/**
* Корректная инициализация переданных параметров GET и POST переданных пользователем
*
* @param string $type Тип переданных данных (int, float, string, link, html, bool, money)
* @param string $get_name Название данных в GET
* @param ustring $post_name Название данных в POST
* @param mixed $empty_val Значение по умолчанию
* @param integer $maxlen Максимальная длинна данных
* @param string $strip_tags Для $type = 'html'. Если TRUE, то все теги и спецсимволы, сюда и будем пехать их
* @param string $value При обработке входящих данных в функции XAJAX необходима обработка чисто переменных
* переводятся в сущности.
* @see change_q_x()
* @return mixed
*/
function __paramInit($type = 'int', $get_name = NULL, $post_name = NULL, $empty_val = NULL, $maxlen = NULL, $strip_tags = FALSE, $value = FALSE)
{
//$value = FALSE;
if ($get_name && isset($_GET[$get_name])) {
if ($_GET[$get_name] !== '') {
$value = $_GET[$get_name];
}
}
if ($value === FALSE) {
if ($post_name && isset($_POST[$post_name])) {
if ($_POST[$post_name] !== '') {
$value = $_POST[$post_name];
}
}
}
if ($value === FALSE) {
return $empty_val;
}
if (intval($maxlen)) {
$value = addslashes(substr(stripslashes($value), 0, intval($maxlen)));
}
switch ($type) {
case 'striptrim':
return stripslashes(trim($value));
case 'page':
$value = intvalPgSql($value);
return $value <= 0 ? 1 : $value;
case 'uinteger':
case 'uint':
return abs(intvalPgSql($value));
case 'array_integer':
case 'array_int':
return array_map('intvalPgSql', $value);
case 'integer':
case 'int':
return intvalPgSql($value);
case 'String':
//$value = stripslashes($value);
//$value = stripslashes($value);
case 'string':
return change_q_x($value, TRUE);
case 'string_no_slashes':
return stripslashes(change_q_x($value, TRUE));
case 'link':
return change_q_x(strip_http($value), TRUE);
case 'html':
return $strip_tags ? change_q_x($value, FALSE, TRUE, "", false, false) : change_q_x($value, FALSE, TRUE, null, false, false);
case 'htmltext':
return change_q_x($value, TRUE, FALSE);
// аналогичен 'htmltext', но оставляет теги ul, li, b, p, i
// аналогичен 'htmltext', но оставляет теги ul, li, b, p, i
case 'html_save_ul_li_b_p_i':
return change_q_x($value, false, false, 'b|i|p|ul|li');
case 'array':
return $value;
case 'bool':
return !!$value;
case 'float':
setlocale(LC_ALL, 'en_US.UTF-8');
return floatval($value);
case 'money':
setlocale(LC_ALL, 'en_US.UTF-8');
return floatval(preg_replace('/\\s+/', '', str_replace(",", ".", $value)));
case 'ckedit_nocut':
$nocut = true;
case 'ckeditor':
case 'ckedit':
//$value = stripslashes($value);
$value = wysiwyg_video_replace($value, $wysiwyg_videos);
if (hasPermissions('adm')) {
$value = wysiwyg_image_replace($value, $wysiwyg_images);
}
$value = wysiwyg_code_replace($value, $wysiwyg_codes);
$ph = md5(time()) . "_code";
list($value, $url) = str_replace_mask('#((<a[^>]*>)(.*?)(<\\/a>))#mix', $value);
foreach ($url as &$u) {
$u = stripslashes($u);
$u = cleanHref($u);
}
$value = preg_replace(array("~<cut\\s*?\\/>~mix", "~<\\/cut>~"), array("<cut>", ""), $value);
// Заменяем каты
if ($nocut) {
// Удаляем каты
$value = str_replace("<cut>", "", $value);
}
$value = str_replace(array("<br />", "<br/>", "<br>"), "___BR___", $value);
// Заменяем переносы для сохранения следующая функция их сжирает
// Обрабатываем отступы в теге <pre>
$value = str_replace("\n", "__N__", $value);
$value = preg_replace_callback('~<pre>(.*?)<\\/pre>~mix', 'rn2br', $value);
$value = str_replace("__N__", "\n", $value);
$value = strip_tags($value, '<a>,<strike>,<cut>,<pre>,<b>,<strong>,<em>,<u>,<i>,<p>,<ul>,<ol>,<li>,<s>,<h1>,<h2>,<h3>,<h4>,<h5>,<h6>');
$value = change_q_x($value, FALSE, TRUE, 'strike|cut|pre|b|strong|em|u|i|p(\\s' . $ph . '_\\w*)?+|ul|ol|li|s|h[1-6]{1}', false, false);
$value = str_replace("___BR___", "<br />", $value);
// Возвращаем переносы
$value = clearHTMLBeforeCutTags($value);
$value = str_replace("<cut>", "<!-- -W-EDITOR-CUT- -->", $value);
$value = hlcode($value);
$tidy = new tidy();
$value = $tidy->repairString($value, array('fix-backslash' => false, 'show-body-only' => true, 'bare' => true, 'clean' => false, 'drop-empty-paras' => false, 'preserve-entities' => true, 'wrap' => '0'), 'raw');
$value = str_unreplace_mask($url, $value);
$value = wysiwygLinkEncode($value);
$value = wysiwygLinkDecode($value);
$value = str_replace("<!-- -W-EDITOR-CUT- -->", "<cut>", $value);
$value = str_replace("<p></p>", "<p> </p>", $value);
$value = str_replace("\n", "", $value);
/*
* \h - горизонтальный пробельный символ. Для поддержки необходимо --PHP >= 5.2.4, PCRE >= 7.2 (на бете сейчас PCRE 6.6)
*/
//$value = preg_replace("/[\p{Zs}]/", " ", $value);
$value = wysiwyg_code_restore($value, $wysiwyg_codes);
if (hasPermissions('adm')) {
$value = wysiwyg_image_restore($value, $wysiwyg_images);
}
$value = wysiwyg_video_restore($value, $wysiwyg_videos);
return $value;
break;
case 'wysiwyg':
case 'wysiwyg_tidy':
case 'wysiwyg_message':
$value = wysiwyg_video_replace($value, $wysiwyg_videos);
$value = wysiwyg_image_replace($value, $wysiwyg_images);
$value = wysiwyg_code_replace($value, $wysiwyg_codes);
$value = str_replace(array("\n", "\r"), "", $value);
$value = preg_replace("[\r\n]", "", $value);
$ph = md5(time()) . "_code";
list($value, $url) = str_replace_mask('#((<a[^>]*>)(.*?)(<\\/a>))#mix', $value);
foreach ($url as &$u) {
$u = cleanHref($u);
}
//$value = preg_replace('/<p\sclass.*?code\s(\w*?).?"/si', "<p {$ph}_$1", $value);
$value = change_q_x($value, FALSE, TRUE, 'a|strike|cut|b|strong|em|u|i|p(\\s' . $ph . '_\\w*)?+|ul|ol|li|s|h[1-6]{1}', false, false);
$value = str_unreplace_mask($url, $value);
$value = preg_replace("#<([^><]+?)([^a-z_\\-]on\\w*|xmlns)(\\s*=\\s*[^><]*)([><]*)#i", "<\\1\\4", $value);
$value = preg_replace("/<br ?\\/?>/si", "\n", $value);
$value = str_replace(array("<br />", "<br />", " "), array("\n", "\n", " "), $value);
$value = clearHTMLBeforeCutTags($value);
$value = wysiwygLinkEncode($value);
$value = wysiwygLinkDecode($value);
$value = preg_replace('/\\&/', '&', $value);
//$value = preg_replace('/<p\s[a-z0-9]{32}_code_(.*?)>/', '<p class="code $1">', $value);
$value = preg_replace("/(li|ol|ul)>[\n]+/iU", "\$1>", $value);
//$value = str_replace(array(' '), array(' '), $value );
$value = str_replace("<cut>", "<!-- -W-EDITOR-CUT- -->", $value);
$value = str_replace("<!-- -W-EDITOR-CUT- -->", "<!-- -W-EDITOR-CUT- -->", $value);
// $value = preg_replace_callback("/<([^\s>]+)[^>](.*?)*>/si",
// create_function('$matches', 'return str_replace(" ", " ", $matches[0]);'),
// $value);
if ($type == 'wysiwyg_message') {
$value = preg_replace(array("/<p>/", "/<\\/p>/", "/\n+\\s*\$/"), array("", "\n\n", ""), $value);
$value = str_replace("\n", "<br />", $value);
} elseif ($type != 'wysiwyg_tidy') {
$value = nl2br($value);
}
if ($type == 'wysiwyg_tidy') {
//tidy
$tidy = new tidy();
$value = $tidy->repairString($value, array('fix-backslash' => false, 'show-body-only' => true, 'bare' => true, 'drop-empty-paras' => false, 'preserve-entities' => true, 'wrap' => '0'), 'raw');
$value = str_replace("<p></p>", "<p> </p>", $value);
$value = str_replace("\n", "", $value);
$value = preg_replace("/\\p{Zs}/", " ", $value);
//!tidy
}
$value = wysiwyg_code_restore($value, $wysiwyg_codes);
$value = wysiwyg_image_restore($value, $wysiwyg_images);
$value = wysiwyg_video_restore($value, $wysiwyg_videos);
return $value;
}
return NULL;
}
<?php
}
?>
<div class="b-post__txt <?php
echo $data['deleted'] !== NULL && $data['is_permission'] || $actionRating == 'blur' || $actionRating == 'hide' ? "b-post__txt_color_a7a7a6" : "";
?>
<?php
echo $msg['hiddenRating'] || $actionRating == 'hide' ? "b-post__txt_hide" : "";
?>
<?php
echo $data['deleted'] !== NULL ? "b-post__txt_color_b1" : "";
?>
">
<?php
$sMsgText = $this->enableWysiwyg ? wysiwygLinkEncode($data['msgtext']) : $data['msgtext'];
$sMsgText = $this->enableWysiwyg ? wysiwygLinkDecode($sMsgText) : $sMsgText;
//$sMsgText = str_replace("<cut>", "[cut]", $sMsgText);
$sMsgText = reformat($sMsgText, $wordlength, 0, 0, 1, 25, $this->enableWysiwyg);
$sMsgText = preg_replace("/(<code {1,}.*style {0,})=/imsU", "\$1=", $sMsgText);
$sMsgText = preg_replace("/(onmouseover|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup {0,})=/imsU", "\$1=", $sMsgText);
//$aMsgText = explode("[cut]", $sMsgText);
//$sMsgText = $aMsgText[0];
//$sTiser = $aMsgText[1];
?>
<?php
if ($data['deleted'] === NULL) {
?>
<?php
echo $sMsgText;
?>
<?php
/**
* Парсит HTML одного комментария в статьях
*
* @param array $aOne массив с данными комментария
* @param int $status статус: 0 - не проверенно, 1 - утверждено, 2 - удалено
* @param string $sKind опционально. тип записи
* @param array $aStream данные о потоке
* @param int $nCnt количество записей в потоке
* @param int $nContentId идентификатор сущности из admin_contents (фактический из потоков, то есть со сборными)
* @return string HTML
*/
function _parseArticleCommentOne($aOne = array(), $status = 0, $sKind = '0', $aStream = array(), $nCnt = 0, $nContentId = 0)
{
global $stop_words, $sTeam;
$sAttach = '';
if ($aOne['attach']) {
$nn = 1;
foreach ($aOne['attach'] as $attach) {
$aData = getAttachDisplayData(null, $attach['fname'], $attach['path']);
$sAttach .= _parseAttach($aData);
}
}
$sLink = getFriendlyURL('article', $aOne['src_id']) . '#c_' . $aOne['id'];
$aTitle = !$aOne['src_name'] ? 'Без названия' : reformat(xmloutofrangechars($aOne['src_name']), 59, 0, 1);
$sMsgText = wysiwygLinkEncode(xmloutofrangechars($aOne['msgtext']));
$sMsgText = $status != 1 ? $stop_words->replace($sMsgText) : $sMsgText;
$sMsgText = reformat($sMsgText, 45, 0, 0, 1);
$sMsgText = wysiwygLinkDecode($sMsgText);
$aOne['context_code'] = '6';
$aOne['context_link'] = $sLink;
$aOne['context_title'] = xmloutofrangechars($aOne['src_name']);
$sYoutubeLink = '';
if (trim($aOne['youtube_link'])) {
$url = preg_replace("/^(http:\\/\\/youtu\\.be\\/([-_A-Za-z0-9]+))/i", HTTP_PREFIX . "youtube.com/v/\$2", $aOne['youtube_link']);
$url = str_replace('watch?v=', 'v/', $url);
if (!stripos($url, 'fs=1')) {
$url .= '&fs=1';
}
$sYoutubeLink = '
<object width="300" height="247" type="application/x-shockwave-flash" id="myytplayer_youtube-1376" style="text-align: center;" data="' . $url . '"><param name="allowfullscreen" value="true"><param name="allowscriptaccess" value="always"><param name="wmode" value="opaque">
<embed src="' . $url . '"
width="300" height="247" name="ytplayer-youtube-' . $aOne['id'] . '" id="myytplayer_youtube-' . $aOne['id'] . '" align="middle"
allowScriptAccess="always" allowFullScreen="true" wmode="opaque"
type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>
';
}
$sUserClass = is_emp($aOne['role']) ? '6db335' : 'fd6c30';
$sJSParams = "{'content_id': {$nContentId}, 'stream_id': '{$aStream['stream_id']}', 'content_cnt': {$nCnt}, 'status': {$status}, 'is_sent': '{$aOne['is_sent']}'}";
$sEditIcon = _parseEditIcon('admEditArtCom', $aOne['id'], $status, $sKind, $sJSParams);
$sKindIco = '<img class="b-post__pic b-post__pic_valign_mid" src="/images/frame-articles.png" alt="" /> ';
$sPro = $aOne['is_pro'] == 't' ? preg_replace('#<a[^>]+>(.+)</a>#', '$1', is_emp($aOne['role']) ? view_pro_emp() : view_pro2($aOne['is_pro_test'] == 't' ? true : false)) . ' ' : '';
$sReturn .= '
<div class="b-post b-post_bordtop_dfe3e4 b-post_padtop_15 b-post_marg_20_10" id="my_div_content_' . $aOne['content_id'] . '_' . $aOne['id'] . '_' . $sKind . '">
' . _parseHidden($aOne, $sKind) . '
' . _parseOkIcon($status, $aOne['content_id'], $aOne['id'], $sKind, $aOne['user_id']) . '
' . _parsePostTime($status, $aOne['post_time']) . '
<div class="b-username b-username_padbot_10">' . ($aOne['is_team'] == 't' ? $sTeam : $sPro) . '<a class="b-username__link b-username__link_color_' . $sUserClass . ' b-username__link_fontsize_11 b-username__link_bold" href="/users/' . $aOne['login'] . '" target="_blank">' . $aOne['uname'] . ' ' . $aOne['usurname'] . ' [' . $aOne['login'] . ']</a></div>
' . ($aOne['warn'] ? '<div class="b-username_padbot_5"><a onclick="parent.user_content.getUserWarns(' . $aOne['user_id'] . ');" href="javascript:void(0);" class="notice">Предупреждения: <span id="warn_' . $aOne['user_id'] . '_' . $aOne['content_id'] . '_' . $aOne['id'] . '">' . intval($aOne['warn']) . '</span></a></div>' : '<div class="b-username_padbot_5 user-notice">Предупреждений нет</div>') . '
' . _parseMass($aOne, $status, $sKind) . '
<div class="b-post__txt b-post__txt_padbot_5 b-post__txt_fontsize_15">' . $sKindIco . ' <a class="b-post__link b-post__link_bold b-post__link_fontsize_15" href="' . $sLink . '" target="_blank">' . $aTitle . '</a></div>
<div class="b-post__txt b-post__txt_fontsize_15">' . $sMsgText . '</div>
' . $sAttach . $sYoutubeLink . _parseDelIcons($aOne, 'user_id', $status, $sKind, $sJSParams, $sEditIcon) . '
</div>';
return $sReturn;
}