public static function fromInput(JitFilter $input, array $typeInfo) { $options = new Tracker_Options(); $options->info = $typeInfo; foreach ($typeInfo['params'] as $key => $info) { $filter = $info['filter']; if (isset($info['count']) && $info['count'] === '*') { $rawValue = $input->{$key}->none(); if ($rawValue !== '') { $values = explode(',', $rawValue); $filter = TikiFilter::get($filter); $values = array_map(array($filter, 'filter'), $values); } else { $values = ''; } $options->setParam($key, $values); } elseif (isset($info['separator'])) { $input->replaceFilter($key, $filter); $values = $input->asArray($key, $info['separator']); $options->setParam($key, $values); } else { $options->setParam($key, $input->{$key}->{$filter}()); } } return $options; }
function filter($value) { $parserlib = TikiLib::lib('parser'); $noparsed = array(); $parserlib->plugins_remove($value, $noparsed); $value = TikiFilter::get('xss')->filter($value); $parserlib->isEditMode = true; $parserlib->plugins_replace($value, $noparsed, true); $parserlib->isEditMode = false; return $value; }
function action_attach($input) { $type = $input->type->text(); $objectFilter = $this->getObjectFilter($type); if (!$objectFilter) { throw new Services_Exception(tr('Translation not supported for the specified object type'), 400); } $source = $input->source->{$objectFilter}(); $target = $input->target->none(); $target = end(explode(':', $target, 2)); $target = TikiFilter::get($objectFilter)->filter($target); if (!$source || !$target) { throw new Services_Exception(tr('No source or target provided'), 400); } if (!$this->canAttach($type, $source) || !$this->canAttach($type, $target)) { throw new Services_Exception(tr('You do not have permission to attach the selected translations'), 403); } $succeeded = $this->utilities->insertTranslation($type, $source, $target); if (!$succeeded) { throw new Services_Exception(tr('Could not attach the translations.'), 409); } return array('FORWARD' => array('action' => 'manage', 'type' => $type, 'source' => $source)); }
private function update_feed($rssId, $url, $actions) { global $tikilib; $filter = new DeclFilter(); $filter->addStaticKeyFilters(array('url' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'description' => 'striptags', 'content' => 'purifier')); $guidFilter = TikiFilter::get('url'); try { $content = $tikilib->httprequest($url); $feed = Zend_Feed_Reader::importString($content); } catch (Zend_Exception $e) { $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => 'N/A', 'siteurl' => '#'), array('rssId' => $rssId)); return; } $siteTitle = TikiFilter::get('striptags')->filter($feed->getTitle()); $siteUrl = TikiFilter::get('url')->filter($feed->getLink()); $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => $siteTitle, 'siteurl' => $siteUrl), array('rssId' => $rssId)); foreach ($feed as $entry) { // TODO: optimize. Atom entries have an 'updated' element which can be used to only update updated entries $guid = $guidFilter->filter($entry->getId()); $authors = $entry->getAuthors(); $data = $filter->filter(array('title' => $entry->getTitle(), 'url' => $entry->getLink(), 'description' => $entry->getDescription(), 'content' => $entry->getContent(), 'author' => $authors ? implode(', ', $authors->getValues()) : '')); $data['guid'] = $guid; if (method_exists($entry, 'getDateCreated') && ($createdDate = $entry->getDateCreated())) { $data['publication_date'] = $createdDate->get(Zend_Date::TIMESTAMP); } else { global $tikilib; $data['publication_date'] = $tikilib->now; } $count = $this->items->fetchCount(array('rssId' => $rssId, 'guid' => $guid)); if (0 == $count) { $this->insert_item($rssId, $data, $actions); } else { $this->update_item($rssId, $data['guid'], $data); } } }
} else { if ($blog_data['always_owner'] == 'y') { $author = $blog_data['user']; } else { $author = $user; } $postId = $bloglib->blog_post($_REQUEST["blogId"], $edit_data, $_REQUEST['excerpt'], $author, $title, isset($_REQUEST['contributions']) ? $_REQUEST['contributions'] : '', $blogpriv, $publishDate, $is_wysiwyg); $smarty->assign('postId', $postId); } if ($prefs['geo_locate_blogpost'] == 'y' && !empty($_REQUEST['geolocation'])) { TikiLib::lib('geo')->set_coordinates('blog post', $postId, $_REQUEST['geolocation']); } // TAG Stuff $cat_type = 'blog post'; $cat_objid = $postId; $cat_desc = TikiFilter::get('purifier')->filter(substr($edit_data, 0, 200)); $cat_name = $title; $cat_href = "tiki-view_blog_post.php?postId=" . urlencode($postId); $cat_lang = $_REQUEST['lang']; include_once "freetag_apply.php"; include_once "categorize.php"; require_once 'tiki-sefurl.php'; $smarty->loadPlugin('smarty_modifier_sefurl'); $url = smarty_modifier_sefurl($postId, 'blogpost'); header("location: {$url}"); exit; } if ($contribution_needed) { $smarty->assign('title', $_REQUEST["title"]); $smarty->assign('parsed_data', $tikilib->parse_data($_REQUEST['data'], array('is_html' => $is_wysiwyg))); $smarty->assign('data', $_REQUEST['data']);
/** * @param $siteId * @param $name * @param $description * @param $url * @param $country * @param $isValid * @return mixed */ function dir_replace_site($siteId, $name, $description, $url, $country, $isValid) { global $prefs; $name = TikiFilter::get('striptags')->filter($name); $description = TikiFilter::get('striptags')->filter($description); $url = TikiFilter::get('url')->filter($url); $country = TikiFilter::get('word')->filter($country); if ($siteId) { $query = "update `tiki_directory_sites` set `name`=?, `description`=?, `url`=?, `country`=?, `isValid`=?, `lastModif`=? where `siteId`=?"; $this->query($query, array($name, $description, $url, $country, $isValid, (int) $this->now, (int) $siteId)); } else { $query = "insert into `tiki_directory_sites`(`name`,`description`,`url`,`country`,`isValid`,`hits`,`created`,`lastModif`) values(?,?,?,?,?,?,?,?)"; $this->query($query, array($name, $description, $url, $country, $isValid, 0, (int) $this->now, (int) $this->now)); $siteId = $this->getOne("select max(siteId) from `tiki_directory_sites` where `created`=? and `name`=?", array((int) $this->now, $name)); if ($prefs['cachepages'] == 'y') { $this->cache_url($url); } } require_once 'lib/search/refresh-functions.php'; refresh_index('directory_sites', $siteId); return $siteId; }
function smarty_function_object_link_external($smarty, $link_orig, $title = null, $type = null) { $cachelib = TikiLib::lib('cache'); $tikilib = TikiLib::lib('tiki'); if (substr($link_orig, 0, 4) === 'www.') { $link = 'http://' . $link_orig; } else { $link = $link_orig; } if (!$title) { if (!($title = $cachelib->getCached($link, 'object_link_ext_title'))) { $body = $tikilib->httprequest($link); if (preg_match('|<title>(.+)</title>|', $body, $parts)) { $title = TikiFilter::get('text')->filter($parts[1]); } else { $title = $link_orig; } $cachelib->cacheItem($link, $title, 'object_link_ext_title'); } } $smarty->loadPlugin('smarty_modifier_escape'); $escapedHref = smarty_modifier_escape($link); $escapedLink = smarty_modifier_escape($link_orig); $escapedTitle = smarty_modifier_escape($title); if ($type == 'external_extended' && "{$link_orig}" != "{$title}") { $data = '<a rel="external" href="' . $escapedHref . '">' . $escapedLink . '</a>' . "<div class='link_extend_title'><em>" . $escapedTitle . "</em></div>"; } else { $data = '<a rel="external" href="' . $escapedHref . '">' . $escapedTitle . '</a>'; } return $data; }
/* * This is included in the html generated for each wiki page. It is included for each plugin used on a wiki page. * The include is of the form <script type="text/javascript" src="tiki-jsplugin.php?plugin=googledoc"></script> * If no plugin name is given, a list of all the plugins is used instead * The java script generated defines tiki_plugins["pluginname"] with meta data for the parameters of the plugin. * This is then used to allow a nice way for the editor of the page to use a form to edit the plug-in when they * click the little edit icon next to the plug-ins generated html. * * Cached by language to allow translations (tiki 5) */ header('content-type: application/x-javascript'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 3600 * 24 * 365 * 10) . ' GMT'); require_once 'tiki-filter-base.php'; $filter = TikiFilter::get('xss'); $_REQUEST['plugin'] = isset($_GET['plugin']) ? $_GET['plugin'] = $filter->filter($_GET['plugin']) : ''; $filter = TikiFilter::get('alpha'); $_REQUEST['language'] = isset($_GET['language']) ? $_GET['language'] = $filter->filter($_GET['language']) : ''; $all = empty($_REQUEST['plugin']); $files = array(); if ($all) { $cache = "temp/cache/wikiplugin_ALL_" . $_REQUEST['language']; if (file_exists($cache)) { readfile($cache); exit; } include 'tiki-setup.php'; $parserlib = TikiLib::lib('parser'); $plugins = $parserlib->plugin_get_list(); } else { $plugin = basename($_REQUEST['plugin']); $cache = 'temp/cache/wikiplugin_' . $plugin . '_' . $_REQUEST['language'];
function __construct($filter) { $this->filter = TikiFilter::get($filter); }
function add_article_type_attribute($artType, $attributeName) { $relationlib = TikiLib::lib('relation'); $attributelib = TikiLib::lib('attribute'); $fullAttributeName = TikiFilter::get('attribute_type')->filter(trim('tiki.article.' . $attributeName)); $relationId = $relationlib->add_relation('tiki.article.attribute', 'articletype', $artType, 'attribute', $fullAttributeName); if (!$relationId) { return 0; } else { $attributelib->set_attribute('relation', $relationId, 'tiki.relation.target', $attributeName); return $relationId; } }
/** * @param $name * @return mixed */ private function get_valid($name) { $filter = TikiFilter::get('attribute_type'); return $filter->filter($name); }
function parseOptions($raw, $typeInfo) { $out = array(); foreach ($typeInfo['params'] as $key => $info) { if (isset($info['count']) && $info['count'] === '*') { // There is a possibility that * does not mean all of the remaining, to apply reasonable heuristic $filter = TikiFilter::get($info['filter']); $outarray = array(); foreach ($raw as $r) { $filtered = $filter->filter($r); if (strcmp($filtered, $r) == 0) { $outarray[] = array_shift($raw); } else { break; } } $out[$key] = implode(',', $outarray); } else { $out[$key] = array_shift($raw); } } return $out; }
function getFilter($key) { return TikiFilter::get($this->rules[$key]); }
private function _getTextareaValue($info, $data) { $name = $info['preference']; if (isset($info['filter']) && ($filter = TikiFilter::get($info['filter']))) { $value = $filter->filter($data[$name]); } else { $value = $data[$name]; } $value = str_replace("\r", "", $value); if (isset($info['unserialize'])) { $fnc = $info['unserialize']; return $fnc($value); } else { return $value; } }
private function plugin_apply_filters($name, &$data, &$args, $parseOptions) { global $tikilib; $info = $this->plugin_info($name); $default = TikiFilter::get(isset($info['defaultfilter']) ? $info['defaultfilter'] : 'xss'); // Apply filters on the body $filter = isset($info['filter']) ? TikiFilter::get($info['filter']) : $default; //$data = TikiLib::htmldecode($data); // jb 9.0 commented out in fix for html entitles $data = $filter->filter($data); if (isset($parseOptions) && (!empty($parseOptions['is_html']) && !$parseOptions['is_html'])) { $noparsed = array('data' => array(), 'key' => array()); $this->strip_unparsed_block($data, $noparsed); $data = str_replace(array('<', '>'), array('<', '>'), $data); foreach ($noparsed['data'] as &$instance) { $instance = '~np~' . $instance . '~/np~'; } unset($instance); $data = str_replace($noparsed['key'], $noparsed['data'], $data); } // Make sure all arguments are declared $params = $info['params']; if (!isset($info['extraparams']) && is_array($params)) { $args = array_intersect_key($args, $params); } // Apply filters on values individually if (!empty($args)) { foreach ($args as $argKey => &$argValue) { if (!isset($params[$argKey])) { continue; // extra params } $paramInfo = $params[$argKey]; $filter = isset($paramInfo['filter']) ? TikiFilter::get($paramInfo['filter']) : $default; $argValue = TikiLib::htmldecode($argValue); if (isset($paramInfo['separator'])) { $vals = array(); $vals = $tikilib->array_apply_filter($tikilib->multi_explode($paramInfo['separator'], $argValue), $filter); $argValue = array_values($vals); } else { $argValue = $filter->filter($argValue); } } } }
$msg = ''; if (isset($_REQUEST['save']) && $prefs['feature_contribution'] === 'y' && $prefs['feature_contribution_mandatory'] === 'y' && (empty($_REQUEST['contributions']) || count($_REQUEST['contributions']) <= 0)) { $contribution_needed = true; $smarty->assign('contribution_needed', 'y'); } else { $contribution_needed = false; } if (isset($_REQUEST['save']) && $prefs['feature_categories'] === 'y' && $prefs['feature_wiki_mandatory_category'] >= 0 && (empty($_REQUEST['cat_categories']) || count($_REQUEST['cat_categories']) <= 0)) { $category_needed = true; $smarty->assign('category_needed', 'y'); } else { $category_needed = false; } if (isset($_REQUEST["save"]) && !$category_needed && !$contribution_needed) { if (strtolower($pagename) !== 'sandbox' || $tiki_p_admin === 'y') { $description = TikiFilter::get('striptags')->filter($description); if ($tikilib->page_exists($pagename)) { if ($prefs['feature_multilingual'] === 'y') { $info = $tikilib->get_page_info($pagename); if ($info['lang'] !== $pageLang) { include_once "lib/multilingual/multilinguallib.php"; if ($multilinguallib->updateObjectLang('wiki page', $info['page_id'], $pageLang, true)) { $pageLang = $info['lang']; $smarty->assign('msg', tra("The language can't be changed as its set of translations has already this language")); $smarty->display("error.tpl"); die; } } } $tikilib->update_page($pagename, $part["body"], tra('page imported'), $author, $authorid, $description, 0, $pageLang, false, $hash); } else {
public function replaceReferences(&$data, $suppliedUserData = false) { if ($suppliedUserData === false) { $suppliedUserData = $this->getRequiredInput(); } if (is_array($data)) { foreach ($data as &$sub) { $this->replaceReferences($sub, $suppliedUserData); } $toReplace = array(); foreach (array_keys($data) as $key) { $newKey = $key; $this->replaceReferences($newKey, $suppliedUserData); if ($newKey != $key) { $toReplace[$key] = $newKey; } } foreach ($toReplace as $old => $new) { $data[$new] = $data[$old]; unset($data[$old]); } } else { if (preg_match(self::SHORT_PATTERN, $data, $parts)) { $object = $this->convertReference($parts); $data = self::getObjectReference($object); return; } $needles = array(); $replacements = array(); if (preg_match_all(self::LONG_PATTERN, $data, $parts, PREG_SET_ORDER)) { foreach ($parts as $row) { $object = $this->convertReference($row); $needles[] = $row[0]; $replacements[] = self::getObjectReference($object); } } if (preg_match_all(self::INFO_REQUEST, $data, $parts, PREG_SET_ORDER)) { foreach ($parts as $row) { list($full, $label, $junk, $filter, $default) = $row; if (!array_key_exists($label, $suppliedUserData)) { $value = $default; } else { $value = $suppliedUserData[$label]; } if ($filter) { $value = TikiFilter::get($filter)->filter($value); } else { $value = TikiFilter::get('xss')->filter($value); } if (empty($value)) { $value = $default; } $needles[] = $full; $replacements[] = $value; } } if (count($needles)) { $data = str_replace($needles, $replacements, $data); } $needles = array(); $replacements = array(); // Replace date formats D(...) to unix timestamps if (preg_match_all("/D\\(([^\\)]+)\\)/", $data, $parts, PREG_SET_ORDER)) { foreach ($parts as $row) { list($full, $date) = $row; if (false !== ($conv = strtotime($date))) { $needles[] = $full; $replacements = $conv; } } } if (count($needles)) { $data = str_replace($needles, $replacements, $data); } } }
private function applyFilters() { global $tikilib; $default = TikiFilter::get(isset($this->info['defaultfilter']) ? $this->info['defaultfilter'] : 'xss'); // Apply filters on the body $filter = isset($this->info['filter']) ? TikiFilter::get($this->info['filter']) : $default; $this->body = $filter->filter($this->body); if (!$this->parser->getOption('is_html')) { $noparsed = array('data' => array(), 'key' => array()); //$this->striUnparsedBlock($this->body, $noparsed); $body = str_replace(array('<', '>'), array('<', '>'), $this->body); foreach ($noparsed['data'] as &$instance) { $instance = '~np~' . $instance . '~/np~'; } unset($instance); $this->body = str_replace($noparsed['key'], $noparsed['data'], $body); } // Make sure all arguments are declared $params =& $this->info['params']; if (!isset($this->info['extraparams']) && is_array($params)) { $this->args = array_intersect_key($this->args, $params); } // Apply filters on values individually if (!empty($this->args)) { foreach ($this->args as $argKey => &$argValue) { $paramInfo = $params[$argKey]; $filter = isset($paramInfo['filter']) ? TikiFilter::get($paramInfo['filter']) : $default; $argValue = TikiLib::htmldecode($argValue); if (isset($paramInfo['separator'])) { $vals = $tikilib->array_apply_filter($tikilib->multi_explode($paramInfo['separator'], $argValue), $filter); $argValue = array_values($vals); } else { $argValue = $filter->filter($argValue); } } } }
} } $newPermissions = get_assign_permissions(); $permissionApplier->apply($newPermissions); if (isset($_REQUEST['group'])) { $smarty->assign('groupName', $_REQUEST['group']); } } if (isset($_REQUEST['remove'])) { $access->check_authenticity(tra('Are you sure you want to remove the direct permissions from this object?')); $newPermissions = new Perms_Reflection_PermissionSet(); $permissionApplier->apply($newPermissions); } if (isset($_REQUEST['copy'])) { $newPermissions = get_assign_permissions(); $filter = TikiFilter::get('text'); $to_copy = array('perms' => $newPermissions->getPermissionArray(), 'object' => $filter->filter($_REQUEST['objectId']), 'type' => $filter->filter($_REQUEST['objectType'])); $_SESSION['perms_clipboard'] = $to_copy; } if (!empty($_SESSION['perms_clipboard'])) { $perms_clipboard = $_SESSION['perms_clipboard']; $smarty->assign('perms_clipboard_source', $perms_clipboard['type'] . (empty($perms_clipboard['object']) ? '' : ' : ') . $perms_clipboard['object']); if (isset($_REQUEST['paste'])) { $access->check_authenticity(tra('Are you sure you want paste the copied permissions onto this object?')); unset($_SESSION['perms_clipboard']); $set = new Perms_Reflection_PermissionSet(); if (isset($perms_clipboard['perms'])) { foreach ($perms_clipboard['perms'] as $group => $gperms) { foreach ($gperms as $perm) { $set->add($group, $perm); }
/** * @param $relation * @param $cond * @param $vars */ private function apply_relation_condition($relation, &$cond, &$vars) { $relation = TikiFilter::get('attribute_type')->filter($relation); if ($relation) { if (substr($relation, -1) == '.') { $relation .= '%'; } $cond[] = 'relation LIKE ?'; $vars[] = $relation; } }
/** * @param $name * @param $params * @return string */ function serializeParameters($name, $params) { $info = $this->get_module_info($name); $expanded = array(); foreach ($info['params'] as $name => $def) { if (isset($def['filter'])) { $filter = TikiFilter::get($def['filter']); } else { $filter = null; } if (isset($params[$name]) && $params[$name] !== '') { if (isset($def['separator']) && strpos($params[$name], $def['separator']) !== false) { $parts = explode($def['separator'], $params[$name]); if ($filter) { foreach ($parts as &$single) { $single = $filter->filter($single); $single = trim($single); } } } else { $parts = $params[$name]; if ($filter) { $parts = $filter->filter($parts); } } $expanded[$name] = $parts; } } if (empty($expanded)) { return ''; // http_build_query return NULL or '' depending on system } return http_build_query($expanded, '', '&'); }
function add_article_type_attribute($artType, $attributeName) { global $relationlib, $attributelib; if (!is_object($relationlib)) { include_once 'lib/attributes/relationlib.php'; } if (!is_object($attributelib)) { include_once 'lib/attributes/attributelib.php'; } $fullAttributeName = TikiFilter::get('attribute_type')->filter(trim('tiki.article.' . $attributeName)); $relationId = $relationlib->add_relation('tiki.article.attribute', 'articletype', $artType, 'attribute', $fullAttributeName); if (!$relationId) { return 0; } else { $attributelib->set_attribute('relation', $relationId, 'tiki.relation.target', $attributeName); return $relationId; } }
/** * Updates a blog post * * @param int $postId * @param int $blogId * @param string $data * @param string $excerpt * @param string $user * @param string $title * @param string $contributions * @param string $priv * @param bool $is_wysiwyg * @access public * @return void */ function update_post($postId, $blogId, $data, $excerpt, $user, $title = '', $contributions = '', $priv = 'n', $created = 0, $is_wysiwyg = FALSE) { global $prefs; $tikilib = TikiLib::lib('tiki'); if ($is_wysiwyg) { $data = TikiFilter::get('purifier')->filter($data); $excerpt = TikiFilter::get('purifier')->filter($excerpt); } $wysiwyg = $is_wysiwyg == TRUE ? 'y' : 'n'; if ($prefs['feature_blog_edit_publish_date'] == 'y') { if (!$created) { $created = $tikilib->now; } $query = "update `tiki_blog_posts` set `blogId`=?,`data`=?,`excerpt`=?,`created`=?,`user`=?,`title`=?, `priv`=?, `wysiwyg`=? where `postId`=?"; $result = $this->query($query, array($blogId, $data, $excerpt, $created, $user, $title, $priv, $wysiwyg, $postId)); } else { $query = "update `tiki_blog_posts` set `blogId`=?,`data`=?,`excerpt`=?,`user`=?,`title`=?, `priv`=?, `wysiwyg`=? where `postId`=?"; $result = $this->query($query, array($blogId, $data, $excerpt, $user, $title, $priv, $wysiwyg, $postId)); } if ($prefs['feature_actionlog'] == 'y') { $logslib = TikiLib::lib('logs'); $logslib->add_action('Updated', $blogId, 'blog', "blogId={$blogId}&postId={$postId}#postId{$postId}", '', '', '', '', $contributions); } require_once 'lib/search/refresh-functions.php'; refresh_index('blog_posts', $postId); $tikilib->object_post_save(array('type' => 'blog post', 'object' => $postId), array('content' => $data)); }
/** * @param $relation * @param $cond * @param $vars */ private function apply_relation_condition($relation, $cond) { $relation = TikiFilter::get('attribute_type')->filter($relation); if ($relation) { if (substr($relation, -1) == '.') { $relation .= '%'; } $cond['relation'] = $this->table->like($relation); } return $cond; }
function replaceFilter($key, $filter) { $filter = TikiFilter::get($filter); $this->filters[$key] = $filter; if (isset($this->stored[$key]) && $this->stored[$key] instanceof self) { $this->stored[$key]->setDefaultFilter($filter); } }
function filter($filter) { $filter = TikiFilter::get($filter); return $filter->filter($this->value); }
function getFilter($key) { $pattern = $this->getMatchingPattern($key); return TikiFilter::get($this->rules[$pattern]); }
/** * Triggered errors become exceptions... * @expectedException Exception */ function testUnknown() { $this->assertTrue(TikiFilter::get('does_not_exist') instanceof TikiFilter_PreventXss); }
$is_html = false; } } } else { if (isset($info['is_html']) and $info['is_html']) { $is_html = true; } } } if ($prefs['feature_wikilingo'] == 'n' || $prefs['feature_wikilingo'] == 'y' && isset($_REQUEST['prevent_wikilingo'])) { if (isset($jitRequest['edit'])) { // Restore the property for the rest of the script if ($is_html) { $data = $jitRequest->edit->none(); $parserlib = TikiLib::lib('parser'); $noparsed = array(); $parserlib->plugins_remove($data, $noparsed); $data = TikiFilter::get('xss')->filter($data); $parserlib->isEditMode = true; $parserlib->plugins_replace($data, $noparsed, true); $parserlib->isEditMode = false; $_REQUEST['edit'] = $data; } else { $_REQUEST['edit'] = $jitRequest->edit->wikicontent(); } //html is stored encoded in wysiwyg if (isset($jitRequest['wysiwyg']) && $jitRequest['wysiwyg'] == 'y') { $_REQUEST['edit'] = html_entity_decode($_REQUEST['edit'], ENT_QUOTES, 'UTF-8'); } } }
} else { $expireDate = $tikilib->now; } if (isset($_REQUEST['allowhtml']) && $_REQUEST['allowhtml'] == 'on' || $_SESSION['wysiwyg'] == 'y') { $body = $_REQUEST['body']; $parserlib = TikiLib::lib('parser'); $noparsed = array(); $parserlib->plugins_remove($body, $noparsed); $body = TikiFilter::get('xss')->filter($body); $parserlib->isEditMode = true; $parserlib->plugins_replace($body, $noparsed, true); $parserlib->isEditMode = false; $heading = $_REQUEST['heading']; $noparsed = array(); $parserlib->plugins_remove($heading, $noparsed); $heading = TikiFilter::get('xss')->filter($heading); $parserlib->isEditMode = true; $parserlib->plugins_replace($heading, $noparsed, true); $parserlib->isEditMode = false; //html is stored encoded in wysiwyg if (isset($jitRequest['wysiwyg']) && $jitRequest['wysiwyg'] == 'y') { $body = html_entity_decode($body, ENT_QUOTES, 'UTF-8'); $heading = html_entity_decode($heading, ENT_QUOTES, 'UTF-8'); } } else { $body = strip_tags($_REQUEST['body'], '<a><pre><p><img><hr><b><i>'); $heading = strip_tags($_REQUEST['heading'], '<a><pre><p><img><hr><b><i>'); } if (isset($_REQUEST['useImage']) && $_REQUEST['useImage'] == 'on') { $useImage = 'y'; } else {