function clean_txt_array($array) { foreach ($array as $i => $key) { $array[$i] = clean_txt($key); } return $array; }
function protect($text) { $return = htmlspecialchars(stripslashes(clean_txt($text))); return $return; }
function clean_txt_array($array) { foreach ($array as $i => $key) { if (is_array($array[$i])) { clean_txt_array($key); } else { $array[$i] = clean_txt($key); } } return $array; }
function fichier_prefs() { $fichier_prefs = '../' . $GLOBALS['dossier_config'] . '/prefs.php'; if (!empty($_POST['_verif_envoi'])) { $lang = (isset($_POST['langue']) and preg_match('#^[a-z]{2}$#', $_POST['langue'])) ? $_POST['langue'] : 'fr'; $auteur = clean_txt(htmlspecialchars($_POST['auteur'])); $email = clean_txt(htmlspecialchars($_POST['email'])); $nomsite = clean_txt(htmlspecialchars($_POST['nomsite'])); $description = clean_txt(htmlspecialchars($_POST['description'])); $keywords = clean_txt(htmlspecialchars($_POST['keywords'])); $racine = addslashes(trim(htmlspecialchars($_POST['racine']))); $max_bill_acceuil = htmlspecialchars($_POST['nb_maxi']); $max_bill_admin = htmlspecialchars($_POST['nb_list']); $max_comm_admin = htmlspecialchars($_POST['nb_list_com']); $format_date = htmlspecialchars($_POST['format_date']); $format_heure = htmlspecialchars($_POST['format_heure']); $fuseau_horaire = addslashes(clean_txt(htmlspecialchars($_POST['fuseau_horaire']))); $global_com_rule = htmlspecialchars($_POST['global_comments']); $connexion_captcha = htmlspecialchars($_POST['connexion_captcha']); $activer_categories = htmlspecialchars($_POST['activer_categories']); $afficher_rss = htmlspecialchars($_POST['aff_onglet_rss']); $afficher_liens = htmlspecialchars($_POST['aff_onglet_liens']); $theme_choisi = addslashes(clean_txt(htmlspecialchars($_POST['theme']))); $comm_defaut_status = htmlspecialchars($_POST['comm_defaut_status']); $automatic_keywords = htmlspecialchars($_POST['auto_keywords']); $require_email = htmlspecialchars($_POST['require_email']); $auto_check_updates = htmlspecialchars($_POST['check_update']); // linx // $autoriser_liens_public = $_POST['allow_public_linx']; // $linx_defaut_status = $_POST['linx_defaut_status']; $auto_dl_liens_fichiers = htmlspecialchars($_POST['dl_link_to_files']); $nombre_liens_admin = htmlspecialchars($_POST['nb_list_linx']); } else { $lang = (isset($_POST['langue']) and preg_match('#^[a-z]{2}$#', $_POST['langue'])) ? $_POST['langue'] : 'fr'; $auteur = clean_txt($GLOBALS['identifiant']); $email = '*****@*****.**'; $nomsite = 'Blogotext'; $description = clean_txt($GLOBALS['lang']['go_to_pref']); $keywords = 'blog, blogotext'; $racine = clean_txt(trim(htmlspecialchars($_POST['racine']))); $max_bill_acceuil = '10'; // $max_linx_accueil = '50'; // $max_comm_encart = '5'; $max_bill_admin = '25'; $max_comm_admin = '50'; $format_date = '0'; $format_heure = '0'; $fuseau_horaire = 'UTC'; $global_com_rule = '0'; $connexion_captcha = '0'; $activer_categories = '1'; $afficher_rss = '1'; $afficher_liens = '1'; $theme_choisi = 'default'; $comm_defaut_status = '1'; $automatic_keywords = '1'; $require_email = '0'; $auto_check_updates = 1; // linx // $autoriser_liens_public = '0'; // $linx_defaut_status = '1'; $auto_dl_liens_fichiers = '0'; $nombre_liens_admin = '50'; } $prefs = "<?php\n"; $prefs .= "\$GLOBALS['lang'] = '" . $lang . "';\n"; $prefs .= "\$GLOBALS['auteur'] = '" . $auteur . "';\n"; $prefs .= "\$GLOBALS['email'] = '" . $email . "';\n"; $prefs .= "\$GLOBALS['nom_du_site'] = '" . $nomsite . "';\n"; $prefs .= "\$GLOBALS['description'] = '" . $description . "';\n"; $prefs .= "\$GLOBALS['keywords'] = '" . $keywords . "';\n"; $prefs .= "\$GLOBALS['racine'] = '" . $racine . "';\n"; $prefs .= "\$GLOBALS['max_bill_acceuil'] = '" . $max_bill_acceuil . "';\n"; $prefs .= "\$GLOBALS['max_bill_admin'] = '" . $max_bill_admin . "';\n"; // $prefs .= "\$GLOBALS['max_comm_encart'] = '".$max_comm_encart."';\n"; $prefs .= "\$GLOBALS['max_comm_admin'] = '" . $max_comm_admin . "';\n"; // $prefs .= "\$GLOBALS['max_linx_acceuil'] = '".$max_linx_accueil."';\n"; $prefs .= "\$GLOBALS['format_date'] = '" . $format_date . "';\n"; $prefs .= "\$GLOBALS['format_heure'] = '" . $format_heure . "';\n"; $prefs .= "\$GLOBALS['fuseau_horaire'] = '" . $fuseau_horaire . "';\n"; $prefs .= "\$GLOBALS['connexion_captcha']= '" . $connexion_captcha . "';\n"; $prefs .= "\$GLOBALS['activer_categories']= '" . $activer_categories . "';\n"; $prefs .= "\$GLOBALS['onglet_rss']= '" . $afficher_rss . "';\n"; $prefs .= "\$GLOBALS['onglet_liens']= '" . $afficher_liens . "';\n"; $prefs .= "\$GLOBALS['theme_choisi']= '" . $theme_choisi . "';\n"; $prefs .= "\$GLOBALS['global_com_rule']= '" . $global_com_rule . "';\n"; $prefs .= "\$GLOBALS['comm_defaut_status']= '" . $comm_defaut_status . "';\n"; $prefs .= "\$GLOBALS['automatic_keywords']= '" . $automatic_keywords . "';\n"; $prefs .= "\$GLOBALS['require_email']= '" . $require_email . "';\n"; $prefs .= "\$GLOBALS['check_update']= '" . $auto_check_updates . "';\n"; // $prefs .= "\$GLOBALS['allow_public_linx']= '".$autoriser_liens_public."';\n"; // $prefs .= "\$GLOBALS['linx_defaut_status']= '".$linx_defaut_status."';\n"; $prefs .= "\$GLOBALS['max_linx_admin']= '" . $nombre_liens_admin . "';\n"; $prefs .= "\$GLOBALS['dl_link_to_files']= '" . $auto_dl_liens_fichiers . "';\n"; $prefs .= "?>"; if (file_put_contents($fichier_prefs, $prefs) === FALSE) { return FALSE; } else { return TRUE; } }
function init_post_fichier() { //no $mode : it's always admin. // on edit : get file info from form if (isset($_POST['is_it_edit']) and $_POST['is_it_edit'] == 'yes') { $file_id = htmlspecialchars($_POST['file_id']); $filename = pathinfo(htmlspecialchars($_POST['filename']), PATHINFO_FILENAME); $ext = strtolower(pathinfo(htmlspecialchars($_POST['filename']), PATHINFO_EXTENSION)); $checksum = htmlspecialchars($_POST['sha1_file']); $size = htmlspecialchars($_POST['filesize']); $type = detection_type_fichier($ext); $dossier = htmlspecialchars($_POST['dossier']); $path = htmlspecialchars($_POST['path']); // on new post, get info from the file itself } else { $file_id = date('YmdHis'); $dossier = htmlspecialchars($_POST['dossier']); // ajout de fichier par upload if (!empty($_FILES['fichier']) and $_FILES['fichier']['error'] == 0) { $filename = pathinfo($_FILES['fichier']['name'], PATHINFO_FILENAME); $ext = strtolower(pathinfo($_FILES['fichier']['name'], PATHINFO_EXTENSION)); $checksum = sha1_file($_FILES['fichier']['tmp_name']); $size = $_FILES['fichier']['size']; $type = detection_type_fichier($ext); $path = ''; // ajout par une URL d’un fichier distant } elseif (!empty($_POST['fichier'])) { $filename = pathinfo(parse_url($_POST['fichier'], PHP_URL_PATH), PATHINFO_FILENAME); $ext = strtolower(pathinfo(parse_url($_POST['fichier'], PHP_URL_PATH), PATHINFO_EXTENSION)); $checksum = sha1_file($_POST['fichier']); // works with URL files $size = ''; // same (even if we could use "filesize" with the URL, it would over-use data-transfer) $path = ''; $type = detection_type_fichier($ext); } else { // ERROR redirection(basename($_SERVER['PHP_SELF']) . '?errmsg=error_image_add'); return FALSE; } } // nom du fichier : si nom donné, sinon nom du fichier inchangé $filename = diacritique(htmlspecialchars(!empty($_POST['nom_entree']) ? $_POST['nom_entree'] : $filename), '', '0') . '.' . $ext; $statut = (isset($_POST['statut']) and $_POST['statut'] == 'on') ? '0' : '1'; $fichier = array('bt_id' => $file_id, 'bt_type' => $type, 'bt_fileext' => $ext, 'bt_filesize' => $size, 'bt_filename' => $filename, 'bt_content' => stripslashes(protect_markup(clean_txt($_POST['description']))), 'bt_wiki_content' => stripslashes(protect_markup(clean_txt($_POST['description']))), 'bt_checksum' => $checksum, 'bt_statut' => $statut, 'bt_dossier' => empty($dossier) ? 'default' : $dossier, 'bt_path' => empty($path) ? '/' . substr($checksum, 0, 2) : $path); return $fichier; }
function init_post_link2() { // second init : the whole link data needs to be stored $id = htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['bt_id'])))); $author = htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['bt_author'])))); if (empty($_POST['url'])) { $url = $GLOBALS['racine'] . '?mode=links&id=' . $id; } else { $url = htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['url'])))); } $statut = isset($_POST['statut']) ? 0 : 1; $link = array('bt_id' => $id, 'bt_type' => htmlspecialchars($_POST['type']), 'bt_content' => formatage_links(htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['description']))), ENT_NOQUOTES)), 'bt_wiki_content' => htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['description'])))), 'bt_author' => $author, 'bt_title' => htmlspecialchars(stripslashes(protect_markup(clean_txt($_POST['title'])))), 'bt_link' => $url, 'bt_tags' => htmlspecialchars(traiter_tags($_POST['categories'])), 'bt_statut' => $statut); if (isset($_POST['ID']) and is_numeric($_POST['ID'])) { // ID only added on edit. $link['ID'] = $_POST['ID']; } return $link; }