function _addslashes($arr) {
foreach($arr as $k=>$v) {
if(is_string($v)) {
$arr[$k] = addslashes($v);
} else if(is_array($v)) { // 再加判断,如果是数组,调用自身,再转
$arr[$k] = _addslashes($v);
}
}
return $arr;
}
function _addslashes($arr){
foreach($arr as $key=>$value){
if(is_string($value)){
$arr[$key] = addslashes($arr[$key]);
}else if(is_array($value)){
$arr[$key] = _addslashes($value);
}
return $arr;
}
}
/**
* 递归转义数组
* @param array $arr
* @return array
*/
function _addslashes($arr)
{
foreach ($arr as $key => $v) {
if (is_string($v)) {
$arr[$key] = addslashes($v);
} elseif (is_array($v)) {
//先写一个一维的转义函数再加一个递归
$arr[$key] = _addslashes($v);
}
}
return $arr;
}
function _addslashes($arr)
{
foreach ($arr as $index => $element) {
if (is_string($element)) {
$arr[$index] = addslashes($element);
} else {
if (is_array($element)) {
$arr[$index] = _addslashes($element);
}
}
}
return $arr;
}
function _addslashes($value)
{
$magic_quotes_gpc = get_magic_quotes_gpc();
if (is_array($value)) {
foreach ($value as $k => $v) {
$value[$k] = _addslashes($v);
}
return $value;
}
if ($magic_quotes_gpc) {
return $value;
}
return addslashes($value);
}
/**
* [_addslashes 自动转义]
* @param [array] $arr [要转义的数组]
* @return [array] [返回转义后的数组]
*/
function _addslashes($arr)
{
foreach ($arr as $k => $v) {
//如果不是数组直接转义
if (is_string($v)) {
$arr[$k] = addslashes($v);
}
//如果是数组则递归转义
if (is_array($v)) {
$arr[$k] = _addslashes($v);
}
}
//原样输出
return $arr;
}
function _addslashes($arr)
{
foreach ($arr as $key => $value) {
if (is_string($value)) {
//数组元素是一个字符串 直接转义即可
$arr[$key] = addslashes($value);
} else {
if (is_array($value)) {
//数组元素是数组 递归转义
$arr[$key] = _addslashes($value);
} else {
//数组元素存在其他元素 属于错误情况
return NULL;
}
}
}
return $arr;
}
/**
* 二维数组 转换为 seage
*/
function _implode(array $pieces)
{
//[_implode]
$str = null;
foreach ($pieces as $k => $v) {
if (is_array($v)) {
foreach ($v as $vv) {
$str .= $k . ':' . _addslashes($vv) . ';';
}
} elseif (false !== stripos($v, ',')) {
$str .= "{$k}:" . str_replace(',', ";{$k}:", $v) . ';';
} else {
$str .= $k . ':' . _addslashes($v) . ';';
}
}
return $str;
}
@session_start();
if (isset($_REQUEST['GLOBALS'])) {
exit('Request tainting attempted.');
}
//程序目录(有/)
define('WEB_ROOT', str_replace(array('\\', '//'), array('/', '/'), dirname(__FILE__) . DIRECTORY_SEPARATOR));
//网站URL(无/)
define('WEB_URL', 'http://' . $_SERVER['HTTP_HOST'] . ($_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT']) . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')));
//当前文件名(无后缀)
define('FILE', basename($_SERVER['PHP_SELF'], '.php'));
//包含基本文件,设置包含路径
include WEB_ROOT . 'config.inc.php';
set_include_path(get_include_path() . PATH_SEPARATOR . WEB_ROOT . 'include');
include 'common.func.php';
//数据库连接
include 'Mysql.class.php';
$db = new Mysql($db_config);
//memcache支持
//$MC = new Memcache();
//$MC->connect($MC_config['MC_HOST'],$MC_config['MC_PORT']) or die('can not connect Memcache');
//时间
$mtime = explode(' ', microtime());
define('TIMESTAMP', $mtime[0]);
define('MICROTIME', (double) $mtime[0] + (double) $mtime[1]);
//GPC过滤
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
if (!MAGIC_QUOTES_GPC) {
foreach (array($_GET, $_POST, $_REQUEST, $_COOKIE) as $v) {
$v = _addslashes($v);
}
}
$tlbrset = $_POST['tlbrset'];
$resultString = "";
$_string = '';
foreach ($tlbrset as $tlbrname => $tlbr) {
$resultString .= $tlbrname . ":";
$resultString .= $tlbr['show'] . ",";
$resultString .= $tlbr['docked'] . ",";
$resultString .= "[";
foreach ($tlbr['position'] as $tlbrpos) {
$resultString .= (substr($tlbrpos, -2) == "px" ? substr($tlbrpos, 0, -2) : $tlbrpos) . ";";
}
$resultString .= "]";
$resultString .= "||";
}
$resultString = substr($resultString, 0, -2);
CUserOptions::SetOption("fileman", "toolbar_settings_" . $edname, _addslashes($resultString));
}
if (isset($_REQUEST['tooltips']) && $target == 'tooltips') {
CUserOptions::SetOption("fileman", "show_tooltips" . $edname, $_REQUEST['tooltips'] == "N" ? "N" : "Y");
}
if (isset($_REQUEST['visual_effects']) && $target == "visual_effects") {
CUserOptions::SetOption("fileman", "visual_effects" . $edname, $_REQUEST['visual_effects'] == "N" ? "N" : "Y");
}
if (isset($_REQUEST['render_components']) && $target == 'render_components') {
CUserOptions::SetOption("fileman", "render_components", $_REQUEST['render_components'] == "Y");
}
if ($target == 'taskbars') {
// Taskbars
if (isset($_POST['tskbrset'])) {
$taskbars = $_POST['tskbrset'];
$res = array();
function _addslashes($string, $force = 0)
{
!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
if (!MAGIC_QUOTES_GPC || $force) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = _addslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
function Finput($type = 'request', $field = null, $default = null, $time = null)
{
switch ($type) {
//_REQUEST数据
case 'request':
//GET方式请求
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
//方式
$urlencode = config('URL_ENCODE') ? config('URL_ENCODE') : false;
if ($urlencode) {
//GET方式判断是否URL编码
foreach ($_REQUEST as $key => $val) {
//解码url参数
$_REQUEST[$key] = urldecode($val);
}
}
}
if (!empty($field)) {
@($data = $_REQUEST[$field] ? $_REQUEST[$field] : $default);
} else {
@($data = $_REQUEST);
}
break;
//_POST数据
//_POST数据
case 'post':
if (!empty($field)) {
@($data = $_POST[$field] ? $_POST[$field] : $default);
} else {
@($data = $_POST);
}
break;
//_GET数据
//_GET数据
case 'get':
//GET方式请求
$urlencode = config('URL_ENCODE') ? config('URL_ENCODE') : false;
if ($urlencode) {
//GET方式判断是否URL编码
foreach ($_GET as $key => $val) {
//解码url参数
$_GET[$key] = urldecode($val);
}
}
if (!empty($field)) {
@($data = $_GET[$field] ? $_GET[$field] : $default);
} else {
@($data = $_GET);
}
break;
//_PUT数据
//_PUT数据
case 'put':
if (!empty($field)) {
@($data = $_PUT[$field] ? $_PUT[$field] : $default);
} else {
@($data = $_PUT);
}
break;
//COOKIE数据
//COOKIE数据
case 'cookie':
if (!empty($field)) {
@($data = $_COOKIE[$field] ? $_COOKIE[$field] : set_cookies($field, $default, $time));
} else {
@($data = $_COOKIE);
}
break;
//SESSION数据
//SESSION数据
case 'session':
@session_start();
if (!empty($field)) {
@($data = $_SESSION[$field] ? $_SESSION[$field] : $default);
} else {
@($data = $_SESSION);
}
break;
//SERVER数据
//SERVER数据
case 'server':
if (!empty($field)) {
@($data = $_SERVER[$field] ? $_SERVER[$field] : $default);
} else {
@($data = $_SERVER);
}
break;
}
//递归转义数据
return _addslashes($data);
}
/* $Id$ */
/* vim: set tabstop=4 shiftwidth=4 expandtab: */
// Matthew Gregg
// <greggmc at musc.edu>
require_once "./phpESP.first.php";
$_name = '';
$_title = '';
$_css = '';
$sid = '';
if (isset($_GET['name'])) {
$_name = _addslashes($_GET['name']);
unset($_GET['name']);
$_SERVER['QUERY_STRING'] = preg_replace('/(^|&)name=[^&]*&?/', '', $_SERVER['QUERY_STRING']);
}
if (isset($_POST['name'])) {
$_name = _addslashes($_POST['name']);
unset($_POST['name']);
}
if (!empty($_name)) {
$_sql = "SELECT id,title,theme FROM " . $GLOBALS['ESPCONFIG']['survey_table'] . " WHERE name = {$_name}";
if ($_result = execute_sql($_sql)) {
if (record_count($_result) > 0) {
list($sid, $_title, $_css) = fetch_row($_result);
}
db_close($_result);
}
unset($_sql);
unset($_result);
}
// To make all results public uncomment the next line.
//$results = 1;
if ($_POST['password'] != "") {
$_SESSION['raw_password'] = $_POST['password'];
}
}
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
} else {
$username = "";
}
if (isset($_SESSION['raw_password'])) {
$raw_password = $_SESSION['raw_password'];
} else {
$raw_password = "";
}
}
$password = _addslashes($raw_password);
if (!manage_auth($username, $password, $raw_password)) {
exit;
}
} else {
$_SESSION['acl'] = array('username' => 'none', 'pdesign' => array('none'), 'pdata' => array('none'), 'pstatus' => array('none'), 'pall' => array('none'), 'pgroup' => array('none'), 'puser' => array('none'), 'superuser' => 'Y', 'disabled' => 'N');
}
if (empty($where) && isset($_REQUEST['where'])) {
$where = $_REQUEST['where'];
}
if ($where == 'download') {
include esp_where($where);
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
}
if (isset($_SESSION['espuser'])) {
$espuser = $_SESSION['espuser'];
} else {
$espuser = "";
}
if (isset($_REQUEST['password']) && $_REQUEST['password'] != "") {
$_SESSION['esppass'] = $_REQUEST['password'];
}
if (isset($_SESSION['esppass'])) {
$esppass = $_SESSION['esppass'];
} else {
$esppass = "";
}
}
if (!survey_auth($sid, $espuser, _addslashes($esppass), $esppass, $_css, $_title)) {
return;
}
if (auth_get_option('resume')) {
$_SESSION['rid'] = auth_get_rid($sid, $espuser, $request_rid);
if (!empty($_SESSION['rid']) && (!isset($_SESSION['sec']) || empty($_SESSION['sec']) || intval($_SESSION['sec']) < 1)) {
$section_to_return_to = response_select_max_sec($sid, $_SESSION['rid']);
// we let people return to previously filled in sections
// if defined in the URL request
if (isset($_GET['sec']) && intval($_GET['sec']) > 0 && $_GET['sec'] <= $section_to_return_to) {
$_SESSION['sec'] = intval($_GET['sec']);
} else {
$_SESSION['sec'] = $section_to_return_to;
}
}
}
*/
//初始化当前的绝对路径
defined("ACC") || exit("ACC Denied");
define('ROOT', str_replace('\\', '/', dirname(__DIR__)) . '/');
define('DEBUG', true);
require ROOT . 'include/lib_base.php';
//自动加载类文件
function __autoload($class)
{
if (strtolower(substr($class, -5)) == 'model') {
require ROOT . 'Model/' . $class . '.class.php';
} else {
if (strtolower(substr($class, -4)) == 'tool') {
require ROOT . 'tool/' . $class . '.class.php';
} else {
require ROOT . 'include/' . $class . '.class.php';
}
}
}
//过滤参数,用递归的方式过滤$_GET,$_POST,$_COOKIE,暂时不会
$_GET = _addslashes($_GET);
$_POST = _addslashes($_POST);
$_COOKIE = _addslashes($_COOKIE);
//开启session
session_start();
//设置报错级别
if (defined('DEBUG')) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}
}
/* prepare sql statement */
$sqlf = array();
$sqlv = array();
foreach ($fields as $f) {
if (isset($post[$f]) && !empty($post[$f])) {
array_push($sqlf, $f);
if ($f == 'password') {
array_push($sqlv, db_crypt(_addslashes($post[$f])));
} else {
array_push($sqlv, _addslashes($post[$f]));
}
}
}
array_push($sqlf, 'realm');
array_push($sqlv, _addslashes($signup_realm));
$sqlf = implode(',', $sqlf);
$sqlv = implode(',', $sqlv);
$sql = "INSERT INTO " . $GLOBALS['ESPCONFIG']['respondent_table'] . " ({$sqlf}) VALUES ({$sqlv})";
/* execute statement */
$res = execute_sql($sql);
if (!$res) {
$msg = '<font color="red">' . _('Request failed, please choose a different username.') . '</font>';
if ($GLOBALS['ESPCONFIG']['DEBUG']) {
$msg .= mkerror(ErrorNo() . ': ' . ErrorMsg());
}
break;
}
$msg = '<font color="blue">' . sprintf(_('Your account, %s, has been created!'), htmlspecialchars($post['username'])) . '</font>';
foreach ($fields as $f) {
$post[$f] = null;
