/** * Smarty escape modifier plugin * * Type: modifier<br> * Name: escape<br> * Purpose: Escape the string according to escapement type * @link http://smarty.php.net/manual/en/language.modifier.escape.php * escape (Smarty online manual) * @param string * @param html|htmlall|url|quotes|hex|hexentity|javascript * @return string */ function smarty_modifier_escape($string, $esc_type = 'html') { switch ($esc_type) { case 'html': return htmlspecialchars($string, ENT_QUOTES); case 'htmlall': return htmlentities($string, ENT_QUOTES); case 'link': $sText = nl2br(htmlspecialchars($string)); $sRetVal = eregi_replace('(http|ftp|telnet|irc|https)://[^<>[:space:]]+[[:alnum:]/]', '<a target="_blank" href="\\0">\\0</a>', $sText); // Pseudo stuff $sRetVal = eregi_replace('dcl://workorders/([0-9]+)[-]([0-9]+)', '<a href="' . menuLink() . '?menuAction=boWorkorders.viewjcn&jcn=\\1&seq=\\2">\\0</a>', $sRetVal); $sRetVal = eregi_replace('dcl://tickets/([0-9]+)', '<a href="' . menuLink() . '?menuAction=boTickets.view&ticketid=\\1">\\0</a>', $sRetVal); $sRetVal = eregi_replace('dcl://projects/([0-9]+)', '<a href="' . menuLink() . '?menuAction=boProjects.viewproject&wostatus=0&project=\\1">\\0</a>', $sRetVal); return $sRetVal; case 'url': return urlencode($string); case 'date': $o = new dclDB(); return $o->FormatDateForDisplay($string); case 'timestamp': $o = new dclDB(); return $o->FormatTimeStampForDisplay($string); case 'rawurl': return rawurlencode($string); case 'quotes': // escape unescaped single quotes return preg_replace("%(?<!\\\\)'%", "\\'", $string); case 'utf8xml': return utf8_encode(htmlspecialchars($string, ENT_NOQUOTES)); case 'hex': // escape every character into hex $return = ''; for ($x = 0; $x < strlen($string); $x++) { $return .= '%' . bin2hex($string[$x]); } return $return; case 'hexentity': $return = ''; for ($x = 0; $x < strlen($string); $x++) { $return .= '&#x' . bin2hex($string[$x]) . ';'; } return $return; case 'javascript': // escape quotes and backslashes and newlines return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n')); default: return $string; } }
function ShowTimesheet($query, $iGroupColumn) { $bExport = isset($_REQUEST['export']) && $_REQUEST['export'] == '1'; $responsible = ''; $oMeta =& CreateObject('dcl.DCL_MetadataDisplay'); if ($_REQUEST['bytype'] == '1') { if (($responsible = DCL_Sanitize::ToInt($_REQUEST['responsible'])) === null) { trigger_error('Data sanitize failed.'); return; } $sReportFor = $oMeta->GetPersonnel($responsible); } else { if (($department = DCL_Sanitize::ToInt($_REQUEST['department'])) === null) { trigger_error('Data sanitize failed.'); return; } $sReportFor = $oMeta->GetDepartment($department); } if (($begindate = DCL_Sanitize::ToDate($_REQUEST['begindate'])) === null || ($enddate = DCL_Sanitize::ToDate($_REQUEST['enddate'])) === null) { trigger_error('Data sanitize failed.'); return; } $oBeginDate = new DCLDate(); $oBeginDate->SetFromDisplay($begindate); $oEndDate = new DCLDate(); $oEndDate->SetFromDisplay($enddate); $aDateArray = array(); for ($iTime = $oBeginDate->time; $iTime <= $oEndDate->time; $iTime += 86400) { $oBeginDate->time = $iTime; $aDateArray[$oBeginDate->ToDisplay()] = 0.0; } $aReportArray = array(); $objDB = new dclDB(); if ($objDB->Query($query) != -1) { if ($objDB->next_record()) { do { $sArrayIndex = $objDB->f('name'); if (!isset($aReportArray[$sArrayIndex])) { $aReportArray[$sArrayIndex] = $aDateArray; } $aReportArray[$sArrayIndex][$objDB->FormatDateForDisplay($objDB->f('actionon'))] += $objDB->f('hours'); } while ($objDB->next_record()); $aTotalArray = $aDateArray; $aDisplayArray = array(); ksort($aReportArray); $iIndex = 0; foreach ($aReportArray as $sGroup => $aHours) { $aDisplayArray[$iIndex] = array(); $aDisplayArray[$iIndex][] = $sGroup; $fTotal = 0.0; foreach ($aHours as $sDate => $fHours) { $aTotalArray[$sDate] += $fHours; $aDisplayArray[$iIndex][] = $fHours; $fTotal += $fHours; } $aDisplayArray[$iIndex][] = $fTotal; $iIndex++; } if ($bExport) { $aDisplayArray[$iIndex] = array(); $aDisplayArray[$iIndex][] = 'Total'; $fTotal = 0.0; foreach ($aTotalArray as $sDate => $fHours) { $aDisplayArray[$iIndex][] = $fHours; $fTotal += $fHours; } $aDisplayArray[$iIndex][] = $fTotal; $nameArray = array_merge(array(''), array_keys($aDateArray), array('Total')); ExportArray($nameArray, $aDisplayArray); } else { $oTable = CreateObject('dcl.htmlTable'); $oTable->addColumn('', 'string'); foreach (array_keys($aDateArray) as $sDate) { $oTable->addColumn($sDate, 'numeric'); } $oTable->addColumn('Total', 'numeric'); $oTable->addFooter('Total'); $fTotal = 0.0; foreach ($aTotalArray as $sDate => $fHours) { $oTable->addFooter($fHours); $fTotal += $fHours; } $oTable->addFooter($fTotal); $oTable->setData($aDisplayArray); $oTable->setShowRownum(true); $oTable->setCaption(sprintf(STR_WOST_ACTIVITYTITLE, $sReportFor, $begindate, $enddate)); $oTable->addToolbar(menuLink('', sprintf('menuAction=reportPersonnelActivity.execute&export=1×heet=Y&responsible=%s&begindate=%s&enddate=%s&bytype=%d&groupby=%d&department=%d', $responsible, $begindate, $enddate, $_REQUEST['bytype'], $_REQUEST['groupby'], $_REQUEST['department'])), STR_VW_EXPORTRESULTS); $oTable->render(); } } else { if ($bExport) { commonHeader(); } trigger_error(STR_WOST_NOACTIVITY, E_USER_NOTICE); $this->getparameters(false); } } }
function Render() { commonHeader(); if (($id = DCL_Sanitize::ToInt($_REQUEST['projectid'])) === null) { return PrintPermissionDenied(); } if (($days = DCL_Sanitize::ToInt($_REQUEST['days'])) === null) { return PrintPermissionDenied(); } if (($endon = DCL_Sanitize::ToDate($_REQUEST['endon'])) === null) { return PrintPermissionDenied(); } $oDate = new DCLDate(); $oDate->SetFromDisplay($endon); $endon = $oDate->ToDB(); $oDate->time = mktime(0, 0, 0, date('m', $oDate->time), date('d', $oDate->time) - $days, date('Y', $oDate->time)); $beginon = $oDate->ToDB(); $sSQL = ''; if (isset($_REQUEST['scope'])) { $sSQL = $this->GetScopeSQL($id, $beginon, $endon); } if (isset($_REQUEST['timecards'])) { if ($sSQL != '') { $sSQL .= ' UNION ALL '; } $sSQL .= $this->GetTimeCardSQL($id, $beginon, $endon); } if (isset($_REQUEST['code'])) { if ($sSQL != '') { $sSQL .= ' UNION ALL '; } $sSQL .= $this->GetWorkOrderCodeSQL($id, $beginon, $endon); $sSQL .= ' UNION ALL '; $sSQL .= $this->GetProjectCodeSQL($id, $beginon, $endon); } if ($sSQL == '') { ShowError('No options selected.', __FILE__, __LINE__, null); return; } $sSQL .= ' ORDER BY 2 DESC'; $oDB = new dclDB(); if ($oDB->Query($sSQL) !== -1) { $aResults = array(); while ($oDB->next_record()) { $aRecord = array(); $aRecord[] = $oDB->FormatDateForDisplay($oDB->f(1)); $oDB->objTimestamp->SetFromDB($oDB->f(1)); $aRecord[] = $oDB->objTimestamp->ToTimeOnly(); if ($oDB->f(0) == 4) { $aRecord[] = '<a href="' . menuLink('', 'menuAction=boProjects.viewproject&project=' . $id) . '">[' . $id . '] ' . htmlspecialchars($oDB->f(5)) . '</a>'; } else { $aRecord[] = '<a href="' . menuLink('', 'menuAction=boWorkorders.viewjcn&jcn=' . $oDB->f(2) . '&seq=' . $oDB->f(3)) . '">[' . $oDB->f(2) . '-' . $oDB->f(3) . '] ' . htmlspecialchars($oDB->f(6)) . '</a>'; } $aRecord[] = $oDB->f(7); $aRecord[] = $oDB->f(8); $aRecord[] = $oDB->f(9); $aResults[] = $aRecord; } $oTable =& CreateObject('dcl.htmlTable'); $oTable->setCaption('Project Timeline'); $oTable->addColumn('Date', 'string'); $oTable->addColumn('Time', 'string'); $oTable->addColumn('Item', 'html'); $oTable->addColumn('Current Status', 'string'); $oTable->addColumn('Action By', 'string'); $oTable->addColumn('Action Description', 'string'); $oTable->addGroup(0); $oTable->setData($aResults); $oTable->setShowRownum(true); $oTable->render(); } }