/** * Constructor, initializes the output buffering. */ public function __construct() { global $_CONF; ob_start(); // buffer any output $this->_charset = COM_getCharset(); $this->pageTemplate = new Template($_CONF['path_layout']); $this->_rewriteEnabled = $_CONF['url_rewrite']; $this->_displayExtraBlocks = $_CONF['show_right_blocks']; }
public function __construct() { global $_CONF, $LANG_CHARSET; $version = preg_replace("/[^0-9.]/", '', VERSION); $this->_gl150 = version_compare($version, '1.5.0', '>='); $this->_gl200 = version_compare($version, '2.0.0', '>='); if (is_callable('COM_getCharset')) { $charset = COM_getCharset(); } else { if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } } $this->_charset = $charset; }
/** * Set the encoding of contents * * @access public * @param string $encoding the encoding of contents * @return void */ function setEncoding($encoding) { if ($encoding == '') { $encoding = COM_getCharset(); } if ($encoding == '') { // This is very unlikely $encoding = 'iso-8859-1'; } $this->_encoding = $encoding; }
function COM_emailNotification($msgData = array()) { global $_CONF; // define the maximum number of emails allowed per bcc $maxEmailsPerSend = 10; // ensure we have something to send... if (!isset($msgData['htmlmessage']) && !isset($msgData['textmessage'])) { COM_errorLog("COM_emailNotification() - No message data provided"); return false; // no message defined } if (empty($msgData['htmlmessage']) && empty($msgData['textmessage'])) { COM_errorLog("COM_emailNotification() - Empty message data provided"); return false; // no text in either... } if (!isset($msgData['subject']) || empty($msgData['subject'])) { COM_errorLog("COM_emailNotification() - No subject provided"); return false; // must have a subject } $queued = 0; $subject = substr($msgData['subject'], 0, strcspn($msgData['subject'], "\r\n")); $subject = COM_emailEscape($subject); require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php'; $mail = new PHPMailer(); $mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/'); $mail->CharSet = COM_getCharset(); if ($_CONF['mail_backend'] == 'smtp') { $mail->IsSMTP(); $mail->Host = $_CONF['mail_smtp_host']; $mail->Port = $_CONF['mail_smtp_port']; if ($_CONF['mail_smtp_secure'] != 'none') { $mail->SMTPSecure = $_CONF['mail_smtp_secure']; } if ($_CONF['mail_smtp_auth']) { $mail->SMTPAuth = true; $mail->Username = $_CONF['mail_smtp_username']; $mail->Password = $_CONF['mail_smtp_password']; } $mail->Mailer = "smtp"; } elseif ($_CONF['mail_backend'] == 'sendmail') { $mail->Mailer = "sendmail"; $mail->Sendmail = $_CONF['mail_sendmail_path']; } else { $mail->Mailer = "mail"; } $mail->WordWrap = 76; if (isset($msgData['htmlmessage']) && !empty($msgData['htmlmessage'])) { $mail->IsHTML(true); $mail->Body = $msgData['htmlmessage']; if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) { $mail->AltBody = $msgData['textmessage']; } } else { $mail->IsHTML(false); if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) { $mail->Body = $msgData['textmessage']; } } $mail->Subject = $subject; if (isset($msgData['embeddedImage']) && is_array($msgData['embeddedImage'])) { foreach ($msgData['embeddedImage'] as $embeddedImage) { $mail->AddEmbeddedImage($embeddedImage['file'], $embeddedImage['name'], $embeddedImage['filename'], $embeddedImage['encoding'], $embeddedImage['mime']); } } if (is_array($msgData['from'])) { $mail->From = $msgData['from']['email']; $mail->FromName = $msgData['from']['name']; } else { $mail->From = $msgData['from']; $mail->FromName = $_CONF['site_name']; } $queued = 0; if (is_array($msgData['to'])) { foreach ($msgData['to'] as $to) { if (is_array($to)) { $mail->AddBCC($to['email'], $to['name']); } else { if (COM_isEmail($to)) { $mail->AddBCC($to); } } $queued++; if ($queued >= $maxEmailsPerSend) { if (!$mail->Send()) { COM_errorLog("Email Error: " . $mail->ErrorInfo); } $queued = 0; $mail->ClearBCCs(); } } } if ($queued > 0) { if (!@$mail->Send()) { COM_errorLog("Email Error: " . $mail->ErrorInfo); } } }
} $row = DB_fetchArray($result); $aid = $row['album_id']; $album_data = MG_getAlbumData($aid, array('skin', 'display_skin', 'album_id', 'playback_type', 'allow_download', 'full_display'), true); if ($album_data['access'] == 0) { $display = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . '<br' . XHTML . '>' . $LANG_MG00['access_denied_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display = MG_createHTMLDocument($display); COM_output($display); exit; } $themeCSS = ''; if (!empty($album_data['skin'])) { $skin = $album_data['skin']; if (file_exists($_MG_CONF['path_html'] . 'themes/' . $skin . '/javascript.js')) { $themeCSS .= '<script type="text/javascript" src="' . $_MG_CONF['site_url'] . '/themes/' . $skin . '/javascript.js"></script>' . LB; } if (file_exists($_MG_CONF['path_html'] . 'themes/' . $skin . '/style.css')) { $themeCSS .= '<link rel="stylesheet" type="text/css" href="' . $_MG_CONF['site_url'] . '/themes/' . $skin . '/style.css"' . XHTML . '>' . LB; } } $opt = array('playback_type' => 2, 'skin' => $album_data['skin'], 'display_skin' => $album_data['display_skin'], 'allow_download' => $album_data['allow_download'], 'full_display' => $album_data['full_display']); $object = MG_buildContent($row, $opt); $T = COM_newTemplate(MG_getTemplatePath($aid)); $T->set_file('video', 'view_window.thtml'); $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'themeCSS' => $themeCSS, 'charset' => COM_getCharset(), 'object' => $object[0])); if (!SEC_hasRights('mediagallery.admin')) { $media_views = $row['media_views'] + 1; DB_change($_TABLES['mg_media'], 'media_views', $media_views, 'media_id', addslashes($row['media_id'])); } $display = $T->finish($T->parse('output', 'video')); COM_output($display);
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '') { global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms; $album = new mgAlbum($album_id); if ($actionURL == '') { $actionURL = $_MG_CONF['site_url'] . '/index.php'; } $retval = ''; $T = COM_newTemplate(MG_getTemplatePath($album_id)); $T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml')); // pull the media information from the database... $sql = "SELECT * FROM "; if ($_DB_dbms == "mssql") { $sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM "; } $sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) { COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return COM_showMessageText($LANG_MG00['access_denied_msg']); } // Build Album List $album_jumpbox = '<select name="albums" width="40">'; $root_album = new mgAlbum(0); $root_album->buildJumpBox($album_jumpbox, $album_id); $album_jumpbox .= '</select>'; // should check the above for errors, etc... $exif_info = ''; if ($row['media_type'] == 0) { if (!function_exists('MG_readEXIF')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php'; } $exif_info = MG_readEXIF($row['media_id'], 1, $mqueue); if (empty($exif_info)) { $exif_info = ''; } } $media_time_month = date("m", $row['media_time']); $media_time_day = date("d", $row['media_time']); $media_time_year = date("Y", $row['media_time']); $media_time_hour = date("H", $row['media_time']); $media_time_minute = date("i", $row['media_time']); $month_select = '<select name="media_month">'; $month_select .= COM_getMonthFormOptions($media_time_month); $month_select .= '</select>'; $day_select = '<select name="media_day">'; for ($i = 1; $i < 32; $i++) { $day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $day_select .= '</select>'; $current_year = (int) date("Y"); $end_year = $current_year + 10; $year_select = '<select name="media_year">'; for ($i = 1998; $i < $end_year; $i++) { $year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $year_select .= '</select>'; $hour_select = '<select name="media_hour">'; for ($i = 0; $i < 24; $i++) { $hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $hour_select .= '</select>'; $minute_select = '<select name="media_minute">'; for ($i = 0; $i < 60; $i++) { $minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>'; } $minute_select .= '</select>'; $media_time = MG_getUserDateTimeFormat($row['media_time']); $tn_size = 1; list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size); $attached_thumbnail = ''; if ($row['media_tn_attached'] == 1) { $atnsize = ''; if ($size != false) { list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150); $atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"'; } $attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>'; $tmpthumb = Media::getDefaultThumbnail($row, $tn_size); $thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb; $size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb); } $preview = ''; $preview_end = ''; if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) { // image, video and music file if ($row['media_type'] == 2) { $win_width = 540; $win_height = 320; } elseif ($row['media_type'] == 1) { $win_width = 660; $win_height = 525; } elseif ($row['media_type'] == 0) { $path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']); $media_size_disp = @getimagesize($path); $win_width = $media_size_disp[0] + 20; $win_height = $media_size_disp[1] + 20; } else { $win_width = 800; $win_height = 600; } $url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue); $preview = "<a href=\"" . $url . "\">"; $preview_end = "</a>"; } $rotate_right = ''; $rotate_left = ''; if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) { $rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>'; $rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>'; } $resolution = ''; $lang_resolution = ''; if ($row['media_type'] == 1) { // video file $resolution = 'unknown'; if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) { $resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y']; } $lang_resolution = $LANG_MG07['resolution']; } $sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'"; $poResult = DB_query($sql); $poNumRows = DB_numRows($poResult); // playback options, if needed... if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') { // pull defaults, then override... $playback_options['autostart'] = $_MG_CONF['asf_autostart']; $playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu']; $playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit']; $playback_options['uimode'] = $_MG_CONF['asf_uimode']; $playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar']; $playback_options['playcount'] = $_MG_CONF['asf_playcount']; $playback_options['height'] = $_MG_CONF['asf_height']; $playback_options['width'] = $_MG_CONF['asf_width']; $playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor']; for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full']))); $T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution)); $T->parse('playback_options', 'asf_options'); } if ($row['mime_type'] == 'audio/mpeg') { // pull defaults, then override... $playback_options['autostart'] = $_MG_CONF['mp3_autostart']; $playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu']; $playback_options['uimode'] = $_MG_CONF['mp3_uimode']; $playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar']; $playback_options['loop'] = $_MG_CONF['mp3_loop']; for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full']))); $T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'])); $T->parse('playback_options', 'mp3_options'); } if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') { // pull defaults, then override... $playback_options['play'] = $_MG_CONF['swf_play']; $playback_options['menu'] = $_MG_CONF['swf_menu']; $playback_options['quality'] = $_MG_CONF['swf_quality']; $playback_options['height'] = $_MG_CONF['swf_height']; $playback_options['width'] = $_MG_CONF['swf_width']; $playback_options['loop'] = $_MG_CONF['swf_loop']; $playback_options['scale'] = $_MG_CONF['swf_scale']; $playback_options['wmode'] = $_MG_CONF['swf_wmode']; $playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess']; $playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor']; $playback_options['swf_version'] = $_MG_CONF['swf_version']; for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high']))); $scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit']))); $wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent']))); $asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never']))); $T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version'])); if ($row['mime_type'] == 'application/x-shockwave-flash') { $T->parse('playback_options', 'swf_options'); } else { $T->parse('playback_options', 'flv_options'); } } if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') { // pull defaults, then override... $playback_options['autoref'] = $_MG_CONF['mov_autoref']; $playback_options['autoplay'] = $_MG_CONF['mov_autoplay']; $playback_options['controller'] = $_MG_CONF['mov_controller']; $playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : ''; $playback_options['scale'] = $_MG_CONF['mov_scale']; $playback_options['loop'] = $_MG_CONF['mov_loop']; $playback_options['height'] = $_MG_CONF['mov_height']; $playback_options['width'] = $_MG_CONF['mov_width']; $playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor']; for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size']))); $T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'])); $T->parse('playback_options', 'mov_options'); } $remoteurl = $row['remote_url']; $lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url']; // user information $username = ''; if (SEC_hasRights('mediagallery.admin')) { $username = '******'; $sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC"; $result = DB_query($sql); while ($userRow = DB_fetchArray($result)) { $username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB; } $username .= '</select>'; } else { if ($row['media_user_id'] != '') { $displayname = $_CONF['show_fullname'] ? 'fullname' : 'username'; $username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}"); } } $cat_select = '<select name="cat_id" id="cat_id">'; $cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>'; $result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC"); while ($catRow = DB_fetchArray($result)) { $cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>'; } $cat_select .= '</select>'; $T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre'])); // language items $T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album'])); $retval .= $T->finish($T->parse('output', 'admin')); return $retval; }
/** * Convert wiki-formatted text to (X)HTML * * @param string $wikitext wiki-formatted text * @return string XHTML formatted text * */ public static function renderWikiText($wikitext) { global $_CONF; if (!$_CONF['wikitext_editor']) { return $wikitext; } require_once 'Text/Wiki.php'; $wiki = new Text_Wiki(); $wiki->setFormatConf('Xhtml', 'translate', HTML_SPECIALCHARS); $wiki->setRenderConf('Xhtml', 'charset', COM_getCharset()); $wiki->disableRule('wikilink'); $wiki->disableRule('freelink'); $wiki->disableRule('interwiki'); return $wiki->transform($wikitext, 'Xhtml'); }
/** * Fix the character set of a default feed file which is hard-coded as 'iso-8859-1'. * * @param int $fid feed id */ function SYND_fixCharset($fid) { global $_CONF, $_TABLES, $_SYND_DEBUG; $sql = "SELECT COUNT(filename) AS cnt " . "FROM {$_TABLES['syndication']} " . "WHERE (fid = {$fid}) AND (filename = 'geeklog.rss') " . "AND (charset = 'iso-8859-1')"; $result = DB_query($sql); if ($result !== false) { list($cnt) = DB_fetchArray($result); if ($cnt == 1) { $fileName = SYND_getFeedPath('geeklog.rss'); clearstatcache(); if (@filesize($fileName) === 0) { $charset = DB_escapeString(COM_getCharset()); $sql = "UPDATE {$_TABLES['syndication']} " . "SET charset = '{$charset}' " . "WHERE (fid = {$fid})"; DB_query($sql); } } } }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $http = new http_class(); $http->timeout = 0; $http->data_timeout = 0; $http->debug = 0; $http->html_debug = 0; $http->user_agent = 'glFusion/' . GVERSION; $error = $http->GetRequestArguments($url, $arguments); $error = $http->Open($arguments); $error = $http->SendRequest($arguments); if ($error == "") { $http->ReadReplyHeaders($headers); if ($http->response_status == 200) { $error = $http->ReadWholeReplyBody($body); if ($error == "" || strlen($body) > 0) { if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $headers['content-type']; $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } else { COM_errorLog("Pingback verification: unable to retrieve response body"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: " . $error . " when requesting " . $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
/** * Escape a string for displaying in HTML */ function DLM_htmlspecialchars($text) { $text = str_replace(array('<', '>', '&', '"', '''), array('<', '>', '&', '"', "'"), $text); return htmlspecialchars($text, ENT_QUOTES, COM_getCharset()); }
/** * Send a trackback ping * * Based on a code snippet by Jannis Hermanns, * http://www.jannis.to/programming/trackback.html * * @param string $targeturl URL to ping * @param string $url URL of our entry * @param string $title title of our entry * @param string $excerpt text excerpt from our entry * @param string $blog name of our Geeklog site * @return mixed true = success, otherwise: error message * */ function TRB_sendTrackbackPing($targeturl, $url, $title, $excerpt, $blog = '') { global $_CONF, $LANG_TRB; if (empty($blog)) { $blog = $_CONF['site_name']; } $target = parse_url($targeturl); if (!isset($target['query'])) { $target['query'] = ''; } else { if (!empty($target['query'])) { $target['query'] = '?' . $target['query']; } } if (!isset($target['port']) || !is_numeric($target['port'])) { $target['port'] = 80; } $sock = fsockopen($target['host'], $target['port']); if (!is_resource($sock)) { COM_errorLog('Trackback: Could not connect to ' . $targeturl); return $LANG_TRB['error_socket']; } $toSend = 'url=' . rawurlencode($url) . '&title=' . rawurlencode($title) . '&blog_name=' . rawurlencode($blog) . '&excerpt=' . rawurlencode($excerpt); $charset = COM_getCharset(); fputs($sock, 'POST ' . $target['path'] . $target['query'] . " HTTP/1.0\r\n"); fputs($sock, 'Host: ' . $target['host'] . "\r\n"); fputs($sock, 'Content-type: application/x-www-form-urlencoded; charset=' . $charset . "\r\n"); fputs($sock, 'Content-length: ' . MBYTE_strlen($toSend) . "\r\n"); fputs($sock, 'User-Agent: Geeklog/' . VERSION . "\r\n"); fputs($sock, "Connection: close\r\n\r\n"); fputs($sock, $toSend); $res = ''; while (!feof($sock)) { $res .= fgets($sock, 128); } fclose($sock); // firing up the XML parser for this would be overkill ... $r1 = strpos($res, '<error>'); $r2 = strpos($res, '</error>'); if ($r1 === false || $r2 === false) { return $LANG_TRB['error_response']; } $r1 += strlen('<error>'); $e = trim(substr($res, $r1, $r2 - $r1)); if ($e != 0) { $r1 = strpos($res, '<message>'); $r2 = strpos($res, '</message>'); $r1 += strlen('<message>'); if ($r1 === false || $r2 === false) { return $LANG_TRB['error_unspecified']; } $m = trim(substr($res, $r1, $r2 - $r1)); return $m; } return true; }
} if (!$iframe) { $pageTitle = strip_tags(COM_checkWords($subject)); $canonical = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $showtopic; if ($page > 1) { $canonical .= '&page=' . $page; } $headercode = '<link rel="canonical" href="' . $canonical . '" />'; $display .= FF_siteHeader($pageTitle, $headercode); $display .= FF_ForumHeader($forum, $showtopic); } else { list($cacheFile, $cacheURL) = COM_getStyleCacheLocation(); $csslink = $cacheURL; $topicTemplate->set_var('csslink', $csslink); $outputHandle = outputHandler::getInstance(); $topicTemplate->set_var(array('meta-header' => $outputHandle->renderHeader('meta'), 'css-header' => $outputHandle->renderHeader('style'), 'js-header' => $outputHandle->renderHeader('script'), 'raw-header' => $outputHandle->renderHeader('raw'), 'charset' => COM_getCharset())); } if (isset($_GET['lastpost']) && $_GET['lastpost']) { if ($page == 0) { $page = $numpages; } if (isset($_GET['onlytopic']) && $_GET['onlytopic'] == 1) { $order = $_FF_CONF['showtopic_review_order']; $page = 1; } else { $order = $FF_userprefs['topic_order']; //'ASC'; } if ($page > 1) { $offset = ($page - 1) * $show; } else {
/** * Escapes a string for HTML output */ function MG_escape($str) { static $charset = NULL; if ($charset == NULL) { $charset = COM_getCharset(); } $str = str_replace(array('<', '>', '&', '"', '''), array('<', '>', '&', '"', "'"), $str); return htmlspecialchars($str, ENT_QUOTES, $charset); }
/** * Get a valid encoding for htmlspecialchars() * * @return string character set, e.g. 'utf-8' * */ function COM_getEncodingt() { static $encoding; if ($encoding === null) { $encoding = strtolower(COM_getCharset()); $valid_charsets = array('iso-8859-1', 'iso-8859-15', 'utf-8', 'cp866', 'cp1251', 'cp1252', 'koi8-r', 'big5', 'gb2312', 'big5-hkscs', 'shift_jis', 'sjis', 'euc-jp'); if (!in_array($encoding, $valid_charsets)) { $encoding = 'iso-8859-1'; } } return $encoding; }
die('This file cannot be used on its own.'); } // Prepares locale data $locale = array(); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $locale['ja'] = array('locale' => 'C', 'date' => '%Y年%m月%d日 %H:%M', 'daytime' => '%m月%d日 %H:%M', 'shortdate' => '%d', 'dateonly' => '%m%d', 'timeonly' => '%H:%M'); } else { $locale['ja'] = array('locale' => strtoupper(substr(PHP_OS, 0, 7)) === 'FREEBSD' ? 'ja_JP' : 'ja_JP.UTF-8', 'date' => '%Y年%B%e日(%a) %H:%M %Z', 'daytime' => '%m/%d %H:%M %Z', 'shortdate' => '%Y年%B%e日', 'dateonly' => '%B%e日', 'timeonly' => '%H:%M %Z'); } $locale['en'] = array('locale' => 'en_GB', 'date' => '%A, %B %d %Y @ %I:%M %p %Z', 'daytime' => '%m/%d %I:%M%p', 'shortdate' => '%x', 'dateonly' => '%d-%b', 'timeonly' => '%I:%M %p %Z'); $htmlfilter = array(); $htmlfilter['ja'] = array('user' => array('a' => array('href' => 1, 'title' => 1, 'rel' => 1), 'b' => array(), 'blockquote' => array(), 'br' => array('clear' => 1), 'code' => array(), 'div' => array('class' => 1), 'em' => array(), 'font' => array('color' => 1), 'h' => array(), 'hr' => array(), 'i' => array(), 'li' => array(), 'ol' => array(), 'p' => array('lang' => 1), 'pre' => array(), 'strong' => array(), 'tt' => array(), 'ul' => array()), 'admin' => array('a' => array('href' => 1, 'title' => 1, 'id' => 1, 'lang' => 1, 'name' => 1, 'type' => 1, 'rel' => 1), 'br' => array('clear' => 1, 'style' => 1), 'caption' => array('style' => 1), 'div' => array('class' => 1, 'id' => 1, 'style' => 1), 'embed' => array('src' => 1, 'loop' => 1, 'quality' => 1, 'width' => 1, 'height' => 1, 'type' => 1, 'pluginspage' => 1, 'align' => 1), 'h1' => array('class' => 1, 'id' => 1, 'style' => 1), 'h2' => array('class' => 1, 'id' => 1, 'style' => 1), 'h3' => array('class' => 1, 'id' => 1, 'style' => 1), 'h4' => array('class' => 1, 'id' => 1, 'style' => 1), 'h5' => array('class' => 1, 'id' => 1, 'style' => 1), 'h6' => array('class' => 1, 'id' => 1, 'style' => 1), 'hr' => array('class' => 1, 'id' => 1, 'align' => 1), 'img' => array('src' => 1, 'width' => 1, 'height' => 1, 'vspace' => 1, 'hspace' => 1, 'dir' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'lang' => 1, 'longdesc' => 1, 'title' => 1, 'id' => 1, 'alt' => 1, 'style' => 1), 'noscript' => array(), 'object' => array('type' => 1, 'data' => 1, 'classid' => 1, 'codebase' => 1, 'width' => 1, 'height' => 1, 'align' => 1), 'ol' => array('class' => 1, 'style' => 1), 'p' => array('class' => 1, 'id' => 1, 'align' => 1, 'lang' => 1), 'param' => array('name' => 1, 'value' => 1), 'script' => array('src' => 1, 'language' => 1, 'type' => 1), 'span' => array('class' => 1, 'id' => 1, 'lang' => 1), 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1, 'cellspacing' => 1, 'cellpadding' => 1), 'tbody' => array(), 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1), 'ul' => array('class' => 1, 'style' => 1))); $htmlfilter['en'] = array('user' => array('p' => array(), 'b' => array(), 'strong' => array(), 'i' => array(), 'a' => array('href' => 1, 'title' => 1, 'rel' => 1), 'em' => array(), 'br' => array(), 'tt' => array(), 'hr' => array(), 'li' => array(), 'ol' => array(), 'ul' => array(), 'code' => array(), 'pre' => array()), 'admin' => array('p' => array('class' => 1, 'id' => 1, 'align' => 1), 'div' => array('class' => 1, 'id' => 1), 'span' => array('class' => 1, 'id' => 1), 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1, 'cellspacing' => 1, 'cellpadding' => 1), 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1), 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1))); $_JAPANIZE_DATA = array(); // 1. テーブル構造とデータを変更する $_JAPANIZE_DATA[1] = array(array('ja' => "ALTER TABLE {$_TABLES['syndication']} " . "MODIFY language VARCHAR(20) NOT NULL DEFAULT 'ja' ", 'en' => "ALTER TABLE {$_TABLES['syndication']} " . "MODIFY language VARCHAR(20) NOT NULL DEFAULT 'en-gb' "), array('ja' => "UPDATE {$_TABLES['syndication']} " . "SET language = 'ja' ", 'en' => "UPDATE {$_TABLES['syndication']} " . "SET language = 'en-gb' "), array('ja' => "UPDATE {$_TABLES['syndication']} " . "SET charset = 'utf-8' ", 'en' => "UPDATE {$_TABLES['syndication']} " . "SET charset = '" . COM_getCharset() . "' "), array('ja' => "ALTER TABLE {$_TABLES['users']} " . "MODIFY username VARCHAR(108) NOT NULL DEFAULT '' ", 'en' => "ALTER TABLE {$_TABLES['users']} " . "MODIFY username VARCHAR(16) NOT NULL DEFAULT '' "), array('ja' => "UPDATE {$_TABLES['users']} " . "SET username = '******'ゲストユーザー') . "', " . " fullname = '" . DB_escapeString('ゲストユーザー') . "' " . "WHERE (uid = 1) ", 'en' => "UPDATE {$_TABLES['users']} " . "SET username = '******', fullname = 'Anonymous' " . "WHERE (uid = 1) "), array('ja' => "UPDATE {$_TABLES['users']} " . "SET fullname= '" . DB_escapeString('サイト管理者') . "', homepage='" . DB_escapeString($_CONF['site_url']) . "' " . "WHERE (uid = 2) ", 'en' => "UPDATE {$_TABLES['users']} " . "SET fullname= 'Geeklog SuperUser', homepage='http://www.geeklog.net/' " . "WHERE (uid = 2) "), array('ja' => "UPDATE {$_TABLES['stories']} " . "SET title = '" . DB_escapeString('Geeklogへようこそ!') . "', " . "introtext = '" . DB_escapeString("<p>無事インストールが完了したようですね。おめでとうございます。できれば、<a href=\"docs/japanese/index.html\">docs ディレクトリ</a>のすべての文書に一通り目を通しておいてください。Geeklogはユーザーを中心としたセキュリティモデルを実装しています。Geeklogを管理・運用するにはこの仕組みを理解する必要があります。</p>\n<p>サイトにログインするには、次のアカウントを使用してください:</p>\n<p>ユーザー名: <strong>Admin</strong><br />\nパスワード: <strong>password</strong></p><p><strong>ログインしたら、忘れずに<a href=\"{$_CONF['site_url']}/usersettings.php?mode=edit\">パスワードを変更</a>してください。</strong></p><p>Geeklogのサポートは、<a href=\"http://www.geeklog.jp\">Geeklog Japanese</a>へ。追加ドキュメントは <a href=\"http://wiki.geeklog.jp\">Geeklog Wiki ドキュメント</a>をどうぞ。</p>") . "' " . "WHERE (sid = 'welcome') ", 'en' => "UPDATE {$_TABLES['stories']} " . "SET title = 'Welcome to Geeklog!', " . "introtext = '" . DB_escapeString("<p>Welcome and let me be the first to congratulate you on installing Geeklog. Please take the time to read everything in the <a href=\"docs/english/index.html\">docs directory</a>. Geeklog now has enhanced, user-based security. You should thoroughly understand how these work before you run a production Geeklog Site.</p>\n<p>To log into your new Geeklog site, please use this account:</p>\n<p>Username: <b>Admin</b><br />\nPassword: <b>password</b></p><p><b>And don't forget to <a href=\"{$_CONF['site_url']}/usersettings.php?mode=edit\">change your password</a> after logging in!</b></p>") . "' " . "WHERE (sid = 'welcome') "), array('ja' => "UPDATE {$_TABLES['storysubmission']} " . "SET title = '" . DB_escapeString('セキュリティを確認してください。') . "', " . "introtext = '" . DB_escapeString("<p>インストールが終了したら、次のことを実行してセキュリティを高めてください。</p><ol>\n<li>Adminアカウントのパスワードを変更する。</li>\n<li>installディレクトリを削除する(もう必要ありません)。</li>\n</ol>") . "' " . "WHERE (sid = 'security-reminder') ", 'en' => "UPDATE {$_TABLES['storysubmission']} " . "SET title = 'Are you secure?', " . "introtext = '" . DB_escapeString("<p>This is a reminder to secure your site once you have Geeklog up and running. What you should do:</p>\n\n<ol>\n<li>Change the default password for the Admin account.</li>\n<li>Remove the install directory (you won't need it any more).</li>\n</ol>") . "' " . "WHERE (sid = 'security-reminder') "), array('ja' => "UPDATE {$_TABLES['topics']} " . "SET topic = '" . DB_escapeString('おしらせ') . "' " . "WHERE (tid = 'General') ", 'en' => "UPDATE {$_TABLES['topics']} " . "SET topic = '" . DB_escapeString('General News') . "' " . "WHERE (tid = 'General') ")); if (DB_checkTableExists('events')) { // イベントの郵便番号を16桁に $_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['events']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1"); $_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['eventsubmission']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1"); $_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['personal_events']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1"); } if (DB_checkTableExists('linkcategories')) { $_JAPANIZE_DATA[1][] = array('ja' => "UPDATE {$_TABLES['linkcategories']} " . "SET description = '" . DB_escapeString('Geeklog関係のサイト') . "' " . "WHERE (cid = '" . DB_escapeString('geeklog-sites') . "') ", 'en' => "UPDATE {$_TABLES['linkcategories']} " . "SET description = '" . DB_escapeString('Sites using or related to the Geeklog CMS') . "' " . "WHERE (cid = '" . DB_escapeString('geeklog-sites') . "') "); } if (DB_checkTableExists('links')) { if (DB_count($_TABLES['links'], 'lid', 'geeklog.jp') == 0) { $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'"); $_JAPANIZE_DATA[1][] = array('ja' => "INSERT INTO {$_TABLES['links']} " . "(lid, cid, url, description, title, hits, date, " . "owner_id, group_id, perm_owner, perm_group, " . "perm_members, perm_anon) " . "VALUES ('geeklog.jp', 'geeklog-sites', 'http://www.geeklog.jp/', " . "'" . DB_escapeString('Geeklog日本公式サイト') . "', '" . DB_escapeString('Geeklog Japanese') . "', 0, NOW(), 1, {$group_id}, " . "3, 3, 2, 2) ", 'en' => "DELETE FROM {$_TABLES['links']} " . "WHERE (lid = 'geeklog.jp')"); } else { $_JAPANIZE_DATA[1][] = array('ja' => "SELECT 1", 'en' => "DELETE FROM {$_TABLES['links']} " . "WHERE (lid = 'geeklog.jp')");
/** * this searches for pages matching the user query and returns an array of * for the header and table rows back to search.php where it will be formated and * printed * * @query string Keywords user is looking for * @datestart date/time Start date to get results for * @dateend date/time End date to get results for * @topic string The topic they were searching in * @type string Type of items they are searching * @author string Get all results by this author * */ function MG_search($id, $page, $searchinfo = '') { global $_USER, $_TABLES, $_CONF, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03; $columns_per_page = $_MG_CONF['search_columns']; $rows_per_page = $_MG_CONF['search_rows']; if (!empty($searchinfo['numresults'])) { $rows_per_page = intval($searchinfo['numresults'] / $columns_per_page); } $media_per_page = $columns_per_page * $rows_per_page; $current_print_page = $page; // $alertmsg = '<div class="pluginAlert">' . $LANG_MG03['no_search_found'] . '</div>'; // pull the query from the search database... $result = DB_query("SELECT * FROM {$_TABLES['mg_sort']} WHERE sort_id='" . addslashes($id) . "'"); // $nrows = DB_numRows($result); // if ($nrows < 1) { // return $alertmsg; // } $S = DB_fetchArray($result); if (!isset($_USER['uid']) || $_USER['uid'] < 2) { $sort_user = 1; } else { $sort_user = $_USER['uid']; } // if ($sort_user != $S['sort_user'] && $S['sort_user'] != 1) { // return $alertmsg; // } $page = $page - 1; $begin = $media_per_page * $page; $end = $media_per_page; $root_album_owner_id = SEC_hasRights('mediagallery.admin'); $permsql = COM_getPermSQL('AND', $sort_user, 2, 'a'); $hiddensql = !$root_album_owner_id ? "AND a.hidden=0 " : ''; $sql = "SELECT DISTINCT count(*) AS c FROM {$_TABLES['mg_media']} AS m, " . $_TABLES['mg_media_albums'] . " AS ma, " . $_TABLES['mg_albums'] . " AS a " . $S['sort_query'] . " AND m.media_id=ma.media_id AND ma.album_id=a.album_id " . $hiddensql . $permsql; $result = DB_query($sql); $row = DB_fetchArray($result); $total_media = $row['c']; // if ($total_media < 1) { // return $alertmsg; // } $sql = "SELECT DISTINCT m.*,a.album_id FROM {$_TABLES['mg_media']} AS m, " . $_TABLES['mg_media_albums'] . " AS ma, " . $_TABLES['mg_albums'] . " AS a " . $S['sort_query'] . " AND m.media_id=ma.media_id AND ma.album_id=a.album_id " . $hiddensql . $permsql . " ORDER BY m.media_time DESC" . " LIMIT " . $begin . "," . intval($begin + $end); $result = DB_query($sql); $media_array = array(); while ($row = DB_fetchArray($result)) { $media_array[] = $row; } $total_print_pages = ceil($total_media / $media_per_page); $pagination = COM_printPageNavigation($_MG_CONF['site_url'] . '/search.php?id=' . $id, $page + 1, $total_print_pages, 'page='); $page_number = sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages); $return_url = $S['referer'] == '' ? $_MG_CONF['site_url'] : htmlentities($S['referer'], ENT_QUOTES, COM_getCharset()); // new stuff $T = COM_newTemplate(MG_getTemplatePath_byName()); $T->set_file('page', 'search_page.thtml'); $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => $pagination, 'bottom_pagination' => $pagination, 'page_number' => $page_number, 'lang_search_results' => $LANG_MG03['search_results'], 'lang_return_to_index' => $LANG_MG03['return_to_index'], 'return_url' => $return_url, 'search_keywords' => $searchinfo['keywords'] == '*' ? '*' : $S['keywords'], 'lang_search' => $LANG_MG01['search'])); MG_buildSearchBox($T, $searchinfo); $howmany = $total_media - $page * $media_per_page; if ($howmany > $total_media) { $howmany = $total_media; } if ($howmany > 0) { $k = 0; $col = 0; $opt = array('sortOrder' => 0, 'searchmode' => 1); $T->set_block('page', 'ImageColumn', 'IColumn'); $T->set_block('page', 'ImageRow', 'IRow'); for ($i = 0; $i < $media_per_page; $i += $columns_per_page) { $next_columns = $i + $columns_per_page; for ($j = $i; $j < $next_columns; $j++) { if ($j >= $total_media) { $T->parse('IRow', 'ImageRow', true); $T->set_var('IColumn', ''); break 2; } if ($j + $begin >= $total_media) { continue; } $media = new Media($media_array[$j], $media_array[$j]['album_id']); $celldisplay = $media->displayThumb($opt); if ($media->type == 1) { $PhotoURL = MG_getFileUrl('disp', $media->filename); $T->set_var('URL', $PhotoURL); } $T->set_var('clear_float', ''); if ($col == $columns_per_page) { $T->set_var('clear_float', ' clear:both;'); $col = 0; } $T->set_var('CELL_DISPLAY_IMAGE', $celldisplay); $T->parse('IColumn', 'ImageColumn', true); $col++; } $T->parse('IRow', 'ImageRow', true); $T->set_var('IColumn', ''); } $T->set_var('album_body', 1); } else { $T->set_var('lang_no_image', $LANG_MG03['no_media_objects']); } return $T->finish($T->parse('output', 'page')); }
$msg = COM_applyFilter($_GET['msg'], true); if ($msg <= 0) { $msg = 0; } } // Handle just template staticpage security here, rest done in services. // Cannot view template staticpages directly. If template staticpage bail here // if user doesn't have edit rights. if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) { if (SEC_hasRights('staticpages.edit')) { $perms = SP_getPerms('', '3'); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') { COM_handle404(); exit; } } else { COM_handle404(); exit; } } $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query); if ($display_mode == 'print') { header('Content-Type: text/html; charset=' . COM_getCharset()); if (!empty($_CONF['frame_options'])) { header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']); } } COM_output($retval);
// | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // include '../../lib-common.php'; include '../library.php'; $mytimer = new timerobject(); $mytimer->startTimer(); $charset = COM_getCharset(); // Code added to handle the issue with the default $_COOKIE array being sent by the Flash Image uploader // We can sent the cookies in the post form data and then extract and filter the data to rebuild the COOKIE array // Also now need this to support Geeklog 1.6.1 that enables HTTP only cookie support. // Javascript no longer has access to the gl_session id in the cookie - issue only apparent in the YUI upload form if (!isset($_USER['uid']) and isset($_POST['cookie_session'])) { $_COOKIE[$_CONF['cookie_session']] = COM_applyFilter($_POST['cookie_session']); // Have a valid session id now from the COOKIE - ReInitialize the session data if (isset($_COOKIE[$_CONF['cookie_session']])) { $_USER = SESS_sessionCheck(); if ($_USER['uid'] > 0) { $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); } }
/** * Send an email. * All emails sent by Geeklog are sent through this function. * NOTE: Please note that using CC: will expose the email addresses of * all recipients. Use with care. * * @param string $to recipients name and email address * @param string $subject subject of the email * @param string $body the text of the email * @param string $from (optional) sender of the the email * @param bool $html (optional) true if to be sent as HTML email * @param int $priority (optional) add X-Priority header, if > 0 * @param mixed $optional (optional) other headers or CC: * @param array $attachments (optional) attachment files * @return bool true if successful, otherwise false */ public static function send($to, $subject, $body, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array()) { global $_CONF; if (empty($to)) { COM_errorLog("Invalid To address '{$to}' sent to COM_Mail.", 1); return false; } // Remove new lines $to = self::stripNewLine($to); $from = self::stripNewLine($from); $subject = self::stripNewLine($subject); // Set up transport switch ($_CONF['mail_settings']['backend']) { case 'sendmail': $arg = $_CONF['mail_settings']['sendmail_path'] . ' ' . $_CONF['mail_settings']['sendmail_args']; $transport = \Swift_SendmailTransport::newInstance($arg); break; case 'smtp': $transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']); if (!empty($_CONF['mail_settings']['auth'])) { $transport->setUsername($_CONF['mail_settings']['username']); $transport->setPassword($_CONF['mail_settings']['password']); } break; case 'mail': default: $transport = \Swift_MailTransport::newInstance(); break; } $mailer = \Swift_Mailer::newInstance($transport); // Set up replacements $decorator = new \Swift_Plugins_DecoratorPlugin(new MailReplacements()); $mailer->registerPlugin($decorator); // Create a message $message = \Swift_Message::newInstance(); if (!empty($_CONF['mail_charset'])) { $message->setCharset($_CONF['mail_charset']); } else { $message->setCharset(COM_getCharset()); } // Set subject $message->setSubject($subject); // Set from if (empty($from)) { $message->setFrom(array($_CONF['site_mail'] => $_CONF['site_name'])); } else { $message->setFrom($from); } // Set to try { $message->setTo($to); } catch (\Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "to" ' . $to); return false; } if ($optional != null && !is_array($optional)) { $optional = self::stripNewLine($optional); } if ($optional != null && !is_array($optional) && !empty($optional)) { // assume old (optional) CC: header try { $message->setCc($optional); } catch (\Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Cc" ' . $optional); return false; } } // Set body $message->setBody($body); if ($html) { $message->setContentType('text/html'); $message->addPart($body, 'text/plain'); } else { $message->setContentType('text/plain'); } // Set priority if ($priority > 0) { $message->setPriority($priority); } // Add additional headers $headers = $message->getHeaders(); $headers->addTextHeader('X-Mailer', 'Geeklog ' . VERSION); if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { $url = COM_getCurrentURL(); if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) { $headers->addTextHeader('X-Originating-IP', $_SERVER['REMOTE_ADDR']); } } if (is_array($optional) && count($optional) > 0) { foreach ($optional as $h => $v) { if (strcasecmp($h, 'Cc') === 0) { try { $message->setCc($v); } catch (\Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Cc" ' . $v); return false; } } elseif (strcasecmp($h, 'Bcc') === 0) { try { $message->setBcc($v); } catch (\Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Bcc" ' . $v); return false; } } else { $headers->addTextHeader($h, $v); } } } // Set attachments if (count($attachments) > 0) { foreach ($attachments as $attachment) { $message->attach(\Swift_Attachment::fromPath($attachment)); } } // Send a message $numSent = $mailer->send($message, $failures); if ($numSent != 1) { COM_errorLog(__METHOD__ . ': failed to send an email to ' . @$failures[0]); } return $numSent == 1; }
/** * Escapes a string so as to be safely displayed * * @param string $str * @return string */ public function escape($str) { static $charset = null; if ($charset === null) { $charset = COM_getCharset(); } return htmlspecialchars($str, ENT_QUOTES, $charset); }
$msql['mysql'] = "SELECT STRAIGHT_JOIN s.title " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT 0, 1"; $msql['mssql'] = "SELECT STRAIGHT_JOIN s.title " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT 0, 1"; $result = DB_query($msql); if ($A = DB_fetchArray($result)) { $pagetitle = $_CONF['microsummary_short'] . $A['title']; } else { if (empty($pagetitle)) { if (empty($topic)) { $pagetitle = $_CONF['site_slogan']; } else { $pagetitle = stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$topic}'")); } } $pagetitle = $_CONF['site_name'] . ' - ' . $pagetitle; } header('Content-Type: text/plain; charset=' . COM_getCharset()); die($pagetitle); } $page = 1; if (isset($_GET['page'])) { $page = COM_applyFilter($_GET['page'], true); if ($page == 0) { $page = 1; } } $display = ''; if (!$newstories && !$displayall) { // give plugins a chance to replace this page entirely $newcontent = PLG_showCenterblock(0, $page, $topic); if (!empty($newcontent)) { COM_output($newcontent);
$src = isset($_REQUEST['src']) ? COM_applyFilter($_REQUEST['src']) : 'disp'; if ($src != 'disp' && $src != 'orig') { $src = 'tn'; } $album_data = MG_getAlbumData($aid, array('album_id'), true); $xml = ''; $xml .= "<slides>\n"; if (isset($album_data['album_id']) && $album_data['access'] >= 1) { $sql = MG_buildMediaSql(array('album_id' => $aid, 'fields' => array('media_type', 'media_filename', 'remote_media', 'remote_url', 'media_title'), 'where' => 'm.include_ss = 1')); $result = DB_query($sql); while ($A = DB_fetchArray($result)) { if ($A['media_type'] != 0) { continue; } $PhotoPath = MG_getFilePath($src, $A['media_filename']); $ext = pathinfo($PhotoPath, PATHINFO_EXTENSION); $PhotoURL = MG_getFileUrl($src, $A['media_filename'], $ext); $imgsize = @getimagesize($PhotoPath); if ($imgsize == false && $A['remote_media'] != 1) { continue; } if ($A['remote_media'] == 1) { $PhotoURL = $A['remote_url']; } $caption = htmlentities(strip_tags($A['media_title']), ENT_QUOTES, COM_getCharset()); $xml .= '<slide src="' . $PhotoURL . '" caption="' . $caption . '"/>' . "\n"; } } $xml .= "</slides>\n"; header("Content-type: text/xml; charset=" . COM_getCharset()); echo $xml;
/** * This function is called from COM_siteHeader and other places where meta tags * are being built and will return additional meta tags. * * @param string $type item type of the caller, e.g. 'article', 'staticpages' * @param string $id id of the current item of the caller * @param string $myTags meta tags the caller wants to add (optional) * @return string all meta tags * @since Geeklog 2.1.0 * */ function PLG_getMetaTags($type, $id, array $myTags = array()) { global $_CONF, $_PLUGINS; $type = strtolower(trim($type)); $id = trim($id); require_once $_CONF['path_system'] . 'classes/metatags.class.php'; $charset = COM_getCharset(); $htmlVersion = $_CONF['doctype'] === 'xhtml5' ? 5 : 4; $isXhtml = stripos($_CONF['doctype'], 'xhtml') === 0; $obj = new Metatags($charset, $htmlVersion, $isXhtml); // $obj->setLog($_CONF['path'] . 'logs/error.log'); // First, adds meta tags plugins want to add (the lowest priority) foreach ($_PLUGINS as $pi_name) { $function = 'plugin_getmetatags_' . $pi_name; if ($type !== $pi_name && function_exists($function)) { $metatags = $function($type, $id); if (is_array($metatags) && count($metatags) > 0) { foreach ($metatags as $tag) { $obj->addTag($tag); } } } } // Then, adds meta tags the custom function wants to add $function = 'CUSTOM_getmetatags'; if (function_exists($function)) { $metatags = $function($type, $id); if (is_array($metatags) && count($metatags) > 0) { foreach ($metatags as $tag) { $obj->addTag($tag); } } } // Finally, adds meta tags the caller itself wants to add (the highest priority) if (count($myTags) > 0) { foreach ($myTags as $tag) { $obj->addTag($tag); } } return $obj->build(); }
/** * Constructor * * @param int $uid 0 (= Root), 1(= anon), user id * @param string $encoding encoding of the content * @param array $options */ private function __construct($uid = 1, $encoding = 'utf-8', $options = array()) { global $_CONF, $_PLUGINS, $_DPXY_CONF; if (count($options) === 0) { $options = $_DPXY_CONF; } if (empty($encoding)) { $encoding = COM_getCharset(); } // Initializes settings self::$_uid = (int) $uid; self::$_encoding = $encoding; self::$_options = $options; $gl_version = preg_replace("/[^0-9.]/", '', VERSION); self::$isGL150 = version_compare($gl_version, '1.5.0') >= 0; self::$isGL170 = version_compare($gl_version, '1.7.0') >= 0; self::$isGL200 = version_compare($gl_version, '2.0.0') >= 0; // Loads drivers whose driver exists and plugin is enabled $base_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'drivers'; $enabled_plugins = array_merge($_PLUGINS, array('article', 'comments', 'trackback')); foreach (self::$_supported_drivers as $driver) { $file = $driver; if ($file === 'article' and self::$isGL200) { $file = 'article2'; } $path = $base_path . DIRECTORY_SEPARATOR . $file . '.class.php'; if (is_file($path) and in_array($driver, $enabled_plugins)) { require_once $path; $class_name = 'dpxyDriver_' . ucfirst($driver); self::$_loaded_drivers[$driver] = new $class_name(self::$_options); } } }
/** * Send an email with attachments. * This is a verbatim copy of COM_mail(), but with the $attachments * paramater added and 3 extra lines of code near the end. * * @param string $to Receiver's email address * @param string $from Sender's email address * @param string $subject Message Subject * @param string $message Message Body * @param boolean $html True for HTML message, False for Text * @param integer $priority Message priority value * @param string $cc Other recipients * @param string $altBody Alt. body (text) * @param array $attachments Array of attachments * @return boolean True on success, False on Failure */ private function SendMail($to, $subject, $message, $from = '', $html = false, $priority = 0, $cc = '', $altBody = '', $attachments = array()) { global $_CONF; $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = COM_emailEscape($subject); require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php'; $mail = new PHPMailer(); $mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/'); $mail->CharSet = COM_getCharset(); if ($_CONF['mail_backend'] == 'smtp') { $mail->IsSMTP(); $mail->Host = $_CONF['mail_smtp_host']; $mail->Port = $_CONF['mail_smtp_port']; if ($_CONF['mail_smtp_secure'] != 'none') { $mail->SMTPSecure = $_CONF['mail_smtp_secure']; } if ($_CONF['mail_smtp_auth']) { $mail->SMTPAuth = true; $mail->Username = $_CONF['mail_smtp_username']; $mail->Password = $_CONF['mail_smtp_password']; } $mail->Mailer = "smtp"; } elseif ($_CONF['mail_backend'] == 'sendmail') { $mail->Mailer = "sendmail"; $mail->Sendmail = $_CONF['mail_sendmail_path']; } else { $mail->Mailer = "mail"; } $mail->WordWrap = 76; $mail->IsHTML($html); if ($html) { $mail->Body = COM_filterHTML($message); } else { $mail->Body = $message; } if ($altBody != '') { $mail->AltBody = $altBody; } $mail->Subject = $subject; if (is_array($from) && isset($from[0]) && $from[0] != '') { if ($_CONF['use_from_site_mail'] == 1) { $mail->From = $_CONF['site_mail']; $mail->AddReplyTo($from[0]); } else { $mail->From = $from[0]; } } else { $mail->From = $_CONF['site_mail']; } if (is_array($from) && isset($from[1]) && $from[1] != '') { $mail->FromName = $from[1]; } else { $mail->FromName = $_CONF['site_name']; } if (is_array($to) && isset($to[0]) && $to[0] != '') { if (isset($to[1]) && $to[1] != '') { $mail->AddAddress($to[0], $to[1]); } else { $mail->AddAddress($to[0]); } } else { // assume old style.... $mail->AddAddress($to); } if (isset($cc[0]) && $cc[0] != '') { if (isset($cc[1]) && $cc[1] != '') { $mail->AddCC($cc[0], $cc[1]); } else { $mail->AddCC($cc[0]); } } else { // assume old style.... if (isset($cc) && $cc != '') { $mail->AddCC($cc); } } if ($priority) { $mail->Priority = 1; } // Add attachments foreach ($attachments as $key => $value) { $mail->AddAttachment($value); } if (!$mail->Send()) { COM_errorLog("Email Error: " . $mail->ErrorInfo); return false; } return true; }
function MG_notifyModerators($aid) { global $LANG_DIRECTION, $_USER, $_MG_CONF, $_CONF, $_TABLES, $LANG_MG01; $sql = "SELECT moderate, album_title, mod_group_id " . "FROM {$_TABLES['mg_albums']} WHERE album_id = " . intval($aid); $result = DB_query($sql); $A = DB_fetchArray($result); if ($A['moderate'] != 1 || SEC_hasRights('mediagallery.admin')) { return true; } require_once $_CONF['path'] . 'plugins/mediagallery/include/lib/phpmailer/class.phpmailer.php'; $media_user_id = $_USER['uid']; if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } $charset = COM_getCharset(); COM_clearSpeedlimit(600, 'mgnotify'); $last = COM_checkSpeedlimit('mgnotify'); if ($last == 0) { $mail = new PHPMailer(); $mail->CharSet = $charset; if ($_CONF['mail_settings']['backend'] == 'smtp') { $mail->Host = $_CONF['mail_settings']['host'] . ':' . $_CONF['mail_settings']['port']; $mail->SMTPAuth = $_CONF['mail_settings']['auth']; $mail->Username = $_CONF['mail_settings']['username']; $mail->Password = $_CONF['mail_settings']['password']; $mail->Mailer = "smtp"; } elseif ($_CONF['mail_settings']['backend'] == 'sendmail') { $mail->Mailer = "sendmail"; $mail->Sendmail = $_CONF['mail_settings']['sendmail_path']; } else { $mail->Mailer = "mail"; } $mail->WordWrap = 76; $mail->IsHTML(true); $mail->Subject = $LANG_MG01['new_upload_subject'] . $_CONF['site_name']; if (!isset($_USER['uid']) || $_USER['uid'] < 2) { $uname = 'Anonymous'; } else { $uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . intval($media_user_id)); } // build the template... $T = COM_newTemplate(MG_getTemplatePath($aid)); $T->set_file('email', 'modemail.thtml'); $T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_MG01['new_upload_body'], 'lang_details' => $LANG_MG01['details'], 'lang_album_title' => 'Album', 'lang_uploaded_by' => $LANG_MG01['uploaded_by'], 'username' => $uname, 'album_title' => strip_tags($A['title']), 'url_moderate' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $aid . '&mode=moderate">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url'])); $body .= $T->finish($T->parse('output', 'email')); $mail->Body = $body; $altbody = $LANG_MG01['new_upload_body'] . $A['title']; $altbody .= "\n\r\n\r"; $altbody .= $LANG_MG01['details']; $altbody .= "\n\r"; $altbody .= $LANG_MG01['uploaded_by'] . ' ' . $uname . "\n\r"; $altbody .= "\n\r\n\r"; $altbody .= $_CONF['site_name'] . "\n\r"; $altbody .= $_CONF['site_url'] . "\n\r"; $mail->AltBody = $altbody; $mail->From = $_CONF['site_mail']; $mail->FromName = $_CONF['site_name']; $groups = MG_getGroupList($A['mod_group_id']); $groupList = implode(',', $groups); $sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; $result = DB_query($sql); $nRows = DB_numRows($result); $toCount = 0; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['email'] != '') { if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']); } $toCount++; $mail->AddAddress($row['email'], $row['username']); } } if ($toCount > 0) { if (!$mail->Send()) { COM_errorLog("MG Upload: Unable to send moderation email - error:" . $mail->ErrorInfo); } } else { COM_errorLog("MG Upload: Error - Did not find any moderators to email"); } COM_updateSpeedlimit('mgnotify'); } return true; }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET); $req->setHeader('User-Agent', 'Geeklog/' . VERSION); try { $response = $req->send(); $status = $response->getStatus(); if ($status == 200) { $body = $response->getBody(); if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $response->getHeader('content-type'); $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } // else: tough luck ... } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } elseif ($_CONF['check_trackback_link'] & 3) { COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } catch (HTTP_Request2_Exception $e) { if ($_CONF['check_trackback_link'] & 3) { // we were supposed to check for backlinks but didn't get the page COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
} require_once $_CONF['path'] . 'plugins/mediagallery/include/common.php'; function MG_getThumbCropPath($path) { $p = pathinfo($path); return $p['dirname'] . '/' . $p['filename'] . '_150x150.' . $p['extension']; } $aid = isset($_REQUEST['aid']) ? COM_applyFilter($_REQUEST['aid'], true) : 0; $src = isset($_REQUEST['src']) ? COM_applyFilter($_REQUEST['src']) : 'disp'; if ($src != 'disp' && $src != 'orig') { $src = 'tn'; } $album_data = MG_getAlbumData($aid, array('album_id'), true); $xml = "<album>\n"; if (isset($album_data['album_id']) && $album_data['access'] >= 1) { $encoding = COM_getCharset(); $sql = MG_buildMediaSql(array('album_id' => $aid, 'fields' => array('media_type', 'media_filename', 'remote_media', 'remote_url', 'media_id', 'media_title', 'media_desc'), 'where' => 'm.include_ss = 1')); $result = DB_query($sql); while ($A = DB_fetchArray($result)) { if ($A['media_type'] == 0) { $PhotoPath = MG_getFilePath($src, $A['media_filename']); $ext = pathinfo($PhotoPath, PATHINFO_EXTENSION); $PhotoURL = MG_getFileUrl($src, $A['media_filename'], $ext); $TnURL = MG_getFileUrl('tn', $A['media_filename'], $ext); $TnCropURL = MG_getThumbCropPath($TnURL); $imgsize = @getimagesize($PhotoPath); if ($imgsize == false && $A['remote_media'] != 1) { continue; } if ($A['remote_media'] == 1) { $PhotoURL = $A['remote_url'];
/** * Constructor * * Sets up private search variables * * @author Tony Bibbs <tony AT geeklog DOT net> * @access public * */ function Search() { global $_CONF, $_TABLES; // Set search criteria if (isset($_GET['query'])) { $this->_query = strip_tags($_GET['query']); } else { if (isset($_POST['query'])) { $this->_query = strip_tags($_POST['query']); } else { $this->_query = ''; } } $this->_query = preg_replace('/\\s\\s+/', ' ', $this->_query); if (isset($_GET['topic'])) { $this->_topic = COM_applyFilter($_GET['topic']); } else { if (isset($_POST['topic'])) { $this->_topic = COM_applyFilter($_POST['topic']); } else { $this->_topic = ''; } } if (isset($_GET['datestart'])) { $this->_dateStart = COM_applyFilter($_GET['datestart']); } else { if (isset($_POST['datestart'])) { $this->_dateStart = COM_applyFilter($_POST['datestart']); } else { $this->_dateStart = ''; } } if ($this->_validateDate($this->_dateStart) == false) { $this->_dateStart = ''; } if (isset($_GET['dateend'])) { $this->_dateEnd = COM_applyFilter($_GET['dateend']); } else { if (isset($_POST['dateend'])) { $this->_dateEnd = COM_applyFilter($_POST['dateend']); } else { $this->_dateEnd = ''; } } if ($this->_validateDate($this->_dateEnd) == false) { $this->_dateEnd = ''; } if (isset($_GET['st'])) { $st = COM_applyFilter($_GET['st'], true); $this->_searchDays = $st; if ($st != 0) { $this->_dateEnd = date('Y-m-d'); $this->_dateStart = date('Y-m-d', time() - $st * 24 * 60 * 60); } } if (isset($_GET['author'])) { $this->_author = COM_applyFilter($_GET['author']); } else { if (isset($_POST['author'])) { $this->_author = COM_applyFilter($_POST['author']); } else { $this->_author = ''; } } if ($this->_author != '') { // In case we got a username instead of uid, convert it. This should // make custom themes for search page easier. if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') { $this->_author = DB_getItem($_TABLES['users'], 'uid', "username='******'"); } if ($this->_author < 1) { $this->_author = ''; } } if (isset($_GET['type'])) { $this->_type = COM_applyFilter($_GET['type']); } else { if (isset($_POST['type'])) { $this->_type = COM_applyFilter($_POST['type']); } else { $this->_type = 'all'; } } if (isset($_GET['keyType'])) { $this->_keyType = COM_applyFilter($_GET['keyType']); } else { if (isset($_POST['keyType'])) { $this->_keyType = COM_applyFilter($_POST['keyType']); } else { $this->_keyType = $_CONF['search_def_keytype']; } } if (isset($_GET['results'])) { $this->_results = COM_applyFilter($_GET['results'], true); } else { if (isset($_POST['results'])) { $this->_results = COM_applyFilter($_POST['results']); } else { $this->_results = $_CONF['num_search_results']; } } $this->_charset = COM_getCharset(); }
$display .= COM_siteHeader(); if (SEC_hasRights('paypal.user', 'paypal.admin')) { $display .= paypal_user_menu(); } else { $display .= paypal_viewer_menu(); } $display .= COM_startBlock($LANG_PAYPAL_1['access_reserved']); $display .= $LANG_PAYPAL_1['you_must_log_in']; $display .= COM_endBlock(); $display .= COM_siteFooter(); COM_output($display); exit; } //Content $transaction->set_var('site_url', $_PAY_CONF['site_url']); $transaction->set_var('charset', COM_getCharset()); $transaction->set_var('br', '<br' . XHTML . '>'); if ($_REQUEST['mode'] == 'print') { $transaction->set_var('print', ''); } else { $transaction->set_var('print', ' <small>(<a href="' . $_PAY_CONF['site_url'] . '/transaction.php?type=' . $type . '&id=' . $pid . '&mode=print" target="_blank">' . $LANG_PAYPAL_1['print'] . '</a>)</small>'); } //shop details $transaction->set_var('shop_name', $_PAY_CONF['shop_name']); $transaction->set_var('shop_street1', $_PAY_CONF['shop_street1']); if ($_PAY_CONF['shop_street2'] != '') { $transaction->set_var('shop_street2', $_PAY_CONF['shop_street2'] . '<br' . XHTML . '>'); } else { $transaction->set_var('shop_street2', ''); } $transaction->set_var('shop_postal', $_PAY_CONF['shop_postal']);