function _api_getHansard_search($array)
{
$search = isset($array['s']) ? trim($array['s']) : '';
$pid = trim($array['pid']);
$type = isset($array['type']) ? $array['type'] : '';
$search = filter_user_input($search, 'strict');
if ($pid) {
$search .= ($search ? ' ' : '') . 'speaker:' . $pid;
}
if ($type) {
$search .= " section:" . $type;
}
$o = get_http_var('order');
if ($o == 'p') {
$data = search_by_usage($search);
$out = array();
foreach ($data['speakers'] as $pid => $s) {
$out[$pid] = array('house' => $s['house'], 'name' => $s['name'], 'party' => $s['party'], 'count' => $s['count'], 'mindate' => substr($s['pmindate'], 0, 7), 'maxdate' => substr($s['pmaxdate'], 0, 7));
}
api_output($out);
return;
}
global $SEARCHENGINE;
$SEARCHENGINE = new SEARCHENGINE($search);
# $query_desc_short = $SEARCHENGINE->query_description_short();
$pagenum = get_http_var('page');
$args = array('s' => $search, 'p' => $pagenum, 'num' => get_http_var('num'), 'pop' => 1, 'o' => $o == 'd' || $o == 'r' ? $o : 'd');
$LIST = new HANSARDLIST();
$LIST->display('search', $args, 'api');
}
public function display()
{
$data = array();
$argparser = new Search\ParseArgs();
$this->searchstring = $argparser->construct_search_string();
$this->searchkeyword = $argparser->searchkeyword;
if (!$this->searchstring) {
$data = $this->get_form_params($data);
$data['searchstring'] = '';
$data['template'] = 'search/results';
return $data;
}
$this->searchstring = filter_user_input($this->searchstring, 'strict');
$warnings = $this->validate_search_string();
if ($warnings) {
$data['warnings'] = $warnings;
$data['template'] = 'search/results';
$data['searchstring'] = $this->searchstring;
$data = $this->get_form_params($data);
return $data;
} else {
if (get_http_var('o') == 'p') {
$search = new Search\ByUsage();
$data = $search->search($this->searchstring);
$data['template'] = 'search/by-person';
} else {
$search = new Search\Normal();
$data = $search->search($this->searchstring);
$data['template'] = 'search/results';
}
}
if (isset($data['info']['spelling_correction'])) {
$data['info']['spelling_correction_display'] = $this->prettifySearchString($data['info']['spelling_correction']);
}
$data['searchstring'] = $this->searchstring;
$data['urls'] = $this->get_urls();
$data['this_url'] = $this->get_search_url();
$data['ungrouped_url'] = $this->get_search_url(false);
$data = $this->get_form_params($data);
$data = $this->set_wtt_options($data);
$this->set_page_title($data);
return $data;
}
$_SERVER['DEVICE_TYPE'] = "mobile";
# vim:sw=4:ts=4:et:nowrap
include_once "../../includes/easyparliament/init.php";
include_once INCLUDESPATH . "easyparliament/member.php";
include_once INCLUDESPATH . "easyparliament/glossary.php";
// From http://cvs.sourceforge.net/viewcvs.py/publicwhip/publicwhip/website/
include_once INCLUDESPATH . "postcode.inc";
if (get_http_var('s') != '' || get_http_var('pid') != '') {
if (get_http_var('pid') == 16407) {
header('Location: /search/?pid=10133');
exit;
}
// We're searching for something.
$this_page = 'search';
$searchstring = trim(get_http_var('s'));
$searchstring = filter_user_input($searchstring, 'strict');
$time = parse_date($searchstring);
if ($time['iso']) {
header('Location: /hansard/?d=' . $time['iso']);
exit;
}
$searchspeaker = trim(get_http_var('pid'));
if ($searchspeaker) {
$searchstring .= ($searchstring ? ' ' : '') . 'speaker:' . $searchspeaker;
}
$searchmajor = trim(get_http_var('section'));
if (!$searchmajor) {
// Legacy URLs used maj
$searchmajor = trim(get_http_var('maj'));
}
if ($searchmajor) {
/**
* Update custom field
*/
function updateCustomField($field)
{
global $database;
/* escape vars */
# set override
if ($field['fieldType'] != "set") {
$field = filter_user_input($field, true, true);
}
/* set db type values */
if ($field['fieldType'] == "bool" || $field['fieldType'] == "text" || $field['fieldType'] == "date" || $field['fieldType'] == "datetime") {
$field['ftype'] = "{$field['fieldType']}";
} else {
$field['ftype'] = "{$field['fieldType']}({$field['fieldSize']})";
}
//default null
if (strlen($field['fieldDefault']) == 0) {
$field['fieldDefault'] = "NULL";
} else {
$field['fieldDefault'] = "'{$field['fieldDefault']}'";
}
//character?
if ($field['fieldType'] == "varchar" || $field['fieldType'] == "text" || $field['fieldType'] == "set") {
$charset = "CHARACTER SET utf8";
} else {
$charset = "";
}
/* update request */
if ($field['action'] == "delete") {
$query = "ALTER TABLE `{$field['table']}` DROP `{$field['name']}`;";
} else {
if ($field['action'] == "edit" && @$field['NULL'] == "NO") {
$query = "ALTER TABLE `{$field['table']}` CHANGE COLUMN `{$field['oldname']}` `{$field['name']}` {$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NOT NULL COMMENT '{$field['Comment']}';";
} else {
if ($field['action'] == "edit") {
$query = "ALTER TABLE `{$field['table']}` CHANGE COLUMN `{$field['oldname']}` `{$field['name']}` {$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} COMMENT '{$field['Comment']}';";
} else {
if ($field['action'] == "add" && @$field['NULL'] == "NO") {
$query = "ALTER TABLE `{$field['table']}` ADD COLUMN \t`{$field['name']}` \t\t\t\t\t{$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NOT NULL COMMENT '{$field['Comment']}';";
} else {
if ($field['action'] == "add") {
$query = "ALTER TABLE `{$field['table']}` ADD COLUMN \t`{$field['name']}` \t\t\t\t\t{$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NULL COMMENT '{$field['Comment']}';";
} else {
return false;
}
}
}
}
}
/* prepare log */
$log = prepareLogFromArray($field);
try {
$database->executeQuery($query);
} catch (Exception $e) {
$error = $e->getMessage();
print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>";
updateLogTable('Custom Field ' . $field['action'] . ' failed (' . $field['name'] . ')', $log, 2);
return false;
}
updateLogTable('Custom Field ' . $field['action'] . ' success (' . $field['name'] . ')', $log, 0);
return true;
}
if ($success) {
// $success will be the editqueue_id().
print "<h4>All good so far...</h4><p>Your definition for <strong>"" . $data['title'] . ""</strong> now awaits moderator approval or somesuch thing...</p>";
$PAGE->glossary_links();
} else {
$PAGE->error_message("Sorry, there was an error and we were unable to add your Glossary item.");
}
} elseif (get_http_var("previewterm") != '') {
// We're previewing a Glossary definition.
if (get_http_var('definition') != '') {
// Mock up a "current term" to send to the display function
$body = get_http_var('definition');
$title = get_http_var('g');
$GLOSSARY->current_term['body'] = filter_user_input($body, 'comment');
// In init.php
$GLOSSARY->current_term['title'] = filter_user_input($title, 'comment');
// In init.php
// Off it goes...
print "<p>Your entry should look something like this:</p>";
print "<p>";
$PAGE->glossary_display_term($GLOSSARY);
print "</p>";
// Then, in case they aren't happy with it, show them the form again
$PAGE->glossary_add_definition_form($args);
}
} elseif ($GLOSSARY->query != '') {
// Deal with all the various searching possiblities...
if ($GLOSSARY->num_search_matches >= 1) {
// Offer a list of matching terms
$PAGE->glossary_display_match_list($GLOSSARY);
} else {
<?php
/*
* Print truncate subnet
*********************/
/* required functions */
require_once '../../functions/functions.php';
/* filter input */
$_POST = filter_user_input($_POST, true, true, false);
$_POST['action'] = filter_user_input($_POST['action'], false, false, true);
/* must be numeric */
if (!is_numeric($_POST['subnetId'])) {
die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>');
}
/* verify that user has write permissions for subnet */
$subnetPerm = checkSubnetPermission($_POST['subnetId']);
if ($subnetPerm < 2) {
die('<div class="alert alert-danger">' . _('You do not have permissions to truncate subnet') . '!</div>');
}
/* verify post */
CheckReferrer();
# get subnet details
$subnet = getSubnetDetailsById($_POST['subnetId']);
# get all IP addresses
$ip_addr = getIpAddressesBySubnetId($_POST['subnetId']);
?>
<!-- header -->
<div class="pHeader"><?php
print _('Truncate subnet');
function create($COMMENT, $reportdata)
{
// For when a user posts a report on a comment.
// $reportdata is an array like:
// array (
// 'body' => 'some text',
// 'firstname' => 'Billy',
// 'lastname' => 'Nomates',
// 'email' => '*****@*****.**'
// )
// But if the report was made by a logged-in user, only the
// 'body' element should really contain anything, because
// we use $THEUSER's id to get the rest.
// $COMMENT is an existing COMMENT object, needed for setting
// its modflag and comment_id.
global $THEUSER, $PAGE;
if (!$THEUSER->is_able_to('reportcomment')) {
$PAGE->error_message("Sorry, you are not allowed to post reports.");
return false;
}
if (is_numeric($THEUSER->user_id()) && $THEUSER->user_id() > 0) {
// Flood check - make sure the user hasn't just posted a report recently.
// To help prevent accidental duplicates, among other nasty things.
// (Non-logged in users are all id == 0.)
$flood_time_limit = 20;
// How many seconds until a user can post again?
$q = $this->db->query("SELECT report_id\n\t\t\t\t\t\t\tFROM\tcommentreports\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\treported + 0 > NOW() - {$flood_time_limit}");
if ($q->rows() > 0) {
$PAGE->error_message("Sorry, we limit people to posting one report per {$flood_time_limit} seconds to help prevent duplicate reports. Please go back and try again, thanks.");
return false;
}
}
// Tidy up body.
$body = filter_user_input($reportdata['body'], 'comment');
// In utility.php
$time = gmdate("Y-m-d H:i:s");
if ($THEUSER->isloggedin()) {
$sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, user_id)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($THEUSER->user_id()) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
} else {
$sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, firstname, lastname, email)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['firstname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['lastname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['email']) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
}
$q = $this->db->query($sql);
if ($q->success()) {
// Inserted OK, so set up this object's variables.
$this->report_id = $q->insert_id();
$this->comment_id = $COMMENT->comment_id();
$this->body = $body;
$this->reported = $time;
if ($THEUSER->isloggedin()) {
$this->user_id = $THEUSER->user_id();
$this->firstname = $THEUSER->firstname();
$this->lastname = $THEUSER->lastname();
} else {
$this->email = $reportdata['email'];
$this->firstname = $reportdata['firstname'];
$this->lastname = $reportdata['lastname'];
}
// Set the comment's modflag to on.
$COMMENT->set_modflag('on');
// Notify those who need to know that there's a new report.
$URL = new URL('admin_commentreport');
$URL->insert(array('rid' => $this->report_id, 'cid' => $this->comment_id));
$emailbody = "A new comment report has been filed by " . $this->user_name() . ".\n\n";
$emailbody .= "COMMENT:\n" . $COMMENT->body() . "\n\n";
$emailbody .= "REPORT:\n" . $this->body . "\n\n";
$emailbody .= "To manage this report follow this link: http://" . DOMAIN . $URL->generate('none') . "\n";
send_email(REPORTLIST, 'New comment report', $emailbody);
// Send an email to the user to thank them.
if ($THEUSER->isloggedin()) {
$email = $THEUSER->email();
} else {
$email = $this->email();
}
$data = array('to' => $email, 'template' => 'report_acknowledge');
$merge = array('FIRSTNAME' => $this->firstname(), 'LASTNAME' => $this->lastname(), 'COMMENTURL' => "http://" . DOMAIN . $COMMENT->url(), 'REPORTBODY' => strip_tags($this->body()));
// send_template_email in utility.php.
send_template_email($data, $merge);
return true;
} else {
return false;
}
}
<?php
/* verify that user is authenticated! */
isUserAuthenticated();
/* get posted search term */
if ($_GET['ip']) {
$searchTerm = $_GET['ip'];
} else {
$searchTerm = "";
}
/* filter input */
$_GET['ip'] = filter_user_input($_GET['ip'], true, true);
?>
<h4><?php
print _('Search IP database');
?>
</h4>
<hr>
<!-- search form -->
<form id="search" name="search" class='form-inline' role="form" style="margin-bottom:20px;">
<div class='input-group'>
<div class='form-group'>
<input class="search input-md form-control" name="ip" value="<?php
print $searchTerm;
?>
" placeholder="<?php
print _('Search term');
?>
" type="text" autofocus="autofocus" style='width:250px;'>
function create($data)
{
// Inserts data for this comment into the database.
// $data has 'epobject_id' and 'body' elements.
// Returns the new comment_id if successful, false otherwise.
global $THEUSER, $PAGE;
if ($this->comments_enabled() == false) {
$PAGE->error_message("Sorry, the posting of annotations has been temporarily disabled.");
return;
}
if (!$THEUSER->is_able_to('addcomment')) {
$message = array('title' => 'Sorry', 'text' => 'You are not allowed to post annotations.');
$PAGE->error_message($message);
return false;
}
if (!is_numeric($data['epobject_id'])) {
$message = array('title' => 'Sorry', 'text' => "We don't have an epobject id.");
$PAGE->error_message($message);
return false;
}
if ($data['body'] == '') {
$message = array('title' => 'Whoops!', 'text' => "You haven't entered an annotation!");
$PAGE->error_message($message);
return false;
}
/*
if (is_numeric($THEUSER->user_id())) {
// Flood check - make sure the user hasn't just posted a comment recently.
// To help prevent accidental duplicates, among other nasty things.
$flood_time_limit = 60; // How many seconds until a user can post again?
$q = $this->db->query("SELECT comment_id
FROM comments
WHERE user_id = '" . $THEUSER->user_id() . "'
AND posted + 0 > NOW() - $flood_time_limit");
if ($q->rows() > 0) {
$message = array (
'title' => 'Hold your horses!',
'text' => "We limit people to posting one comment per $flood_time_limit seconds to help prevent duplicate postings. Please go back and try again, thanks."
);
$PAGE->error_message($message);
return false;
}
}
*/
// OK, let's get on with it...
// Tidy up the HTML tags
// (but we don't make URLs into links; only when displaying the comment).
$body = filter_user_input($data['body'], 'comment');
// In utility.php
$posted = date('Y-m-d H:i:s', time());
$q_gid = $this->db->query("select gid from hansard where epobject_id = '" . addslashes($data['epobject_id']) . "'");
$data['gid'] = $q_gid->field(0, 'gid');
$q = $this->db->query("INSERT INTO comments\n\t\t\t\t\t\t(user_id, epobject_id, body, posted, visible, original_gid)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t(\n\t\t\t\t\t\t'" . addslashes($THEUSER->user_id()) . "',\n\t\t\t\t\t\t'" . addslashes($data['epobject_id']) . "',\n\t\t\t\t\t\t'" . addslashes($body) . "',\n\t\t\t\t\t\t'" . $posted . "',\n\t\t\t\t\t\t1,\n\t\t\t\t\t\t'" . addslashes($data['gid']) . "'\n\t\t\t\t\t\t)");
if ($q->success()) {
// Set the object varibales up.
$this->comment_id = $q->insert_id();
$this->user_id = $THEUSER->user_id();
$this->epobject_id = $data['epobject_id'];
$this->body = $data['body'];
$this->posted = $posted;
$this->visible = 1;
return $this->comment_id();
} else {
return false;
}
}
<script type="text/javascript">
/* fix for ajax-loading tooltips */
$('body').tooltip({ selector: '[rel=tooltip]' });
</script>
<?php
/**
* Script to display all slave IP addresses and subnets in content div of subnets table!
***************************************************************************************/
/* filter input */
$_GET = filter_user_input($_GET, true, true, false);
/* must be numeric */
if (!is_numeric($_GET['subnetId'])) {
die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>');
}
if (!is_numeric($_GET['section'])) {
die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>');
}
/* get master subnet ID */
$subnetId = $_GET['subnetId'];
/* get all slaves */
$slaves = getAllSlaveSubnetsBySubnetId($subnetId);
/* get master details */
$master = getSubnetDetailsById($subnetId);
/* get section details */
$section = getSectionDetailsById($master['sectionId']);
/* divide subnets / folders */
foreach ($slaves as $s) {
//folders
if ($s['isFolder'] == "1") {
$folders[] = $s;
} else {
$sort['field'] = $tmp[0];
$sort['direction'] = $tmp[1];
if ($sort['direction'] == "asc") {
$sort['directionNext'] = "desc";
} else {
$sort['directionNext'] = "asc";
}
/**
* Parse IP addresses
*
* We provide subnet and mask, all other is calculated based on it (subnet, broadcast,...)
*/
$SubnetParsed = parseIpAddress(transform2long($SubnetDetails['subnet']), $SubnetDetails['mask']);
}
/* filter input */
$_REQUEST = filter_user_input($_REQUEST, true, true, false);
/* must be numeric */
if (!is_numeric($_REQUEST['subnetId'])) {
die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>');
}
/* get posted subnet, die if it is not provided! */
if ($_REQUEST['subnetId']) {
$subnetId = $_REQUEST['subnetId'];
}
/* verify that user is authenticated! */
isUserAuthenticated();
/* get all selected fields for IP print */
$setFields = getSelectedIPaddrFields();
/* format them to array! */
$setFields = explode(";", $setFields);
/**
/**
* Send IP address details mail
*
* type > IP, subnet, vlan, vrf
* action
* objectOld, objectNew > object details array
*/
function sendObjectUpdateMails($type, $action, $objectOld, $objectNew, $iprange = false)
{
# get settings
global $settings;
global $mailsettings;
global $mail;
global $pmail;
# ip range?
if ($iprange) {
# subject
$subject = "New IP range {$action} notification";
# set reference object
$objectSelected = $objectNew;
} elseif ($action == "add") {
# subject
$subject = "New {$type} notification";
# unset unneeded variables
unset($objectOld);
unset($objectNew['lastSeen'], $objectNew['editDate'], $objectNew['isFolder']);
# set reference object
$objectSelected = $objectNew;
} elseif ($action == "edit") {
# subject
$subject = "{$type} modification notification";
# unset unneeded variables
unset($objectNew['lastSeen'], $objectNew['editDate'], $objectNew['isFolder'], $objectNew['id']);
unset($objectOld['lastSeen'], $objectOld['editDate'], $objectOld['isFolder'], $objectNew['id'], $objectOld['permissions']);
# set reference object
$objectSelected = $objectOld;
} elseif ($action == "delete") {
# subject
$subject = "{$type} delete notification";
# unset unneeded variables
unset($objectNew);
# set reference object
$objectSelected = $objectOld;
}
# sec default tdstyle
$tdstyle = "padding:2px;padding-left:10px;margin:0px;border-top:1px solid #eeeeee;border-bottom:1px solid #eeeeee;padding-top:3px;padding-bottom:3px;";
$font = "Helvetica, Verdana, Arial, sans-serif";
# content
$content = "<tr><td colspan='4' style='padding-top:30px;'></td></tr>\n";
$content .= "<tr><td style='{$tdstyle}'><strong>Field</strong></td><td style='{$tdstyle}'><strong>Old</strong></td><td style='{$tdstyle}'></td><td style='{$tdstyle}'><strong>New</strong></td></tr>\n";
$change = 0;
foreach ($objectSelected as $k => $l) {
$objectNew[$k] = filter_user_input($objectNew[$k], false, true, false);
$objectOld[$k] = filter_user_input($objectOld[$k], false, true, false);
// only mail if change
if ($objectOld[$k] != $objectNew[$k]) {
if (strlen($objectNew[$k]) == 0) {
$objectNew[$k] = " /";
}
if (strlen($objectOld[$k]) == 0) {
$objectOld[$k] = " /";
}
$content .= "<tr>";
$content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$k}</font></td>";
$content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$objectOld[$k]}</font></td>";
$content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'> => </font></td>";
$content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$objectNew[$k]}</font></td>";
$content .= "</tr>\n";
$change++;
}
}
# set html content
$mail['content'] = $mail['header'];
$mail['content'] .= $content;
$mail['content'] .= $mail['footer4'];
# Alt content - no html
$mail['contentAltt'] = str_replace("<br>", "\r\n", $content);
$mail['contentAltt'] = str_replace("\t", " ", $mail['contentAltt']);
$mail['contentAltt'] = strip_tags($mail['contentAltt']);
$mail['contentAlt'] = $mail['headerAlt'];
$mail['contentAlt'] .= "{$subject}" . "\r\n------------------------------\r\n\r\n";
$mail['contentAlt'] .= "{$mail['contentAltt']}";
$mail['contentAlt'] .= $mail['footerAlt'];
# send only if change
if ($change > 0) {
# set mail parameters
try {
$pmail->SetFrom($mailsettings['mAdminMail'], $mailsettings['mAdminName']);
// add admins
$admins = getAllAdminUsers();
foreach ($admins as $admin) {
if ($admin['mailChangelog'] == "Yes") {
$pmail->AddAddress($admin['email']);
}
}
$pmail->ClearReplyTos();
// content
$pmail->Subject = $subject;
$pmail->AltBody = $mail['contentAlt'];
$pmail->MsgHTML($mail['content']);
# pošlji
$pmail->Send();
} catch (phpmailerException $e) {
updateLogTable("Sending change notification mail failed!", $e->errorMessage(), 2);
return false;
} catch (Exception $e) {
updateLogTable("Sending change notification mail failed!", $e->errorMessage(), 2);
return false;
}
}
return true;
}
function create(&$data)
{
// Add a Glossary definition.
// Sets visiblity to 0, and awaits moderator intervention.
// For this we need to start up an epobject of type 2 and then an editqueue item
// where editqueue.epobject_id_l = epobject.epobject_id
$EDITQUEUE = new GLOSSEDITQUEUE();
// Assuming that everything is ok, we will need:
// For epobject:
// title VARCHAR(255),
// body TEXT,
// type INTEGER,
// created DATETIME,
// modified DATETIME,
// and for editqueue:
// edit_id INTEGER PRIMARY KEY NOT NULL,
// user_id INTEGER,
// edit_type INTEGER,
// epobject_id_l INTEGER,
// title VARCHAR(255),
// body TEXT,
// submitted DATETIME,
// editor_id INTEGER,
// approved BOOLEAN,
// decided DATETIME
global $THEUSER;
if (!$THEUSER->is_able_to('addterm')) {
error("Sorry, you are not allowed to add Glossary terms.");
return false;
}
if ($data['title'] == '') {
error("Sorry, you can't define a term without a title");
return false;
}
if ($data['body'] == '') {
error("You haven't entered a definition!");
return false;
}
if (is_numeric($THEUSER->user_id())) {
// Flood check - make sure the user hasn't just posted a term recently.
// To help prevent accidental duplicates, among other nasty things.
$flood_time_limit = 20;
// How many seconds until a user can post again?
$q = $this->db->query("SELECT glossary_id\n\t\t\t\t\t\t\tFROM\teditqueue\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\tsubmitted + 0 > NOW() - {$flood_time_limit}");
if ($q->rows() > 0) {
error("Sorry, we limit people to posting one term per {$flood_time_limit} seconds to help prevent duplicate postings. Please go back and try again, thanks.");
return false;
}
}
// OK, let's get on with it...
// Tidy up the HTML tags
// (but we don't make URLs into links; only when displaying the comment).
// We can display Glossary terms the same as the comments
$data['title'] = filter_user_input($data['title'], 'comment_title');
// In utility.php
$data['body'] = filter_user_input($data['body'], 'comment');
// In utility.php
// Add the time and the edit type for the editqueue
$data['posted'] = date('Y-m-d H:i:s', time());
$data['edit_type'] = 2;
// Add the item to the edit queue
$success = $EDITQUEUE->add($data);
if ($success) {
return $success;
} else {
return false;
}
}
// is required.
$URL->insert(array('id' => get_http_var('gid'), 'c' => $success));
header("Location: http://" . DOMAIN . $URL->generate('none') . "#c" . $success);
exit;
} else {
// Else, $COMMENT will have printed an error message.
$PAGE->page_end();
}
} else {
// We're previewing a comment.
$PAGE->page_start();
$PAGE->stripe_start();
if (is_numeric(get_http_var('epobject_id'))) {
//remove any unwanted tags
$body = get_http_var('body');
$body = filter_user_input($body, 'comment');
// In init.php
// Preview the comment.
// Mock up a data array for the comment listing template.
$data['comments'][0] = array('body' => $body, 'firstname' => $THEUSER->firstname(), 'lastname' => $THEUSER->lastname(), 'user_id' => $THEUSER->user_id(), 'posted' => date('Y-m-d H:i:s', time()), 'modflagged' => NULL, 'visible' => 1, 'preview' => true);
$COMMENTLIST = new COMMENTLIST();
$COMMENTLIST->render($data, 'html');
// Show the populated comment form.
$commendata = array('epobject_id' => get_http_var('epobject_id'), 'gid' => get_http_var('gid'), 'body' => get_http_var('body'), 'return_page' => get_http_var('return_page'));
$PAGE->comment_form($commendata);
// Show all comments for this epobject.
$args = array('epobject_id' => get_http_var('epobject_id'));
$COMMENTLIST->display('ep', $args);
}
$PAGE->stripe_end();
$PAGE->page_end();
/**
* Get full field data, including comments
*/
function getFullFieldData($table, $field)
{
global $database;
/* escape vars to prevent SQL injection */
$table = filter_user_input($table, true, true);
$field = filter_user_input($field, true, true);
/* set query, open db connection and fetch results */
$query = "show full columns from `{$table}` where `Field` = '{$field}';";
/* execute */
try {
$details = $database->getArray($query);
} catch (Exception $e) {
$error = $e->getMessage();
//print ("<div class='alert alert-danger'>"._('Error').": $error</div>");
return false;
}
/* return results */
return $details[0];
}
<?php
/*
* Discover new hosts with ping
*******************************/
/* required functions */
require_once '../../../functions/functions.php';
/* verify that user is logged in */
isUserAuthenticated(true);
/* filter input */
$_POST = filter_user_input($_POST, true, true, false);
/* subnet Id must be a integer */
if (!is_numeric($_POST['subnetId']) || $_POST['subnetId'] == 0) {
die("<div class='alert alert-danger'>Invalid subnetId!</div>");
}
/* verify that user has write permissions for subnet */
$subnetPerm = checkSubnetPermission($_POST['subnetId']);
if ($subnetPerm < 2) {
die('<div class="alert alert-danger">' . _('You do not have permissions to modify hosts in this subnet') . '!</div>');
}
# verify post
CheckReferrer();
# ok, lets get results form post array!
foreach ($_POST as $key => $line) {
// IP address
if (substr($key, 0, 2) == "ip") {
$res[substr($key, 2)]['ip_addr'] = $line;
}
// description
if (substr($key, 0, 11) == "description") {
$res[substr($key, 11)]['description'] = $line;
<?php
if ($term) {
$this_page = 'glossary_item';
} else {
$this_page = "glossary";
}
include_once '../../includes/easyparliament/init.php';
include_once INCLUDESPATH . "easyparliament/glossary.php";
$args = array('sort' => "regexp_replace", 'glossary_id' => "");
if (get_http_var('gl')) {
// We've already got something, so display it.
$this_page = 'glossary';
if (is_numeric(get_http_var('gl'))) {
$args['glossary_id'] = filter_user_input(get_http_var('gl'), 'strict');
}
}
// Stop the title generator making nasty glossary titles.
//$DATA->set_page_metadata ('help_us_out', 'title', '');
$GLOSSARY = new GLOSSARY($args);
$term = $GLOSSARY->current_term;
// Check if we're on a letter index page
if (get_http_var('az') != '' && is_string(get_http_var('az'))) {
// we have a letter!
// make sure it's only one and uppercase
$az = strtoupper(substr(get_http_var('az'), 0, 1));
}
// Now check it's in the populated glossary alphabet
if (isset($az) && array_key_exists($az, $GLOSSARY->alphabet)) {
$GLOSSARY->current_letter = $az;
// Otherwise make it the first letter of the current term
public function testHTMLCleaningOfAngleBrackets()
{
$text = 'Is 2 < 3?';
$this->assertEquals('Is 2 < 3?', filter_user_input($text, 'comment'));
}
echo "\tif (el) el.innerHTML = txt;";
echo "}";
for ($i = 1; $i <= $maxid; $i++) {
$query_ref = "SELECT text FROM entries WHERE var_id=" . $i;
$query_ref .= " AND language_id=" . $_SESSION['ref'];
$result_ref = mysql_db_query($db, $query_ref, $dblink);
$row = mysql_fetch_row($result_ref);
$ref_text = restore_user_input($row[0], true, false);
echo "\treplaceRef('" . $i . "', '" . $ref_text . "');";
}
echo "</SCRIPT>";
mysql_close($dblink);
}
if (isset($_POST['language'])) {
$_SESSION['edit_orig'] = $_SESSION['edit'];
$_SESSION['edit'] = filter_user_input($_POST['language']);
}
if (!isset($_SESSION['edit'])) {
$dblink = @mysql_connect("dbnfs", "gast", "");
$query = "SELECT edit FROM users WHERE uname='" . $_SESSION['uname'] . "'";
$result = mysql_db_query("skm_localisation", $query, $dblink);
$data = mysql_fetch_row($result);
if ($data[0] == "all") {
$_SESSION['edit'] = "3";
} else {
$_SESSION['edit'] = $data[0];
}
mysql_close($dblink);
}
?>
