function MG_showTree($aid, $depth) { global $_CONF, $MG_albums, $level, $counter; $z = 1; $retval = ''; $px = ($level - 1) * 15; if ($aid != 0 && $MG_albums[$aid]->access > 0) { if ($level == 1 && $depth != 1) { // our first one... $retval .= '<p>'; } if ($depth == 0) { $retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<input type="checkbox" name="album[]" id="album[]" value="' . $MG_albums[$aid]->id . '" ' . $block . ' /> ' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</div>' . LB; } else { if ($level <= $depth) { $retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<a href="' . $_MG_CONF['site_url'] . '/album.php?aid=' . $MG_albums[$aid]->id . '&page=1">' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</a></div>'; } } } else { if ($MG_albums[$aid]->id == 0) { $retval .= '<br />'; } } $counter++; if (!empty($MG_albums[$aid]->children)) { $children = $MG_albums[$aid]->getChildren(); foreach ($children as $child) { $level++; $retval .= MG_showTree($MG_albums[$child]->id, $depth); $level--; } } return $retval; }
/** * Constructor * * Sets up private search variables * * @author Tony Bibbs, tony AT geeklog DOT net * @access public * */ function Search() { global $_CONF, $_TABLES; // Set search criteria if (isset($_GET['query'])) { $this->_query = strip_tags(COM_stripslashes($_GET['query'])); } if (isset($_GET['topic'])) { $this->_topic = COM_applyFilter($_GET['topic']); } if (isset($_GET['datestart'])) { $this->_dateStart = COM_applyFilter($_GET['datestart']); } if (isset($_GET['dateend'])) { $this->_dateEnd = COM_applyFilter($_GET['dateend']); } if (isset($_GET['author'])) { $this->_author = COM_applyFilter($_GET['author']); // In case we got a username instead of uid, convert it. This should // make custom themes for search page easier. if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') { $this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . addslashes($this->_author) . '\''); } if ($this->_author < 1) { $this->_author = ''; } } $this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all'; $this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype']; $this->_titlesOnly = isset($_GET['title']) ? true : false; }
/** * Returns the entry the user posted * * @return string */ protected function getEntry() { $entry = ''; if (isset($_GET['entry'])) { $entry = COM_stripslashes($_GET['entry']); } elseif (isset($_POST['pentry'])) { $entry = COM_stripslashes($_POST['pentry']); } return $entry; }
/** * Constructor */ function display() { global $_CONF, $_TABLES, $LANG_SX00; $action = ''; if (isset($_GET['action'])) { $action = $_GET['action']; } elseif (isset($_POST['paction'])) { $action = $_POST['paction']; } $entry = ''; if (isset($_GET['entry'])) { $entry = COM_stripslashes($_GET['entry']); } elseif (isset($_POST['pentry'])) { $entry = COM_stripslashes($_POST['pentry']); } if ($action == 'delete' && SEC_checkToken()) { $entry = DB_escapeString($entry); DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry)); } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) { if (!empty($entry)) { $entry = DB_escapeString($entry); $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')"); } } elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) { foreach ($_CONF['censorlist'] as $entry) { $entry = DB_escapeString($entry); $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')"); } } $token = SEC_createToken(); $display = '<hr' . XHTML . '>' . LB . '<p><b>'; $display .= $LANG_SX00['pblack']; $display .= '</b></p>' . LB . '<ul>' . LB; $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'"); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $e = $A['value']; $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB; } $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB; $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB; $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB; $display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> '; $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB; $display .= '<p>' . $LANG_SX00['e3'] . '</p> '; $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB; $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB; $display .= '</div></form>' . LB; return $display; }
/** * Constructor * Sets up private search variables * * @author Tony Bibbs, tony AT geeklog DOT net */ public function __construct() { global $_CONF, $_TABLES; // Set search criteria if (isset($_GET['query'])) { $query = COM_stripslashes($_GET['query']); $query = GLText::remove4byteUtf8Chars($query); $this->_query = strip_tags($query); } if (isset($_GET['topic'])) { // see if topic exists $tid = COM_applyFilter($_GET['topic']); // If it exists and user has access to it, it will return itself else an empty string $tid = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'" . COM_getPermSQL('AND', 0, 2)); $this->_topic = $tid; } else { if ($_CONF['search_use_topic']) { $last_topic = SESS_getVariable('topic'); if ($last_topic != '') { $this->_topic = $last_topic; } } } if (isset($_GET['datestart'])) { $this->_dateStart = COM_applyFilter($_GET['datestart']); } if (isset($_GET['dateend'])) { $this->_dateEnd = COM_applyFilter($_GET['dateend']); } if (isset($_GET['author'])) { $this->_author = COM_applyFilter($_GET['author']); // In case we got a username instead of uid, convert it. This should // make custom themes for search page easier. if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') { $this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . DB_escapeString($this->_author) . '\''); } if ($this->_author < 1) { $this->_author = ''; } } $this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all'; $this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype']; $this->_titlesOnly = isset($_GET['title']) ? true : false; }
function ppApplyFilter($parameter, $isnumeric = false, $returnzero = true) { $p = COM_stripslashes($parameter); $p = strip_tags($p); $p = COM_killJS($p); if ($isnumeric) { // Note: PHP's is_numeric() accepts values like 4e4 as numeric // Strip out any common number formatting characters $p = preg_replace('/[\\s-\\(\\)]+/', '', $p); if (!is_numeric($p) || preg_match('/^([0-9]+)$/', $p) == 0) { if ($returnzero) { $p = 0; } else { $p = ''; } } } else { $pa = explode("'", $p); $pa = explode('"', $pa['0']); $pa = explode('`', $pa['0']); $p = $pa['0']; } return $p; }
/** * Filter the excerpt of a trackback comment we've received * * Note: Does not truncate the excerpt. * * @param string $excerpt excerpt of the trackback comment * @return string filtered excerpt * */ function TRB_filterExcerpt($excerpt) { return COM_checkWords(strip_tags(COM_stripslashes($excerpt))); }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5'); } } } }
/** * Continues a session - handles timeout, looping, etc. * * @parm char session id to continue * @parm int number of items to process per run * 0 indicates initial run * @return char HTML of status screen */ function MG_continueSession($session_id, $item_limit, $refresh_rate) { global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $LANG_MG02; $retval = ''; $cycle_start_time = time(); $temp_time = array(); $timer_expired = false; $num_rows = 0; $session_id = COM_applyFilter($session_id); // Pull the session status info $sql = "SELECT * FROM {$_TABLES['mg_sessions']} " . "WHERE session_id='" . addslashes($session_id) . "'"; $result = DB_query($sql, 1); if (DB_error()) { COM_errorLog("MediaGallery: Error - Unable to retrieve batch session data"); return ''; } $nRows = DB_numRows($result); if ($nRows > 0) { $session = DB_fetchArray($result); } else { COM_errorLog("MediaGallery: Error - Unable to find batch session id"); return ''; // no session found } // security check - make sure we are continuing a session that we own... if ($session['session_uid'] != $_USER['uid'] && !SEC_hasRights('mediagallery.admin')) { return COM_showMessageText($LANG_MG00['access_denied_msg']); } // Setup timer information $time_limit = $_MG_CONF['def_time_limit']; @set_time_limit($time_limit + 20); // get execution time $max_execution_time = ini_get('max_execution_time'); if ($time_limit > $max_execution_time) { $time_limit = $max_execution_time; } $label = COM_stripslashes($session['session_description']); // Pull the detail data from the sessions_items table... $sql = "SELECT * FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' " . "AND status=0 LIMIT " . $item_limit; $result = DB_query($sql); while (($row = DB_fetchArray($result)) && $timer_expired == false) { // used for calculating loop duration and changing the timer condition $start_temp_time = time(); $function = 'mg_batch_session_' . $session['session_action']; if (function_exists($function)) { $function($row); DB_change($_TABLES['mg_session_items'], 'status', 1, 'id', $row['id']); } // calculate time for each loop iteration $temp_time[$num_rows] = time() - $start_temp_time; // get the max $timer_time = max($temp_time); $num_rows++; // check if timer is about to expire if (time() - $cycle_start_time >= $time_limit - $timer_time) { $timer_expired_secs = time() - $cycle_start_time; $timer_expired = true; } } // end the timer $cycle_end_time = time(); // find how much time the last cycle took $last_cycle_time = $cycle_end_time - $cycle_start_time; $T = COM_newTemplate(MG_getTemplatePath(0)); $T->set_file('batch', 'batch_progress.thtml'); $processing_messages = ''; if ($timer_expired) { $processing_messages = '<p>' . sprintf($LANG_MG01['timer_expired'], $timer_expired_secs) . '</p>'; } $sql = "SELECT COUNT(*) AS processed " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' AND status=1"; $result = DB_query($sql); $row = DB_fetchArray($result); $session_items_processed = $row['processed']; $sql = "SELECT COUNT(*) AS processing " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $session_items_processing = $row['processing']; $items_remaining = $session_items_processing - $session_items_processed; if ($items_remaining > 0) { if ($item_limit == 0) { $processing_messages .= '<p>' . $LANG_MG01['begin_processing'] . '</p>'; $item_limit = $_MG_CONF['def_item_limit']; } else { $processing_messages .= '<p>' . sprintf($LANG_MG01['processing_next_items'], $item_limit) . '</p>'; } $form_action = $_MG_CONF['site_url'] . '/batch.php?mode=continue&sid=' . $session_id . '&refresh=' . $refresh_rate . '&limit=' . $item_limit; $next_button = $LANG_MG01['next']; // create the meta tag for refresh $T->set_var("META", '<meta http-equiv="refresh" content="' . $refresh_rate . ';url=' . $form_action . '"' . XHTML . '>'); } else { if ($item_limit == 0) { echo COM_refresh($session['session_origin']); exit; } $next_button = $LANG_MG01['finished']; $processing_messages .= '<p>' . $LANG_MG01['all_done'] . '</p>'; $T->set_var("META", ''); $refresh_rate = -1; $form_action = $session['session_origin']; $result = DB_query("SELECT * FROM {$_TABLES['mg_session_log']} " . "WHERE session_id='" . addslashes($session_id) . "'"); while ($row = DB_fetchArray($result)) { $processing_messages .= '<p>' . $row['session_log'] . '</p>'; } MG_endSession($session_id); } $session_percent = $session_items_processed / $session_items_processing * 100; $session_time = $cycle_end_time - $session['session_start_time']; $T->set_var(array('L_BATCH_PROCESS' => $label, 'L_BATCH' => $LANG_MG01['batch_sessions'], 'L_NEXT' => $next_button, 'L_PROCESSING' => $LANG_MG01['processing'], 'L_CANCEL' => $LANG_MG01['cancel'], 'L_PROCESSING_DETAILS' => $LANG_MG01['processing_details'], 'L_STATUS' => $LANG_MG01['status'], 'L_TOTAL_ITEMS' => $LANG_MG01['total_items'], 'L_ITEMS_PROCESSED' => $LANG_MG01['processed_items'], 'L_ITEMS_REMAINING' => $LANG_MG01['items_remaining'], 'L_POSTS_LAST_CYCLE' => $LANG_MG01['items_last_cycle'], 'L_TIME_LIMIT' => $LANG_MG01['time_limit'], 'L_REFRESH_RATE' => $LANG_MG01['refresh_rate'], 'L_ITEM_RATE' => $LANG_MG01['item_rate'], 'L_ACTIVE_PARAMETERS' => $LANG_MG01['batch_parameters'], 'L_ITEMS_PER_CYCLE' => $LANG_MG01['items_per_cycle'], 'TOTAL_ITEMS' => $session_items_processing, 'ITEMS_PROCESSED' => $session_items_processed, 'ITEMS_REMAINING' => $session_items_processing - $session_items_processed, 'ITEM_RATE' => sprintf($LANG_MG01['seconds_per_item'], round(@($last_cycle_time / $num_rows))), 'PROCESSING_MESSAGES' => $processing_messages, 'SESSION_PERCENT' => round($session_percent, 2) . ' %', 'POST_LIMIT' => $num_rows, 'ITEM_LIMIT' => $item_limit, 'TIME_LIMIT' => $time_limit, 'REFRESH_RATE' => $refresh_rate, 'S_BATCH_ACTION' => $form_action)); $retval .= $T->finish($T->parse('output', 'batch')); return $retval; }
/** * Save browser upload(s) * * @param int album_id album_id save uploaded media * @return string HTML * */ function MG_saveUserUpload($album_id) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG02, $LANG_MG03; $retval = ''; $retval .= COM_startBlock($LANG_MG03['upload_results'], '', COM_getBlockTemplate('_admin_block', 'header')); $T = COM_newTemplate(MG_getTemplatePath($album_id)); $T->set_file('mupload', 'useruploadstatus.thtml'); $statusMsg = ''; $file = array(); $file = $_FILES['newmedia']; $thumbs = $_FILES['thumbnail']; $album = new mgAlbum($album_id); $successfull_upload = 0; $br = '<br' . XHTML . '>'; foreach ($file['name'] as $key => $name) { $filename = $file['name'][$key]; $filetype = $file['type'][$key]; $filesize = $file['size'][$key]; $filetmp = $file['tmp_name'][$key]; $error = $file['error'][$key]; $caption = COM_stripslashes($_POST['caption'][$key]); $description = COM_stripslashes($_POST['description'][$key]); $keywords = COM_stripslashes($_POST['keywords'][$key]); $category = COM_applyFilter($_POST['cat_id'][$key], true); $attachtn = isset($_POST['attachtn'][$key]) ? $_POST['attachtn'][$key] : ''; $thumbnail = isset($thumbs['tmp_name'][$key]) ? $thumbs['tmp_name'][$key] : ''; if (isset($_POST['dnc'][$key]) && $_POST['dnc'][$key] == 'on') { $dnc = 1; } else { $dnc = 0; } if ($filename == '') { continue; } if ($album->max_filesize != 0 && $filesize > $album->max_filesize) { COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album"); $tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename); $statusMsg .= $tmpmsg . $br; continue; } if ($attachtn == "on") { $attach_tn = 1; } else { $attach_tn = 0; } if ($error != UPLOAD_ERR_OK) { switch ($error) { case 1: $tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename); $statusMsg .= $tmpmsg . $br; COM_errorLog('MediaGallery: Error - ' . $tmpmsg); break; case 2: $tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename); $statusMsg .= $tmpmsg . $br; COM_errorLog('MediaGallery: Error - ' . $tmpmsg); break; case 3: $tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename); $statusMsg .= $tmpmsg . $br; COM_errorLog('MediaGallery: Error - ' . $tmpmsg); break; case 4: break; case 6: $statusMsg .= $LANG_MG02['missing_tmp'] . $br; break; case 7: $statusMsg .= $LANG_MG02['disk_fail'] . $br; break; default: $statusMsg .= $LANG_MG02['unknown_err'] . $br; break; } continue; } // check user quota -- do we have one???? $user_quota = DB_getItem($_TABLES['mg_userprefs'], 'quota', "uid=" . intval($_USER['uid'])); if ($user_quota > 0) { $disk_used = MG_quotaUsage($_USER['uid']); if ($disk_used + $filesize > $user_quota) { COM_errorLog("MG Upload: File " . $filename . " would exceeds the users quota"); $tmpmsg = sprintf($LANG_MG02['upload_exceeds_quota'], $filename); $statusMsg .= $tmpmsg . $br; continue; } } // process the uploaded files $opt = array('caption' => $caption, 'description' => $description, 'filetype' => $filetype, 'atttn' => $attach_tn, 'thumbnail' => $thumbnail, 'keywords' => $keywords, 'category' => $category, 'dnc' => $dnc); list($rc, $msg) = MG_getFile($filetmp, $filename, $album_id, $opt); $statusMsg .= $filename . " " . $msg . $br; if ($rc == true) { $successfull_upload++; } } if ($successfull_upload) { MG_notifyModerators($album_id); } // failsafe check - after all the uploading is done, double check that the database counts // equal the actual count of items shown in the database, if not, fix the counts and log // the error $dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', intval($album_id)); $aCount = DB_getItem($_TABLES['mg_albums'], 'media_count', "album_id=" . intval($album_id)); if ($dbCount != $aCount) { DB_change($_TABLES['mg_albums'], 'media_count', $dbCount, 'album_id', intval($album_id)); COM_errorLog("MediaGallery: Upload processing - Counts don't match - dbCount = " . $dbCount . " aCount = " . $aCount); } MG_SortMedia($album_id); $T->set_var('status_message', $statusMsg); $tmp = $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&page=1'; $redirect = sprintf($LANG_MG03['album_redirect'], $tmp); $T->set_var('redirect', $redirect); $T->parse('output', 'mupload'); $retval .= $T->finish($T->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
function MG_saveMediaEdit($album_id, $media_id, $actionURL) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03; $back = COM_applyFilter($_POST['rpath']); if ($back != '') { $actionURL = $back; } $queue = COM_applyFilter($_POST['queue'], true); $replacefile = 0; if (isset($_POST['replacefile'])) { $replacefile = COM_applyFilter($_POST['replacefile']); } if ($replacefile == 1) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $repfilename = $_FILES['repfilename']; $filename = $repfilename['name']; $file = $repfilename['tmp_name']; $opt = array('replace' => $media_id); list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt); COM_errorLog($msg); } // see if we had an attached thumbnail before... $thumb = $_FILES['attthumb']; $thumbnail = $thumb['tmp_name']; $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0; $attachtn = $att == 1 ? 1 : 0; $table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']; $old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"'); if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') { $attachtn = 0; } $remove_old_tn = 0; if ($old_attached_tn == 1 && $attachtn == 0) { $remove_old_tn = 1; } $remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"'); $remote_url = addslashes(COM_stripslashes($_POST['remoteurl'])); if ($_MG_CONF['htmlallowed']) { $media_title = COM_checkWords(COM_stripslashes($_POST['media_title'])); $media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc'])); } else { $media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title'])))); $media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc'])))); } $media_time_month = COM_applyFilter($_POST['media_month']); $media_time_day = COM_applyFilter($_POST['media_day']); $media_time_year = COM_applyFilter($_POST['media_year']); $media_time_hour = COM_applyFilter($_POST['media_hour']); $media_time_minute = COM_applyFilter($_POST['media_minute']); $original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename'])); if ($replacefile == 1) { $original_filename = $filename; } $cat_id = COM_applyFilter($_POST['cat_id'], true); $media_keywords = COM_stripslashes($_POST['media_keywords']); $media_keywords_safe = substr($media_keywords, 0, 254); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe)))); $artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist']))); $musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum']))); $genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre']))); $media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1); $owner_sql = ''; if (isset($_POST['owner_name'])) { $owner_id = COM_applyFilter($_POST['owner_name'], true); $owner_sql = ',media_user_id=' . $owner_id . ' '; } $sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'"; DB_query($sql); if (DB_error() != 0) { echo COM_errorLog("Media Gallery: ERROR Updating image in media database"); } PLG_itemSaved($media_id, 'mediagallery'); // process playback options if any... if (isset($_POST['autostart'])) { // asf $opt['autostart'] = COM_applyFilter($_POST['autostart'], true); $opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true); $opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0; $opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true); $opt['uimode'] = COM_applyFilter($_POST['uimode']); $opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0; $opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0; $opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0; $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; if ($opt['playcount'] < 1) { $opt['playcount'] = 1; } MG_savePBOption($media_id, 'autostart', $opt['autostart'], true); MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true); if ($opt['stretchtofit'] != '') { MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true); } MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true); MG_savePBOption($media_id, 'uimode', $opt['uimode']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'playcount', $opt['playcount'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if (isset($_POST['play'])) { // swf $opt['play'] = COM_applyFilter($_POST['play'], true); $opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0; $opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : ''; $opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : ''; $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; $opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : ''; $opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : ''; $opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : ''; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : ''; $opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9; MG_savePBOption($media_id, 'play', $opt['play'], true); if ($opt['menu'] != '') { MG_savePBOption($media_id, 'menu', $opt['menu'], true); } MG_savePBOption($media_id, 'quality', $opt['quality']); MG_savePBOption($media_id, 'flashvars', $opt['flashvars']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'wmode', $opt['wmode']); MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true); } if (isset($_POST['autoplay'])) { // quicktime $opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true); $opt['autoref'] = COM_applyFilter($_POST['autoref'], true); $opt['controller'] = COM_applyFilter($_POST['controller'], true); $opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true); $opt['scale'] = COM_applyFilter($_POST['scale']); $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']); $opt['loop'] = COM_applyFilter($_POST['loop'], true); MG_savePBOption($media_id, 'autoref', $opt['autoref'], true); MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true); MG_savePBOption($media_id, 'controller', $opt['controller'], true); MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if ($attachtn == 1 && $thumbnail != '') { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $thumbFilename); } if ($remove_old_tn == 1) { $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename; $ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr); if (!empty($ext)) { @unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext); } } if ($queue) { echo COM_refresh($actionURL); } else { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildAlbumRSS($album_id); echo COM_refresh($actionURL); } exit; }
$msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]); $display .= COM_showMessage($msg, 'links'); $display .= links_list_categories($root); $display .= COM_siteFooter(); // edit category } else { if ($mode == 'edit') { $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]); $pid = ''; if (isset($_GET['pid'])) { $pid = strip_tags(COM_stripslashes($_GET['pid'])); } $cid = ''; if (isset($_GET['cid'])) { $cid = strip_tags(COM_stripslashes($_GET['cid'])); } $display .= links_edit_category($cid, $pid); $display .= COM_siteFooter(); // nothing, so list categories } else { $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]); if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'links'); } } $display .= links_list_categories($root); $display .= COM_siteFooter(); }
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = addslashes($topic); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = addslashes($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = addslashes($A[$i][$j]); $R[$i][$j] = addslashes($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Creates the edit form * @param integer $id Optional ID, current record used if zero * @return string HTML for edit form */ public function Edit($eid = '', $rp_id = 0, $saveaction = '') { global $_CONF, $_EV_CONF, $_TABLES, $_USER, $LANG_EVLIST, $LANG_ADMIN, $_GROUPS, $LANG_ACCESS, $_SYSTEM; // If an eid is specified and this is an object, then read the // event data- UNLESS a repeat ID is given in which case we're // editing a repeat and already have the info we need. // This probably needs to change, since we should always read event // data during construction. if (!$this->isSubmitter) { // At least submit privilege required COM_404(); } elseif ($eid != '' && $rp_id == 0 && is_object($this)) { // If an id is passed in, then read that record if (!$this->Read($eid)) { return 'Invalid object ID'; } } elseif (isset($_POST['eid']) && !empty($_POST['eid'])) { // Returning to an existing form, probably due to errors $this->SetVars($_POST); // Make sure the current user has access to this event. if (!$this->hasAccess(3)) { COM_404(); } } $T = new Template($_CONF['path'] . 'plugins/evlist/templates/'); if ($_SYSTEM['disable_jquery_slimbox']) { $T->set_file('editor', 'editor.uikit.thtml'); } else { $T->set_file('editor', 'editor.thtml'); } // Basic tabs for editing both events and instances, show up on // all edit forms //$tabs = array('ev_info', 'ev_schedule', 'ev_location', 'ev_contact',); $tabs = array('ev_info', 'ev_location', 'ev_contact'); $rp_id = (int) $rp_id; if ($rp_id > 0) { // Make sure the current user has access to this event. if (!$this->hasAccess(3)) { COM_404(); } if ($saveaction == 'savefuturerepeat') { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_future'], 'warning'); } else { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_instance'], 'info'); } //$T->clear_var('contact_section'); $T->clear_var('category_section'); $T->clear_var('permissions_editor'); // Set the static calendar name for the edit form. Can't // change it for a single instance. $cal_name = DB_getItem($_TABLES['evlist_calendars'], 'cal_name', "cal_id='" . (int) $this->cal_id . "'"); $T->set_var(array('contact_section' => 'true', 'is_repeat' => 'true', 'cal_name' => $cal_name)); // Override our dates & times with those from the repeat. // $rp_id is passed when this is called from class evRepeat. // Maybe that should pass in the repeat's data instead to avoid // another DB lookup. An array of values could be used. $Rep = DB_fetchArray(DB_query("SELECT * \n FROM {$_TABLES['evlist_repeat']}\n WHERE rp_id='{$rp_id}'"), false); if ($Rep) { $this->date_start1 = $Rep['rp_date_start']; $this->date_end1 = $Rep['rp_date_end']; $this->time_start1 = $Rep['rp_time_start1']; $this->time_end1 = $Rep['rp_time_end1']; $this->time_start2 = $Rep['rp_time_start2']; $this->time_end2 = $Rep['rp_time_end2']; } } else { // Editing the main event record if ($this->id != '' && $this->recurring == 1) { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_series'], 'error'); } if ($this->isAdmin) { $tabs[] = 'ev_perms'; // Add permissions tab, event edit only $T->set_var('permissions_editor', 'true'); } $T->set_var(array('contact_section' => 'true', 'category_section' => 'true', 'upcoming_chk' => $this->show_upcoming ? EVCHECKED : '')); } $action_url = EVLIST_URL . '/event.php'; $delaction = 'delevent'; if (isset($_GET['from']) && $_GET['from'] == 'admin') { $cancel_url = EVLIST_ADMIN_URL . '/index.php'; } else { $cancel_url = EVLIST_URL . '/index.php'; } switch ($saveaction) { case 'saverepeat': case 'savefuturerepeat': case 'saveevent': break; case 'moderate': // Approving a submission $saveaction = 'approve'; $delaction = 'disapprove'; $action_url = EVLIST_ADMIN_URL . '/index.php'; $cancel_url = $_CONF['site_admin_url'] . '/moderation.php'; break; default: $saveaction = 'saveevent'; break; } $retval = ''; //$recinterval = ''; $recweekday = ''; $ownerusername = DB_getItem($_TABLES['users'], 'username', "uid='{$this->owner_id}'"); $retval .= COM_startBlock($LANG_EVLIST['event_editor']); $summary = $this->Detail->summary; $full_description = $this->Detail->full_description; $location = $this->Detail->location; if (($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) && $A['postmode'] == 'html') { $postmode = '2'; //html } else { $postmode = '1'; //plaintext $summary = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->summary))); $full_description = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->full_description))); $location = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->location))); } $starthour2 = ''; $startminute2 = ''; $endhour2 = ''; $endminute2 = ''; if ($this->date_end1 == '' || $this->date_end1 == '0000-00-00') { $this->date_end1 = $this->date_start1; } if ($this->date_start1 != '' && $this->date_start1 != '0000-00-00') { list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts($this->date_start1, $this->time_start1); } else { list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts(date('Y-m-d', time()), date('H:i:s', time())); } // The end date can't be before the start date if ($this->date_end1 >= $this->date_start1) { list($endmonth1, $endday1, $endyear1, $endhour1, $endminute1) = $this->DateParts($this->date_end1, $this->time_end1); $days_interval = Date_Calc::dateDiff($endday1, $endmonth1, $endyear1, $startday1, $startmonth1, $startyear1); } else { $days_interval = 0; $endmonth1 = $startmonth1; $endday1 = $startday1; $endyear1 = $startyear1; $endhour1 = $starthour1; $endminute1 = $startminute1; } if ($this->recurring != '1') { $T->set_var(array('recurring_show' => ' style="display:none;"', 'format_opt' => '0')); //for ($i = 1; $i <= 6; $i++) { // $T->set_var('format' . $i . 'show', ' style="display:none;"'); //} } else { $option = empty($this->rec_data['type']) ? '0' : (int) $this->rec_data['type']; $T->set_var(array('recurring_show' => '', 'recurring_checked' => EVCHECKED, 'format_opt' => $option)); } if (isset($this->rec_data['stop']) && !empty($this->rec_data['stop'])) { $T->set_var(array('stopdate' => $this->rec_data['stop'], 'd_stopdate' => EVLIST_formattedDate($this->rec_data['stop']))); } if (!empty($this->rec_data['skip'])) { $T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED); } if (!empty($this->rec_data['freq'])) { $freq = (int) $this->rec_data['freq']; if ($freq < 1) { $freq = 1; } } else { $freq = 1; } $T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq)); foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) { $T->set_var('dom_int_txt_' . $key, $str); if (is_array($this->rec_data['interval'])) { if (in_array($key, $this->rec_data['interval'])) { $T->set_var('dom_int_chk_' . $key, EVCHECKED); } } } // Set up the recurring options needed for the current event switch ($option) { case 0: break; case EV_RECUR_MONTHLY: if (is_array($this->rec_data['listdays'])) { foreach ($this->rec_data['listdays'] as $mday) { $T->set_var('mdchk' . $mday, EVCHECKED); } } break; case EV_RECUR_WEEKLY: $T->set_var('listdays_val', COM_stripslashes($rec_data[0])); if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) { foreach ($this->rec_data['listdays'] as $day) { $day = (int) $day; if ($day > 0 && $day < 8) { $T->set_var('daychk' . $day, EVCHECKED); } } } break; case EV_RECUR_DOM: $recweekday = $this->rec_data['weekday']; break; case EV_RECUR_DATES: $T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom']))); break; } $start1 = EVLIST_TimeSelect('start1', $this->time_start1); $start2 = EVLIST_TimeSelect('start2', $this->time_start2); $end1 = EVLIST_TimeSelect('end1', $this->time_end1); $end2 = EVLIST_TimeSelect('end2', $this->time_end2); $cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2)); USES_class_navbar(); $navbar = new navbar(); $cnt = 0; foreach ($tabs as $id) { $navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true); $cnt++; } $navbar->set_selected($LANG_EVLIST['ev_info']); if ($this->AdminMode) { $action_url .= '?admin=true'; } $T->set_var(array('action_url' => $action_url, 'navbar' => $navbar->generate(), 'alert_msg' => $alert_msg, 'cancel_url' => $cancel_url, 'eid' => $this->id, 'rp_id' => $rp_id, 'title' => $this->Detail->title, 'summary' => $summary, 'description' => $full_description, 'location' => $location, 'status_checked' => $this->status == 1 ? EVCHECKED : '', 'url' => $this->Detail->url, 'street' => $this->Detail->street, 'city' => $this->Detail->city, 'province' => $this->Detail->province, 'country' => $this->Detail->country, 'postal' => $this->Detail->postal, 'contact' => $this->Detail->contact, 'email' => $this->Detail->email, 'phone' => $this->Detail->phone, 'startdate1' => $this->date_start1, 'enddate1' => $this->date_end1, 'd_startdate1' => EVLIST_formattedDate($this->date_start1), 'd_enddate1' => EVLIST_formattedDate($this->date_end1), 'start_hour_options1' => $start1['hour'], 'start_minute_options1' => $start1['minute'], 'startdate1_ampm' => $start1['ampm'], 'end_hour_options1' => $end1['hour'], 'end_minute_options1' => $end1['minute'], 'enddate1_ampm' => $end1['ampm'], 'start_hour_options2' => $start2['hour'], 'start_minute_options2' => $start2['minute'], 'startdate2_ampm' => $start2['ampm'], 'end_hour_options2' => $end2['hour'], 'end_minute_options2' => $end2['minute'], 'enddate2_ampm' => $end2['ampm'], 'recurring_format_options' => EVLIST_GetOptions($LANG_EVLIST['rec_formats'], $option), 'recurring_weekday_options' => EVLIST_GetOptions(Date_Calc::getWeekDays(), $recweekday, 1), 'dailystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['day_by_date'], ''), 'monthlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'yearlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year'], $LANG_EVLIST['if_any']), 'listdays_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['days_of_week'], ''), 'listdaystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['date_l'], $LANG_EVLIST['if_any']), 'intervalstop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'custom_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['dates'], ''), 'datestart_note' => $LANG_EVLIST['datestart_note'], 'src' => isset($_GET['src']) && $_GET['src'] == 'a' ? '1' : '0', 'rem_status_checked' => $this->enable_reminders == 1 ? EVCHECKED : '', 'del_button' => $this->id == '' ? '' : 'true', 'saveaction' => $saveaction, 'delaction' => $delaction, 'owner_id' => $this->owner_id, 'enable_reminders' => $_EV_CONF['enable_reminders'], 'iso_lang' => EVLIST_getIsoLang(), 'hour_mode' => $_CONF['hour_mode'], 'days_interval' => $days_interval, 'display_format' => $_CONF['shortdate'], 'ts_start' => strtotime($this->date_start1), 'ts_end' => strtotime($this->date_end1), 'cal_select' => $cal_select, 'contactlink_chk' => $this->options['contactlink'] == 1 ? EVCHECKED : '', 'lat' => $this->Detail->lat, 'lng' => $this->Detail->lng, 'perm_msg' => $LANG_ACCESS['permmsg'], 'last' => $LANG_EVLIST['rec_intervals'][5], 'doc_url' => EVLIST_getDocURL('event.html'), 'mootools' => $_SYSTEM['disable_mootools'] ? '' : 'true')); if ($_EV_CONF['enable_rsvp']) { USES_evlist_class_tickettype(); $TickTypes = evTicketType::GetTicketTypes(); //$T->set_block('editor', 'Tickets', 'tTypes'); $tick_opts = ''; foreach ($TickTypes as $tick_id => $tick_obj) { // Check enabled tickets. Ticket type 1 enabled by default if (isset($this->options['tickets'][$tick_id]) || $tick_id == 1) { $checked = 'checked="checked"'; $fee = (double) $this->options['tickets'][$tick_id]['fee']; } else { $checked = ''; $fee = 0; } $tick_opts .= '<tr><td><input name="tickets[' . $tick_id . ']" type="checkbox" ' . $checked . ' value="' . $tick_id . '" /></td>' . '<td>' . $tick_obj->description . '</td>' . '<td><input type="text" name="tick_fees[' . $tick_id . ']" value="' . $fee . '" size="8" /></td></tr>' . LB; /*$T->set_var(array( 'tick_id' => $tic['id'], 'tick_desc' => $tic['description'], 'tick_fee' => $fee, 'tick_enabled' => $enabled ? 'checked="checked"' : '', ) ) ; //$T->parse('tTypes', 'Tickets', true);*/ } if ($_EV_CONF['rsvp_print'] > 0) { $rsvp_print_chk = 'rsvp_print_chk' . $this->options['rsvp_print']; $rsvp_print = 'true'; } else { $rsvp_print = ''; $rsvp_print_chk = 'no_rsvp_print'; } $T->set_var(array('enable_rsvp' => 'true', 'reg_chk' . $this->options['use_rsvp'] => EVCHECKED, 'rsvp_wait_chk' => $this->options['rsvp_waitlist'] == 1 ? EVCHECKED : '', 'max_rsvp' => $this->options['max_rsvp'], 'max_user_rsvp' => $this->options['max_user_rsvp'], 'rsvp_cutoff' => $this->options['rsvp_cutoff'], 'use_rsvp' => $this->options['use_rsvp'], 'rsvp_waitlist' => $this->options['rsvp_waitlist'], 'tick_opts' => $tick_opts, 'rsvp_print' => $rsvp_print, $rsvp_print_chk => 'checked="checked"')); } // if rsvp_enabled // Split & All-Day settings if ($this->allday == 1) { // allday, can't be split, no times $T->set_var(array('starttime1_show' => 'style="display:none;"', 'endtime1_show' => 'style="display:none;"', 'datetime2_show' => 'style="display:none;"', 'allday_checked' => EVCHECKED, 'split_checked' => '', 'split_show' => 'style="display:none;"')); } elseif ($this->split == '1') { $T->set_var(array('split_checked' => EVCHECKED, 'allday_checked' => '', 'allday_show' => 'style="display:none"')); } else { $T->set_var(array('datetime2_show' => 'style="display:none;"')); } // Category fields. If $_POST['categories'] is set, then this is a // form re-entry due to an error saving. Populate checkboxes from the // submitted form. Include the user-added category, if any. // If not from a form re-entry, get the checked categories from the // evlist_lookup table. if ($_EV_CONF['enable_categories'] == '1') { $cresult = DB_query("SELECT tc.id, tc.name\n FROM {$_TABLES['evlist_categories']} tc \n WHERE tc.status='1' ORDER BY tc.name"); while ($A = DB_fetchArray($cresult, false)) { if (isset($_POST['categories']) && is_array($_POST['categories'])) { // Coming from a form re-entry $chk = in_array($A['id'], $_POST['categories']) ? EVCHECKED : ''; } else { $chk = in_array($A['id'], $this->categories) ? EVCHECKED : ''; } $catlist .= '<input type="checkbox" name="categories[]" ' . 'value="' . $A['id'] . '" ' . $chk . ' />' . ' ' . $A['name'] . ' '; } $T->set_var('catlist', $catlist); if (isset($_POST['newcat'])) { $T->set_var('newcat', $_POST['newcat']); } if ($_USER['uid'] > 1 && $rp_id == 0) { $T->set_var('category_section', 'true'); $T->set_var('add_cat_input', 'true'); } } // Enable the post mode selector if we allow HTML and the user is // logged in, or if this user is an authorized editor if ($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) { $T->set_var(array('postmode_options' => EVLIST_GetOptions($LANG_EVLIST['postmodes'], $postmode), 'allowed_html' => COM_allowedHTML('evlist.submit'))); if ($postmode == 'plaintext') { // plaintext, hide postmode selector $T->set_var('postmode_show', ' style="display:none"'); } $T->parse('event_postmode', 'edit_postmode'); } if ($this->isAdmin) { $T->set_var(array('owner_username' => COM_stripslashes($ownerusername), 'owner_dropdown' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1, "uid <> 1"), 'group_dropdown' => SEC_getGroupDropdown($this->group_id, 3))); if ($rp_id == 0) { // can only change permissions on main event $T->set_var('permissions_editor', SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon)); } } else { $T->set_var('group_id', $this->group_id); } // Latitude & Longitude part of location, if Location plugin is used if ($_EV_CONF['use_locator']) { $T->set_var(array('use_locator' => 'true', 'loc_selection' => GEO_optionList())); } $T->parse('output', 'editor'); $retval .= $T->finish($T->get_var('output')); $retval .= COM_endBlock(); return $retval; }
/** * Input validation * * @param mixed * @return mixed */ function _validate_input($config, $group, &$input_val) { if (is_array($input_val)) { $r = array(); $is_num = true; $max_key = -1; foreach ($input_val as $key => $val) { if ($key !== 'placeholder') { $r[$key] = $this->_validate_input($config, $group, $val); if (is_numeric($key)) { if ($key > $max_key) { $max_key = $key; } } else { $is_num = false; } } } if ($is_num && $max_key >= 0 && $max_key + 1 != count($r)) { // re-number keys $r2 = array(); foreach ($r as $val) { $r2[] = $val; } $r = $r2; } } else { $r = COM_stripslashes($input_val); if ($r == 'b:0' or $r == 'b:1') { $r = $r == 'b:1'; } //if (is_numeric($r)) { if (is_numeric($r) && $this->_validate_numeric($config, $group)) { $r = $r + 0; } } return $r; }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Ids of topics block is assigned to * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER; $retval = ''; $title = DB_escapeString(COM_stripslashes(strip_tags($title))); $phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn))); if (empty($title) || !TOPIC_checkTopicSelectionControl()) { $retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63])); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($cache_time < -1 or $cache_time == "") { $cache_time = $_CONF['default_cache_time_block']; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } elseif (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37])); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; if ($allow_autotags == 1) { // Remove any autotags the user doesn't have permission to use $content = PLG_replaceTags($content, '', true); } $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL"); } else { $sql = array(); $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; DB_query($sql); $bid = DB_insertId(); } TOPIC_saveTopicSelectionControl('block', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { if (empty($name)) { // empty block name $msgtxt = $LANG21[50]; } elseif ($type == 'portal') { // Portal block is missing fields $msgtxt = $LANG21[33]; } elseif ($type == 'phpblock') { // PHP Block is missing field $msgtxt = $LANG21[34]; } elseif ($type == 'normal') { // Normal block is missing field $msgtxt = $LANG21[35]; } elseif ($type == 'gldefault') { // Default geeklog field missing $msgtxt = $LANG21[42]; } else { // Layout block missing content $msgtxt = $LANG21[36]; } $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32])); } return $retval; }
/** * Handles a comment edit submission * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $mode 'edit' or 'editsubmission' * @return string HTML (possibly a refresh) */ function handleEdit($mode) { global $_TABLES, $LANG03; //get needed data $cid = COM_applyFilter($_REQUEST['cid']); if ($mode == 'editsubmission') { $table = $_TABLES['commentsubmissions']; $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}"); list($type, $sid) = DB_fetchArray($result); } else { $sid = COM_applyFilter($_REQUEST['sid']); $type = COM_applyFilter($_REQUEST['type']); $table = $_TABLES['comments']; } //check for bad data if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } $result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'"); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $title = COM_stripslashes($A['title']); $commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment'])); //remove signature $pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">'); if ($pos > 0) { $commenttext = substr($commenttext, 0, $pos); } //get format mode if (preg_match('/<.*>/', $commenttext) != 0) { $postmode = 'html'; } else { $postmode = 'plaintext'; } } else { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter(); }
exit; } else { $content .= 'Function not available'; } break; case 'view': default: if (empty($eid)) { // Default action, view the calendar or event COM_setArgNames(array('eid', 'ts', 'range', 'cat')); $eid = COM_sanitizeID(COM_getArgument('eid'), false); } if (!empty($eid)) { USES_evlist_class_repeat(); $Rep = new evRepeat($eid); $pagetitle = COM_stripslashes($Rep->Event->title); if ($view == 'print') { $template = 'event_print'; $query = ''; } $query = isset($_GET['query']) ? $_GET['query'] : ''; $content .= $Rep->Detail('', $query, $template); } else { // Shouldn't be in this file without an event ID to display or edit echo COM_refresh(EVLIST_URL . '/index.php'); exit; } break; } $display = EVLIST_siteHeader($pagetitle); $display .= EVLIST_calHeader(date('Y'), date('m'), date('d'), 'detail', $cat_id, $cal_id);
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param bool $cc Whether to send a copy of the message to the author * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function CONTACT_contactemail($uid, $cc, $author, $authoremail, $subject, $message) { global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12, $MESSAGE; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); $last = COM_checkSpeedlimit('mail'); if ($last > 0) { $return .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG08[39] . $last . $LANG08[40] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); return $return; } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($author, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($msg, 2) . CONTACT_contactform($uid, $cc, $subject, $message); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/' . $_CONTACT_CONF['folder_name'] . '/index.php?what=msg&msg=' . urlencode($sent ? $MESSAGE['27'] : $MESSAGE['85'])); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($LANG08[3], 2) . CONTACT_contactform($uid, $cc, $subject, $message); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($LANG08[4], 2) . CONTACT_contactform($uid, $cc, $subject, $message); } return $retval; }
function CLASSIFIEDS_saveImage($ad, $FILES, $clid) { global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24; $args =& $ad; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete'])); CLASSIFIEDS_deleteImage($pi_filename); DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the ad if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) { $index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1; } else { $index_start = 1; } if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); $upload->keepOriginalImage(false); if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']); $upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $clid . '_' . $z . '.' . $fextension; } next($FILES); } $upload->setFileNames($filenames); reset($FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')"); next($filenames); } } return true; }
/** * Display an expanded ad listing. * @param string $pagename Name of page in index.php the called us * @param integer $cat_id Optional category ID to be appended to url * @param string $where_clause Additional SQL where clause * @param string $limit_clause Optional limit clause * @return string Page Content */ function adExpList($pagename = '', $cat_id = '', $where_clause = '', $limit_clause = '') { global $_TABLES, $LANG_ADVT, $_CONF, $_USER, $_CONF_ADVT; // Fix time to check ad expiration $time = time(); // Max number of ads per page $maxAds = isset($_CONF_ADVT['maxads_pg_exp']) ? (int) $_CONF_ADVT['maxads_pg_exp'] : 20; $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('catlist', 'adExpList.thtml'); // Get the ads for this category, starting at the requested page $sql = "SELECT ad.*, ad.add_date as ad_add_date, cat.*\n FROM {$_TABLES['ad_ads']} ad ,\n {$_TABLES['ad_category']} cat \n WHERE cat.cat_id = ad.cat_id \n AND ad.exp_date > {$time} " . COM_getPermSQL('AND', 0, 2, 'ad') . COM_getPermSQL('AND', 0, 2, 'cat'); if ($where_clause != '') { $sql .= " AND {$where_clause} "; } $sql .= " ORDER BY ad.add_date DESC"; //echo $sql;die; // first execute the query with the supplied limit clause to get // the total number of ads eligible for viewing $sql1 = $sql . ' ' . $limit_clause; $result = DB_query($sql1); if (!$result) { return "Database Error"; } $totalAds = DB_numRows($result); // Figure out the page number, and execute the query // with the appropriate LIMIT clause. if ($totalAds <= $maxAds) { $totalPages = 1; } elseif ($totalAds % $maxAds == 0) { $totalPages = $totalAds / $maxAds; } else { $totalPages = ceil($totalAds / $maxAds); } $page = COM_applyFilter($_REQUEST['start'], true); if ($page < 1 || $page > $totalPages) { $page = 1; } if ($totalAds == 0) { $startEntry = 0; } else { $startEntry = $maxAds * $page - $maxAds + 1; } if ($page == $totalPages) { $endEntry = $totalAds; } else { $endEntry = $maxAds * $page; } //$prePage = $page - 1; //$nextPage = $page + 1; $initAds = $maxAds * ($page - 1); // Create the page menu string for display if there is more // than one page $pageMenu = ''; if ($totalPages > 1) { $baseURL = CLASSIFIEDS_URL . "/index.php?page={$pagename}"; if ($cat_id != '') { $baseURL .= "&id={$cat_id}"; } $pageMenu = COM_printPageNavigation($baseURL, $page, $totalPages, "start="); } $T->set_var('pagemenu', $pageMenu); $sql .= " LIMIT {$initAds}, {$maxAds}"; //echo $sql;die; $result = DB_query($sql); if (!$result) { return CLASSIFIEDS_errorMsg($LANG_ADVT['database_error'], 'alert'); } if ($totalAds == 0) { $T->set_block('catlist', 'No_Ads', 'NoAdBlk'); $T->set_var('no_ads', $LANG_ADVT['no_ads_listed_cat']); $T->parse('NoAdBlk', 'No_Ads', true); } $T->set_block('catlist', 'QueueRow', 'QRow'); while ($row = DB_fetchArray($result)) { $T->set_var('bgColor', $bgColor); $T->set_var('cat_id', $row['cat_id']); $T->set_var('subject', strip_tags($row['subject'])); $T->set_var('ad_id', $row['ad_id']); $T->set_var('ad_url', CLASSIFIEDS_makeURL('detail', $row['ad_id'])); //$T->set_var('add_date', date("m/d/y", $row['ad_add_date'])); $T->set_var('add_date', date($_CONF['shortdate'], $row['ad_add_date'])); //$T->set_var('ad_type', $row['forsale'] == 1 ? // $LANG_ADVT['forsale'] : $LANG_ADVT['wanted']); $T->set_var('ad_type', CLASSIFIEDS_getAdTypeString($row['ad_type'])); $T->set_var('cat_name', $row['cat_name']); $T->set_var('cat_url', CLASSIFIEDS_makeURL('home', $row['cat_id'])); $T->set_var('cmt_count', CLASSIFIEDS_commentCount($row['ad_id'])); $sql = "SELECT filename\n FROM {$_TABLES['ad_photo']}\n WHERE ad_id='{$row['ad_id']}'\n LIMIT 1"; $photo = DB_query($sql); if (!$photo) { return CLASSIFIEDS_errorMsg($LANG_ADVT['database_error'], 'alert'); } // Retrieve the first image. If it is define AND exists on the // filesystem, then use it. Otherwise display "not available". if (DB_numRows($photo) == 1) { $prow = DB_fetchArray($photo); $T->set_var('img_url', CLASSIFIEDS_dispUrl($prow['filename'])); $T->set_var('thumb_url', CLASSIFIEDS_thumbUrl($prow['filename'])); } else { $T->set_var('img_url', ''); } // $T->set_var('descript', htmlspecialchars(COM_stripslashes(substr(strip_tags($row['descript']), 0, 300)))); $T->set_var('descript', substr(strip_tags($row['descript']), 0, 300)); if (strlen($row['descript']) > 300) { $T->set_var('ellipses', "... ..."); } if ($row['price'] != '') { $T->set_var('price', COM_stripslashes($row['price'])); } else { $T->set_var('price', ''); } //Additional info for ($j = 0; $j < 5; $j++) { $T->set_var('name0' . $j, $row['name0' . $j]); $T->set_var('value0' . $j, $row['value0' . $j]); } $T->parse('QRow', 'QueueRow', true); } // while $T->set_var('totalAds', $totalAds); $T->set_var('adsStart', $startEntry); $T->set_var('adsEnd', $endEntry); $T->parse('output', 'catlist'); return $T->finish($T->get_var('output')); }
/** * Save information of a weblog directory service * * @param int $pid ID of service or 0 for new entry * @param string $name name of the service * @param string $site_url Homepage URL of the service * @param string $ping_url URL to ping at the service * @param string $method method used for the ping * @param string $enabled 'on' when enabled * @return string HTML redirect or service editor * */ function saveService($pid, $name, $site_url, $ping_url, $method, $enabled) { global $_CONF, $_TABLES, $LANG_TRB; $enabled = $enabled == 'on' ? 1 : 0; if ($method == 'extended') { $method = 'weblogUpdates.extendedPing'; } else { $method = 'weblogUpdates.ping'; } $name = strip_tags(COM_stripslashes($name)); $site_url = strip_tags(COM_stripslashes($site_url)); $ping_url = strip_tags(COM_stripslashes($ping_url)); $errormsg = ''; if (empty($name)) { $errormsg = $LANG_TRB['error_site_name']; } else { // all URLs must start with http: or https: $parts = explode(':', $site_url); if ($parts[0] != 'http' && $parts[0] != 'https') { $errormsg = $LANG_TRB['error_site_url']; } else { $parts = explode(':', $ping_url); if ($parts[0] != 'http' && $parts[0] != 'https') { $errormsg = $LANG_TRB['error_ping_url']; } } } if (!empty($errormsg)) { return editServiceForm($pid, $errormsg, $name, $site_url, $ping_url, $method, $enabled); } $name = DB_escapeString($name); $site_url = DB_escapeString($site_url); $ping_url = DB_escapeString($ping_url); if ($pid > 0) { DB_save($_TABLES['pingservice'], 'pid,name,site_url,ping_url,method,is_enabled', "'{$pid}','{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'"); } else { DB_save($_TABLES['pingservice'], 'name,site_url,ping_url,method,is_enabled', "'{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'"); } return COM_refresh($_CONF['site_admin_url'] . '/trackback.php?mode=listservice&msg=65'); }
/** * Saves story to database * * @param string $type story submission or (new) story * @param string $sid ID of story to save * @param int $uid ID of user that wrote the story * @param string $tid Topic ID story belongs to * @param string $title Title of story * @param string $page_title Title of the page * @param string $introtext Introduction text * @param string $bodytext Text of body * @param int $hits Number of times story has been viewed * @param string $unixdate Date story was originally saved * @param int $featured Flag on whether or not this is a featured article * @param string $commentcode Indicates if comments are allowed to be made to article * @param string $trackbackcode Indicates if trackbacks are allowed to be made to article * @param string $statuscode Status of the story * @param string $postmode Is this HTML or plain text? * @param string $frontpage Flag indicates if story will appear on front page and topic or just topic * @param int $draft_flag Flag indicates if story is a draft or not * @param int $numemails Number of times this story has been emailed to someone * @param int $owner_id ID of owner (not necessarily the author) * @param int $group_id ID of group story belongs to * @param int $perm_owner Permissions the owner has on story * @param int $perm_group Permissions the group has on story * @param int $perm_member Permissions members have on story * @param int $perm_anon Permissions anonymous users have on story * @param int $delete String array of attached images to delete from article * */ function submitstory($type = '') { $output = ''; $args =& $_POST; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } /* ANY FURTHER PROCESSING on POST variables - COM_stripslashes etc. * Do it HERE on $args */ PLG_invokeService('story', 'submit', $args, $output, $svc_msg); echo $output; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) { global $_CONF, $_TABLES, $LANG01, $LANG08; require_once $_CONF['path_system'] . 'lib-story.php'; $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=85'); } else { $retval = COM_refresh($storyurl . '&msg=85'); } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { return $retval; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { return $retval; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return $retval; } $story = new Story(); $result = $story->loadFromDatabase($sid, 'view'); if ($result != STORY_LOADED_OK) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $shortmsg = COM_stripslashes($shortmsg); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); $mailtext .= $LANG01[1] . ' ' . $author . LB; } $introtext = $story->DisplayElements('introtext'); $bodytext = $story->DisplayElements('bodytext'); $introtext = COM_undoSpecialChars(strip_tags($introtext)); $bodytext = COM_undoSpecialChars(strip_tags($bodytext)); $introtext = str_replace(array("\n\r", "\r"), LB, $introtext); $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext); $mailtext .= LB . $introtext; if (!empty($bodytext)) { $mailtext .= LB . LB . $bodytext; } $mailtext .= LB . LB . '------------------------------------------------------------' . LB; if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title'))); $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } COM_updateSpeedlimit('mail'); // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85')); } else { $retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85')); } return $retval; }
/** * Create the banner list depending on the category given * * @param array $message message(s) to display * @return string the banner page * */ function banner_list($message) { global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS; $cid = $_BAN_CONF['root']; $display = ''; if (isset($_GET['category'])) { $cid = strip_tags(COM_stripslashes($_GET['category'])); } elseif (isset($_POST['category'])) { $cid = strip_tags(COM_stripslashes($_POST['category'])); } $cat = addslashes($cid); $page = 0; if (isset($_GET['page'])) { $page = COM_applyFilter($_GET['page'], true); } if ($page == 0) { $page = 1; } if (empty($cid)) { if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page); } else { $page_title = $LANG_BANNER[114]; } } else { if ($cid == $_BAN_CONF['root']) { $category = $LANG_BANNER['root']; } else { $category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'"); } if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page); } else { $page_title = sprintf($LANG_BANNER[114] . ': %s', $category); } } // Check has access to this category if ($cid != $_BAN_CONF['root']) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'"); $A = DB_fetchArray($result); if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) { $display .= COM_siteHeader('menu', $page_title); $display .= COM_showMessage(5, 'banner'); $display .= COM_siteFooter(); echo $display; exit; } } $display .= COM_siteHeader('menu', $page_title); if (is_array($message) && !empty($message[0])) { $display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $message[1]; $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'banner'); } } } $bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/'); $bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml')); $bannerlist->set_var('xhtml', XHTML); $bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114])); $bannerlist->set_var('layout_url', $_CONF['layout_url']); if ($_BAN_CONF['bannercols'] > 0) { // Create breadcrumb trail $bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid)); // Set dropdown for category jump $bannerlist->set_var('lang_go', $LANG_BANNER[124]); $bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid)); // Show categories $sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'"; $sql .= COM_getLangSQL('cid', 'AND'); $sql .= COM_getPermSQL('AND') . " ORDER BY category"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]); for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); // Get number of child banner user can see in this category $ccid = addslashes($C['cid']); $result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND')); $D = DB_fetchArray($result1); // Get number of child categories user can see in this category $result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND')); $E = DB_fetchArray($result2); // Format numbers for display $display_count = ''; // don't show zeroes if ($E['count'] > 0) { $display_count = COM_numberFormat($E['count']); } if ($E['count'] > 0 && $D['count'] > 0) { $display_count .= ', '; } if ($D['count'] > 0) { $display_count .= COM_numberFormat($D['count']); } // add brackets if child items exist if ($display_count != '') { $display_count = '(' . $display_count . ')'; } $bannerlist->set_var('category_name', $C['category']); if ($_BAN_CONF['show_category_descriptions']) { $bannerlist->set_var('category_description', $C['description']); } else { $bannerlist->set_var('category_description', ''); } $bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid'])); $bannerlist->set_var('category_count', $display_count); $bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols'])); if (!empty($cid) && $cid == $C['cid']) { $bannerlist->parse('category_col', 'actcol', true); } else { $bannerlist->parse('category_col', 'catcol', true); } if ($i % $_BAN_CONF['bannercols'] == 0) { $bannerlist->parse('category_row', 'catrow', true); $bannerlist->set_var('category_col', ''); } } if ($nrows % $_BAN_CONF['bannercols'] != 0) { $bannerlist->parse('category_row', 'catrow', true); } $bannerlist->parse('category_navigation', 'catnav', true); } else { $bannerlist->set_var('category_navigation', ''); } } else { $bannerlist->set_var('category_navigation', ''); } if ($_BAN_CONF['bannercols'] == 0) { $bannerlist->set_var('category_dropdown', ''); } else { $bannerlist->parse('category_dropdown', 'catdrop', true); } $bannerlist->set_var('site_url', $_CONF['site_url']); $bannerlist->set_var('cid', $cid); $bannerlist->set_var('cid_plain', $cid); $bannerlist->set_var('cid_encoded', urlencode($cid)); $bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]); // Build SQL for banner $sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon'; $from_where = " FROM {$_TABLES['banner']}"; if ($_BAN_CONF['bannercols'] > 0) { if (!empty($cid)) { $from_where .= " WHERE cid='" . addslashes($cid) . "'"; } else { $from_where .= " WHERE cid=''"; } $from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())'; $from_where .= COM_getPermSQL('AND'); } else { $from_where .= COM_getPermSQL(); } $order = ' ORDER BY cid ASC,title'; $limit = ''; if ($_BAN_CONF['bannerperpage'] > 0) { if ($page < 1) { $start = 0; } else { $start = ($page - 1) * $_BAN_CONF['bannerperpage']; } $limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage']; } $result = DB_query($sql . $from_where . $order . $limit); $nrows = DB_numRows($result); if ($nrows == 0) { if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) { $result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10"); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('banner_details', ''); $bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); } } $bannerlist->set_var('page_navigation', ''); } else { $currentcid = ''; for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); if (strcasecmp($A['cid'], $currentcid) != 0) { // print the category and banner if ($i > 0) { $bannerlist->parse('category_banner', 'catbanner', true); $bannerlist->set_var('banner_details', ''); } $currentcid = $A['cid']; $currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'"); $bannerlist->set_var('banner_category', $currentcategory); } prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); $result = DB_query('SELECT COUNT(*) AS count ' . $from_where); list($numbanner) = DB_fetchArray($result); $pages = 0; if ($_BAN_CONF['bannerperpage'] > 0) { $pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']); if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) { $pages++; } } if ($pages > 0) { if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) { $catbanner = '?category=' . urlencode($currentcid); } else { $catbanner = ''; } $bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages)); } else { $bannerlist->set_var('page_navigation', ''); } } $bannerlist->set_var('blockfooter', COM_endBlock()); $bannerlist->parse('output', 'bannerlist'); $display .= $bannerlist->finish($bannerlist->get_var('output')); return $display; }
/** * used for the lists of submissions and draft stories in admin/moderation.php * * @param string $fieldName * @param string $fieldValue * @param array $A * @param array $icon_arr * @return string */ function ADMIN_getListField_moderation($fieldName, $fieldValue, $A, $icon_arr) { global $_CONF, $_TABLES, $LANG_ADMIN; $type = ''; if (isset($A['_moderation_type'])) { $type = $A['_moderation_type']; } switch ($fieldName) { case 'edit': $retval = COM_createLink($icon_arr['edit'], $A['edit']); break; case 'delete': $retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"delete\"" . XHTML . ">"; break; case 'approve': $retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"approve\"" . XHTML . ">" . "<input type=\"hidden\" name=\"id[{$A['row']}]\" value=\"{$A[0]}\"" . XHTML . ">"; break; case 'day': $retval = strftime($_CONF['daytime'], $A['day']); break; case 'tid': $retval = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$A['tid']}'"); break; case 'uid': $name = ''; if ($A['uid'] == 1) { $name = htmlspecialchars(COM_stripslashes(DB_getItem($_TABLES['commentsubmissions'], 'name', "cid = '{$A['id']}'"))); } if (empty($name)) { $name = COM_getDisplayName($A['uid']); } if ($A['uid'] == 1) { $retval = $name; } else { $retval = COM_createLink($name, $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid']); } break; case 'publishfuture': if (!SEC_inGroup('Comment Submitters', $A['uid']) && $A['uid'] > 1) { $retval = "<input type=\"checkbox\" name=\"publishfuture[]\" value=\"{$A['uid']}\"" . XHTML . ">"; } else { $retval = $LANG_ADMIN['na']; } break; default: if ($fieldName == 4 && ($type === 'story' || $type === 'story_draft')) { $retval = TOPIC_getTopicAdminColumn('article', $A[0]); } elseif ($fieldName == 2 && $type === 'comment') { $commentText = COM_getTextContent($A['comment']); $excerpt = htmlspecialchars(COM_truncate($commentText, 140, '...')); // try to provide a link to the parent item (e.g. article, poll) $info = PLG_getItemInfo($A['type'], $A['sid'], 'title,url'); if (empty($info) || empty($info[0]) || empty($info[1])) { // if not available, display excerpt from the comment $retval = htmlspecialchars(COM_truncate($commentText, 40, '...')); if (strlen($commentText) > 40) { $retval = '<span title="' . $excerpt . '">' . $retval . '</span>'; } } else { $retval = COM_createLink($info[0], $info[1], array('title' => $excerpt)); } } else { $retval = COM_makeClickableLinks(stripslashes($fieldValue)); } break; } return $retval; }
function showtopic($showtopic, $mode = '', $onetwo = 1, $page = 1) { global $CONF_FORUM, $_CONF, $_TABLES, $_USER, $LANG_GF01, $LANG_GF02; global $fromblock, $highlight; global $oldPost, $forumfiles; $oldPost = 0; //$mytimer = new timerobject(); //$mytimer->setPercision(2); //$mytimer->startTimer(); //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Show Topic Display Time1: $intervalTime"); if (!class_exists('StringParser')) { require_once $_CONF['path_html'] . 'forum/include/bbcode/stringparser_bbcode.class.php'; } $topictemplate = new Template($_CONF['path_layout'] . 'forum/layout'); $topictemplate->set_file(array('topictemplate' => 'topic.thtml', 'profile' => 'links/profile.thtml', 'pm' => 'links/pm.thtml', 'email' => 'links/email.thtml', 'website' => 'links/website.thtml', 'quote' => 'links/quotetopic.thtml', 'edit' => 'links/edittopic.thtml')); // if preview, only stripslashes is gpc=on, else assume from db so strip if ($mode == 'preview') { $showtopic['subject'] = COM_stripslashes($showtopic['subject']); $topictemplate->set_var('show_topicrow1', 'none'); $topictemplate->set_var('show_topicrule', 'none'); $topictemplate->set_var('lang_postpreview', $LANG_GF01['PREVIEW_HEADER']); } else { $showtopic['subject'] = stripslashes($showtopic['subject']); $topictemplate->set_var('show_topicrow2', 'none'); } $min_height = 50; // Base minimum height of topic - will increase if avatar or sig is used $date = strftime($CONF_FORUM['default_Topic_Datetime_format'], $showtopic['date']); $userQuery = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid='{$showtopic['uid']}'"); if ($showtopic['uid'] > 1 and DB_numRows($userQuery) == 1) { $userarray = DB_fetchArray($userQuery); $username = COM_getDisplayName($showtopic['uid']); $userlink = "<a href=\"{$_CONF['site_url']}/users.php?mode=profile&uid={$showtopic['uid']}\" "; $userlink .= "class=\"authorname {$onetwo}\"><b>{$username}</b></a>"; $uservalid = true; $postcount = DB_query("SELECT * FROM {$_TABLES['gf_topic']} WHERE uid='{$showtopic['uid']}'"); $posts = DB_numRows($postcount); // STARS CODE $starimage = "<IMG SRC=\"%s\" ALT=\"{$LANG_GF01['FORUM']} %s\" TITLE=\"{$LANG_GF01['FORUM']} %s\">"; if ($posts < $CONF_FORUM['level2']) { $user_level = sprintf($starimage, gf_getImage('rank1', 'ranks'), $CONF_FORUM['level1name'], $CONF_FORUM['level1name']); $user_levelname = $CONF_FORUM['level1name']; } elseif ($posts >= $CONF_FORUM['level2'] && $posts < $CONF_FORUM['level3']) { $user_level = sprintf($starimage, gf_getImage('rank2', 'ranks'), $CONF_FORUM['level2name'], $CONF_FORUM['level2name']); $user_levelname = $CONF_FORUM['level2name']; } elseif ($posts >= $CONF_FORUM['level3'] && $posts < $CONF_FORUM['level4']) { $user_level = sprintf($starimage, gf_getImage('rank3', 'ranks'), $CONF_FORUM['level3name'], $CONF_FORUM['level3name']); $user_levelname = $CONF_FORUM['level3name']; } elseif ($posts >= $CONF_FORUM['level4'] && $posts < $CONF_FORUM['level5']) { $user_level = sprintf($starimage, gf_getImage('rank4', 'ranks'), $CONF_FORUM['level4name'], $CONF_FORUM['level4name']); $user_levelname = $CONF_FORUM['level4name']; } elseif ($posts > $CONF_FORUM['level5']) { $user_level = sprintf($starimage, gf_getImage('rank5', 'ranks'), $CONF_FORUM['level5name'], $CONF_FORUM['level5name']); $user_levelname = $CONF_FORUM['level5name']; } if (forum_modPermission($showtopic['forum'], $showtopic['uid'])) { $user_level = sprintf($starimage, gf_getImage('rank_mod', 'ranks'), $LANG_GF01['moderator'], $LANG_GF01['moderator']); $user_levelname = $LANG_GF01['moderator']; } if (SEC_inGroup(1, $showtopic['uid'])) { $user_level = sprintf($starimage, gf_getImage('rank_admin', 'ranks'), $LANG_GF01['admin'], $LANG_GF01['admin']); $user_levelname = $LANG_GF01['admin']; } if ($userarray['photo'] != "") { $avatar = USER_getPhoto($showtopic['uid'], '', '', $CONF_FORUM['avatar_width']); $min_height = $min_height + 50; } $regdate = $LANG_GF01['REGISTERED'] . ': ' . strftime('%m/%d/%y', strtotime($userarray['regdate'])) . '<br>'; $numposts = $LANG_GF01['POSTS'] . ': ' . $posts; if (DB_count($_TABLES['sessions'], 'uid', $showtopic['uid']) > 0 and DB_getItem($_TABLES['userprefs'], 'showonline', "uid={$showtopic['uid']}") == 1) { $avatar .= '<br>' . $LANG_GF01['STATUS'] . ' ' . $LANG_GF01['ONLINE']; } else { $avatar .= '<br>' . $LANG_GF01['STATUS'] . ' ' . $LANG_GF01['OFFLINE']; } if ($userarray['sig'] != '') { $sig = '<hr width="95%" size="1" style="color=:black; text-align:left; margin-left:0; margin-bottom:5;padding:0" noshade>'; $sig .= '<B>' . $userarray['sig'] . '</B>'; $min_height = $min_height + 30; } } else { $uservalid = false; $userlink = '<b>' . $showtopic['name'] . '</b>'; $userlink = '<font size="-2">' . $LANG_GF01['ANON'] . '</font>' . $showtopic['name']; } if ($CONF_FORUM['show_moods'] && $showtopic['mood'] != "") { $moodimage = '<img align="absmiddle" src="' . gf_getImage($showtopic['mood'], 'moods') . '" title="' . $showtopic['mood'] . '"><br>'; $min_height = $min_height + 30; } //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Show Topic Display Time3: $intervalTime"); // Handle Pre ver 2.5 quoting and New Line Formatting - consider adding this to a migrate function if ($CONF_FORUM['pre2.5_mode']) { // try to determine if we have an old post... if (strstr($showtopic['comment'], '<pre class="forumCode">') !== false) { $oldPost = 1; } if (strstr($showtopic['comment'], "[code]<code>") !== false) { $oldPost = 1; } if (strstr($showtopic['comment'], "<pre>") !== false) { $oldPost = 1; } if (stristr($showtopic['comment'], '[code') == false || stristr($showtopic['comment'], '[code]<code>') == true) { if (strstr($showtopic['comment'], "<pre>") !== false) { $oldPost = 1; } $showtopic['comment'] = str_replace('<pre>', '[code]', $showtopic['comment']); $showtopic['comment'] = str_replace('</pre>', '[/code]', $showtopic['comment']); } $showtopic['comment'] = str_ireplace("[code]<code>", '[code]', $showtopic['comment']); $showtopic['comment'] = str_ireplace("</code>[/code]", '[/code]', $showtopic['comment']); $showtopic['comment'] = str_replace(array("<br />\r\n", "<br />\n\r", "<br />\r", "<br />\n"), '<br />', $showtopic['comment']); $showtopic['comment'] = preg_replace("/\\[QUOTE\\sBY=\\s(.+?)\\]/i", "[QUOTE] Quote by \$1:", $showtopic['comment']); /* Reformat code blocks - version 2.3.3 and prior */ $showtopic['comment'] = str_replace('<pre class="forumCode">', '[code]', $showtopic['comment']); $showtopic['comment'] = preg_replace("/\\[QUOTE\\sBY=(.+?)\\]/i", "[QUOTE] Quote by \$1:", $showtopic['comment']); if ($oldPost) { if (strstr($showtopic['comment'], "\\'") !== false) { $showtopic['comment'] = stripslashes($showtopic['comment']); } } } // Check and see if there are now no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it if ($mode == 'preview' and strpos($showtopic['comment'], '[file]') === false) { $usql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 "; if (isset($_POST['uniqueid']) and $_POST['uniqueid'] > 0) { // User is previewing a new post $usql .= "WHERE topic_id = {$_POST['uniqueid']} AND tempfile=1 "; } else { if (isset($showtopic['id'])) { $usql .= "WHERE topic_id = {$showtopic['id']} "; } } DB_query($usql); } $showtopic['comment'] = gf_formatTextBlock($showtopic['comment'], $showtopic['postmode'], $mode); $showtopic['subject'] = gf_formatTextBlock($showtopic['subject'], 'text', $mode); if (strlen($showtopic['subject']) > $CONF_FORUM['show_subject_length']) { $showtopic['subject'] = substr("{$showtopic['subject']}", 0, $CONF_FORUM['show_subject_length']); $showtopic['subject'] .= "..."; } //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Show Topic Display Time2: $intervalTime"); if ($mode != 'preview' && $uservalid && $_USER['uid'] > 1 && $_USER['uid'] == $showtopic['uid']) { /* Check if user can still edit this post - within allowed edit timeframe */ $editAllowed = false; if ($CONF_FORUM['allowed_editwindow'] > 0) { $t1 = $showtopic['date']; $t2 = $CONF_FORUM['allowed_editwindow']; if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } if ($editAllowed) { $editlink = "{$_CONF['site_url']}/forum/createtopic.php?method=edit&forum={$showtopic['forum']}&id={$showtopic['id']}&editid={$showtopic['id']}&page={$page}"; $editlinkimg = '<img src="' . gf_getImage('edit_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['EDITICON'] . '" TITLE="' . $LANG_GF01['EDITICON'] . '">'; $topictemplate->set_var('editlink', $editlink); $topictemplate->set_var('editlinkimg', $editlinkimg); $topictemplate->set_var('LANG_edit', $LANG_GF01['EDITICON']); $topictemplate->parse('edittopic_link', 'edit'); } } if ($highlight != '') { $showtopic['subject'] = str_replace("{$highlight}", "<font class=highlight>{$highlight}</font>", $showtopic['subject']); $showtopic['comment'] = str_replace("{$highlight}", "<font class=highlight>{$highlight}</font>", $showtopic['comment']); } if ($showtopic['pid'] == 0) { $replytopicid = $showtopic['id']; $is_lockedtopic = $showtopic['locked']; $views = $showtopic['views']; $topictemplate->set_var('read_msg', sprintf($LANG_GF02['msg49'], $views)); if ($is_lockedtopic) { $topictemplate->set_var('locked_icon', '<img src="' . gf_getImage('padlock') . '" TITLE="' . $LANG_GF02['msg114'] . '">'); } } else { $replytopicid = $showtopic['pid']; $is_lockedtopic = DB_getItem($_TABLES['gf_topic'], 'locked', "id={$showtopic['pid']}"); $topictemplate->set_var('read_msg', ''); } // Bookmark feature if ($_USER['uid'] > 1) { if (DB_count($_TABLES['gf_bookmarks'], array('uid', 'topic_id'), array($_USER['uid'], $showtopic['id']))) { $topictemplate->set_var('bookmark_icon', '<img src="' . gf_getImage('star_on_sm') . '" TITLE="' . $LANG_GF02['msg204'] . '">'); } else { $topictemplate->set_var('bookmark_icon', '<img src="' . gf_getImage('star_off_sm') . '" TITLE="' . $LANG_GF02['msg203'] . '">'); } } if ($CONF_FORUM['allow_user_dateformat']) { $date = COM_getUserDateTimeFormat($showtopic['date']); $topictemplate->set_var('posted_date', $date[0]); } else { $date = strftime($CONF_FORUM['default_Topic_Datetime_format'], $showtopic['date']); $topictemplate->set_var('posted_date', $date); } if ($mode != 'preview') { if ($is_lockedtopic == 0) { $is_readonly = DB_getItem($_TABLES['gf_forums'], 'is_readonly', 'forum_id=' . $showtopic['forum']); if ($is_readonly == 0 or forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_edit')) { $quotelink = "{$_CONF['site_url']}/forum/createtopic.php?method=postreply&forum={$showtopic['forum']}&id={$replytopicid}"eid={$showtopic['id']}"; $quotelinkimg = '<img src="' . gf_getImage('quote_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['QUOTEICON'] . '" TITLE="' . $LANG_GF01['QUOTEICON'] . '">'; $topictemplate->set_var('quotelink', $quotelink); $topictemplate->set_var('quotelinkimg', $quotelinkimg); $topictemplate->set_var('LANG_quote', $LANG_GF01['QUOTEICON']); $topictemplate->parse('quotetopic_link', 'quote'); } } //$topictemplate->set_var ('topic_post_link_begin', '<a name="'.$showtopic['id'].'">'); //$topictemplate->set_var ('topic_post_link_end', '</a>'); $mod_functions = forum_getmodFunctions($showtopic); if ($showtopic['uid'] > 1 && $uservalid) { $profile_link = "{$_CONF['site_url']}/users.php?mode=profile&uid={$showtopic['uid']}"; $profile_linkimg = '<img src="' . gf_getImage('profile_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['ProfileLink'] . '" TITLE="' . $LANG_GF01['ProfileLink'] . '">'; $topictemplate->set_var('profilelink', $profile_link); $topictemplate->set_var('profilelinkimg', $profile_linkimg); $topictemplate->set_var('LANG_profile', $LANG_GF01['ProfileLink']); $topictemplate->parse('profile_link', 'profile'); if ($CONF_FORUM['use_pm_plugin']) { $pmusernmame = COM_getDisplayName($showtopic['uid']); $pmplugin_link = forumPLG_getPMlink($pmusernmame); if ($pmplugin_link != '') { $pm_link = $pmplugin_link; $pm_linkimg = '<img src="' . gf_getImage('pm_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['PMLink'] . '" TITLE="' . $LANG_GF01['PMLink'] . '">'; $topictemplate->set_var('pmlink', $pm_link); $topictemplate->set_var('pmlinkimg', $pm_linkimg); $topictemplate->set_var('LANG_pm', $LANG_GF01['PMLink']); $topictemplate->parse('pm_link', 'pm'); } } } if ($userarray['email'] != '' && $showtopic["uid"] > 1) { $email_link = "{$_CONF['site_url']}/profiles.php?uid={$showtopic['uid']}"; $email_linkimg = '<img src="' . gf_getImage('email_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['EmailLink'] . '" TITLE="' . $LANG_GF01['EmailLink'] . '">'; $topictemplate->set_var('emaillink', $email_link); $topictemplate->set_var('emaillinkimg', $email_linkimg); $topictemplate->set_var('LANG_email', $LANG_GF01['EmailLink']); $topictemplate->parse('email_link', 'email'); } if ($userarray['homepage'] != '') { $homepage = $userarray['homepage']; if (!eregi("http", $homepage)) { $homepage = 'http://' . $homepage; } $homepageimg = '<img src="' . gf_getImage('website_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['WebsiteLink'] . '" TITLE="' . $LANG_GF01['WebsiteLink'] . '">'; $topictemplate->set_var('websitelink', $homepage); $topictemplate->set_var('websitelinkimg', $homepageimg); $topictemplate->set_var('LANG_website', $LANG_GF01['WebsiteLink']); $topictemplate->parse('website_link', 'website'); } if ($fromblock != "") { $back2 = $LANG_GF01['back2parent']; } else { $back2 = $LANG_GF01['back2top']; } $backlink = '<center><a href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $replytopicid . '">' . $back2 . '</a></center>'; } else { if ($_GET['onlytopic'] != 1) { $topictemplate->set_var('posted_date', ''); $topictemplate->set_var('preview_topic_subject', $showtopic['subject']); } else { $topictemplate->set_var('preview_topic_subject', ''); } $topictemplate->set_var('read_msg', ''); $topictemplate->set_var('locked_icon', ''); $topictemplate->set_var('preview_mode', 'none'); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; if (is_array($forumfiles)) { $imagerecs = implode(',', $forumfiles); } if (!empty($_POST['uniqueid'])) { $sql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 WHERE topic_id={$_POST['uniqueid']} "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); } else { if (isset($_POST['id'])) { $sql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 WHERE topic_id={$_POST['id']} "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); } } } //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Show Topic Display Time4: $intervalTime"); $showtopic['comment'] = str_replace('{', '{', $showtopic['comment']); $showtopic['comment'] = str_replace('}', '}', $showtopic['comment']); $uniqueid = COM_applyFilter($_POST['uniqueid'], true); if ($showtopic['id'] > 0) { $topictemplate->set_var('attachments', gf_showattachments($showtopic['id'])); } elseif ($uniqueid > 0) { $topictemplate->set_var('attachments', gf_showattachments($uniqueid)); } $topictemplate->set_var('layout_url', $_CONF['layout_url']); $topictemplate->set_var('csscode', $onetwo); $topictemplate->set_var('postmode', $showtopic['postmode']); $topictemplate->set_var('userlink', $userlink); $topictemplate->set_var('lang_forum', $LANG_GF01['FORUM']); $topictemplate->set_var('user_levelname', $user_levelname); $topictemplate->set_var('user_level', $user_level); $topictemplate->set_var('magical_image', $moodimage); $topictemplate->set_var('avatar', $avatar); $topictemplate->set_var('regdate', $regdate); $topictemplate->set_var('numposts', $numposts); $topictemplate->set_var('location', $location); $topictemplate->set_var('site_url', $_CONF['site_url']); $topictemplate->set_var('imgset', $CONF_FORUM['imgset']); $topictemplate->set_var('topic_subject', $showtopic['subject']); $topictemplate->set_var('LANG_ON2', $LANG_GF01['ON2']); $topictemplate->set_var('mod_functions', $mod_functions); $topictemplate->set_var('topic_comment', $showtopic['comment']); $topictemplate->set_var('comment_minheight', "min-height:{$min_height}px"); if (trim($sig) != '') { $topictemplate->set_var('sig', PLG_replaceTags($sig)); $topictemplate->set_var('show_sig', ''); } else { $topictemplate->set_var('sig', ''); $topictemplate->set_var('show_sig', 'none'); } $topictemplate->set_var('forumid', $showtopic['forum']); $topictemplate->set_var('topic_id', $showtopic['id']); $topictemplate->set_var('back_link', $backlink); $topictemplate->set_var('member_badge', forumPLG_getMemberBadge($showtopic['uid'])); $topictemplate->parse('output', 'topictemplate'); $retval .= $topictemplate->finish($topictemplate->get_var('output')); //$intervalTime = $mytimer->stopTimer(); //COM_errorLog("Show Topic Display Time5: $intervalTime"); return $retval; }
/** * Save a group to the database * * @param string $grp_id ID of group to save * @param string $grp_name Group Name * @param string $grp_descr Description of group * @param boolean $grp_admin Flag that indicates this is an admin use group * @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group * @param boolean $grp_default Flag that indicates if this is a default group * @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts * @param array $features Features the group has access to * @param array $groups Groups this group will belong to * @return string HTML refresh or error message * */ function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE; $retval = ''; if (!empty($grp_name) && !empty($grp_descr)) { $GroupAdminGroups = SEC_getUserGroups(); if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) { COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } if ($grp_gl_core == 1 and !is_array($features)) { COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } // group names have to be unique, so check if this one exists already $g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); if ($g_id > 0) { if (empty($grp_id) || $grp_id != $g_id) { // there already is a group with that name - complain $retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } } $grp_descr = COM_stripslashes($grp_descr); $grp_descr = DB_escapeString($grp_descr); $grp_applydefault_add = true; if (empty($grp_id)) { DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); $new_group = true; } else { if ($grp_applydefault == 1) { // check if $grp_default changed $old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}"); if ($old_default == $grp_default) { // no change required $grp_applydefault = 0; } elseif ($old_default == 1) { $grp_applydefault_add = false; } } DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $new_group = false; } if (empty($grp_id) || $grp_id < 1) { // "this shouldn't happen" COM_errorLog("Internal error: invalid group id"); $retval .= COM_showMessage(95); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } // Use the field grp_gl_core to indicate if this non-core GL Group // is an Admin related group if ($grp_gl_core != 1 and $grp_id > 1) { if ($grp_admin == 1) { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}"); } else { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}"); } } // now save the features DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id); $num_features = count($features); if (SEC_inGroup('Root')) { foreach ($features as $f) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } else { $GroupAdminFeatures = SEC_getUserPermissions(); $availableFeatures = explode(',', $GroupAdminFeatures); foreach ($features as $f) { if (in_array($f, $availableFeatures)) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } } if ($_GROUP_VERBOSE) { COM_errorLog('groups = ' . $groups); COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1); } DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id); if (!empty($groups)) { foreach ($groups as $g) { if (in_array($g, $GroupAdminGroups)) { if ($_GROUP_VERBOSE) { COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})"; DB_query($sql); } } } // Make sure Root group belongs to any new group if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)"); } // make sure this Group Admin belongs to the new group if (!SEC_inGroup('Root')) { if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})"); } } if ($grp_applydefault == 1) { applydefaultgroup($grp_id, $grp_applydefault_add); } if ($new_group) { PLG_groupChanged($grp_id, 'new'); } else { PLG_groupChanged($grp_id, 'edit'); } if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1'); } else { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49'); } } else { $retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } }
function LIB_Edit($pi_name, $id, $edt_flg, $msg = '', $errmsg = "", $mode = "edit") { global $_CONF; global $_TABLES; global $LANG_ADMIN; global $MESSAGE; global $LANG_ACCESS; global $_USER; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box = "LANG_" . strtoupper($pi_name); global ${$lang_box}; $lang_box = ${$lang_box}; $lang_box_noyes = "LANG_" . strtoupper($pi_name) . "_NOYES"; global ${$lang_box_noyes}; $lang_box_noyes = ${$lang_box_noyes}; $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE"; global ${$lang_box_inputtype}; $lang_box_inputtype = ${$lang_box_inputtype}; $table = $_TABLES[strtoupper($pi_name) . '_def_group']; $table1 = $_TABLES[strtoupper($pi_name) . '_def_category']; $table2 = $_TABLES[strtoupper($pi_name) . '_def_field']; // $cur_year = date( 'Y' ); // $year_startoffset=1990 - $cur_year +1; // $year_endoffset=0; $retval = ''; $delflg = false; //メッセージ表示 if (!empty($msg)) { $retval .= COM_showMessage($msg, $pi_name); $retval .= $errmsg; // clean 'em up $code = COM_applyFilter($_POST['code']); $name = COM_applyFilter($_POST['name']); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $orderno = COM_applyFilter($_POST['orderno']); $parent_flg = COM_applyFilter($_POST['parent_flg'], true); $input_type = COM_applyFilter($_POST['input_type'], true); $uuid = $_USER['uid']; } else { if (empty($id)) { $id = 0; $code = ""; $name = ""; $description = ""; $orderno = ""; $parent_flg = 0; $uuid = 0; $udatetime = ""; //""; } else { $sql = "SELECT "; $sql .= " *"; $sql .= " ,UNIX_TIMESTAMP(udatetime) AS udatetime_un" . LB; $sql .= " FROM "; $sql .= $table; $sql .= " WHERE "; $sql .= " group_id = {$id}"; $result = DB_query($sql); $A = DB_fetchArray($result); $code = COM_stripslashes($A['code']); $name = COM_stripslashes($A['name']); $description = COM_stripslashes($A['description']); $orderno = COM_stripslashes($A['orderno']); $parent_flg = COM_stripslashes($A['parent_flg']); $input_type = COM_stripslashes($A['input_type']); $uuid = COM_stripslashes($A['uuid']); $wary = COM_getUserDateTimeFormat(COM_stripslashes($A['udatetime_un'])); $udatetime = $wary[0]; if ($edt_flg == FALSE) { $delflg = true; } } } if ($mode === "copy") { $id = 0; //作成日付 $created = 0; $created_month = 0; $created_day = 0; $created_year = 0; $created_hour = 0; $created_minute = 0; // $delflg = false; } $retval .= COM_startBlock($lang_box_admin['edit'], '', COM_getBlockTemplate('_admin_block', 'header')); $tmplfld = DATABOX_templatePath('admin', 'default', $pi_name); $templates = new Template($tmplfld); $templates->set_file('editor', "group_editor.thtml"); //-- $templates->set_var('about_thispage', $lang_box_admin['about_admin_group']); $templates->set_var('lang_must', $lang_box_admin['must']); $templates->set_var('site_url', $_CONF['site_url']); $templates->set_var('site_admin_url', $_CONF['site_admin_url']); $token = SEC_createToken(); $retval .= SEC_getTokenExpiryNotice($token); $templates->set_var('gltoken_name', CSRF_TOKEN); $templates->set_var('gltoken', $token); $templates->set_var('xhtml', XHTML); $templates->set_var('script', THIS_SCRIPT); // $templates->set_var('lang_link_admin', $lang_box_admin['link_admin']); $templates->set_var('lang_link_admin_top', $lang_box_admin['link_admin_top']); //id $templates->set_var('lang_group_id', $lang_box_admin['group_id']); $templates->set_var('id', $id); //コード、名前&説明 $templates->set_var('lang_code', $lang_box_admin['code']); $templates->set_var('code', $code); $templates->set_var('lang_name', $lang_box_admin['name']); $templates->set_var('name', $name); $templates->set_var('lang_description', $lang_box_admin['description']); $templates->set_var('description', $description); //順番 $templates->set_var('lang_orderno', $lang_box_admin['orderno']); $templates->set_var('orderno', $orderno); //親ブループ? $templates->set_var('lang_parent_flg', $lang_box_admin['parent_flg']); $list_parent_flg = DATABOX_getradiolist($lang_box_noyes, "parent_flg", $parent_flg); $templates->set_var('list_parent_flg', $list_parent_flg); //入力タイプ $templates->set_var('lang_input_type', $lang_box_admin['input_type']); $list_input_type = DATABOX_getradiolist($lang_box_inputtype, "input_type", $input_type); $templates->set_var('list_input_type', $list_input_type); //保存日時 $templates->set_var('lang_udatetime', $lang_box_admin['udatetime']); $templates->set_var('udatetime', $udatetime); $templates->set_var('lang_uuid', $lang_box_admin['uuid']); $templates->set_var('uuid', $uuid); // SAVE、CANCEL ボタン $templates->set_var('lang_save', $LANG_ADMIN['save']); $templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $templates->set_var('lang_preview', $LANG_ADMIN['preview']); //delete_option if ($delflg) { $wkcnt = DB_count($table1, "categorygroup_id", $id); if ($wkcnt > 0) { $templates->set_var('lang_delete_help', $lang_box_admin['delete_help_group']); } else { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); } } // $templates->parse('output', 'editor'); $retval .= $templates->finish($templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Filter parameters passed per GET (URL) or POST. * * @param string $parameter the parameter to test * @param boolean $isnumeric true if $parameter is supposed to be numeric * @return string the filtered parameter (may now be empty or 0) * @see COM_applyBasicFilter * */ function COM_applyFilter($parameter, $isnumeric = false) { $p = COM_stripslashes($parameter); return COM_applyBasicFilter($p, $isnumeric); }