$sql .= " AND shopprod_lang='" . aporeplace($plugin['data']['shopprod_lang']) . "'"; //} if (_dbCount($sql)) { $plugin['error']['shopprod_ordernumber'] = 'Unique order number necessary'; } } $plugin['data']['shopprod_price'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shopprod_price']); $plugin['data']['shopprod_price'] = str_replace($BLM['dec_point'], '.', $plugin['data']['shopprod_price']); $plugin['data']['shopprod_price'] = floatval($plugin['data']['shopprod_price']); if (abs($plugin['data']['shopprod_price']) > 10000000000) { $plugin['error']['shopprod_price'] = 'Check price'; } $plugin['data']['shopprod_weight'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shopprod_weight']); $plugin['data']['shopprod_weight'] = str_replace($BLM['dec_point'], '.', $plugin['data']['shopprod_weight']); $plugin['data']['shopprod_weight'] = floatval($plugin['data']['shopprod_weight']); $plugin['data']['shopprod_tag'] = strtolower(preg_replace('/[^0-9a-z, \\-_]/i', '', phpwcms_remove_accents($_POST['shopprod_tag']))); $plugin['data']['shopprod_tag'] = implode(', ', convertStringToArray($plugin['data']['shopprod_tag'])); // Images $plugin['data']['shopprod_caption'] = clean_slweg($_POST["shopprod_caption"], 0, false); $plugin['data']['shopprod_caption'] = explode(LF, $plugin['data']['shopprod_caption']); $plugin['data']['shopprod_images'] = isset($_POST['shopprod_images']) && is_array($_POST['shopprod_images']) ? $_POST['shopprod_images'] : array(); if (is_array($plugin['data']['shopprod_images']) && count($plugin['data']['shopprod_images'])) { $plugin['data']['shopprod_images'] = array_map('intval', $plugin['data']['shopprod_images']); $plugin['data']['shopprod_images'] = array_diff($plugin['data']['shopprod_images'], array(0, '', NULL, false)); if (count($plugin['data']['shopprod_images'])) { $img_all = _dbQuery('SELECT * FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_id IN (' . implode(',', $plugin['data']['shopprod_images']) . ')'); // take all values from db $temp_img_row = array(); foreach ($img_all as $value) { $temp_img_row[$value['f_id']] = $value; }
function attribute_name_clean($name = '') { $name = trim(phpwcms_remove_accents($name)); $name = str_replace(array(' ', '/', '\\', '#', '+', ':', '.'), array('_', '-', '-', '_', '-', '-', '-'), $name); $name = preg_replace('/[^a-zA-Z0-9\\-_]/', '', $name); $name = preg_replace('/^\\d+/', '', $name); return $name; }
} elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') { $filename = basename($file); $file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename; if (is_file($file)) { $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100); if (!is_mimetype_format($mime)) { $mime = get_mimetype_by_extension(which_ext($file)); } header('Content-Type: ' . $mime); if (BROWSER_OS == 'iOS') { require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php'; rangeDownload($file); } else { header('Content-Transfer-Encoding: binary'); if (!isset($_GET['ios'])) { header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"'); } header('Content-Length: ' . filesize($file)); readfile($file); } $success = true; } } if ($success) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 "; $sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1"; _dbQuery($sql, 'UPDATE'); if ($countonly) { headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']); } } else {
$pagelayout["layout_header_bgimage"] = clean_slweg($_POST["layout_header_bgimage"]); $pagelayout["layout_header_class"] = clean_slweg($_POST["layout_header_class"]); $pagelayout["layout_topspace_height"] = get_pix_or_percent($_POST["layout_topspace_height"]); $pagelayout["layout_topspace_bgcolor"] = clean_slweg($_POST["layout_topspace_bgcolor"], 7); $pagelayout["layout_topspace_bgimage"] = clean_slweg($_POST["layout_topspace_bgimage"]); $pagelayout["layout_topspace_class"] = clean_slweg($_POST["layout_topspace_class"]); $pagelayout["layout_bottomspace_height"] = get_pix_or_percent($_POST["layout_bottomspace_height"]); $pagelayout["layout_bottomspace_bgcolor"] = clean_slweg($_POST["layout_bottomspace_bgcolor"], 7); $pagelayout["layout_bottomspace_bgimage"] = clean_slweg($_POST["layout_bottomspace_bgimage"]); $pagelayout["layout_bottomspace_class"] = clean_slweg($_POST["layout_bottomspace_class"]); $pagelayout["layout_footer_height"] = get_pix_or_percent($_POST["layout_footer_height"]); $pagelayout["layout_footer_bgcolor"] = clean_slweg($_POST["layout_footer_bgcolor"], 7); $pagelayout["layout_footer_bgimage"] = clean_slweg($_POST["layout_footer_bgimage"]); $pagelayout["layout_footer_class"] = clean_slweg($_POST["layout_footer_class"]); $pagelayout["layout_render"] = intval($_POST["layout_render"]); $pagelayout["layout_customblocks"] = phpwcms_remove_accents(str_replace(' ', ',', strtoupper(clean_slweg($_POST['layout_customblocks'])))); $pagelayout["layout_customblocks"] = convertStringToArray($pagelayout["layout_customblocks"]); if (is_array($pagelayout["layout_customblocks"]) && count($pagelayout["layout_customblocks"])) { // now remove the default pre-defined block name CONTENT and cut to max length of 50 if (is_array($pagelayout["layout_customblocks"]) && count($pagelayout["layout_customblocks"])) { foreach ($pagelayout["layout_customblocks"] as $key => $value) { $value = substr($value, 0, 20); $pagelayout["layout_customblocks"][$key] = $value; if (in_array($value, array('CONTENT', 'LEFT', 'RIGHT', 'HEADER', 'FOOTER', 'CPSET', 'SYSTEM'))) { unset($pagelayout["layout_customblocks"][$key]); } } } $pagelayout["layout_customblocks"] = implode(', ', $pagelayout["layout_customblocks"]); } else { $pagelayout["layout_customblocks"] = '';