switch ($type) { case 'news': $id = $newsid; $msgWriteComment = $PMF_LANG['newsWriteComment']; break; case 'faq': default: $id = $faqid; $msgWriteComment = $PMF_LANG['msgWriteComment']; break; } // If e-mail address is set to optional if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($mail)) { $mail = PMF_Configuration::getInstance()->get('main.administrationMail'); } if (!is_null($user) && !is_null($mail) && !is_null($comment) && checkBannedWord(PMF_String::htmlspecialchars($comment)) && IPCheck($_SERVER['REMOTE_ADDR']) && $captcha->checkCaptchaCode($code) && !$faq->commentDisabled($id, $LANGCODE, $type)) { $faqsession->userTracking("save_comment", $id); $commentData = array('record_id' => $id, 'type' => $type, 'username' => $user, 'usermail' => $mail, 'comment' => nl2br($comment), 'date' => $_SERVER['REQUEST_TIME'], 'helped' => ''); if ($faq->addComment($commentData)) { $emailTo = $faqconfig->get('main.administrationMail'); $urlToContent = ''; if ('faq' == $type) { $faq->getRecord($id); if ($faq->faqRecord['email'] != '') { $emailTo = $faq->faqRecord['email']; } $_faqUrl = sprintf('%saction=artikel&cat=%d&id=%d&artlang=%s', $sids, 0, $faq->faqRecord['id'], $faq->faqRecord['lang']); $oLink = new PMF_Link(PMF_Link::getSystemUri() . '?' . $_faqUrl); $oLink->itemTitle = $faq->faqRecord['title']; $urlToContent = $oLink->toString(); } else {
// PMF_String::init($languageCode); // Check captcha $captcha = new PMF_Captcha($db, $Language); //$captcha->setSessionId($sids); // Send headers $http = PMF_Helper_Http::getInstance(); $http->setContentType('application/json'); $http->addHeader(); // Set session $faqsession = new PMF_Session($db, $Language); $network = new PMF_Network(); if (!$network->checkIp($_SERVER['REMOTE_ADDR'])) { $message = array('error' => $PMF_LANG['err_bannedIP']); } if ('savevoting' !== $action && !$captcha->checkCaptchaCode($code)) { $message = array('error' => $PMF_LANG['msgCaptcha']); } if (isset($message['error'])) { print json_encode($message); exit; } // Save user generated content switch ($action) { // Comments case 'savecomment': $faq = new PMF_Faq(); $type = PMF_Filter::filterInput(INPUT_POST, 'type', FILTER_SANITIZE_STRING); $faqid = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT, 0); $newsid = PMF_Filter::filterInput(INPUT_POST, 'newsid', FILTER_VALIDATE_INT); $username = PMF_Filter::filterInput(INPUT_POST, 'user', FILTER_SANITIZE_STRING);
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } // Settings $selectSize = 10; $defaultUserAction = 'list'; $defaultUserStatus = 'blocked'; $loginMinLength = 4; $loginInvalidRegExp = '/(^[^a-z]{1}|[\\W])/i'; $errorMessages = array('addUser_password' => $PMF_LANG['ad_user_error_password'], 'addUser_passwordsDontMatch' => $PMF_LANG['ad_user_error_passwordsDontMatch'], 'addUser_loginExists' => $PMF_LANG["ad_adus_exerr"], 'addUser_loginInvalid' => $PMF_LANG['ad_user_error_loginInvalid'], 'addUser_noEmail' => $PMF_LANG['ad_user_error_noEmail'], 'addUser_noRealName' => $PMF_LANG['ad_user_error_noRealName'], 'delUser' => $PMF_LANG['ad_user_error_delete'], 'delUser_noId' => $PMF_LANG['ad_user_error_noId'], 'delUser_protectedAccount' => $PMF_LANG['ad_user_error_protectedAccount'], 'updateUser' => $PMF_LANG['ad_msg_mysqlerr'], 'updateUser_noId' => $PMF_LANG['ad_user_error_noId'], 'updateRights' => $PMF_LANG['ad_msg_mysqlerr'], 'updateRights_noId' => $PMF_LANG['ad_user_error_noId']); $captcha = new PMF_Captcha($sids); $loginname = PMF_Filter::filterInput(INPUT_POST, 'loginname', FILTER_SANITIZE_STRING); $lastname = PMF_Filter::filterInput(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING); if (!$captcha->checkCaptchaCode($code)) { $captchaError = $PMF_LANG['captchaError']; } if (!is_null($loginname) && !is_null($lastname) && !is_null($email) && !isset($captchaError)) { $user = new PMF_User(); $message = ''; $messages = array(); // check input data $user_name = $loginname; $user_realname = $lastname; $user_password = ''; $user_email = $email; // check login name $user->setLoginMinLength($loginMinLength); $user->setLoginInvalidRegExp($loginInvalidRegExp); if (!$user->isValidLogin($user_name)) {
* @since 2002-09-17 */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $faqsession->userTracking('sendmail_contact', 0); $captcha = new PMF_Captcha($sids); $name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRIPPED); $code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING); // If e-mail address is set to optional if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($email)) { $email = PMF_Configuration::getInstance()->get('main.administrationMail'); } if (!is_null($name) && !is_null($email) && !is_null($question) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($question)) && $captcha->checkCaptchaCode($code)) { $mail = new PMF_Mail(); $mail->unsetFrom(); $mail->setFrom($email, $name); $mail->addTo($faqconfig->get('main.administrationMail')); $mail->subject = 'Feedback: %sitename%'; $mail->message = $question; $result = $mail->send(); unset($mail); $message = $PMF_LANG['msgMailContact']; } else { $message = $PMF_LANG['err_sendMail']; } $tpl->processTemplate('writeContent', array('msgContact' => $PMF_LANG['msgContact'], 'Message' => $message)); $tpl->includeTemplate('writeContent', 'index');
* @link http://www.phpmyfaq.de * @since 2002-09-16 */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $faqsession->userTracking('sendmail_send2friend', 0); $captcha = new PMF_Captcha($sids); $name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $mailfrom = PMF_Filter::filterInput(INPUT_POST, 'mailfrom', FILTER_VALIDATE_EMAIL); $mailto = PMF_Filter::filterInputArray(INPUT_POST, array('mailto' => array('filter' => FILTER_VALIDATE_EMAIL, 'flags' => FILTER_REQUIRE_ARRAY | FILTER_NULL_ON_FAILURE))); $link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL); $attached = PMF_Filter::filterInput(INPUT_POST, 'zusatz', FILTER_SANITIZE_STRIPPED); $code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING); if (!is_null($name) && !is_null($mailfrom) && is_array($mailto) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($attached)) && $captcha->checkCaptchaCode($code)) { // Backward compatibility: extract article info from the link, no template change required $cat = $id = $artlang = null; preg_match('`index\\.php\\?action=artikel&cat=(?<cat>[\\d]+)&id=(?<id>[\\d]+)&artlang=(?<artlang>[^$]+)$`', $link, $matches); if (isset($matches['cat'])) { $cat = (int) $matches['cat']; } if (isset($matches['id'])) { $id = (int) $matches['id']; } if (isset($matches['artlang'])) { $artlang = $matches['artlang']; } // Sanity check if (is_null($cat) || is_null($id) || is_null($artlang)) { header('HTTP/1.1 403 Forbidden');
$thema = PMF_Filter::filterInput(INPUT_POST, 'thema', FILTER_SANITIZE_STRIPPED); $content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_STRIPPED); $tr_content = PMF_Filter::filterInput(INPUT_POST, 'translated_content', FILTER_SANITIZE_STRING); $contentlink = PMF_Filter::filterInput(INPUT_POST, 'contentlink', FILTER_VALIDATE_URL); $keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRIPPED); $code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING); $categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); // If e-mail address is set to optional if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($usermail)) { $usermail = PMF_Configuration::getInstance()->get('main.administrationMail'); } // Check on translation if (is_null($content) && !is_null($tr_content)) { $content = $tr_content; } if (!is_null($username) && !is_null($usermail) && !is_null($thema) && !is_null($content) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($thema)) && checkBannedWord(PMF_String::htmlspecialchars($content)) && $captcha->checkCaptchaCode($code) && (is_null($faqid) && !is_null($categories) || !is_null($faqid) && !is_null($faqlanguage) && PMF_Language::isASupportedLanguage($faqlanguage))) { $isNew = true; if (!is_null($faqid)) { $isNew = false; $faqsession->userTracking('save_new_translation_entry', 0); } else { $faqsession->userTracking('save_new_entry', 0); } $isTranslation = false; if (!is_null($faqlanguage)) { $isTranslation = true; $newLanguage = $faqlanguage; } if (PMF_String::substr($contentlink, 7) != "") { $content = $content . "<br />" . $PMF_LANG["msgInfo"] . "<a href=\"http://" . PMF_String::substr($contentlink, 7) . "\" target=\"_blank\">" . $contentlink . "</a>"; }
$mainAdminEmail = $faqconfig->get('main.administrationMail'); $mail = new PMF_Mail(); $mail->unsetFrom(); $mail->setFrom($questionData['email'], $questionData['username']); $mail->addTo($mainAdminEmail); // Let the category owner get a copy of the message if ($userEmail && $mainAdminEmail != $userEmail) { $mail->addCc($userEmail); } $mail->subject = '%sitename%'; $mail->message = $questionMail; $retval = $mail->send(); } return $retval; } if (!is_null($username) && !empty($usermail) && !empty($content) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($content)) && $captcha->checkCaptchaCode($code)) { $pmf_sw = PMF_Stopwords::getInstance(); $search_stuff = $pmf_sw->clean($content); $search = new PMF_Search($db, $Language); $search_result = array(); $counter = 0; foreach ($search_stuff as $word) { $tmp = $search->search($word); foreach ($tmp as $foundItem) { if (!isset($foundItem->id, $search_result[$foundItem->category_id])) { $counter++; $foundItem->searchterm = PMF_String::htmlspecialchars(stripslashes($word), ENT_QUOTES, 'utf-8'); $search_result[$foundItem->category_id][$foundItem->id] = $foundItem; } } }
$responseWrapper->addCommonHeaders(); // Set session $faqsession = new PMF_Session($faqConfig); $network = new PMF_Network($faqConfig); $stopwords = new PMF_Stopwords($faqConfig); if (!$network->checkIp($_SERVER['REMOTE_ADDR'])) { $message = array('error' => $PMF_LANG['err_bannedIP']); } // Check, if user is logged in $user = PMF_User_CurrentUser::getFromSession($faqConfig); if ($user instanceof PMF_User_CurrentUser) { $isLoggedIn = true; } else { $isLoggedIn = false; } if ('savevoting' !== $action && 'saveuserdata' !== $action && 'changepassword' !== $action && !$captcha->checkCaptchaCode($code) && !$isLoggedIn) { $message = array('error' => $PMF_LANG['msgCaptcha']); } if (isset($message['error'])) { $response->setData($message)->send(); exit; } // Save user generated content switch ($action) { // Comments case 'savecomment': if (!$faqConfig->get('records.allowCommentsForGuests') && $user->perm->checkRight($user->getUserId(), 'addcomment')) { $message = array('error' => $PMF_LANG['err_NotAuth']); break; } $faq = new PMF_Faq($faqConfig);