/** * clean_encode_message * * clean message or potentially dangerous (X)HTML and encode UBB to XHTML * * @author DigiOz Guestbook, Scott Trevithick * @copyright DigiOz.com, 2009. * @param string $yourmessage The string to reformat * @return string $yourmessage The reformatted string **/ function clean_encode_message($yourmessage) { require_once 'class.UBBCodeN.php'; $myUBB = new UBBCodeN(); $yourmessage = $myUBB->encode($yourmessage); // $yourmessage = str_replace('"','"', $yourmessage); $yourmessage = entify_nonprinting_chars($yourmessage); return $yourmessage; }
// Log visitor IP Number and IP Address if option is set by guestbook administrator --------------- if ($gbIPLogKey == 1) { $message_ip_log = $_SERVER['REMOTE_ADDR']; $message_ip_address_log = gethostbyaddr($_SERVER['REMOTE_ADDR']); $message_time_log = $date; add_to_post_log($yourname, $message_ip_log, $message_ip_address_log, $message_time_log); } // Notify administrator of new email if option is selected ---------------------------------------- if ($notify_admin == 1) { mail("{$notify_admin_email}", "{$notify_subject}", "{$notify_message}"); } // Make user input safe, insert emoticons, and encode UBB code ------------------------------------- $yourname = clean_encode_message(stripslashes($yourname)); $youremail = stripslashes($youremail); $yourmessage = smiley_face($yourmessage); $myUBB = new UBBCodeN(); $yourmessage = $myUBB->encode($yourmessage); $yourmessage = stripcslashes($yourmessage); // Call for filtering bad words ------------------------------------------------------------------- if ($gbBadWordsKey == 1) { $yourmessage = swap_bad_words($yourmessage); } // Write the verified guestbook entry to file ---------------------------------------------------- $gbXML = new gbXML('messages', 'message', 'data/data.xml'); $id = $gbXML->get_max_value_for_tag('id'); ++$id; $tmpArray = array('id' => $id, 'date' => $date, 'name' => $yourname, 'email' => $youremail, 'msg' => $yourmessage); if ($gbXML->append_record_to_file($tmpArray) === TRUE) { // Give Confirmation that the Guestbook Entry was written ---------------------------------------- echo "<p>{$result1}</p>"; echo "<p>{$date}</p>";
HTML; include '../includes/admin_footer.php'; exit; } //go to the guestbook and get the ID requested to edit if (!($recordArray = $mygbXML->get_record_from_file($_GET['id']))) { echo <<<HTML <p class="error">An unknown error occured. The record could not be read from the data file.</p> <p><a href="javascript: history.go(-1);">Go Back</a></p> HTML; include '../includes/admin_footer.php'; exit; } else { //get a UBBClass object to decode values $myUBB = new UBBCodeN(); //decode the HTML to UBB and assign the variables to populate our template included below: $id_value = $_GET['id']; $your_name_value = stripslashes($myUBB->decode($recordArray['name'])); $your_email_value = stripslashes($myUBB->decode($recordArray['email'])); $your_message_value = stripslashes(swap_image($myUBB->decode($recordArray['msg']))); //set the form that will process our submission $form_processor = 'edit_process.php'; //set the path to the javascript file that the guestbook form uses $guestbook_entry_javascript = '../includes/guestbook_entry.js'; } echo "<center>"; //include the main editing interface: $inside_admin_area = "1"; include '../includes/guestbook_new_entry_page_template.php'; echo "</center>";