COM_resetSpeedlimit('login'); // we are now fully logged in, let's see if there is someplace we need to go.... if (SESS_isSet('login_referer')) { $_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer'); SESS_unSet('login_referer'); } if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { $indexMsg = $_CONF['site_url'] . '/index.php?msg='; if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } else { // If user is trying to login - force redirect to index.php if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) { // if article - we need to ensure we have the story if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER'])); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { $msg = COM_getMessage(); if ($msg > 0) { $pageBody .= COM_showMessage($msg, '', '', 0, 'info'); }
$T->parse('media_views', 'media_views'); } $T->parse('media_cell', 'media_cell_image'); $retval = $T->finish($T->get_var('media_cell')); return $retval; } /* * Main Function */ if (isset($_REQUEST['mode'])) { $mode = COM_applyFilter($_REQUEST['mode']); } else { $mode = ''; } if (isset($_SERVER['HTTP_REFERER'])) { $referer = COM_sanitizeUrl($_SERVER['HTTP_REFERER']); } else { $referer = ''; } $themeStyle = MG_getThemeCSS(0); if ($mode == $LANG_MG01['search'] && !empty($LANG_MG01['search']) || $mode == 'search') { $keywords = isset($_REQUEST['keywords']) ? COM_applyFilter($_REQUEST['keywords']) : ''; $stype = isset($_REQUEST['keyType']) ? COM_applyFilter($_REQUEST['keyType']) : ''; $category = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], 1) : 0; $skeywords = isset($_REQUEST['swhere']) ? COM_applyFilter($_REQUEST['swhere'], 1) : 1; $numresults = isset($_REQUEST['numresults']) ? COM_applyFilter($_REQUEST['numresults'], true) : 10; $users = isset($_REQUEST['uid']) ? COM_applyFilter($_REQUEST['uid'], true) : 0; $sortyby = 'title'; $sortdirection = 'DESC'; if ($keywords == '') { $display = MG_siteHeader();
/** * Display an ad's detail * @param string $ad_id ID of ad to display */ function adDetail($ad_id = '') { global $_USER, $_TABLES, $_CONF, $LANG_ADVT, $_CONF_ADVT; USES_lib_comments(); // Determind if this is an administrator $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin'); $ad_id = COM_sanitizeID($ad_id); if ($ad_id == '') { // An ad id is required for this function return CLASSIFIEDS_errorMsg($LANG_ADVT['missing_id'], 'alert'); } $srchval = isset($_GET['query']) ? trim($_GET['query']) : ''; // We use this in a few places here, so might as well just // figure it out once and save it. $perm_sql = COM_getPermSQL('AND', 0, 2, 'ad') . ' ' . COM_getPermSQL('AND', 0, 2, 'cat'); // get the ad information. $sql = "SELECT ad.*\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id='{$ad_id}'"; if (!$admin) { $sql .= $perm_sql; } $result = DB_query($sql); if (!$result || DB_numRows($result) < 1) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_ad_found'], 'note', 'Oops...'); } $ad = DB_fetchArray($result, false); // Check access to the ad. If granted, check that access isn't // blocked by any category. $my_access = CLASSIFIEDS_checkAccess($ad['ad_id'], $ad); if ($my_access >= 2) { $my_cat_access = CLASSIFIEDS_checkCatAccess($ad['cat_id'], false); if ($my_cat_access < $my_access) { $my_access = $my_cat_access; } } if ($my_access < 2) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } $cat = (int) $ad['cat_id']; // Increment the views counter $sql = "UPDATE {$_TABLES['ad_ads']} \n SET views = views + 1 \n WHERE ad_id='{$ad_id}'"; DB_query($sql); // Get the previous and next ads $condition = " AND ad.cat_id={$cat}"; if (!$admin) { $condition .= $perm_sql; } $sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id < '{$ad_id}' \n {$condition}\n ORDER BY ad_id DESC\n LIMIT 1"; $r = DB_query($sql); list($preAd_id) = DB_fetchArray($r, false); $sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id > '{$ad_id}' \n {$condition}\n ORDER BY ad_id ASC\n LIMIT 1"; $r = DB_query($sql); list($nextAd_id) = DB_fetchArray($r, false); // Get the user contact info. If none, just show the email link $sql = "SELECT * \n FROM {$_TABLES['ad_uinfo']} \n WHERE uid='{$ad['uid']}'"; //echo $sql; $result = DB_query($sql); $uinfo = array(); if ($result && DB_numRows($result) > 0) { $uinfo = DB_fetchArray($result); } else { $uinfo['uid'] = ''; $uinfo['address'] = ''; $uinfo['city'] = ''; $uinfo['state'] = ''; $uinfo['postal'] = ''; $uinfo['tel'] = ''; $uinfo['fax'] = ''; } // Get the hot results (most viewed ads) $time = time(); $sql = "SELECT ad.ad_id, ad.cat_id, ad.subject,\n cat.cat_id, cat.fgcolor, cat.bgcolor\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad.exp_date > {$time} \n {$perm_sql}\n ORDER BY views DESC \n LIMIT 4"; //echo $sql;die; $hotresult = DB_query($sql); // convert line breaks & others to html $patterns = array('/\\n/'); $replacements = array('<br />'); $ad['descript'] = PLG_replaceTags(COM_checkHTML($ad['descript'])); $ad['descript'] = preg_replace($patterns, $replacements, $ad['descript']); $ad['subject'] = strip_tags($ad['subject']); $ad['price'] = strip_tags($ad['price']); $ad['url'] = COM_sanitizeUrl($ad['url']); $ad['keywords'] = strip_tags($ad['keywords']); // Highlight search terms, if any if ($srchval != '') { $ad['subject'] = COM_highlightQuery($ad['subject'], $srchval); $ad['descript'] = COM_highlightQuery($ad['descript'], $srchval); } $detail = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $detail->set_file('detail', 'detail.thtml'); if ($admin) { $base_url = CLASSIFIEDS_ADMIN_URL . '/index.php'; $del_link = $base_url . '?delete=ad&ad_id=' . $ad_id; $edit_link = $base_url . '?edit=ad&ad_id=' . $ad_id; } else { $base_url = CLASSIFIEDS_URL . '/index.php'; $del_link = $base_url . '?mode=Delete&id=' . $ad_id; $edit_link = $base_url . '?mode=editad&id=' . $ad_id; } // Set up the "add days" form if this user is the owner // or an admin if ($my_access == 3) { // How many days has the ad run? $max_add_days = CLASSIFIEDS_calcMaxAddDays(($ad['exp_date'] - $ad['add_date']) / 86400); if ($max_add_days > 0) { $detail->set_var('max_add_days', $max_add_days); } } if ($ad['exp_date'] < $time) { $detail->set_var('is_expired', 'true'); } USES_classifieds_class_category(); $detail->set_var(array('base_url' => $base_url, 'edit_link' => $edit_link, 'del_link' => $del_link, 'curr_loc' => adCategory::BreadCrumbs($cat, true), 'subject' => $ad['subject'], 'add_date' => date($_CONF['shortdate'], $ad['add_date']), 'exp_date' => date($_CONF['shortdate'], $ad['exp_date']), 'views_no' => $ad['views'], 'descript' => $ad['descript'], 'ad_type' => CLASSIFIEDS_getAdTypeString($ad['ad_type']), 'uinfo_address' => $uinfo['address'], 'uinfo_city' => $uinfo['city'], 'uinfo_state' => $uinfo['state'], 'uinfo_postcode' => $uinfo['postcode'], 'uinfo_tel' => $uinfo['tel'], 'uinfo_fax' => $uinfo['fax'], 'price' => $ad['price'], 'ad_id' => $ad_id, 'ad_url' => $ad['url'], 'username' => $_CONF_ADVT['disp_fullname'] == 1 ? COM_getDisplayName($ad['uid']) : DB_getItem($_TABLES['users'], 'username', "uid={$ad['uid']}"), 'fgcolor' => $ad['fgcolor'], 'bgcolor' => $ad['bgcolor'], 'cat_id' => $ad['cat_id'])); // Display a link to email the poster, or other message as needed $emailfromuser = DB_getItem($_TABLES['userprefs'], 'emailfromuser', "uid={$ad['uid']}"); if ($_CONF['emailuserloginrequired'] == 1 && COM_isAnonUser() || $emailfromuser < 1) { $detail->set_var('ad_uid', ''); } else { $detail->set_var('ad_uid', $ad['uid']); } if ($my_access == 3) { $detail->set_var('have_userlinks', 'true'); if ($admin || $_CONF_ADVT['usercanedit'] == 1) { $detail->set_var('have_editlink', 'true'); } else { $detail->set_var('have_editlink', ''); } } else { $detail->set_var('have_userlinks', ''); } // Retrieve the photos and put into the template $sql = "SELECT photo_id, filename\n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$ad_id}'"; $photo = DB_query($sql); $photo_detail = ''; $detail->set_var('have_photo', ''); // assume no photo available if ($photo && DB_numRows($photo) >= 1) { while ($prow = DB_fetchArray($photo)) { $img_small = LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['detail_img_width']); $img_disp = CLASSIFIEDS_dispUrl($prow['filename']); if (!empty($img_small)) { $detail->set_block('detail', 'PhotoBlock', 'PBlock'); $detail->set_var(array('tn_width' => $_CONF_ADVT['detail_img_width'], 'small_url' => $img_small, 'disp_url' => $img_disp)); $detail->parse('PBlock', 'PhotoBlock', true); $detail->set_var('have_photo', 'true'); } } } if (DB_count($_TABLES['ad_ads'], 'owner_id', (int) $ad['owner_id']) > 1) { $detail->set_var('byposter_url', CLASSIFIEDS_URL . '/index.php?' . "page=byposter&uid={$ad['owner_id']}"); } // Show previous and next ads if ($preAd_id != '') { $detail->set_var('previous', '<a href="' . CLASSIFIEDS_makeURL('detail', $preAd_id) . "\"><<</a>"); } if ($nextAd_id != '') { $detail->set_var('next', '<a href="' . CLASSIFIEDS_makeURL('detail', $nextAd_id) . "\"> >></a>"); } // Show the "hot results" $hot_data = ''; if ($hotresult) { $detail->set_block('detail', 'HotBlock', 'HBlock'); while ($hotrow = DB_fetchArray($hotresult)) { $detail->set_var(array('hot_title' => $hotrow['subject'], 'hot_url' => CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']), 'hot_cat' => displayCat($hotrow['cat_id']))); /*$hot_data .= "<tr><td class=\"hottitle\"><a href=\"" . CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']) . "\">{$hotrow['subject']}</a></small></td>\n"; $hot_data .= "<td class=\"hotcat\">( " . displayCat($hotrow['cat_id']) . " )</td></tr>\n";*/ } $detail->parse('HBlock', 'HotBlock', true); } $detail->set_var('whats_hot_row', $hot_data); // Show the user comments if (plugin_commentsupport_classifieds() && $ad['comments_enabled'] < 2) { $detail->set_var('usercomments', CMT_userComments($ad_id, $ad['subject'], 'classifieds', '', '', 0, 1, false, false, $ad['comments_enabled'])); //$detail->set_var('usercomments', CMT_userComments($ad_id, $subject, // 'classifieds')); } $detail->parse('output', 'detail'); $display = $detail->finish($detail->get_var('output')); return $display; }
if (!empty($sp_id)) { if (!isset($_POST['sp_onmenu'])) { $_POST['sp_onmenu'] = ''; } if (!isset($_POST['sp_php'])) { $_POST['sp_php'] = ''; } if (!isset($_POST['sp_nf'])) { $_POST['sp_nf'] = ''; } if (!isset($_POST['sp_centerblock'])) { $_POST['sp_centerblock'] = ''; } $help = ''; if (isset($_POST['sp_help'])) { $sp_help = COM_sanitizeUrl($_POST['sp_help'], array('http', 'https')); } if (!isset($_POST['sp_inblock'])) { $_POST['sp_inblock'] = ''; } $sp_uid = COM_applyFilter($_POST['sp_uid'], true); if ($sp_uid == 0) { $sp_uid = $_USER['uid']; } if (!isset($_POST['postmode'])) { $_POST['postmode'] = ''; } $sp_status = 0; if (isset($_POST['sp_status_yes']) || isset($_POST['sp_status_no'])) { if (isset($_POST['sp_status_yes'])) { $sp_status = 1;
function handleunSubscribe($sid, $type) { global $_CONF, $_TABLES, $_USER; $dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url']; if ($dirty_referer == '') { $dirty_referer = $_CONF['site_url']; } $referer = COM_sanitizeUrl($dirty_referer); $sLength = strlen($_CONF['site_url']); if (substr($referer, 0, $sLength) != $_CONF['site_url']) { $referer = $_CONF['site_url']; } if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) { $referer = $_CONF['site_url']; } $hasargs = strstr($referer, '?'); if ($hasargs) { $sep = '&'; } else { $sep = '?'; } if (COM_isAnonUser()) { $display = COM_siteHeader(); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } $rc = PLG_unsubscribe('comment', $type, $sid); echo COM_refresh($referer . $sep . 'msg=521' . '#comments'); exit; }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Ids of topics block is assigned to * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER; $retval = ''; $title = DB_escapeString(COM_stripslashes(strip_tags($title))); $phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn))); if (empty($title) || !TOPIC_checkTopicSelectionControl()) { $retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63])); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($cache_time < -1 or $cache_time == "") { $cache_time = $_CONF['default_cache_time_block']; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } elseif (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37])); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; if ($allow_autotags == 1) { // Remove any autotags the user doesn't have permission to use $content = PLG_replaceTags($content, '', true); } $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL"); } else { $sql = array(); $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; DB_query($sql); $bid = DB_insertId(); } TOPIC_saveTopicSelectionControl('block', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { if (empty($name)) { // empty block name $msgtxt = $LANG21[50]; } elseif ($type == 'portal') { // Portal block is missing fields $msgtxt = $LANG21[33]; } elseif ($type == 'phpblock') { // PHP Block is missing field $msgtxt = $LANG21[34]; } elseif ($type == 'normal') { // Normal block is missing field $msgtxt = $LANG21[35]; } elseif ($type == 'gldefault') { // Default geeklog field missing $msgtxt = $LANG21[42]; } else { // Layout block missing content $msgtxt = $LANG21[36]; } $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32])); } return $retval; }
/** * Insert or update an ad with form values. Setting $admin to true * allows ads to be saved on behalf of another user. * * @param string $savetype Save action to perform * @return array * [0] = string value of page to redirect to * [1] = content of any error message or text */ function adSave($savetype = 'edit') { global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12; global $LANG_ADMIN; $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin'); // Sanitize form variables. There should always be an ad id defined $A = array(); if (isset($_POST['ad_id'])) { $A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false); } elseif (isset($_POST['id'])) { $A['ad_id'] = COM_sanitizeID($_POST['id'], false); } if ($A['ad_id'] == '') { return array(CLASSIFIEDS_URL, 'Missing Ad ID'); } // Make sure the current user can edit this ad. if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) { return array(); } $A['subject'] = trim($_POST['subject']); $A['descript'] = trim($_POST['descript']); if ($_POST['postmode'] == 'plaintext') { $A['descript'] = nl2br($A['descript']); } $A['price'] = trim($_POST['price']); $A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http'); $A['catid'] = (int) $_POST['catid']; $A['ad_type'] = (int) $_POST['ad_type']; $A['keywords'] = trim($_POST['keywords']); $A['add_date'] = COM_applyFilter($_POST['add_date'], true); $A['exp_date'] = COM_applyFilter($_POST['exp_date'], true); if ($A['exp_date'] == 0) { $A['exp_date'] = $A['add_date']; } $A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0; $A['owner_id'] = (int) $_POST['owner_id']; $A['group_id'] = (int) $_POST['group_id']; $A['uid'] = $A['owner_id']; $A['comments_enabled'] = (int) $_POST['comments_enabled']; switch ($savetype) { case 'moderate': case 'adminupdate': case 'savesubmission': case 'editsubmission': case 'submission': $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $A['perms'] = $perms; break; case $LANG_ADMIN['save']: case $LANG12[8]: default: $A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']); break; } // Set anon permissions according to category if not an admin. // To avoid form injection. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $A['perms'][3] = 0; } $photo = $_FILES['photo']; $moredays = COM_applyFilter($_POST['moredays'], true); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { // non-administrator is limited to the available days on account, // if applicable. USES_classifieds_class_userinfo(); $User = new adUserInfo(); $moredays = min($moredays, $User->getMaxDays()); } // Validate some fields. $errmsg = ''; if ($A['subject'] == '') { $errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>"; } if ($A['descript'] == '') { $errmsg .= "<li>{$LANG_ADVT['description_required']}</li>"; } if ($errmsg != '') { $errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"; // return to edit page so user can correct return array(1, $errmsg); //return $errmsg; } // Calculate the new number of days. For an existing ad start from the // date added, if new then start from now. If the ad has already expired, // then $moredays will be added to now() rather than exp_date. if ($moredays > 0) { $moretime = $moredays * 86400; $save_exp_date = $A['exp_date']; if ($A['exp_date'] < time()) { $basetime = time(); } else { $basetime = $A['exp_date']; } $A['exp_date'] = min($basetime + $moretime, $A['add_date'] + intval($_CONF_ADVT['max_total_duration']) * 86400); // Figure out the number of days added to this ad, and subtract // it from the user's account. $days_used = (int) (($A['exp_date'] - $save_exp_date) / 86400); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { $User->UpdateDaysBalance($days_used * -1); } // Reset the "expiration notice sent" flag if the new date is at least // one more day from the old one. //if ($A['exp_date'] - $save_exp_date >= 86400) { if ($days_used > 0) { $A['exp_sent'] = 0; } } $errmsg .= CLASSIFIEDS_UploadPhoto($A['ad_id'], 'photo'); if ($errmsg != '') { // Display the real error message, if there is one return array(1, "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"); //return "<span class=\"alert\"><ul>$errmsg</ul></span>\n"; } if (($savetype == 'moderate' || $savetype == 'editsubmission' || $savetype == 'submission') && plugin_ismoderator_classifieds()) { // If we're editing a submission, delete the submission item // after moving data to the main table $status = CLASSIFIEDS_insertAd($A, 'ad_ads'); if ($status == NULL) { DB_delete($_TABLES['ad_submission'], 'ad_id', $A['ad_id']); } else { $errmsg = $status; } // Now we've duplicated most functions of the moderator approval, // so call the plugin_ function to do the same post-approval stuff plugin_moderationapprove_classifieds($A['ad_id'], $A['owner_id']); } elseif (CLASSIFIEDS_checkAccess($A['ad_id']) == 3) { CLASSIFIEDS_updateAd($A); } else { return array(1, "Acess Denied"); } //$errmsg = COM_showMessage('02', $_CONF_ADVT['pi_name']); //$errmsg = ''; if ($errmsg == '') { return array(0, '02'); } else { return array(1, $errmsg); } //return $errmsg; }
// | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; $display = ''; if (!SEC_inGroup('Root')) { $display .= COM_siteHeader('menu'); $display .= COM_showMessageText($LANG20[6], $LANG20[1], true); $display .= COM_siteFooter(); echo $display; exit; } /* * Main processing */ // validate the referer here - just to be safe.... $dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url']; if ($dirty_referer == '') { $dirty_referer = $_CONF['site_url']; } $referer = COM_sanitizeUrl($dirty_referer); $sLength = strlen($_CONF['site_url']); if (substr($referer, 0, $sLength) != $_CONF['site_url']) { $referer = $_CONF['site_url']; } CTL_clearCache(); COM_setMessage(500); echo COM_refresh($referer);
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $title = addslashes(COM_stripslashes(strip_tags($title))); $phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn))); if (empty($title)) { $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_startBlock($LANG21[63], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[64] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } else { if (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_startBlock($LANG21[37], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[38] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; $content = addslashes($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = addslashes($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { $retval .= COM_siteHeader('menu', $LANG21[32]) . COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); if ($type == 'portal') { // Portal block is missing fields $retval .= $LANG21[33]; } else { if ($type == 'phpblock') { // PHP Block is missing field $retval .= $LANG21[34]; } else { if ($type == 'normal') { // Normal block is missing field $retval .= $LANG21[35]; } else { if ($type == 'gldefault') { // Default geeklog field missing $retval .= $LANG21[42]; } else { // Layout block missing content $retval .= $LANG21[36]; } } } } $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); } return $retval; }
// | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once 'lib-common.php'; header("HTTP/1.0 404 Not Found"); $display = COM_siteHeader('menu', $LANG_404[1]); $display .= COM_startBlock($LANG_404[1]); if (isset($_SERVER['SCRIPT_URI'])) { $url = strip_tags($_SERVER['SCRIPT_URI']); } else { $pos = strpos($_SERVER['REQUEST_URI'], '?'); if ($pos === false) { $request = $_SERVER['REQUEST_URI']; } else { $request = substr($_SERVER['REQUEST_URI'], 0, $pos); } $url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request); } $url = COM_sanitizeUrl($url); $display .= sprintf($LANG_404[2], $url); $display .= $LANG_404[3]; $display .= COM_endBlock(); $display .= COM_siteFooter(); echo $display;
private function setParams() { $tmp = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : '/'; $tmp = explode('?', $tmp); $params = array(); if (isset($tmp[1]) && $tmp[1] != '') { $params_tmp = explode('&', $tmp[1]); if (is_array($params_tmp)) { foreach ($params_tmp as $value) { $tmp = explode('=', $value); if (isset($tmp[0]) && $tmp[0] != '' && isset($tmp[1]) && $tmp[1] != '') { $params[$tmp[0]] = $tmp[1]; } } } } $this->params = $params; }
/** * Saves a block * * @param string $bid Block ID * @param string $name Block name * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @param int $allow_autotags Flag, indicates if autotags are enabed or not * @return string HTML redirect or error message * */ function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $B['bid'] = (int) $bid; $B['name'] = $name; $B['title'] = $title; $B['type'] = $type; $B['blockorder'] = $blockorder; $B['content'] = $content; $B['tid'] = $tid; $B['rdfurl'] = $rdfurl; $B['rdfupdated'] = $rdfupdated; $B['rdflimit'] = $rdflimit; $B['phpblockfn'] = $phpblockfn; $B['onleft'] = $onleft; $B['owner_id'] = $owner_id; $B['group_id'] = $group_id; $B['perm_owner'] = $perm_owner; $B['perm_group'] = $perm_group; $B['perm_members'] = $perm_members; $B['perm_anon'] = $perm_anon; $B['is_enabled'] = $is_enabled; $B['allow_autotags'] = $allow_autotags; $bid = (int) $bid; $MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small"; $filter = sanitizer::getInstance(); $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML); $filter->setAllowedElements($allowedElements); $filter->setPostmode('html'); $title = $filter->filterHTML($title); $title = DB_escapeString($title); $phpblockfn = DB_escapeString(trim($phpblockfn)); if (empty($title) || !BLOCK_validateName($name)) { if (empty($title)) { $msg = $LANG21[64]; } else { $msg = $LANG21[70]; } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 1) { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } else { if (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '1000-01-01 00:00:00'; } $name = DB_escapeString($name); if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } CTL_clearCache(); COM_setMessage(11); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } else { SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[32]); if ($type == 'portal') { // Portal block is missing fields $msg = $LANG21[33]; } else { if ($type == 'phpblock') { // PHP Block is missing field $msg = $LANG21[34]; } else { if ($type == 'normal') { // Normal block is missing field $msg = $LANG21[35]; } else { if ($type == 'gldefault') { // Default glFusion field missing $msg = $LANG21[42]; } else { // Layout block missing content $msg = $LANG21[36]; } } } } $retval .= COM_showMessageText($msg, $LANG21[32], true); $retval .= BLOCK_edit($bid, $B); $retval .= COM_siteFooter(); } return $retval; }
$extra_vars = '&' . implode('&', $url); } else { $extra_vars = ''; } if (substr($urlpart, -($lang_len + 1)) == '_' . $oldlang) { $urlpart = substr_replace($urlpart, $newlang, -$lang_len); } $retval = $urlpart . $extra_vars; } return $retval; } // MAIN $ret_url = ''; if (isset($_SERVER['HTTP_REFERER'])) { if (strpos($_SERVER['HTTP_REFERER'], $_CONF['site_url']) !== false) { $ret_url = COM_sanitizeUrl($_SERVER['HTTP_REFERER']); } } // if not allowed, just ignore and return if ($_CONF['allow_user_language'] == 1) { COM_setArgNames(array('lang')); $lang = strtolower(COM_applyFilter(COM_getArgument('lang'))); $lang = preg_replace('/[^a-z0-9\\-_]/', '', $lang); $oldlang = COM_getLanguageId(); // do we really have a new language to switch to? if (!empty($lang) && array_key_exists($lang, $_CONF['language_files'])) { // does such a language file exist? $langfile = $_CONF['language_files'][$lang]; if (is_file($_CONF['path_language'] . $langfile . '.php')) { // Set the language cookie. // Mainly used for anonymous users so the rest of their session
if (!isset($_CONF['rating_speedlimit'])) { $_CONF['rating_speedlimit'] = 15; } //getting the values $vote_sent = preg_replace("/[^0-9]/", "", $_REQUEST['j']); $id_sent = COM_applyFilter($_GET['q']); $ip_num = preg_replace("/[^0-9\\.]/", "", $_REQUEST['t']); $units = preg_replace("/[^0-9]/", "", $_REQUEST['c']); $size = preg_replace("/[^0-9a-zA-Z]/", "", $_REQUEST['s']); $plugin = COM_applyFilter($_GET['p']); $ip = $_SERVER['REMOTE_ADDR']; $ratingdate = time(); $uid = isset($_USER['uid']) ? $_USER['uid'] : 1; $uid = (int) $uid; // validate the referer here - just to be safe.... $referer = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : $_CONF['site_url']; if ($referer == '') { $referer = $_CONF['site_url']; } $sLength = strlen($_CONF['site_url']); if (substr($referer, 0, $sLength) != $_CONF['site_url']) { $referer = $_CONF['site_url']; } if ($vote_sent > $units) { die("Sorry, vote appears to be invalid."); // kill the script because normal users will never see this. } $canRate = PLG_canUserRate($plugin, $id_sent, $uid); if (!$canRate) { header("Location: {$referer}"); }
function handleunSubscribe($album_id) { global $_CONF, $_TABLES, $_USER; $referer = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : $_CONF['site_url']; if ($referer == '') { $referer = $_CONF['site_url']; } $sLength = strlen($_CONF['site_url']); if (substr($referer, 0, $sLength) != $_CONF['site_url']) { $referer = $_CONF['site_url']; } $hasargs = strstr($referer, '?'); if ($hasargs) { $sep = '&'; } else { $sep = '?'; } $rc = PLG_unsubscribe('mediagallery', '', $album_id); echo COM_refresh($referer . $sep . 'msg=521'); exit; }