = true; foreach (json_decode($ver->serialized) as $key => $value) { $cur->{$key} = $value; } } $diff = Versions::diff($old, $cur); $data = array(); $cur_orig = (array) $cur->orig(); $old_orig = (array) $old->orig(); foreach ($cur_orig as $key => $value) { $data[$key] = array('cur' => $value, 'old' => $old_orig[$key], 'diff' => in_array($key, $diff) ? true : false); } if (is_subclass_of($cur, 'ExtendedModel')) { unset($data[$cur->_extended_field]); } $page->title = __('Comparing') . ' ' . Template::sanitize(__(Versions::display_name($ver->class))) . ' / ' . $ver->pkey; echo $tpl->render('admin/compare', array('fields' => $data, 'class' => $ver->class, 'pkey' => $ver->pkey, 'ts' => $ver->ts, 'is_current' => $is_current, 'is_deleted' => $is_deleted));