function bio_read_diaryland($bio_owner) { list($bio_owner) = explode('@', $bio_owner); $url = "http://members.diaryland.com/profile.phtml?user={$username}"; $bio = file_get_contents($url); // pulls out the substantive part, ignoring the DL template list($crap, $bio) = explode('<!-- content goes here -->', $bio); // eliminates the table structure. not sure why $bio = str_replace(array('</td>', '</TD>', '</tr>', '</TR>'), array(' ', ' ', "<br />\n", "<br />\n"), $bio); // get rid of bad formatting or javascript that might have been inserted $bio = removeEvilTags($bio); return $bio; }
/** * Prepare update SQL * * @param array $data key/value pairs of data * @returns string result SQL, suitable for INSERT/UPDATE */ function prepareSQL($data, $setonly = false) { global $config, $imdb_set_fields, $db_null_fields, $db_zero_fields; // get global variables into local scope extract($data); // Fix for Bugreport [1122052] Automatic DiskID generation problem if ($config['autoid'] && !empty($diskid) && $diskid == $autoid) { // in case DiskID is already used in meanwhile // -> update to new DiskId $diskid = getDiskId(); } // set default mediatype if (empty($mediatype)) { $mediatype = $config['mediadefault']; } // set owner if (is_numeric($owner_id)) { $SQL = 'owner_id = ' . $owner_id; } // rating up to 10 $rating = min($rating, 10); // update all fields according to list foreach ($imdb_set_fields as $name) { if ($setonly && !isset(${$name})) { continue; } // sanitize input ${$name} = removeEvilTags(${$name}); ${$name} = html_entity_decode(${$name}); // make sure no formatting contained in basic data if (in_array($name, array('title', 'subtitle'))) { ${$name} = trim(strip_tags(${$name})); // string leading articles? if ($config['removearticles']) { ${$name} = removeArticles(${$name}); } } $SET = "{$name} = '" . addslashes(${$name}) . "'"; // special null/zero handling if (empty(${$name})) { if (in_array($name, $db_null_fields)) { $SET = "{$name} = NULL"; } elseif (in_array($name, $db_zero_fields)) { $SET = "{$name} = 0"; } } if ($SQL) { $SQL .= ', '; } $SQL .= $SET; } return $SQL; }
<lastBuildDate><?php echo date('r', strtotime($firstcomment->createdDate)); ?> </lastBuildDate> <?php foreach ($comments as $comment) { $data = new XNC_Comment($comment); ?> <item> <title><?php echo 'Comment by ' . $data->contributorName; ?> </title> <description><?php echo htmlspecialchars(removeEvilTags(nl2br($data->description))); ?> </description> <pubDate><?php echo date('r', strtotime($data->createdDate)); ?> </pubDate> <link>http://<?php echo $_SERVER['HTTP_HOST']; ?> /view.php?id=<?php echo $file->id . '#c' . $data->id; ?> </link> <guid>http://<?php echo $_SERVER['HTTP_HOST'];
?> </a> by <a href="http://<?php echo $_SERVER['HTTP_HOST']; ?> /?user=<?php echo $data->contributorName; ?> " class="author user"><?php echo $data->contributorName; ?> </a> <dl> <dt>body</dt> <dd class="content"><?php echo removeEvilTags(nl2br($data->description)); ?> </dd> </dl> </li> <?php } //end foreach echo '</ul>'; } //end if // Display the add a comment form if (XN_Profile::current()->isLoggedIn()) { ?> <form id="commentForm" method="post" action="?id=<?php echo $file->id;
function validate_form_data($form_id) { global $label; if (!defined('MAX_UPLOAD_BYTES')) { define('MAX_UPLOAD_BYTES', 150000); } $sql = "SELECT *, t2.field_label AS LABEL, t2.error_message as error_message FROM form_fields as t1, form_field_translations as t2 WHERE t1.field_id=t2.field_id AND t2.lang='" . $_SESSION['MDS_LANG'] . "' AND form_id='{$form_id}' AND field_type != 'SEPERATOR' AND field_type != 'BLANK' AND field_type != 'NOTE' order by field_sort"; $result = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($row['field_type'] == 'TEXT' || $row['field_type'] == 'TEXTAREA' || $row['field_type'] == 'EDITOR') { if (check_for_bad_words($_REQUEST[$row['field_id']])) { $error .= $row['LABEL'] . " - " . $label['bad_words_not_accept'] . "<br>"; } } if (BREAK_LONG_WORDS == 'YES') { if ($row['field_type'] == 'TEXT' || $row['field_type'] == 'TEXTAREA') { // HTML not allowed $_REQUEST[$row['field_id']] = trim(break_long_words($_REQUEST[$row['field_id']], false)); } if ($row['field_type'] == 'EDITOR') { // field where limited HTML is allowed $_REQUEST[$row['field_id']] = trim(break_long_words($_REQUEST[$row['field_id']], true)); } } define('STRIP_LATIN1', 'YES'); define('STRIP_HTML', 'YES'); // clean the data.. if (STRIP_LATIN1 == 'YES') { $_REQUEST[$row[field_id]] = remove_non_latin1_chars($_REQUEST[$row[field_id]]); } if ($row[field_type] == 'EDITOR' || $row[field_type] == 'TEXTAREA') { if (STRIP_HTML == 'YES') { $_REQUEST[$row[field_id]] = stripslashes($_REQUEST[$row[field_id]]); //echo htmlentities($_REQUEST[$row[field_id]]); $_REQUEST[$row[field_id]] = removeEvilTags($_REQUEST[$row[field_id]]); $_REQUEST[$row[field_id]] = str_replace("'", "\\'", $_REQUEST[$row[field_id]]); } } if (($row['field_type'] == 'FILE' || $row['field_type'] == 'IMAGE') && $_FILES[$row['field_id']]['name'] != '') { $a = explode(".", $_FILES[$row['field_id']]['name']); $ext = array_pop($a); if (!is_filetype_allowed($_FILES[$row['field_id']]['name']) && $row['field_type'] == 'FILE') { $label['vaild_file_ext_error'] = str_replace("%EXT_LIST%", ALLOWED_EXT, $label['vaild_file_ext_error']); $label['vaild_file_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_file_ext_error']); $error .= $label['vaild_file_ext_error'] . "<br>"; } if (!is_imagetype_allowed($_FILES[$row['field_id']]['name']) && $row['field_type'] == 'IMAGE') { $label['vaild_image_ext_error'] = str_replace("%EXT_LIST%", ALLOWED_IMG, $label['vaild_image_ext_error']); $label['vaild_image_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_image_ext_error']); $error .= $label['vaild_image_ext_error'] . "<br>"; } if (ini_get("safe_mode") === false) { if (filesize($_FILES[$row['field_id']]['tmp_name']) > MAX_UPLOAD_BYTES) { $label['valid_file_size_error'] = str_replace("%FILE_NAME%", $_FILES[$row['field_id']]['name'], $label['valid_file_size_error']); $error .= $label['valid_file_size_error'] . "<br>"; } } //echo "filesize: ".filesize($_FILES[$row['field_id']]['tmp_name']); } if ($row[is_required] == 'Y') { if ($row['field_type'] == 'DATE' || $row['field_type'] == 'DATE_CAL') { $row['reg_expr'] = "date"; // default to date check } //if ($row[field_type]=='TEXT') { //$_REQUEST[$row[field_id]] = htmlspecialchars ($_REQUEST[$row[field_id]]); // escape html... //} switch ($row['reg_expr']) { case "not_empty": if (trim($_REQUEST[$row[field_id]] == '')) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case "email": if (!validate_mail(trim($_REQUEST[$row[field_id]]))) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case "date": if ($row['field_type'] == 'DATE') { $day = $_REQUEST[$row[field_id] . "d"]; $month = $_REQUEST[$row[field_id] . "m"]; $year = $_REQUEST[$row[field_id] . "y"]; } else { $ts = strtotime($row['field_id'] . " GMT"); $day = date('d', $ts); $month = date('m', $ts); $year = date('y', $ts); } //$date_str = "$year-$month-$day"; // ISO 8601 //echo $date_str." *".strtotime($date_str)."*<Br>"; if (!@checkdate($month, $day, $year)) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case 'url': if ($_REQUEST[$row[field_id]] == '' || $_REQUEST[$row[field_id]] == 'http://') { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } elseif (VALIDATE_LINK == 'YES') { //$handle = fopen($_REQUEST[url], "r"); $url_arr = explode("/", $_REQUEST[$row[field_id]]); $host = array_shift($url_arr); $host = array_shift($url_arr); $host = array_shift($url_arr); $fp = @fsockopen($host, 80, $errno, $errstr, 30); if (!$fp) { //$error .= "<b>- Cannot connect to host in the URL. ($errstr)</b><br>"; } else { $path = implode("/", $url_arr); $out = "GET /{$path} HTTP/1.1\r\n"; $out .= "Host: {$host}\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); $str = fgets($fp); if (strpos($str, "404") || strpos($str, "401") || strpos($str, "403")) { $error .= "- " . $row['LABEL'] . "<b>" . $label['advertiser_publish_bad_url'] . "</b><br>"; } fclose($fp); } } default: if (trim($_REQUEST[$row[field_id]] == '')) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; } } } return $error; }
function InsertMovie($imdb_id, &$ret_title, $seen, $mediatype) { $imdb_set_fields = array('md5', 'title', 'subtitle', 'language', 'diskid', 'mediatype', 'comment', 'disklabel', 'imdbID', 'year', 'imgurl', 'director', 'actors', 'runtime', 'country', 'plot', 'filename', 'filesize', 'filedate', 'audio_codec', 'video_codec', 'video_width', 'video_height', 'istv', 'custom1', 'custom2', 'custom3', 'custom4'); //fetching all the data $imdbdata = engineGetData($imdb_id); if ($imdbdata['title'] == '') { return 0; } //sorting needed things //genres-------------------------- $genres = array(); $gnames = $imdbdata['genres']; if (isset($gnames)) { foreach ($gnames as $gname) { // check if genre is found- otherwise fail silently if (is_numeric($genre = getGenreId($gname))) { $genres[] = $genre; } } } //-------------------------------- //actors $actors = $imdbdata['cast']; //movie owner--------------------- if (check_permission(PERM_WRITE, $_COOKIE['VDBuserid'])) { $owner_id = $_COOKIE['VDBuserid']; } else { $owner_id = 0; } //-------------------------------- //cover $imgurl = $imdbdata['coverurl']; // lookup all other fields foreach (array_keys($imdbdata) as $name) { if (in_array($name, array('coverurl', 'genres', 'cast', 'id'))) { continue; } ${$name} = $imdbdata[$name]; } //year if (empty($year)) { $year = '0000'; } // set owner if (!empty($owner_id)) { $SETS = 'owner_id = ' . addslashes($owner_id); } $imdbID = $imdb_id; // update all fields according to list foreach ($imdb_set_fields as $name) { // sanitize input ${$name} = removeEvilTags(${$name}); // make sure no formatting contained in basic data if (in_array($name, array('title', 'subtitle'))) { ${$name} = trim(strip_tags(${$name})); // string leading articles? if ($config['removearticles']) { foreach ($articles as $article) { if (preg_match("/^{$article}+/i", ${$name})) { ${$name} = trim(preg_replace("/(^{$article})(.+)/i", "\$2, \$1", ${$name})); break; } } } } $SET = "{$name} = '" . addslashes(${$name}) . "'"; if (empty(${$name})) { if (in_array($name, $db_null_fields)) { $SET = "{$name} = NULL"; } elseif (in_array($name, $db_zero_fields)) { $SET = "{$name} = 0"; } } if ($SETS) { $SETS .= ', '; } $SETS .= $SET; } //inserting into database-------------------- $INSERT = 'INSERT INTO ' . TBL_DATA . ' SET ' . $SETS . ', created = NOW()'; //print_r($INSERT); //echo "<br><br>"; $id = runSQL($INSERT); // save genres setItemGenres($id, $genres); //------------------------------------------- // insert userseen data $INSERTSEEN = 'INSERT INTO `userseen` (`video_id`, `user_id`) VALUES (' . $id . ',' . $owner_id . ')'; runSQL($INSERTSEEN); $ret_title = $title; return 1; }
function MakeSemiSafe($UnsafeSource) { return myaddslashes(removeEvilTags(trim($UnsafeSource))); }
function send_display($correspondent, $form = TRUE, $offset = 0) { $correspondent = str_replace("@planwatch.org", '', $correspondent); $send_dir = "{$_SERVER['USER_ROOT']}/sends"; if (!is_dir($send_dir)) { umask(0); mkdir($send_dir, 0755); } $sendlist = files_list($send_dir, files_encode_safe_name($correspondent) . "*message*"); if (is_array($sendlist)) { foreach ($sendlist as $i => $send) { $send_fn = basename($send); $send = str_replace("@planwatch.org", '', files_decode_safe_name($send_fn)); list($recipient, $time, $direction) = explode("..", $send); if ($direction == 'messagefrom') { $from = $correspondent; $style = ' class="send_from" '; } else { $from = $_SERVER['USER']; $style = ' class="send_to" '; } if (IS_JOSH) { $sendarray[$time] = "<div {$style}>" . smart_nl2br(removeEvilTags(file_get_contents($send_dir . "/{$send_fn}"))) . "<div style='text-align: right; font-size: 70%; font-weight: normal;'>— {$from} <span style='font-size: 70%; font-weight: normal;'>(" . formattime($time) . ")</span></div> </div>\n"; } else { $sendarray[$time] = "<div {$style}> {$from} (" . formattime($time) . "): " . smart_nl2br(removeEvilTags(file_get_contents($send_dir . "/{$send_fn}"))) . "</div>\n"; } } krsort($sendarray); if (IS_JOSH) { $firstmessage = reset($sendarray); unset($sendarray[key($sendarray)]); } if (OUTPUT_MODE == 'MOBILE') { $sendarray = array_slice($sendarray, $offset, 20); } else { $sendarray = array_slice($sendarray, $offset, 100); } $latest_time = array_shift(array_keys($sendarray)); // if ($latest_time < time() - 600 && $_SERVER['OUTPUT_MODE']=='AJAX') $content="IGNORE.NULL"; //else $content = implode("\n", $sendarray); if (file_exists("{$send_dir}/" . files_encode_safe_name("{$correspondent}..new"))) { unlink("{$send_dir}/" . files_encode_safe_name("{$correspondent}..new")); } if (file_exists("{$send_dir}/" . files_encode_safe_name("{$correspondent}@planwatch.org..new"))) { unlink("{$send_dir}/" . files_encode_safe_name("{$correspondent}@planwatch.org..new")); } } $content = hyperlink($content); if ($form) { if (browser_is_modern() && $_SERVER['OUTPUT_MODE'] != 'IPHONE' && $_SERVER['OUTPUT_MODE'] != 'MOBILE') { $sendbutton = "<input type='button' onclick='sendMessage();' value='Send' style='font-size: 20px; color: white; background: {$GLOBALS['linkcolor']}; font-family: {$GLOBALS['pfont']},{$GLOBALS['pfonts']}; font-weight: bold; ' />"; } else { $sendbutton = "<input type=\"submit\" value='Send' class='whiteButton' href=\"#\" style='' />"; } if (!$offset) { if (IS_JOSH) { $content = "\n\t\t\t\t{$firstmessage}<br clear='all' />\n\t\t\t\t<form action='{$_SERVER['WEB_ROOT']}/scripts/send.php' style='margin: 0px; display: block; ' method='post' class='panel'>\n\t\t\t\t<textarea id='textbox' name='sendmessage' style='width: 90%; font-size: 16px; height: 40px;' onfocus='this.style.height=\"200px;\"' onblur='this.style.height=\"40px;\"'></textarea>\n\t\t\t\t{$sendbutton}<br clear='all' />\n\n\t\t\t\t<hr />\n\t\t\t\t<h2>previously...</h2>\n\t\t\t\t<input type='hidden' name='action' value='send'/>\n\t\t\t\t<input type='hidden' id='recipient' name='recipient' value='{$correspondent}'/>\n\t\t\t\t<input type='hidden' id='sender' name='sender' value='{$_SERVER['USER']}'/>\n\t\t\t\t</form>\n\t\t\t\t<div id='send_div'>\n\t\t\t\t{$content}\n\t\t\t\t</div>\n\t\t\t\t<script type='text/javascript'>\tsetInterval(\"send_refresh();\",9757);</script>\n\n\t\t\t\t"; return $content; } if ($_SERVER['OUTPUT_MODE'] == 'HTML') { $content = "\n\t\t\t\t<form action='{$_SERVER['WEB_ROOT']}/scripts/send.php' style='margin: 0px;' method='post' class='panel'>\n\t\t\t\t<h1>Send with <a href='/read/{$correspondent}'>{$correspondent}</a></h1>\n\t\t\t\t<div id='send_div' style='overflow: auto; height: 200px; margin-bottom: 30px; width: 80%;'>\n\t\t\t\t{$content}\n\t\t\t\t</div>\n<!--\t\t\t\t<script src='/resources/javascript/edit.js'></script>-->\n\t\t\t\t<textarea id='textbox' name='sendmessage'></textarea>\n\t\t\t\t{$sendbutton}\n\t\t\t\t<input type='hidden' name='action' value='send'/>\n\t\t\t\t<input type='hidden' id='recipient' name='recipient' value='{$correspondent}'/>\n\t\t\t\t<input type='hidden' id='sender' name='sender' value='{$_SERVER['USER']}'/>\n\t\t\t\t</form>\n<!--\t\t\t\t<a href='/send/{$correspondent}/" . ($offset + 100) . "'>more...</a>-->\n\t\t\t\t<script type='text/javascript'>\tsetInterval(\"send_refresh();\",9757);</script>\n"; } if ($_SERVER['OUTPUT_MODE'] == 'IPHONE' || $_SERVER['OUTPUT_MODE'] == 'MOBILE') { $content = "\n\t\t\t\t<style type='text/css'>.send_from { background-color: #ffc; }</style>\n\t\t\t\t<form action='{$_SERVER['WEB_ROOT']}/scripts/send.php' style='margin: 0px;' method='post' class='panel'>\n\t\t\t\t<h3>Send with <a href='/read/{$correspondent}'>{$correspondent}</a></h3>\n<!--\t\t\t\t<script src='/resources/javascript/edit.js'></script>-->\n\t\t\t\t<textarea id='textbox' name='sendmessage' style='width: 300px; font-size: 16px;'></textarea>\n<!--\t\t\t\t<textarea id='sendmessage' style='width: 300px; height: 80px;' name='sendmessage'></textarea>-->\n\t\t\t\t{$sendbutton}<br clear='all' />\n\t\t\t\t<input type='hidden' name='action' value='send'/>\n\t\t\t\t<input type='hidden' id='recipient' name='recipient' value='{$correspondent}'/>\n\t\t\t\t<input type='hidden' id='sender' name='sender' value='{$_SERVER['USER']}'/>\n\t\t\t\t</form>\n\t\t\t\t<div id='send_div'>\n\t\t\t\t{$content}\n\t\t\t\t</div>\n\t\t\t\t<a target='_replace' href='/send/{$correspondent}/" . ($offset + 20) . "'>more...</a>\n\t\t\t\t<script type='text/javascript'>\tsetInterval(\"send_refresh();\",9757);</script>\n"; } } else { output("send from {$correspondent} starting at {$offset}", $content); } } return $content; }
function extComments($file) { ?> <xn:head> <style type="text/css"> /* Comment Styles */ .comments { list-style-type: none; margin-left: 0px; margin-top: 0.5em; } .comments li { display: block; margin-left: 0px; margin-bottom: 1em; } .comments dl { display: inline; } .comments dd { margin-left: 0px; } .comments dt { display: none; } .comments dd.author { display: inline; font-size: 1em; } .comments dd.content { display: block; margin-top: 0.5em; } </style> </xn:head> <?php $newComment = new XNC_Comment($file); // Handle any form submission of adding a new comment if ($newComment->willProcessForm()) { $newComment->processForm(); $cnt = XN_Content::load($newComment->id); $cnt->my->set('parentid', $file->id); $cnt->isPrivate = false; $cnt->save(); } elseif ($newComment->lastError() != XNC_Comment::ERROR_FORM_ABSENT) { print $newComment->lastError(); } // Display a list of comments belonging to a parent object if ($file->my->content($newComment->referenceAttribute, true)) { echo '<ul class="xoxo comments">'; foreach ($file->my->content($newComment->referenceAttribute, true) as $comment) { $data = new XNC_Comment($comment); ?> <li id="<?php echo 'c' . $data->id; ?> "> Posted on <a href="<?php echo $_SERVER['SCRIPT_URI'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''); ?> #<?php echo 'c' . $data->id; ?> " title="<?php echo strtotime($data->createdDate); ?> "><?php echo date('Y-m-d H:i', strtotime($data->createdDate)); ?> </a> by <a href="http://<?php echo $_SERVER['HTTP_HOST']; ?> /?user=<?php echo $data->contributorName; ?> " class="author user"><?php echo $data->contributorName; ?> </a> <dl> <dt>body</dt> <dd class="content"><?php echo removeEvilTags(nl2br($data->description)); ?> </dd> </dl> </li> <?php } //end foreach echo '</ul>'; } //end if // Display the add a comment form if (XN_Profile::current()->isLoggedIn()) { ?> <form id="commentForm" method="post" action="<?php echo $_SERVER['SCRIPT_URI'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''); ?> "> <input type="hidden" name="xnc_comment" value="xnc_comment" /><input type="hidden" name="Comment:_parent_id" value="<?php echo $file->id; ?> " />Comment: <br /> <textarea name="Comment:description" rows="5" cols="50"></textarea><br /> <input type="submit" name="submit" value="Save Comment" class="button"/><br /> </form> <a href="http://cocomment.com/"><img src="http://cocomment.com/images/cocomment-integrated.gif" alt="coComment Integrated" /></a> <script type="text/javascript"> var blogTool = "Ning App"; var blogURL = "http://<?php echo $_SERVER['HTTP_HOST']; ?> /"; var blogTitle = "<?php echo addslashes(XN_Application::load()->name); ?> "; var postURL = "<?php echo $_SERVER['SCRIPT_URI'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''); ?> "; var postTitle = "<?php echo addslashes($file->title); ?> "; var commentTextFieldName = "Comment:description"; var commentButtonName = "submit"; var commentAuthorLoggedIn = true; var commentAuthor = "<?php echo XN_Profile::current()->screenName; ?> "; var commentFormID = "commentForm"; var cocomment_force = false; var cocoscript = document.createElement('script'); cocoscript.setAttribute('id', 'cocomment-fetchlet'); cocoscript.setAttribute('trackAllComments', 'true'); cocoscript.setAttribute('src', 'http://www.cocomment.com/js/enabler.js'); document.getElementsByTagName('head')[0].appendChild(cocoscript); </script> <?php } ?> </div> <?php }