public function testPaginationLinksAvoidXssAttack() { $attackUrl = '/items/browse/%22%3e%3cscript%3ealert(11639)%3c/script%3e'; $escapedUrl = '/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?page=3'; // Have to dispatch a request in order for view script directories to // be added to the View instance. $this->dispatch($attackUrl); Zend_Registry::set('pagination', array("menu" => NULL, "page" => "2", "per_page" => 2, "total_results" => 10, "link" => "")); $html = pagination_links(); $this->assertContains("href=\"{$escapedUrl}\"", $html, 'Should have escaped the pagination URLs to avoid XSS attack.'); }
public function page() { $invoices = $this->data['invoices'] = $this->core->get_user_invoices(user_id()); // pagination $this->data['base_pagination'] = base_url('client/invoices/page/'); $this->data['total_rows'] = count($invoices); $this->data['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'Your Invoices'; }
public function page() { $users = $this->data['users'] = $this->ion_auth->get_users(); // pagination $this->data['base_pagination'] = base_url('admin/clients/page/'); $this->data['total_rows'] = count($users); $this->data['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'All Clients'; }
public function page() { $tickets = $this->data['tickets'] = $this->core->get_tickets(); // pagination $this->data['base_pagination'] = base_url('admin/tickets/page/'); $this->data['total_rows'] = count($tickets); $this->data['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'All Tickets'; }
public function page() { $invoices = $this->data['invoices'] = $this->core->get_invoices(); // pagination $this->load->library('pagination'); $this->data['base_pagination'] = $config['base_url'] = base_url('admin/invoices/page/'); $this->data['total_rows'] = $config['total_rows'] = count($invoices); $this->data['per_page'] = $config['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'All Projects'; }
public function page() { $settings = $this->data['settings'] = $this->settings->get_settings(); $options = $this->data['options'] = $this->core->get_settings_as_objs(); // pagination $this->data['base_pagination'] = base_url('admin/options/page/'); $this->data['total_rows'] = count($options); $this->data['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'Global Options'; }
function sb_search_page_func($atts) { global $sb_config, $post, $size_low, $size_high, $price_low, $price_high; if (is_array($atts) and array_key_exists('server_override', $atts)) { $sb_config['server_address'] = $atts['server_override']; unset($atts['server_override']); } //add search box $a = "<div class='sb_wrapper'>\r\n\t\t\t<div class='smartbroker_section smartbroker_group'>\r\n\t\t\t<div class='smartbroker_col smartbroker_span_1_of_3'>"; $a .= sb_search_box_func($atts, get_the_ID()); $a .= '</div>'; $a .= "<div class='smartbroker_col smartbroker_span_2_of_3'>"; if (is_array($atts) and array_key_exists('parent_type', $atts)) { $sb_config['data']['pt'] = (int) $atts['parent_type']; } //print_r($sb_config['data']); $xml = load_results_xml($sb_config['data']); if ($xml !== FALSE) { $total_rows = $xml['count']; $returned_rows = count($xml); $requested_rows = $xml['requested_rows']; $start_row = $xml['start']; $end_row = $start_row + $returned_rows - 1; if ($total_rows > 0) { $results_string = sprintf(__('%s results found - showing results %s to %s.', 'smartbroker'), $total_rows, $start_row, $end_row); $a .= " {$results_string}<div id='results'>"; foreach ($xml->boat as $boat) { $a .= search_result_item($boat); } $a .= pagination_links($total_rows, $start_row, $requested_rows); } else { $a .= "<div id='results'>"; $a .= blank_slate_row(); } //data required by javascript $a .= "<div style='display: none;' id='sb_server_address'>" . $sb_config['server_address'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_listing_page'>" . $sb_config['listing_page'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_currency_1'>" . $sb_config['currency_1'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_currency_1_symbol'>" . $sb_config['currencies'][$sb_config['currency_1']]['symbol'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_currency_2'>" . $sb_config['currency_2'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_currency_2_symbol'>" . $sb_config['currencies'][$sb_config['currency_2']]['symbol'] . "</div>\r\n"; $a .= "<div style='display: none;' id='sb_curr_2_rate'>" . $sb_config['currencies'][$sb_config['currency_2']]['rate'] / $sb_config['currencies'][$sb_config['currency_1']]['rate'] . "</div>\r\n"; } $a .= "</div>"; //end span 2_of_3 $a .= "</div>"; //end row $a .= "<!-- end sb_wrapper -->"; //end sb_wrapper return $a; }
$exhibitCount++; ?> <?php } ?> <?php echo pagination_links(); ?> <?php } else { ?> <p><?php echo 'Nenhuma exposição foi adicionado ainda.'; ?> </p> <?php } ?> <div class="col-md-12"><?php echo pagination_links(); ?> </div> </div> <!-- /.row --> <br/> <br/> </div> </div> </div> <!--Fim do container --> <?php echo foot();
<img src="<?php echo ASSETS . $product->image_path(); ?> " width="210" alt="<?php echo $product->name; ?> " /> </a> </div> </div> <?php } ?> <div id="pagination" style="clear: both;"> <?php echo pagination_links($pagination, "all-products", $page); ?> </div> </div> </div> <!-- Showing search results --> <div id="search-results"> </div> <?php include $dir_public . 'lightbox.php'; ?> </div><!-- End Content Row --> <?php include_layout_template('admin_footer.php'); ?>
<div style="position: absolute; z-index: 2; width: 100%; height: 100%; top: 0; left: 0; padding: 0px; margin: 0px;"> <a class="fill-div" style="padding: 0px; margin: 0px;" href="' . $link . '"></a> </div> <span class="information">' . $count . '</span> </td> <td width="19%" class="tablecontents"><a href="' . $link . '">' . $SoldierName . '</a></td> <td width="19%" class="tablecontents">' . $Score . '</td> <td width="19%" class="tablecontents">' . $Kills . '</td> <td width="19%" class="tablecontents">' . $KDR . '</td> <td width="19%" class="tablecontents">' . $HSR . '<span class="information"> %</span></td> </tr> </table> '; } // build the pagination links pagination_links($ServerID, './index.php', 'leaders', $currentpage, $totalpages, $rank, $order, ''); } else { echo ' <div class="subsection" style="margin-top: 2px;"> <div class="headline"> No player stats found for'; if (!empty($ServerID)) { echo ' this server.'; } else { echo ' these servers.'; } echo ' </div> </div> '; }
?> <a class="view" target="_blank" href="<?php echo item_url($item); ?> ?result=1">Voir la fiche</a> </div> <?php $i++; ?> <?php } ?> <?php echo '<div style="clear:both; padding-top:50px;" />' . pagination_links() . '</div>'; ?> <?php fire_plugin_hook('public_items_browse', array('items' => $items, 'view' => $this)); ?> <?php } else { ?> <h1 style="margin-left:235px;">Aucun résultat</h1> <br /><br /> <div style="text-align:center">Votre recherche ne comporte aucun résultat.</div> <br /><br /> <div style="text-align:center;"><a class="back" style="margin: 0 auto;" href="javascript:history.back();">Modifier les critères</a></div>
public function page() { if (isset($_POST['new_ticket'])) { // Quick and dirty - add a new ticket $this->form_validation->set_rules('subject', 'Ticket Subject', 'required|trim|xss_clean'); $this->form_validation->set_rules('issue', 'Issue Description', 'required|trim|xss_clean'); $this->form_validation->set_rules('project', 'Project', 'required'); if ($this->form_validation->run() == TRUE) { $query = $this->db->query("INSERT INTO tickets (code, subject, issue, client, project, status) VALUES ('" . $this->generate_ticket_code(5) . "', '" . mysql_real_escape_string($_POST['subject']) . "', '" . mysql_real_escape_string($_POST['issue']) . "', '" . user_id() . "', '{$_POST['project']}', 'Open')"); if ($query) { $project = $this->core->get_project($_POST['project']); flashmsg('New ticket created for project: ' . $project->name . '.', 'success'); redirect('/client/tickets'); } } } $all_projects = $this->core->get_projects(); $projects = array('' => 'Select one'); foreach ($all_projects as $project) { $projects[$project->id] = $project->name; } $this->data['projects'] = $projects; $tickets = $this->data['tickets'] = $this->core->get_client_tickets(user_id()); // pagination $this->data['base_pagination'] = base_url('client/tickets/page/'); $this->data['total_rows'] = count($tickets); $this->data['per_page'] = 10; $this->data['row_start'] = intval($this->uri->segment(4)); $this->data['links'] = pagination_links($this->data); // end pagination $this->data['meta_title'] = 'Your Tickets'; }
<?php echo pagination_links(array('url' => url(array('controller' => 'exhibits', 'action' => 'items', 'page' => null)))); ?> <div id="item-list"> <?php echo item_search_filters(); if (!has_loop_records('items')) { ?> <p><?php echo __('There are no items to choose from. Please refine your search or %s.', '<a href="' . html_escape(url('items/add')) . '">' . __('add some items') . '</a>'); ?> </p> <?php } foreach (loop('items') as $item) { ?> <?php echo $this->exhibitItemListing($item); } ?> </div>
public function view($slug_rubric = '', $slug_content = '', $page_number = 0) { $data['query_all_rubrics'] = $this->all_rubrics; $data['all_authors'] = $this->all_authors; $data['all_tags'] = $this->all_tags; $params = $this->front->about(); if (!empty($params)) { $data['p_title'] = $params->p_title; $data['about'] = $params->p_about; $data['twitter'] = $params->p_twitter; $data['google'] = $params->p_google; } else { $data['p_title'] = $data['about'] = $data['twitter'] = $data['google'] = ''; } // Rubric case if ($this->uri->total_segments() == 1 or $this->uri->total_segments() == 3) { $data['all_content'] = $this->front->get_all_content(); $config = pagination_custom($params->p_nb_listing); $total_rows = $this->model_content->get_contents_rubric_listing($slug_rubric, '', '')->num_rows(); // Config for pagination : base_url, first_url, total_rows, num_link, uri_segment $pagination = pagination_links(base_url($slug_rubric . '/page'), base_url($this->uri->segment(1)), $total_rows, round($total_rows / $config['per_page'] + 1), 3); $this->pagination->initialize(array_merge($config, $pagination)); if ($page_number > $pagination['num_links']) { redirect(show_404()); } else { $data['query'] = $this->model_content->get_contents_rubric_listing($slug_rubric, $page_number, $config['per_page']); if ($data['query']->num_rows == 0) { redirect(show_404()); } $data['pagination'] = $this->pagination->create_links(); } // Nb comments foreach ($data['all_content']->result() as $row) { $nb_comments[$row->c_id] = $this->front->get_comments($row->c_id)->num_rows(); } $data['nb_comments'] = $nb_comments; $row = $data['query']->row(); $data['page'] = 'rubric'; $data['title'] = $row->r_title; if (!empty($params)) { $data['meta_title'] = $row->r_title . ' - ' . $params->p_title; } else { $data['meta_title'] = $row->r_title; } if ($this->uri->total_segments() == 3 && $page_number <= 1) { redirect(base_url($slug_rubric), 302); } elseif ($page_number == 0) { $data['breadcrumb'] = $data['title']; } else { $data['page_number'] = $page_number; $data['meta_title'] .= ' - page ' . $page_number; $data['breadcrumb'] = '<a href="' . base_url($slug_rubric) . '">' . $data['title'] . '</a> - page ' . $page_number; } $data['meta_desc'] = $row->r_description; //$data['meta_pagination'] = $this->front->get_pagination_seo($pagination['base_url'], $pagination['first_url'], $page_number, $total_rows, $config['per_page'], $type='POST'); // Article case } elseif ($this->uri->total_segments() <= 2) { $query_article = $this->model_content->get_content_by_slug($slug_rubric, $slug_content); if ($query_article->num_rows() == 1) { $data['page'] = 'content'; $row = $query_article->row(); $row->c_content = Parsedown::instance()->parse($row->c_content); $c_id = $row->c_id; $data['title'] = $data['c_title'] = $row->c_title; $data['c_content'] = $row->c_content; $data['c_image'] = $row->c_image; $data['c_pdate'] = $row->c_pdate; $data['c_date'] = date_fr(date("d", strtotime($row->c_pdate)), date("m", strtotime($row->c_pdate)), date("Y", strtotime($row->c_pdate))); $data['c_udate'] = $row->c_udate; $data['udate'] = date_complete_fr(date("d", strtotime($row->c_udate)), date("m", strtotime($row->c_udate)), date("Y", strtotime($row->c_udate)), date("h", strtotime($row->c_udate)), date("i", strtotime($row->c_udate))); $data['c_url_rw'] = $row->c_url_rw; $data['r_title'] = $row->r_title; $data['r_url_rw'] = $row->r_url_rw; $data['u_id'] = $row->u_id; $data['u_login'] = $row->u_login; $data['u_biography'] = $row->u_biography; $data['u_twitter'] = $row->u_twitter; $data['u_google'] = $row->u_google; $data['nb_comments'] = $this->front->get_comments($row->c_id)->num_rows(); if (!empty($params)) { $data['meta_title'] = $row->c_title . ' - ' . $params->p_title; } else { $data['meta_title'] = $row->c_title; } $data['meta_desc'] = character_limiter(strip_tags($row->c_content), 254); $data['breadcrumb'] = $row->c_title; if (isset($row->c_tags)) { $data['tags'] = explode(';', $row->c_tags); } $data['query_same_user'] = $this->model_content->get_content_by_user($data['u_id'], 5, $c_id); $data['query_same_rubric'] = $this->model_content->get_contents_same_rubric($slug_rubric, $slug_content); $c_tags = array_values(array_filter(explode(';', $row->c_tags))); $data['query_same_tag'] = $this->model_content->get_contents_same_tag($slug_rubric, $slug_content, $c_tags); $data['all_content'] = $this->model_content->get_contents_others($slug_content); $data['comments'] = $this->model_comment->get_comment($c_id); $this->form_validation->set_rules('com_nickname', 'Nom', 'trim|required|min_length[2]'); $this->form_validation->set_rules('com_content', 'Contenu', 'trim|required|min_length[2]'); $this->form_validation->set_rules('captcha', 'Captcha', 'callback_check_captcha'); $com_nickname = $this->input->post('com_nickname'); $com_content = $this->input->post('com_content'); $captcha = $this->input->post('captcha'); $this->form_validation->set_message('com_nickname', 'Le pseudo doit faire 2 caractères mininum'); $this->form_validation->set_message('com_content', 'Le pseudo doit faire 2 caractères mininum'); $this->load->library('session'); if ($this->form_validation->run() !== FALSE) { $this->model_comment->create_comment($c_id, $com_nickname, $com_content); $this->session->set_flashdata('success', 'Commentaire ajouté.'); redirect(current_url()); } else { // Génération du captcha $word = substr(sha1(rand()), -5); $path_captcha = 'assets/captcha/'; $the_captcha = array('word' => $word, 'img_path' => $path_captcha, 'img_url' => site_url() . $path_captcha, 'img_width' => '150', 'img_height' => 30, 'expiration' => 60); $this->session->set_userdata('captcha', $word); $this->session->set_userdata('image', $the_captcha['img_url']); $data['captcha'] = create_captcha($the_captcha); $data['captcha_image'] = $data['captcha']['image']; //$this->session->unset_userdata('captcha'); } } else { redirect(show_404()); } } else { redirect(show_404()); } $this->load->view(URL_LAYOUT, $data); }
<?php if (is_allowed('ArchiveFolder_Index', 'delete')) { ?> <input type="submit" class="small red batch-actiorran button" name="submit-batch-delete" value="<?php echo __('Delete'); ?> "> <?php } ?> </div> <?php echo common('quick-filters'); ?> <div class="pagination"><?php echo $paginationLinks = pagination_links(); ?> </div> <table id="archive-folders"> <thead> <tr> <?php if (is_allowed('ArchiveFolder_Index', 'edit')) { ?> <th class="batch-edit-heading"><?php // echo __('Select'); ?> </th> <?php } $browseHeadings[__('Folder')] = 'uri';
?> </td> <td><?php echo $product->description; ?> </td> <td><a href="<?php echo HOME; ?> delete-product?id=<?php echo $product->id; ?> " onclick="return confirm('Are you sure?')">Remove</a> </tr> <?php } ?> </table> </div><!-- End div for Table --> <!-- Display pagination links --> <div id="pagination" style="clear: both;"> <?php echo pagination_links($pagination, "dashboard", $page); ?> </div> </div> </div><!-- End content Row --> <?php include_layout_template('admin_footer.php');
'; } else { echo ' <td width="5%" class="count"><span class="information">' . $count . '</span></td> <td width="15%" class="tablecontents">' . $logDate . '</td> <td width="15%" class="tablecontents">' . $logSoldierName . '</td> '; } echo ' <td width="65%" class="tablecontents">' . $logMessage . '</td> </tr> </table> '; } // build the pagination links pagination_links($ServerID, 'index.php', $page, $currentpage, $totalpages, $rank, $order, $query); } else { echo ' <div class="subsection" style="margin-top: -2px;"> <div class="headline"> No relevant chat content found for '; // if there is a ServerID, this is a server stats page if (!empty($ServerID)) { echo ' this server.'; } else { echo ' these servers.'; } echo ' </div> </div>
?> " data-gallery> <img src="<?php echo ASSETS . $product->image_path(); ?> " width="210" alt="<?php echo $product->name; ?> " /> </a> </div> </div> <?php } ?> <div id="pagination" style="clear: both;"> <?php echo pagination_links($pagination, "home", $page); ?> </div> </div> <!-- Showing search results --> <div id="search-results"> </div> <?php include $dir_public . 'lightbox.php'; ?> </div><!-- End Content --> </div><!-- End Row containing Navigation and Content --> <?php include_layout_template("footer.php");
" value="remove"> <p class="bagit-small">[-] Check to Remove</p> <?php } ?> </td> </tr> <?php } ?> </tbody> </table> <div class="pagination"> <?php echo pagination_links(array('scrolling_style' => 'All', 'page_range' => '5', 'partial_file' => 'common' . DIRECTORY_SEPARATOR . 'pagination_control.php', 'page' => $current_page, 'per_page' => $results_per_page, 'total_results' => $total_results)); ?> </div> <?php echo submit(array('name' => 'export', 'class' => 'bagit-create-bag'), 'Export'); ?> <?php echo submit(array('name' => 'update_collection', 'class' => 'bagit-left-submit'), 'Update Bag'); ?> <?php echo submit(array('name' => 'add_all_files', 'class' => 'bagit-left-submit'), 'Add All Files'); ?> <?php echo submit(array('name' => 'remove_all_files', 'class' => 'bagit-delete bagit-left-submit'), 'Remove All Files'); ?>