/**
* Used by semihtml_to_comcode to fix <a> tag links. preg_replace_callback callback
*
* @param array Array of matches
* @return string Substituted text
*/
function _a_tag_link_fixup($matches)
{
$referer = post_param('http_referer', ocp_srv('HTTP_REFERER'));
$caller_url = looks_like_url($referer) ? preg_replace('#/[^/]*$#', '', $referer) : get_base_url();
$ret = '<a ' . $matches[1] . 'href="' . qualify_url($matches[2], $caller_url) . '"' . $matches[3] . '>';
return $ret;
}
/**
* Standard modular run function for snippet hooks. Generates XHTML to insert into a page using AJAX.
*
* @return tempcode The snippet
*/
function run()
{
if (get_option('is_on_rating') == '0') {
return do_lang_tempcode('INTERNAL_ERROR');
}
// Has there actually been any rating?
if (strtoupper(ocp_srv('REQUEST_METHOD')) == 'POST' || ocp_srv('HTTP_REFERER') == '') {
$rating = either_param_integer('rating', NULL);
} else {
$rating = post_param_integer('rating');
// Will fail
}
$content_type = get_param('content_type');
$type = get_param('type', '');
$content_id = get_param('id');
$content_url = get_param('content_url', '', true);
$content_title = get_param('content_title', '', true);
require_code('feedback');
actualise_specific_rating($rating, get_page_name(), get_member(), $content_type, $type, $content_id, $content_url, $content_title);
actualise_give_rating_points();
$template = get_param('template', NULL);
if ($template !== '') {
if (is_null($template)) {
$template = 'RATING_BOX';
}
return display_rating($content_url, $content_title, $content_type, $content_id, $template);
}
return do_lang_tempcode('THANKYOU_FOR_RATING_SHORT');
}
/**
* Standard modular render function for profile tab hooks.
*
* @param MEMBER The ID of the member who is being viewed
* @param MEMBER The ID of the member who is doing the viewing
* @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
* @return array A triple: The tab title, the tab contents, the suggested tab order
*/
function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
{
$title = do_lang_tempcode('EDIT_EM');
require_lang('ocf');
require_css('ocf');
$order = 200;
if ($leave_to_ajax_if_possible && strtoupper(ocp_srv('REQUEST_METHOD')) != 'POST') {
return array($title, NULL, $order);
}
$tabs = array();
$hooks = find_all_hooks('systems', 'profiles_tabs_edit');
if (isset($hooks['settings'])) {
$hooks = array('settings' => $hooks['settings']) + $hooks;
}
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/profiles_tabs_edit/' . $hook);
$ob = object_factory('Hook_Profiles_Tabs_Edit_' . $hook);
if ($ob->is_active($member_id_of, $member_id_viewing)) {
$tabs[] = $ob->render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible);
}
}
if ($leave_to_ajax_if_possible) {
return array($title, NULL, $order);
}
global $M_SORT_KEY;
$M_SORT_KEY = 4;
usort($tabs, 'multi_sort');
$javascript = '';
$hidden = new ocp_tempcode();
// Session ID check, if saving
if (count($_POST) != 0 && count($tabs) != 0) {
global $SESSION_CONFIRMED;
if ($SESSION_CONFIRMED == 0) {
access_denied('SESSION', '', true);
}
}
$_tabs = array();
$first = true;
foreach ($tabs as $i => $tab) {
if (is_null($tab)) {
continue;
}
$javascript .= $tab[3];
if (isset($tab[5])) {
$hidden->attach($tab[5]);
}
$_tabs[] = array('TAB_TITLE' => $tab[0], 'TAB_FIELDS' => $tab[1], 'TAB_TEXT' => $tab[2], 'TAB_FIRST' => $first, 'TAB_LAST' => !array_key_exists($i + 1, $tabs));
$first = false;
}
$url = build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, false);
$content = do_template('OCF_MEMBER_PROFILE_EDIT', array('JAVASCRIPT' => $javascript, 'HIDDEN' => $hidden, 'URL' => $url, 'SUBMIT_NAME' => do_lang_tempcode('SAVE'), 'AUTOCOMPLETE' => false, 'SKIP_VALIDATION' => true, 'TABS' => $_tabs));
return array($title, $content, $order);
}
/**
* Put the contents of a page inside an iframe. This is typically used when a page is being used to traverse a result-set that spans multiple screens.
*
* @param tempcode The title
* @param ?integer The time between refreshes (NULL: do not refresh)
* @param ?mixed Data. A refresh will only happen if an AJAX-check indicates this data has changed (NULL: no check)
* @return ?tempcode The page output to finish off our current page stream such that it will spawn the iframe (NULL: not internalised)
*/
function internalise_own_screen($title, $refresh_time = NULL, $refresh_if_changed = NULL)
{
if (get_value('no_frames') === '1' || get_param_integer('no_frames', 0) == 1 || get_param_integer('keep_no_frames', 0) == 1) {
return NULL;
}
if (!has_js()) {
return NULL;
}
// We need JS to make this a seamless process
if (strpos(ocp_srv('REQUEST_URI'), '/iframe.php') !== false) {
return NULL;
}
// This is already in the iframe
require_javascript('javascript_ajax');
require_javascript('javascript_iframe_screen');
$url = find_script('iframe') . '?zone=' . rawurlencode(get_zone_name()) . '&wide_high=1&utheme=' . rawurlencode($GLOBALS['FORUM_DRIVER']->get_theme());
foreach (array_merge($_GET, $_POST) as $key => $param) {
if (!is_string($param)) {
continue;
}
if (substr($key, 0, 5) == 'keep_' && skippable_keep($key, $param)) {
continue;
}
if (get_magic_quotes_gpc()) {
$param = stripslashes($param);
}
$url .= '&' . $key . '=' . urlencode($param);
}
if (!is_null($refresh_if_changed)) {
require_javascript('javascript_sound');
$change_detection_url = find_script('change_detection') . '?whatever=1';
foreach ($_GET as $key => $param) {
if (!is_string($param)) {
continue;
}
if (substr($key, 0, 5) == 'keep_' && skippable_keep($key, $param)) {
continue;
}
if (get_magic_quotes_gpc()) {
$param = stripslashes($param);
}
$change_detection_url .= '&' . $key . '=' . urlencode($param);
}
} else {
$refresh_if_changed = '';
$change_detection_url = '';
}
return do_template('IFRAME_SCREEN', array('_GUID' => '06554eb227428fd5c648dee3c5b38185', 'TITLE' => $title, 'REFRESH_IF_CHANGED' => md5(serialize($refresh_if_changed)), 'CHANGE_DETECTION_URL' => $change_detection_url, 'REFRESH_TIME' => is_null($refresh_time) ? '' : strval($refresh_time), 'IFRAME_URL' => $url));
}
/**
* Standard modular install function.
*
* @param ?integer What version we're upgrading from (NULL: new install)
* @param ?integer What hack version we're upgrading from (NULL: new-install/not-upgrading-from-a-hacked-version)
*/
function install($upgrade_from = NULL, $upgrade_from_hack = NULL)
{
if ($upgrade_from < 3 || is_null($upgrade_from)) {
add_config_option('LDAP_IS_ENABLED', 'ldap_is_enabled', 'tick', 'return \'' . (in_array(ocp_srv('HTTP_HOST'), array('localhost', 'test.ocportal.com')) ? '0' : '0') . '\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('LDAP_IS_WINDOWS', 'ldap_is_windows', 'tick', 'return (DIRECTORY_SEPARATOR==\'/\')?\'0\':\'1\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('LDAP_ALLOW_JOINING', 'ldap_allow_joining', 'tick', 'return \'0\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('LDAP_HOSTNAME', 'ldap_hostname', 'line', 'return \'localhost\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('LDAP_BASE_DN', 'ldap_base_dn', 'line', 'return \'' . 'dc=' . str_replace('.', ',dc=', ocp_srv('HTTP_HOST')) . '\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('USERNAME', 'ldap_bind_rdn', 'line', 'return (DIRECTORY_SEPARATOR==\'/\')?\'NotManager\':\'NotAdministrator\';', 'SECTION_FORUMS', 'LDAP', 1);
add_config_option('PASSWORD', 'ldap_bind_password', 'line', 'return \'\';', 'SECTION_FORUMS', 'LDAP', 1);
}
if ($upgrade_from < 4 || is_null($upgrade_from)) {
add_config_option('WINDOWS_AUTHENTICATION', 'windows_auth_is_enabled', 'tick', 'return \'0\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_LOGIN_QUALIFIER', 'ldap_login_qualifier', 'line', 'return is_null($old=get_value(\'ldap_login_qualifier\'))?\'\':$old;', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_GROUP_SEARCH_QUALIFIER', 'ldap_group_search_qualifier', 'line', 'return \'\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_MEMBER_SEARCH_QUALIFIER', 'ldap_member_search_qualifier', 'line', 'return \'\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_MEMBER_PROPERTY', 'ldap_member_property', 'line', 'return (get_option(\'ldap_is_windows\')==\'1\')?\'sAMAccountName\':\'cn\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_NONE_BIND_LOGINS', 'ldap_none_bind_logins', 'tick', 'return \'0\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_VERSION', 'ldap_version', 'integer', 'return \'3\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_GROUP_CLASS', 'ldap_group_class', 'line', 'return (get_option(\'ldap_is_windows\')==\'1\')?\'group\':\'posixGroup\';', 'SECTION_FORUMS', 'LDAP');
add_config_option('LDAP_MEMBER_CLASS', 'ldap_member_class', 'line', 'return (get_option(\'ldap_is_windows\')==\'1\')?\'user\':\'posixAccount\';', 'SECTION_FORUMS', 'LDAP');
}
}
/**
* Standard modular render function for profile tabs edit hooks.
*
* @param MEMBER The ID of the member who is being viewed
* @param MEMBER The ID of the member who is doing the viewing
* @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
* @return ?array A tuple: The tab title, the tab body text (may be blank), the tab fields, extra Javascript (may be blank) the suggested tab order, hidden fields (optional) (NULL: if $leave_to_ajax_if_possible was set)
*/
function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
{
require_lang('notifications');
$title = do_lang_tempcode('NOTIFICATIONS');
$order = 100;
if (strtoupper(ocp_srv('REQUEST_METHOD')) == 'POST') {
$auto_monitor_contrib_content = post_param_integer('auto_monitor_contrib_content', 0);
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_auto_monitor_contrib_content' => $auto_monitor_contrib_content), array('id' => $member_id_of), '', 1);
// Decache from run-time cache
unset($GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED[$member_id_of]);
unset($GLOBALS['MEMBER_CACHE_FIELD_MAPPINGS'][$member_id_of]);
}
if ($leave_to_ajax_if_possible && strtoupper(ocp_srv('REQUEST_METHOD')) != 'POST') {
return NULL;
}
require_code('notifications2');
$text = notifications_ui($member_id_of);
if ($text->is_empty()) {
return NULL;
}
$javascript = '';
return array($title, new ocp_tempcode(), $text, $javascript, $order);
}
/**
* Exit with a nicely formatted critical error.
*
* @param string The error message code
* @param ?string Relayed additional details (NULL: nothing relayed)
* @param boolean Whether to actually exit
*/
function critical_error($code, $relay = NULL, $exit = true)
{
error_reporting(0);
if (!headers_sent()) {
if (function_exists('browser_matches') && (is_null($relay) || strpos($relay, 'Allowed memory') === false)) {
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 500 Internal server error');
}
}
}
$error = 'Unknown critical error type: this should not happen, so please report this to ocProducts.';
switch ($code) {
case 'MISSING_SOURCE':
$error = 'A source-code (' . $relay . ') file is missing.';
break;
case 'PASSON':
$error = $relay;
break;
case 'MEMBER_BANNED':
$error = 'The member you are masquerading as has been banned. We cannot finish initialising the virtualised environment for this reason.';
break;
case 'BANNED':
$error = 'The IP address you are accessing this website from (' . get_ip_address() . ') has been banished from this website. If you believe this is a mistake, contact the staff to have it resolved (typically, postmaster@' . get_domain() . ' will be able to reach them).</div>' . chr(10) . '<div>If you are yourself staff, you should be able to unban yourself by editing the <kbd>usersubmitban_ip</kbd> table in a database administation tool, by removing rows that qualify against yourself. This error is raised to a critical error to reduce the chance of this IP address being able to further consume server resources.';
break;
/* case 'PHP':
$error='<p>This is a PHP error.</div>'.chr(10).'<div style="padding-left: 50px">'.$relay;
break;
*/
/* case 'PHP':
$error='<p>This is a PHP error.</div>'.chr(10).'<div style="padding-left: 50px">'.$relay;
break;
*/
case 'TEST':
$error = 'This is a test error.';
break;
case 'BUSY':
$error = 'This is a less-critical error that has been elevated for quick dismissal due to high server load.</div>' . chr(10) . '<div style="padding-left: 50px">' . $relay;
break;
case 'EMERGENCY':
$error = 'This is an error that has been elevated to critical error status because it occurred during the primary error mechanism reporting system itself (possibly due to it occuring within the standard output framework). It may be masking a secondary error that occurred before this, but was never output - if so, it is likely strongly related to this one, thus fixing this will fix the other.</div>' . chr(10) . '<div style="padding-left: 50px">' . $relay;
break;
case 'RELAY':
$error = 'This is a relayed critical error, which means that this less-critical error has occurred during startup, and thus halted startup.</div>' . chr(10) . '<div style="padding-left: 50px">' . $relay;
break;
case 'FILE_DOS':
$error = 'This website was prompted to download a file (' . htmlentities($relay) . ') which seemingly has a never-ending chain of redirections. Because this could be a denial of service attack, execution has been terminated.';
break;
case 'DATABASE_FAIL':
$error = 'The website\'s first database query (checking the page request is not from a banned IP address) has failed. This almost always means that the database is not set up correctly, which in turns means that either backend database configuration has changed (perhaps the database has been emptied), or the configuration file (info.php) has been incorrectly altered (perhaps to point to an empty database), or you have moved servers and not updated your info.php settings properly or placed your database. It could also mean that the <kbd>' . get_table_prefix() . 'usersubmitban_ip</kbd> table or <kbd>' . get_table_prefix() . 'config</kbd> table alone is missing or corrupt, but this is unlikely. As this is an error due to the website\'s environment being externally altered by unknown means, the website cannot continue to function or solve the problem itself.';
break;
case 'INFO.PHP':
$install_url = 'install.php';
if (!file_exists($install_url)) {
$install_url = '../install.php';
}
if (file_exists($install_url)) {
$likely = 'ocPortal files have been placed, yet installation not completed. To install ocPortal, <a href="' . $install_url . '">run the installer</a>.';
} else {
$likely = 'ocPortal files have been placed by direct copying from a non-standard source that included neither a configuration file nor installation script, or info.php has become corrupt after installation. The installer (install.php) is not present: it is advised that you replace info.php from backup, or if you have not yet installed, use an official ocProducts installation package.';
}
$error = 'The top-level configuration file (info.php) is either not-present or empty. This file is created upon installation, and the likely cause of this error is that ' . $likely;
break;
case 'INFO.PHP_CORRUPTED':
$error = 'The top-level configuration file (info.php) appears to be corrupt. Perhaps it was incorrectly uploaded, or a typo was made. It must be valid PHP code.';
break;
case 'CRIT_LANG':
$error = 'The most basic critical error language file (lang/' . fallback_lang() . '/critical_error.ini) is missing. It is likely that other files are also, for whatever reason, missing from this ocPortal installation.';
break;
}
$edit_url = 'config_editor.php';
if (!file_exists($edit_url)) {
$edit_url = '../' . $edit_url;
}
if (isset($GLOBALS['SITE_INFO']['base_url'])) {
$edit_url = $GLOBALS['SITE_INFO']['base_url'] . '/config_editor.php';
}
$extra = '';
if (function_exists('debug_backtrace') && strpos($error, 'Allowed memory') === false && (is_null($relay) || strpos($relay, 'Stack trace') === false) && function_exists('ocp_srv') && (ocp_srv('REMOTE_ADDR') == ocp_srv('SERVER_ADDR') && ocp_srv('HTTP_X_FORWARDED_FOR') == '' || preg_match('#^localhost(\\.|\\:|$)#', ocp_srv('HTTP_HOST')) != 0 && function_exists('get_base_url') && substr(get_base_url(), 0, 16) == 'http://localhost')) {
$_trace = debug_backtrace();
$extra = '<div class="medborder medborder_box"><h2>Stack trace…</h2>';
foreach ($_trace as $stage) {
$traces = '';
foreach ($stage as $key => $value) {
if (is_object($value) && is_a($value, 'ocp_tempcode') || is_array($value) && strlen(serialize($value)) > 500) {
$_value = gettype($value);
} else {
if (strpos($error, 'Allowed memory') !== false) {
$_value = gettype($value);
switch ($_value) {
case 'integer':
$_value = strval($value);
break;
case 'string':
$_value = $value;
break;
}
} else {
@ob_start();
if (function_exists('var_export')) {
/*var_dump*/
var_export($value);
}
$_value = ob_get_contents();
ob_end_clean();
}
}
global $SITE_INFO;
if (isset($SITE_INFO['db_site_password']) && strlen($SITE_INFO['db_site_password']) > 4) {
$_value = str_replace($SITE_INFO['db_site_password'], '(password removed)', $_value);
}
if (isset($SITE_INFO['db_forums_password']) && strlen($SITE_INFO['db_forums_password']) > 4) {
$_value = str_replace($SITE_INFO['db_forums_password'], '(password removed)', $_value);
}
$traces .= ucfirst($key) . ' -> ' . htmlentities($_value) . '<br />' . chr(10);
}
$extra .= '<p>' . $traces . '</p>' . chr(10);
}
$extra .= '</div>';
}
$headers_sent = headers_sent();
if (!$headers_sent) {
@header('Content-type: text/html');
echo <<<END
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
\t<title>Critical error</title>
\t<style type="text/css"><![CDATA[
END;
if (strpos($error, 'Allowed memory') === false) {
$file_contents = file_get_contents($GLOBALS['FILE_BASE'] . '/themes/default/css/global.css');
} else {
$file_contents = '';
// Can't load files if dying due to memory limit
}
$css = preg_replace('#/\\*\\s*\\*/\\s*#', '', str_replace('url(\'\')', 'none', str_replace('url("")', 'none', preg_replace('#\\{\\$[^\\}]*\\}#', '', $file_contents))));
echo htmlentities($css);
echo <<<END
\t\t.main_page_title { text-decoration: underline; display: block; min-height: 42px; padding: 3px 0 0 0; }
\t\ta[target="_blank"], a[onclick\$="window.open"] { padding-right: 0; }
\t]]></style>
</head>
<body><div class="global_middle">
END;
}
echo '<h1 class="main_page_title">Critical error – bailing out</h1>' . chr(10) . '<div class="red_alert">' . $error . '</div>' . chr(10);
flush();
if (strpos($_SERVER['PHP_SELF'], 'upgrader.php') !== false && strpos($error, 'Allowed memory') === false) {
require_code('upgrade');
echo '<div class="medborder medborder_box"><h2>Integrity check</h2><p><strong>If you think this problem could be due to corruption caused by a failed upgrade (e.g. time-out during extraction), check the following integrity check…</strong></p>', run_integrity_check(true), '</div><br />';
}
flush();
echo $extra, chr(10);
echo '<p>Details here are intended only for the website/system-administrator, not for regular website users.<br />» <strong>If you are a regular website user, please let the website staff deal with this problem.</strong></p>' . chr(10) . '<p class="associated_details">Depending on the error, and only if the website installation finished, you may need to <a href="#" onclick="if (!window.confirm(\'Are you staff on this site?\')) return false; this.href=\'' . htmlentities($edit_url) . '\';">edit the installation options</a> (the <kbd>info.php</kbd> file).</p>' . chr(10) . '<p class="associated_details">ocProducts maintains full documentation for all procedures and tools. These may be found on the <a href="http://ocportal.com">ocPortal website</a>. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.</p>' . chr(10) . '<hr />' . chr(10) . '<p style="font-size: 0.8em"><a href="http://ocportal.com/">ocPortal</a> is a <abbr title="Content Management System">CMS</abbr> for building websites, developed by ocProducts.</p>' . chr(10);
echo '</div></body>' . chr(10) . '</html>';
$GLOBALS['SCREEN_TEMPLATE_CALLED'] = '';
if ($exit) {
exit;
}
}
/**
* Try and get a good .htaccess file built.
* @param resource FTP connection to server
*/
function test_htaccess($conn)
{
$clauses = array();
$clauses[] = <<<END
# Disable inaccurate security scanning (ocPortal has it's own)
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
END;
$php_value_ok = substr(ocp_srv('SERVER_SOFTWARE'), 0, 10) != 'LightSpeed';
if ($php_value_ok) {
$clauses[] = <<<END
# ocPortal needs uploads; many hosts leave these low
php_value post_max_size "16M"
php_value upload_max_filesize "16M"
END;
}
if ($php_value_ok) {
$clauses[] = <<<END
# Turn insecure things off
php_flag allow_url_fopen off
END;
}
if ($php_value_ok) {
$clauses[] = <<<END
php_flag register_globals off
END;
}
if ($php_value_ok) {
$clauses[] = <<<END
php_value max_input_vars "2000"
php_value mbstring.func_overload "0"
# Suhosin can cause problems on configuration and Catalogue forms, which use a lot of fields
php_value suhosin.post.max_vars "2000"
php_value suhosin.request.max_vars "2000"
php_value suhosin.cookie.max_vars "400"
php_value suhosin.cookie.max_name_length "150"
php_value suhosin.post.max_value_length "100000000"
php_value suhosin.request.max_value_length "100000000"
php_value suhosin.post.max_totalname_length "10000"
php_value suhosin.request.max_totalname_length "10000"
php_flag suhosin.cookie.encrypt off
php_flag suhosin.sql.union off
END;
}
if ($php_value_ok) {
$clauses[] = <<<END
# Put some limits up. ocPortal is stable enough not to cause problems- it'll only use higher limits when it really needs them
php_value memory_limit "128M"
END;
}
if ($php_value_ok) {
$clauses[] = <<<END
php_value max_input_time "60"
END;
}
/*// NB: This'll only work in PHP6+ Bad idea, will miss temp directory
$file_base=$GLOBALS['FILE_BASE'];
$clauses[]=<<<END
# Sandbox ocPortal to it's own directory
php_value open_basedir "{$file_base}"
END;
*/
$clauses[] = <<<END
Options +FollowSymLinks
END;
$clauses[] = <<<END
RewriteEngine on
# Redirect away from modules called directly by URL. Helpful as it allows you to "run" a module file in a debugger and still see it running.
RewriteRule ^([^=]*)webdav.php/([^=]*)pages/(modules|modules\\_custom)/([^/]*)\\.php\$ - [L]
RewriteRule ^([^=]*)pages/(modules|modules\\_custom)/([^/]*)\\.php\$ \$1index.php\\?page=\$3 [L,QSA,R]
# These have a specially reduced form (no need to make it too explicit that these are CEDI)
# We shouldn't shorten them too much, or the actual zone or base url might conflict
RewriteRule ^([^=]*)pg/s/([^\\&\\?]*)/index\\.php\$ \$1index.php\\?page=cedi&id=\$2 [L,QSA]
# These have a specially reduce form (wide is implied)
RewriteRule ^([^=]*)pg/galleries/image/([^\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=galleries&type=image&id=\$2&wide=1\$3 [L,QSA]
RewriteRule ^([^=]*)pg/galleries/video/([^\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=galleries&type=video&id=\$2&wide=1\$3 [L,QSA]
RewriteRule ^([^=]*)pg/iotds/view/([^\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=iotds&type=view&id=\$2&wide=1\$3 [L,QSA]
# These are standard patterns
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/([^/\\&\\?]*)/([^\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=\$2&type=\$3&id=\$4\$5 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/([^/\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=\$2&type=\$3\$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/index\\.php(.*)\$ \$1index.php\\?page=\$2\$3 [L,QSA]
# This one is weird... apache strips out // and turns to /, thus requiring an extra pattern...
RewriteRule ^([^=]*)pg/index\\.php(.*)\$ \$1index.php\\?page=\$3 [L,QSA]
# Now the same, but without any additional parameters (and thus no index.php)
RewriteRule ^([^=]*)pg/s/([^\\&\\?]*)\$ \$1index.php\\?page=cedi&id=\$2 [L,QSA]
RewriteRule ^([^=]*)pg/galleries/image/([^\\&\\?]*)\$ \$1index.php\\?page=galleries&type=image&id=\$2&wide=1\$3 [L,QSA]
RewriteRule ^([^=]*)pg/galleries/video/([^\\&\\?]*)\$ \$1index.php\\?page=galleries&type=video&id=\$2&wide=1\$3 [L,QSA]
RewriteRule ^([^=]*)pg/iotds/view/([^\\&\\?]*)\$ \$1index.php\\?page=iotds&type=view&id=\$2&wide=1 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/([^/\\&\\?]*)/([^\\&\\?]*)/\$ \$1index.php\\?page=\$2&type=\$3&id=\$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/([^/\\&\\?]*)/([^\\&\\?]*)\$ \$1index.php\\?page=\$2&type=\$3&id=\$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)/([^/\\&\\?]*)\$ \$1index.php\\?page=\$2&type=\$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?]*)\$ \$1index.php\\?page=\$2 [L,QSA]
# And these for those nasty situations where index.php was missing and we couldn't do anything about it (usually due to keep_session creeping into a semi-cached URL)
RewriteRule ^([^=]*)pg/s/([^\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$3&page=cedi&id=\$2 [L,QSA]
RewriteRule ^([^=]*)pg/galleries/image/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$5&page=galleries&type=image&id=\$2&wide=1&\$3 [L,QSA]
RewriteRule ^([^=]*)pg/galleries/video/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$5&page=galleries&type=video&id=\$2&wide=1&\$3 [L,QSA]
RewriteRule ^([^=]*)pg/iotds/view/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$3&page=iotds&type=view&id=\$2&wide=1 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?\\.]*)/([^/\\&\\?\\.]*)/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$5&page=\$2&type=\$3&id=\$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?\\.]*)/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$4&page=\$2&type=\$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\\&\\?\\.]*)&(.*)\$ \$1index.php\\?\$3&page=\$2 [L,QSA]
# These have a specially reduced form (no need to make it too explicit that these are CEDI)
# We shouldn't shorten them too much, or the actual zone or base url might conflict
RewriteRule ^(site|forum|adminzone|cms|collaboration)/s/([^\\&\\?]*)\\.htm\$ \$1/index.php\\?page=cedi&id=\$2 [L,QSA]
RewriteRule ^s/([^\\&\\?]*)\\.htm\$ index\\.php\\?page=cedi&id=\$1 [L,QSA]
# These have a specially reduce form (wide is implied)
RewriteRule ^(site|forum|adminzone|cms|collaboration)/galleries/image/([^\\&\\?]*)\\.htm\$ \$1/index.php\\?page=galleries&type=image&id=\$2&wide=1 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/galleries/video/([^\\&\\?]*)\\.htm\$ \$1/index.php\\?page=galleries&type=video&id=\$2&wide=1 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/iotds/view/([^\\&\\?]*)\\.htm\$ \$1/index.php\\?page=iotds&type=view&id=\$2&wide=1 [L,QSA]
# These are standard patterns
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\\&\\?]+)/([^/\\&\\?]*)/([^\\&\\?]*)\\.htm\$ \$1/index.php\\?page=\$2&type=\$3&id=\$4 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\\&\\?]+)/([^/\\&\\?]*)\\.htm\$ \$1/index.php\\?page=\$2&type=\$3 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration)/([^/\\&\\?]+)\\.htm\$ \$1/index.php\\?page=\$2 [L,QSA]
RewriteRule ^([^/\\&\\?]+)/([^/\\&\\?]*)/([^\\&\\?]*)\\.htm\$ index.php\\?page=\$1&type=\$2&id=\$3 [L,QSA]
RewriteRule ^([^/\\&\\?]+)/([^/\\&\\?]*)\\.htm\$ index.php\\?page=\$1&type=\$2 [L,QSA]
RewriteRule ^([^/\\&\\?]+)\\.htm\$ index.php\\?page=\$1 [L,QSA]
END;
$clauses[] = <<<END
order allow,deny
# IP bans go here (leave this comment here! If this file is writeable, ocPortal will write in IP bans below, in sync with it's own DB-based banning - this makes DOS/hack attack prevention stronger)
# deny from xxx.xx.x.x (leave this comment here!)
allow from all
END;
$base = dirname(ocp_srv('PHP_SELF'));
$clauses[] = <<<END
<FilesMatch !"\\.(jpg|jpeg|gif|png|ico)\$">
ErrorDocument 404 {$base}/index.php?page=404
</FilesMatch>
END;
if (is_writable_wrap(get_file_base() . '/exports/mods') && (!file_exists(get_file_base() . '/.htaccess') || trim(file_get_contents(get_file_base() . '/.htaccess')) == '')) {
global $HTTP_MESSAGE;
$domain = ocp_srv('HTTP_HOST');
if (substr($domain, 0, 4) == 'www.') {
$domain = substr($domain, 4);
}
$colon_pos = strpos($domain, ':');
if ($colon_pos !== false) {
$domain = substr($domain, 0, $colon_pos);
}
$pos = strpos(ocp_srv('PHP_SELF'), 'install.php');
if ($pos === false) {
$pos = strlen(ocp_srv('PHP_SELF'));
} else {
$pos--;
}
$port = ocp_srv('SERVER_PORT');
if ($port == '' || $port == '80' || $port == '443') {
$port = '';
} else {
$port = ':' . $port;
}
$base_url = post_param('base_url', 'http://' . $domain . $port . substr(ocp_srv('PHP_SELF'), 0, $pos));
if (substr($base_url, -1) == '/') {
$base_url = substr($base_url, 0, strlen($base_url) - 1);
}
foreach ($clauses as $i => $clause) {
$myfile = fopen(get_file_base() . '/exports/mods/index.php', 'wt');
fwrite($myfile, "<" . "?php\n\t\t\t@header('Expires: Mon, 20 Dec 1998 01:00:00 GMT');\n\t\t\t@header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');\n\t\t\t@header('Pragma: no-cache'); // for proxies, and also IE\n\t\t\t");
fclose($myfile);
$myfile = fopen(get_file_base() . '/exports/mods/.htaccess', 'wt');
fwrite($myfile, $clause);
fclose($myfile);
$HTTP_MESSAGE = '';
http_download_file($base_url . '/exports/mods/index.php', NULL, false);
if ($HTTP_MESSAGE != '200') {
$clauses[$i] = NULL;
}
unlink(get_file_base() . '/exports/mods/.htaccess');
}
$out = '';
foreach ($clauses as $i => $clause) {
if (!is_null($clause)) {
$out .= $clause . chr(10) . chr(10);
}
}
if (is_suexec_like()) {
@unlink(get_file_base() . '/.htaccess');
$tmp = fopen(get_file_base() . '/.htaccess', 'wb');
fwrite($tmp, $out);
fclose($tmp);
} else {
@ftp_delete($conn, '.htaccess');
$tmp = fopen(get_file_base() . '/ocp_inst_tmp/tmp', 'wb');
fwrite($tmp, $out);
fclose($tmp);
@ftp_put($conn, '.htaccess', get_file_base() . '/ocp_inst_tmp/tmp', FTP_TEXT);
@ftp_site($conn, 'CHMOD 644 .htaccess');
}
}
}
/**
* Show the image of an attachment/thumbnail.
*/
function attachments_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
$id = get_param_integer('id', 0);
$connection = $GLOBALS[get_param_integer('forum_db', 0) == 1 ? 'FORUM_DB' : 'SITE_DB'];
$has_no_restricts = !is_null($connection->query_value_null_ok('attachment_refs', 'id', array('r_referer_type' => 'null', 'a_id' => $id)));
if (!$has_no_restricts) {
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
}
require_lang('comcode');
// Lookup
$rows = $connection->query_select('attachments', array('*'), array('id' => $id), 'ORDER BY a_add_time DESC');
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $myrow['a_add_time']));
if ($myrow['a_url'] == '') {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
if (!$has_no_restricts) {
// Permission
if (substr($myrow['a_url'], 0, 20) == 'uploads/attachments/') {
if (!has_attachment_access(get_member(), $id, $connection)) {
access_denied('ATTACHMENT_ACCESS');
}
}
}
$thumb = get_param_integer('thumb', 0);
if ($thumb == 1) {
$full = $myrow['a_thumb_url'];
require_code('images');
$myrow['a_thumb_url'] = ensure_thumbnail($myrow['a_url'], $myrow['a_thumb_url'], 'attachments', 'attachments', intval($myrow['id']), 'a_thumb_url');
} else {
$full = $myrow['a_url'];
if (get_param_integer('no_count', 0) == 0) {
// Update download count
if (ocp_srv('HTTP_RANGE') == '') {
$connection->query_update('attachments', array('a_num_downloads' => $myrow['a_num_downloads'] + 1, 'a_last_downloaded_time' => time()), array('id' => $id), '', 1, NULL, false, true);
}
}
}
// Is it non-local? If so, redirect
if (!url_is_local($full)) {
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
return;
}
// $breakdown=pathinfo($full);
// $filename=$breakdown['basename'];
$_full = get_custom_file_base() . '/' . rawurldecode($full);
if (!file_exists($_full)) {
warn_exit(do_lang_tempcode('_MISSING_RESOURCE', 'url:' . escape_html($full)));
}
// File is missing, we can't do anything
$size = filesize($_full);
$original_filename = $myrow['a_original_filename'];
$extension = get_file_extension($original_filename);
require_code('files2');
check_shared_bandwidth_usage($size);
require_code('mime_types');
$mime_type = get_mime_type($extension);
/*$myfile2=fopen('test','wb');
fwrite($myfile2,var_export($_SERVER,true));
fwrite($myfile2,var_export($_ENV,true));
fclose($myfile2);*/
// Send header
if (strpos($original_filename, chr(10)) !== false || strpos($original_filename, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: ' . $mime_type . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . $original_filename . '"');
} else {
header('Content-Disposition: inline; filename="' . $original_filename . '"');
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $myrow['a_add_time']) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
if ($from == 0) {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'values SET the_value=(the_value+' . strval((int) $size) . ') WHERE the_name=\'download_bandwidth\'', 1);
}
@ini_set('ocproducts.xss_detect', '0');
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
}
/**
* The actualiser to create a .po TAR.
*
* @return tempcode The UI
*/
function export_po()
{
$lang = filter_naughty(get_param('id'));
// Send header
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="ocportal-' . $lang . '.tar"');
} else {
header('Content-Disposition: attachment; filename="ocportal-' . $lang . '.tar"');
}
require_code('tar');
require_code('lang_compile');
require_code('character_sets');
$tempfile = ocp_tempnam('po');
$tar = tar_open($tempfile, 'wb');
$dh = @opendir(get_custom_file_base() . '/lang_custom/' . $lang);
if ($dh !== false) {
$charset = do_lang('charset', NULL, NULL, NULL, $lang);
$english_charset = do_lang('charset', NULL, NULL, NULL, fallback_lang());
while (($f = readdir($dh)) !== false) {
if (substr($f, -4) == '.ini') {
$path = get_custom_file_base() . '/lang_custom/' . $lang . '/' . $f;
$entries = array();
_get_lang_file_map($path, $entries, false, false);
$mtime = filemtime($path);
$data = '
msgid ""
msgstr ""
"Project-Id-Version: ocportal\\n"
"PO-Revision-Date: ' . gmdate('Y-m-d H:i', $mtime) . '+0000\\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\\n"
"Language-Team: FULL NAME <EMAIL@ADDRESS>\\n"
"MIME-Version: 1.0\\n"
"Content-Type: text/plain; charset=UTF-8\\n"
"Content-Transfer-Encoding: 8bit\\n"
"X-ocPortal-Export-Date: ' . gmdate('Y-m-d H:i', $mtime) . '+0000\\n"
"X-Generator: ocPortal (' . ocp_version_full() . ')\\n"
';
$entries2 = array();
$en_seen_before = array();
foreach ($entries as $key => $val) {
$english = do_lang($key, NULL, NULL, NULL, fallback_lang(), false);
if (is_null($english)) {
continue;
}
if ($english == '') {
continue;
}
$val = convert_to_internal_encoding($val, $charset, 'utf-8');
$val = str_replace(chr(10), '\\n', $val);
$english = convert_to_internal_encoding($english, $english_charset, 'utf-8');
$english = str_replace(chr(10), '\\n', $english);
$seen_before = false;
if (isset($en_seen_before[$val])) {
$seen_before = true;
foreach ($entries2 as $_key => $_val) {
if ($entries2[$_key][2] == $val) {
$entries2[$_key][1] = true;
}
}
}
$entries2[$key] = array($val, $seen_before, $english);
$en_seen_before[$val] = 1;
}
require_code('support2');
foreach ($entries2 as $key => $_val) {
list($val, $seen_before, $english) = $_val;
$data .= '#: [strings]' . $key . chr(10);
if ($seen_before) {
$data .= 'msgctxt "[strings]' . $key . '"' . chr(10);
}
$wrapped = preg_replace('#"\\n"$#', '', ocp_mb_chunk_split(str_replace('"', '\\"', $english), 76, '"' . chr(10) . '"'));
if (strpos($wrapped, chr(10)) !== false) {
$data .= 'msgid ""' . chr(10) . '"' . $wrapped . '"' . chr(10);
} else {
$data .= 'msgid "' . $wrapped . '"' . chr(10);
}
$wrapped = preg_replace('#"\\n"$#', '', ocp_mb_chunk_split(str_replace('"', '\\"', $val), 76, '"' . chr(10) . '"'));
if (strpos($wrapped, chr(10)) !== false) {
$data .= 'msgstr ""' . chr(10) . '"' . $wrapped . '"' . chr(10);
} else {
$data .= 'msgstr "' . $wrapped . '"' . chr(10);
}
$data .= chr(10);
}
tar_add_file($tar, basename($f, '.ini') . '/' . basename($f, '.ini') . '-' . strtolower($lang) . '.po', $data, 0666, $mtime);
}
}
}
tar_close($tar);
readfile($tempfile);
@unlink($tempfile);
$GLOBALS['SCREEN_TEMPLATE_CALLED'] = '';
exit;
return new ocp_tempcode();
// For code quality checker
}
/**
* Send out a notification to members enabled.
*/
function dispatch()
{
if (running_script('stress_test_loader')) {
return;
}
if (get_page_name() == 'admin_import') {
return;
}
$subject = $this->subject;
$message = $this->message;
$no_cc = $this->no_cc;
if ($GLOBALS['DEBUG_MODE']) {
if (strpos($this->message, 'keep_devtest') !== false && $this->notification_code != 'hack_attack' && $this->notification_code != 'auto_ban' && strpos($this->message, running_script('index') ? static_evaluate_tempcode(build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, true)) : get_self_url_easy()) === false && (strpos(ocp_srv('HTTP_REFERER'), 'keep_devtest') === false || strpos($this->message, ocp_srv('HTTP_REFERER')) === false)) {
// Bad URL - it has to be general, not session-specific
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
}
$ob = _get_notification_ob_for_code($this->notification_code);
if (is_null($ob)) {
if (get_page_name() != 'admin_setupwizard') {
// Setupwizard may have removed after register_shutdown_function was called
fatal_exit('Missing notification code: ' . $this->notification_code);
}
return;
}
require_lang('notifications');
require_code('mail');
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
if ($this->store_in_staff_messaging_system && addon_installed('staff_messaging')) {
require_lang('messaging');
list($type, $id) = explode('_', $this->code_category, 2);
$message_url = build_url(array('page' => 'admin_messaging', 'type' => 'view', 'id' => $id, 'message_type' => $type), get_module_zone('admin_messaging'), NULL, false, false, true);
$message = do_lang('MESSAGING_NOTIFICATION_WRAPPER', $message, $message_url->evaluate());
require_code('feedback');
actualise_post_comment(true, $type, $id, $message_url, $subject, get_option('messaging_forum_name'), true, 1, true, true, true);
}
$testing = get_param_integer('keep_debug_notifications', 0) == 1;
$start = 0;
$max = 300;
do {
list($members, $possibly_has_more) = $ob->list_members_who_have_enabled($this->notification_code, $this->code_category, $this->to_member_ids, $start, $max);
if (get_value('notification_safety_testing') === '1') {
if (count($members) > 20) {
$members = array(6 => A_INSTANT_EMAIL);
// This is just for testing on ocportal.com, if lots of notifications going out it's probably a scary bug, so send just to Chris (#6) with a note
$message = 'OVER-ADDRESSED?' . "\n\n" . $message;
}
}
foreach ($members as $to_member_id => $setting) {
if (!is_null($this->no_notify_for__notification_code)) {
if (notifications_enabled($this->no_notify_for__notification_code, $this->no_notify_for__code_category, $to_member_id)) {
continue;
}
// Signal they are getting some other notification for this
}
if ($to_member_id !== $this->from_member_id || $testing) {
$no_cc = _dispatch_notification_to_member($to_member_id, $setting, $this->notification_code, $this->code_category, $subject, $message, $this->from_member_id, $this->priority, $no_cc);
}
}
$start += $max;
} while ($possibly_has_more);
}
/**
* Standard code module initialisation function.
*/
function init__validation()
{
if (!function_exists('html_entity_decode')) {
/**
* Decode the HTML entitity encoded input string. Can give warning if unrecognised character set.
*
* @param string The text to decode
* @param integer The quote style code
* @return string The decoded text
*/
function html_entity_decode($input, $quote_style)
{
unset($quote_style);
/* // NB:   does not go to <space>. It's not something you use with html escaping, it's for hard-space-formatting. URL's don't contain spaces, but that's due to URL escaping (%20)
$replace_array=array(
'&'=>'&',
'>'=>'>',
'<'=>'<',
'''=>'\'',
'"'=>'"',
);
foreach ($replace_array as $from=>$to)
{
$input=str_replace($from,$to,$input);
}
return $input;
*/
$trans_tbl = get_html_translation_table(HTML_ENTITIES);
$trans_tbl = array_flip($trans_tbl);
return strtr($input, $trans_tbl);
}
}
if (!function_exists('str_word_count')) {
/**
* Isolate the words in the input string.
*
* @param string String to count words in
* @param integer The format
* @set 0 1
* @return mixed Typically a list - the words of the input string
*/
function str_word_count($input, $format = 0)
{
//count words
$pattern = "/[^(\\w|\\d|\\'|\"|\\.|\\!|\\?|;|,|\\|\\/|\\-\\-|:|\\&|@)]+/";
$all_words = trim(preg_replace($pattern, ' ', $input));
$a = explode(' ', $all_words);
return $format == 0 ? count($a) : $a;
}
}
if (!function_exists('qualify_url')) {
/**
* Take a URL and base-URL, and fully qualify the URL according to it.
*
* @param URLPATH The URL to fully qualified
* @param URLPATH The base-URL
* @return URLPATH Fully qualified URL
*/
function qualify_url($url, $url_base)
{
if ($url != '' && $url[0] != '#' && substr($url, 0, 7) != 'mailto:') {
if (strpos($url, '://') === false) {
if ($url[0] == '/') {
$parsed = parse_url($url_base);
if (!array_key_exists('scheme', $parsed)) {
$parsed['scheme'] = 'http';
}
if (!array_key_exists('host', $parsed)) {
$parsed['host'] = 'localhost';
}
if (substr($url, 0, 2) == '//') {
$url = $parsed['scheme'] . ':' . $url;
} else {
$url = $parsed['scheme'] . '://' . $parsed['host'] . (array_key_exists('port', $parsed) ? ':' . $parsed['port'] : '') . $url;
}
} else {
$url = $url_base . '/' . $url;
}
}
} else {
return '';
}
return $url;
}
}
if (!function_exists('http_download_file')) {
/**
* Return the file in the URL by downloading it over HTTP. If a byte limit is given, it will only download that many bytes. It outputs warnings, returning NULL, on error.
*
* @param URLPATH The URL to download
* @param ?integer The number of bytes to download. This is not a guarantee, it is a minimum (NULL: all bytes)
* @range 1 max
* @param boolean Whether to throw an ocPortal error, on error
* @param boolean Whether to block redirects (returns NULL when found)
* @param string The user-agent to identify as
* @param ?array An optional array of POST parameters to send; if this is NULL, a GET request is used (NULL: none)
* @param ?array An optional array of cookies to send (NULL: none)
* @param ?string 'accept' header value (NULL: don't pass one)
* @param ?string 'accept-charset' header value (NULL: don't pass one)
* @param ?string 'accept-language' header value (NULL: don't pass one)
* @param ?resource File handle to write to (NULL: do not do that)
* @param ?string The HTTP referer (NULL: none)
* @param ?array A pair: authentication username and password (NULL: none)
* @param float The timeout
* @param boolean Whether to treat the POST parameters as a raw POST (rather than using MIME)
* @param ?array Files to send. Map between field to file path (NULL: none)
* @return ?string The data downloaded (NULL: error)
*/
function http_download_file($url, $byte_limit = NULL, $trigger_error = true, $no_redirect = false, $ua = 'ocPortal', $post_params = NULL, $cookies = NULL, $accept = NULL, $accept_charset = NULL, $accept_language = NULL, $write_to_file = NULL, $referer = NULL, $auth = NULL, $timeout = 6.0, $is_xml = false, $files = NULL)
{
ini_set('allow_url_fopen', '1');
return @file_get_contents($url);
// Assumes URL-wrappers is on, whilst ocPortal's is much more sophisticated
}
}
if (!function_exists('do_lang')) {
/**
* Get the human-readable form of a language id, or a language entry from a language INI file. (STUB)
*
* @param ID_TEXT The language id
* @param ?mixed The first token [string or tempcode] (replaces {1}) (NULL: none)
* @param ?mixed The second token [string or tempcode] (replaces {2}) (NULL: none)
* @param ?mixed The third token (replaces {3}). May be an array of [of string], to allow any number of additional args (NULL: none)
* @param ?LANGUAGE_NAME The language to use (NULL: users language)
* @param boolean Whether to cause ocPortal to exit if the lookup does not succeed
* @return ?mixed The human-readable content (NULL: not found). String normally. Tempcode if tempcode parameters.
*/
function do_lang($a, $param_a = NULL, $param_b = NULL, $param_c = NULL, $lang = NULL, $require_result = true)
{
if (function_exists('_do_lang')) {
return _do_lang($a, $param_a, $param_b, $param_c, $lang, $require_result);
}
unset($lang);
unset($allow_fail);
switch ($a) {
case 'LINK_NEW_WINDOW':
return 'new window';
case 'SPREAD_TABLE':
return 'Spread table';
case 'MAP_TABLE':
return 'Item to value mapper table';
}
return array($a, $param_a, $param_b, $param_c);
}
}
if (!function_exists('get_forum_type')) {
/**
* Get the type of forums installed.
*
* @return string The type of forum installed
*/
function get_forum_type()
{
return 'none';
}
}
if (!function_exists('ocp_srv')) {
/**
* Get server environment variables. (STUB)
*
* @param string The variable name
* @return string The variable value ('' means unknown)
*/
function ocp_srv($value)
{
return '';
}
}
if (!function_exists('mailto_obfuscated')) {
/**
* Get obfuscate version of 'mailto:' (which'll hopefully fool e-mail scavengers to not pick up these e-mail addresses).
*
* @return string The obfuscated 'mailto:' string
*/
function mailto_obfuscated()
{
return 'mailto:';
}
}
if (!function_exists('mixed')) {
/**
* Assign this to explicitly declare that a variable may be of mixed type, and initialise to NULL.
*
* @return ?mixed Of mixed type (NULL: default)
*/
function mixed()
{
return NULL;
}
}
define('DOCTYPE_HTML', '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">');
define('DOCTYPE_HTML_STRICT', '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">');
define('DOCTYPE_XHTML', '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">');
define('DOCTYPE_XHTML_STRICT', '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">');
define('DOCTYPE_XHTML_NEW', '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">');
global $XHTML_VALIDATOR_OFF, $WELL_FORMED_ONLY, $VALIDATION_JAVASCRIPT, $VALIDATION_CSS, $VALIDATION_WCAG, $VALIDATION_COMPAT, $VALIDATION_EXT_FILES, $VALIDATION_MANUAL;
$VALIDATION_JAVASCRIPT = true;
$VALIDATION_CSS = true;
$VALIDATION_WCAG = true;
$VALIDATION_COMPAT = true;
$VALIDATION_EXT_FILES = true;
$VALIDATION_MANUAL = false;
global $EXTRA_CHECK;
$EXTRA_CHECK = array();
global $VALIDATED_ALREADY;
$VALIDATED_ALREADY = array();
global $NO_XHTML_LINK_FOLLOW;
$NO_XHTML_LINK_FOLLOW = 0;
global $CSS_TAG_RANGES, $CSS_VALUE_RANGES;
$CSS_TAG_RANGES = array();
$CSS_VALUE_RANGES = array();
global $ENTITIES;
$ENTITIES = array('quot' => 1, 'amp' => 1, 'lt' => 1, 'gt' => 1, 'nbsp' => 1, 'iexcl' => 1, 'cent' => 1, 'pound' => 1, 'curren' => 1, 'yen' => 1, 'brvbar' => 1, 'sect' => 1, 'uml' => 1, 'copy' => 1, 'ordf' => 1, 'laquo' => 1, 'not' => 1, 'shy' => 1, 'reg' => 1, 'macr' => 1, 'deg' => 1, 'plusmn' => 1, 'sup2' => 1, 'sup3' => 1, 'acute' => 1, 'micro' => 1, 'para' => 1, 'middot' => 1, 'cedil' => 1, 'sup1' => 1, 'ordm' => 1, 'raquo' => 1, 'frac14' => 1, 'frac12' => 1, 'frac34' => 1, 'iquest' => 1, 'Agrave' => 1, 'Aacute' => 1, 'Acirc' => 1, 'Atilde' => 1, 'Auml' => 1, 'Aring' => 1, 'AElig' => 1, 'Ccedil' => 1, 'Egrave' => 1, 'Eacute' => 1, 'Ecirc' => 1, 'Euml' => 1, 'Igrave' => 1, 'Iacute' => 1, 'Icirc' => 1, 'Iuml' => 1, 'ETH' => 1, 'Ntilde' => 1, 'Ograve' => 1, 'Oacute' => 1, 'Ocirc' => 1, 'Otilde' => 1, 'Ouml' => 1, 'times' => 1, 'Oslash' => 1, 'Ugrave' => 1, 'Uacute' => 1, 'Ucirc' => 1, 'Uuml' => 1, 'Yacute' => 1, 'THORN' => 1, 'szlig' => 1, 'agrave' => 1, 'aacute' => 1, 'acirc' => 1, 'atilde' => 1, 'auml' => 1, 'aring' => 1, 'aelig' => 1, 'ccedil' => 1, 'egrave' => 1, 'eacute' => 1, 'ecirc' => 1, 'euml' => 1, 'igrave' => 1, 'iacute' => 1, 'icirc' => 1, 'iuml' => 1, 'eth' => 1, 'ntilde' => 1, 'ograve' => 1, 'oacute' => 1, 'ocirc' => 1, 'otilde' => 1, 'ouml' => 1, 'divide' => 1, 'oslash' => 1, 'ugrave' => 1, 'uacute' => 1, 'ucirc' => 1, 'uuml' => 1, 'yacute' => 1, 'thorn' => 1, 'yuml' => 1, 'fnof' => 1, 'Alpha' => 1, 'Beta' => 1, 'Gamma' => 1, 'Delta' => 1, 'Epsilon' => 1, 'Zeta' => 1, 'Eta' => 1, 'Theta' => 1, 'Iota' => 1, 'Kappa' => 1, 'Lambda' => 1, 'Mu' => 1, 'Nu' => 1, 'Xi' => 1, 'Omicron' => 1, 'Pi' => 1, 'Rho' => 1, 'Sigma' => 1, 'Tau' => 1, 'Upsilon' => 1, 'Phi' => 1, 'Chi' => 1, 'Psi' => 1, 'Omega' => 1, 'alpha' => 1, 'beta' => 1, 'gamma' => 1, 'delta' => 1, 'epsilon' => 1, 'zeta' => 1, 'eta' => 1, 'theta' => 1, 'iota' => 1, 'kappa' => 1, 'lambda' => 1, 'mu' => 1, 'nu' => 1, 'xi' => 1, 'omicron' => 1, 'pi' => 1, 'rho' => 1, 'sigmaf' => 1, 'sigma' => 1, 'tau' => 1, 'upsilon' => 1, 'phi' => 1, 'chi' => 1, 'psi' => 1, 'omega' => 1, 'thetasym' => 1, 'upsih' => 1, 'piv' => 1, 'bull' => 1, 'hellip' => 1, 'prime' => 1, 'Prime' => 1, 'oline' => 1, 'frasl' => 1, 'weierp' => 1, 'image' => 1, 'real' => 1, 'trade' => 1, 'alefsym' => 1, 'larr' => 1, 'uarr' => 1, 'rarr' => 1, 'darr' => 1, 'harr' => 1, 'crarr' => 1, 'lArr' => 1, 'uArr' => 1, 'rArr' => 1, 'dArr' => 1, 'hArr' => 1, 'forall' => 1, 'part' => 1, 'exist' => 1, 'empty' => 1, 'nabla' => 1, 'isin' => 1, 'notin' => 1, 'ni' => 1, 'prod' => 1, 'sum' => 1, 'minus' => 1, 'lowast' => 1, 'radic' => 1, 'prop' => 1, 'infin' => 1, 'ang' => 1, 'and' => 1, 'or' => 1, 'cap' => 1, 'cup' => 1, 'int' => 1, 'there4' => 1, 'sim' => 1, 'cong' => 1, 'asymp' => 1, 'ne' => 1, 'equiv' => 1, 'le' => 1, 'ge' => 1, 'sub' => 1, 'sup' => 1, 'nsub' => 1, 'sube' => 1, 'supe' => 1, 'oplus' => 1, 'otimes' => 1, 'perp' => 1, 'sdot' => 1, 'lceil' => 1, 'rceil' => 1, 'lfloor' => 1, 'rfloor' => 1, 'lang' => 1, 'rang' => 1, 'loz' => 1, 'spades' => 1, 'clubs' => 1, 'hearts' => 1, 'diams' => 1, 'OElig' => 1, 'oelig' => 1, 'Scaron' => 1, 'scaron' => 1, 'Yuml' => 1, 'circ' => 1, 'tidle' => 1, 'ensp' => 1, 'emsp' => 1, 'thinsp' => 1, 'zwnj' => 1, 'zwj' => 1, 'lrm' => 1, 'rlm' => 1, 'ndash' => 1, 'mdash' => 1, 'lsquo' => 1, 'rsquo' => 1, 'sbquo' => 1, 'ldquo' => 1, 'rdquo' => 1, 'bdquo' => 1, 'dagger' => 1, 'Dagger' => 1, 'permil' => 1, 'lsaquo' => 1, 'rsaquo' => 1, 'euro' => 1);
$strict_form_accessibility = false;
// Form fields may not be empty with this strict rule
global $POSSIBLY_EMPTY_TAGS;
$POSSIBLY_EMPTY_TAGS = array('a' => 1, 'div' => 1, 'td' => 1, 'th' => 1, 'textarea' => 1, 'button' => 1, 'script' => 1);
if ($strict_form_accessibility) {
unset($POSSIBLY_EMPTY_TAGS['textarea']);
}
global $MUST_SELFCLOSE_TAGS;
$MUST_SELFCLOSE_TAGS = array('img' => 1, 'hr' => 1, 'br' => 1, 'param' => 1, 'input' => 1, 'base' => 1, 'link' => 1, 'meta' => 1, 'area' => 1, 'col' => 1, 'nobr' => 1);
global $TAGS_BLOCK;
$TAGS_BLOCK = array('div' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'p' => 1, 'blockquote' => 1, 'pre' => 1, 'br' => 1, 'hr' => 1, 'fieldset' => 1, 'address' => 1, 'iframe' => 1, 'noscript' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1, 'dd' => 1, 'dt' => 1, 'dl' => 1, 'li' => 1, 'ol' => 1, 'ul' => 1, 'rbc' => 1, 'rtc' => 1, 'rb' => 1, 'rt' => 1, 'rp' => 1);
global $TAGS_INLINE;
$TAGS_INLINE = array('span' => 1, 'abbr' => 1, 'acronym' => 1, 'cite' => 1, 'code' => 1, 'dfn' => 1, 'em' => 1, 'strong' => 1, 'kbd' => 1, 'q' => 1, 'samp' => 1, 'var' => 1, 'sub' => 1, 'sup' => 1, 'tt' => 1, 'del' => 1, 'ruby' => 1, 'a' => 1, 'bdo' => 1, 'img' => 1, 'ins' => 1, 'param' => 1, 'textarea' => 1, 'button' => 1, 'input' => 1, 'select' => 1, 'object' => 1, 'caption' => 1, 'label' => 1, 'b' => 1, 'i' => 1, 'small' => 1, 'big' => 1);
global $TAGS_NORMAL;
$TAGS_NORMAL = array('base' => 1, 'body' => 1, 'col' => 1, 'colgroup' => 1, 'head' => 1, 'html' => 1, 'link' => 1, 'map' => 1, 'meta' => 1, 'optgroup' => 1, 'option' => 1, 'style' => 1, 'title' => 1, 'legend' => 1, 'script' => 1, 'area' => 1, 'form' => 1);
global $TAGS_BLOCK_DEPRECATED;
$TAGS_BLOCK_DEPRECATED = array('dir' => 1, 'menu' => 1);
global $TAGS_INLINE_DEPRECATED;
$TAGS_INLINE_DEPRECATED = array('center' => 1, 'applet' => 1, 'font' => 1, 's' => 1, 'strike' => 1, 'u' => 1);
global $TAGS_NORMAL_DEPRECATED;
$TAGS_NORMAL_DEPRECATED = array('basefont' => 1);
$browser = strtolower(ocp_srv('HTTP_USER_AGENT'));
$is_ie = strpos($browser, 'msie') !== false && strpos($browser, 'opera') === false;
$enforce_javascript = '([^\\n]+)';
$enforce_lang = '[a-zA-Z][a-zA-Z](-[a-zA-Z]+)?';
$enforce_direction = '(ltr|rtl)';
$enforce_align = '(left|center|right|justify|char)';
$enforce_align2 = '(top|middle|bottom|left|right)';
$enforce_align3 = '(left|center|right|justify)';
$enforce_align4 = '(top|bottom|left|right)';
$enforce_valign = '(top|middle|bottom|baseline)';
$enforce_number = '(-?[0-9]+)';
$enforce_inumber = '[0-9]+';
//$enforce_plain_or_html='(plaintext|html)';
$enforce_character = '.';
$enforce_color = '(black|silver|gray|white|maroon|purple|fuchsia|green|lime|olive|yellow|navy|blue|teal|aqua|orange|red|(\\#[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f])|(\\#[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f]))';
// orange and red aren't 'official' -- but kind of handy ;). In reality, the colour codes were never properly defined, and these two are obvious names for obviously needed ones-- they'll be supported
$enforce_length = '((0)|(' . $enforce_number . '(|in|cm|mm|ex|pt|pc|px|em|%))|((' . $enforce_number . ')?\\.' . $enforce_number . '(in|cm|mm|ex|em|%)))';
// |ex|pt|in|cm|mm|pc We don't want these in our XHTML... preferably we only want em when it comes to font size!
$enforce_ilength = '((0)|(' . $enforce_inumber . '(|in|cm|mm|ex|pt|pc|px|em|%))|((' . $enforce_inumber . ')?\\.' . $enforce_inumber . '(in|cm|mm|ex|em|%)))';
// |ex|pt|in|cm|mm|pc We don't want these in our XHTML... preferably we only want em when it comes to font size!
$enforce_pixels = '[0-9]+';
$enforce_auto_or_length = '(auto|' . $enforce_length . ')';
$enforce_auto_or_ilength = '(auto|' . $enforce_ilength . ')';
$enforce_normal_or_length = '(normal|' . $enforce_length . ')';
$enforce_border_width = '(thin|medium|thick|' . $enforce_length . ')';
$enforce_potential_4d_border_width = $enforce_border_width . '( ' . $enforce_border_width . '( ' . $enforce_border_width . '( ' . $enforce_border_width . '|)|)|)';
$enforce_css_color = '((rgb\\(' . $enforce_inumber . '%,' . $enforce_inumber . '%,' . $enforce_inumber . '%\\))|(rgb\\(' . $enforce_inumber . ',' . $enforce_inumber . ',' . $enforce_inumber . '\\))|(\\#[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f])|' . $enforce_color . '|ActiveBorder|ActiveCaption|AppWorkspace|Background|Buttonface|ButtonHighlight|ButtonShadow|ButtonText|CaptionText|GrayText|Highlight|HighlightText|InactiveBorder|InactiveCaption|InactiveCaptionText|InfoBackground|InfoText|Menu|MenuText|Scrollbar|ThreeDDarkShadow|ThreeDFace|ThreeDHighlight|ThreeDLightShadow|ThreeDShadow|Window|WindowFrame|WindowText)';
$enforce_transparent_or_color = '(transparent|' . $enforce_css_color . ')';
$enforce_fraction = '(\\d%|\\d\\d%|100%|0\\.\\d+|1\\.0)';
$_enforce_font_list = "(cursive|fantasy|monospace|serif|sans-serif|Georgia|Times|Trebuchet|Tahoma|Geneva|Verdana|Arial|Helvetica|Courier|Courier New|Impact|'Georgia'|'Times'|'Trebuchet'|'Tahoma'|'Geneva'|'Verdana'|'Arial'|'Helvetica'|'Courier'|'Courier New'|'Impact')";
$enforce_font_list = '((([A-Za-z]+)|("[A-Za-z ]+")|(\'[A-Za-z ]+\')),\\s*)*' . $_enforce_font_list;
$enforce_functional_url = '(url\\(\'.+\'\\)|url\\(".+"\\)|url\\([^\\(\\);]+\\))';
$enforce_functional_url_or_none = '(' . $enforce_functional_url . '|none)';
$enforce_border_style = '(none|dotted|dashed|solid|double|groove|ridge|inset|outset)';
$enforce_background_repeat = '(repeat|repeat-x|repeat-y|no-repeat)';
$enforce_attachment = '(scroll|fixed)';
$_enforce_background_position = '((' . $enforce_length . '|top|center|bottom)|(' . $enforce_length . '|left|center|right))';
$enforce_background_position = '((' . $_enforce_background_position . ')|(' . $_enforce_background_position . ' ' . $_enforce_background_position . '))';
$enforce_border = '((' . $enforce_border_width . '|' . $enforce_border_style . '|' . $enforce_css_color . ')( |$))+';
$enforce_potential_4d_length = $enforce_length . '( ' . $enforce_length . '( ' . $enforce_length . '( ' . $enforce_length . '|)|)|)';
$enforce_potential_4d_length_auto = $enforce_auto_or_length . '( ' . $enforce_auto_or_length . '( ' . $enforce_auto_or_length . '( ' . $enforce_auto_or_length . '|)|)|)';
$enforce_potential_4d_ilength = $enforce_ilength . '( ' . $enforce_ilength . '( ' . $enforce_ilength . '( ' . $enforce_ilength . '|)|)|)';
$enforce_potential_4d_ilength_auto = $enforce_auto_or_ilength . '( ' . $enforce_auto_or_ilength . '( ' . $enforce_auto_or_ilength . '( ' . $enforce_auto_or_ilength . '|)|)|)';
$enforce_font_style = '(normal|italic|oblique)';
$enforce_font_variant = '(normal|small-caps)';
$enforce_font_weight = '(lighter|normal|bold|bolder|((\\d)+))';
$enforce_list_style_position = '(inside|outside)';
$enforce_list_style_type = '(none|disc|circle|square|decimal|lower-roman|upper-roman|lower-alpha|upper-alpha' . (!$is_ie ? '|decimal-leading-zero|lower-greek|lower-latin|upper-latin|hebrew|armenian|georgian|cjk-ideographic|hiragana|katakana|hiragana-iroha|katakana-iroha' : '') . ')';
$enforce_list_style_image = '(none|' . $enforce_functional_url . ')';
$enforce_id = '[a-zA-Z][\\w\\-\\:\\.]*';
$enforce_name = $enforce_id . '(\\[\\])?';
// Only used for <select> tag, as it has to allow multi-selection-lists
$enforce_link = (get_forum_type() == 'none' ? '(mailto:.*)?' : '') . '(' . str_replace('#', '\\#', preg_quote(mailto_obfuscated())) . '.*)?[^\\s\\#]*(\\#[^\\s\\#]*)?';
$enforce_class = '[ \\w-]*';
$enforce_zoom = '(normal|' . $enforce_fraction . ')';
global $CSS_PROPERTIES;
$CSS_PROPERTIES = array('background' => '((' . $enforce_transparent_or_color . '|' . $enforce_functional_url_or_none . '|' . $enforce_background_repeat . '|' . $enforce_attachment . '|' . $enforce_background_position . ')( |$))+', 'background-attachment' => $enforce_attachment, 'background-color' => $enforce_transparent_or_color, 'background-image' => $enforce_functional_url_or_none, 'background-repeat' => $enforce_background_repeat, 'background-position' => $enforce_background_position, 'border' => $enforce_border, 'border-collapse' => '(collapse|separate)', 'border-color' => $enforce_transparent_or_color . '( ' . $enforce_transparent_or_color . '( ' . $enforce_transparent_or_color . '( ' . $enforce_transparent_or_color . '|)|)|)', 'border-spacing' => $enforce_length . ' ' . $enforce_length, 'border-style' => $enforce_border_style, 'border-width' => $enforce_potential_4d_border_width, 'border-bottom' => $enforce_border, 'border-bottom-color' => $enforce_transparent_or_color, 'border-bottom-style' => $enforce_border_style, 'border-bottom-width' => $enforce_border_width, 'border-left' => $enforce_border, 'border-left-color' => $enforce_transparent_or_color, 'border-left-style' => $enforce_border_style, 'border-left-width' => $enforce_border_width, 'border-right' => $enforce_border, 'border-right-color' => $enforce_transparent_or_color, 'border-right-style' => $enforce_border_style, 'border-right-width' => $enforce_border_width, 'border-top' => $enforce_border, 'border-top-color' => $enforce_transparent_or_color, 'border-top-style' => $enforce_border_style, 'border-top-width' => $enforce_border_width, 'bottom' => $enforce_auto_or_length, 'clear' => '(both|left|right|none)', 'clip' => 'auto|(rect\\(' . $enforce_potential_4d_length . '\\))', 'color' => $enforce_css_color, 'cursor' => '(' . $enforce_functional_url . '|default|auto|n-resize|ne-resize|e-resize|se-resize|s-resize|sw-resize|w-resize|nw-resize|crosshair|pointer|move|text|wait|help' . (!$is_ie ? '|progress' : '') . ')', 'direction' => '(ltr|rtl)', 'display' => '(none|inline|block|list-item|table|table-header-group|table-footer-group|inline-block|run-in' . (!$is_ie ? '|inline-table|table-row|table-row-group|table-column-group|table-column|table-cell|table-caption' : '') . ')', 'float' => '(left|right|none)', 'font' => '((caption|icon|menu|message-box|small-caption|status-bar|' . $enforce_font_style . '|' . $enforce_font_variant . '|' . $enforce_font_weight . '|' . $enforce_length . '|' . $enforce_normal_or_length . '|' . $enforce_font_list . ')( |$))+', 'font-family' => $enforce_font_list, 'font-size' => 'larger|smaller|xx-small|x-small|small|medium|large|x-large|xx-large|' . $enforce_length, 'font-style' => $enforce_font_style, 'font-variant' => $enforce_font_variant, 'font-weight' => $enforce_font_weight, 'height' => $enforce_auto_or_length, 'left' => $enforce_auto_or_length, 'right' => $enforce_auto_or_length, 'letter-spacing' => $enforce_normal_or_length, 'line-height' => $enforce_normal_or_length, 'list-style' => '((' . $enforce_list_style_type . '|' . $enforce_list_style_position . '|' . $enforce_list_style_image . ')( |$))+', 'list-style-image' => $enforce_functional_url, 'list-style-position' => $enforce_list_style_position, 'list-style-type' => $enforce_list_style_type, 'margin' => $enforce_potential_4d_length_auto, 'margin-bottom' => $enforce_auto_or_length, 'margin-left' => $enforce_auto_or_length, 'margin-right' => $enforce_auto_or_length, 'margin-top' => $enforce_auto_or_length, 'overflow' => '(visible|hidden|scroll|auto)', 'padding' => $enforce_potential_4d_ilength, 'padding-bottom' => $enforce_auto_or_ilength, 'padding-left' => $enforce_auto_or_ilength, 'padding-right' => $enforce_auto_or_ilength, 'padding-top' => $enforce_auto_or_ilength, 'page-break-after' => '(auto|left|right|always)', 'page-break-before' => '(auto|left|right|always)', 'position' => '(static|relative|absolute' . (!$is_ie ? '|fixed' : '') . ')', 'table-layout' => '(auto|fixed)', 'text-align' => '(left|right|center|justify)', 'text-decoration' => '(underline|line-through|none' . (!$is_ie ? '|blink' : '') . ')', 'text-indent' => $enforce_length, 'text-transform' => '(capitalize|uppercase|lowercase|none)', 'top' => $enforce_auto_or_length, 'unicode-bidi' => '(bidi-override|normal|embed)', 'vertical-align' => '(baseline|sub|super|top|text-top|middle|bottom|text-bottom)', 'visibility' => '(hidden|visible|collapse)', 'white-space' => '(normal|pre|nowrap' . (!$is_ie ? '|pre-wrap|pre-line' : '') . ')', 'width' => $enforce_auto_or_length, 'word-spacing' => $enforce_normal_or_length, 'z-index' => '(auto|(\\d+))', 'zoom' => $enforce_zoom, 'opacity' => $enforce_fraction, 'overflow-x' => '(visible|hidden|scroll|auto)', 'overflow-y' => '(visible|hidden|scroll|auto)');
$_counter_increment = '((\\w+( \\d+)?)+)';
$enforce_counter_increment = $_counter_increment . '( ' . $_counter_increment . ')*';
global $CSS_NON_IE_PROPERTIES;
$CSS_NON_IE_PROPERTIES = array('content' => '.+', 'quotes' => '.+ .+', 'max-width' => $enforce_auto_or_length, 'min-width' => $enforce_auto_or_length, 'max-height' => $enforce_auto_or_length, 'min-height' => $enforce_auto_or_length, 'marker-offset' => $enforce_auto_or_length, 'caption-side' => 'top|bottom|left|right', 'empty-cells' => 'show|hide', 'counter-increment' => $enforce_counter_increment, 'counter-reset' => $enforce_counter_increment, 'outline' => $enforce_border, 'outline-color' => $enforce_transparent_or_color, 'outline-style' => $enforce_border_style, 'outline-width' => $enforce_border_width);
global $TAG_ATTRIBUTES;
$TAG_ATTRIBUTES = array('a.accesskey' => $enforce_character, 'a.charset' => '.+', 'a.class' => $enforce_class, 'a.coords' => '.+', 'a.dir' => $enforce_direction, 'a.href' => $enforce_link, 'a.hreflang' => $enforce_lang, 'a.id' => $enforce_id, 'a.lang' => $enforce_lang, 'a.name' => $enforce_id, 'a.onblur' => $enforce_javascript, 'a.onclick' => $enforce_javascript, 'a.ondblclick' => $enforce_javascript, 'a.onfocus' => $enforce_javascript, 'a.onkeydown' => $enforce_javascript, 'a.onkeypress' => $enforce_javascript, 'a.onkeyup' => $enforce_javascript, 'a.onmousedown' => $enforce_javascript, 'a.onmousemove' => $enforce_javascript, 'a.onmouseout' => $enforce_javascript, 'a.onmouseover' => $enforce_javascript, 'a.onmouseup' => $enforce_javascript, 'a.rel' => '.*', 'a.rev' => '.+', 'a.shape' => '(rect|circle|poly|default)', 'a.style' => '.*', 'a.tabindex' => $enforce_inumber, 'a.title' => '.*', 'a.type' => '.+', 'abbr.class' => $enforce_class, 'abbr.dir' => $enforce_direction, 'abbr.id' => $enforce_id, 'abbr.lang' => $enforce_lang, 'abbr.onclick' => $enforce_javascript, 'abbr.ondblclick' => $enforce_javascript, 'abbr.onkeydown' => $enforce_javascript, 'abbr.onkeypress' => $enforce_javascript, 'abbr.onkeyup' => $enforce_javascript, 'abbr.onmousedown' => $enforce_javascript, 'abbr.onmousemove' => $enforce_javascript, 'abbr.onmouseout' => $enforce_javascript, 'abbr.onmouseover' => $enforce_javascript, 'abbr.onmouseup' => $enforce_javascript, 'abbr.style' => '.*', 'abbr.title' => '.+', 'acronym.class' => $enforce_class, 'acronym.dir' => $enforce_direction, 'acronym.id' => $enforce_id, 'acronym.lang' => $enforce_lang, 'acronym.onclick' => $enforce_javascript, 'acronym.ondblclick' => $enforce_javascript, 'acronym.onkeydown' => $enforce_javascript, 'acronym.onkeypress' => $enforce_javascript, 'acronym.onkeyup' => $enforce_javascript, 'acronym.onmousedown' => $enforce_javascript, 'acronym.onmousemove' => $enforce_javascript, 'acronym.onmouseout' => $enforce_javascript, 'acronym.onmouseover' => $enforce_javascript, 'acronym.onmouseup' => $enforce_javascript, 'acronym.style' => '.*', 'acronym.title' => '.+', 'address.class' => $enforce_class, 'address.dir' => $enforce_direction, 'address.id' => $enforce_id, 'address.lang' => $enforce_lang, 'address.onclick' => $enforce_javascript, 'address.ondblclick' => $enforce_javascript, 'address.onkeydown' => $enforce_javascript, 'address.onkeypress' => $enforce_javascript, 'address.onkeyup' => $enforce_javascript, 'address.onmousedown' => $enforce_javascript, 'address.onmousemove' => $enforce_javascript, 'address.onmouseout' => $enforce_javascript, 'address.onmouseover' => $enforce_javascript, 'address.onmouseup' => $enforce_javascript, 'address.style' => '.*', 'address.title' => '.+', 'area.accesskey' => $enforce_character, 'area.alt' => '.*', 'area.class' => $enforce_class, 'area.coords' => '.+', 'area.dir' => $enforce_direction, 'area.href' => $enforce_link, 'area.id' => $enforce_id, 'area.lang' => $enforce_lang, 'area.nohref' => 'nohref', 'area.onblur' => '.+', 'area.onclick' => $enforce_javascript, 'area.ondblclick' => $enforce_javascript, 'area.onfocus' => $enforce_javascript, 'area.onkeydown' => $enforce_javascript, 'area.onkeypress' => $enforce_javascript, 'area.onkeyup' => $enforce_javascript, 'area.onmousedown' => $enforce_javascript, 'area.onmousemove' => $enforce_javascript, 'area.onmouseout' => $enforce_javascript, 'area.onmouseover' => $enforce_javascript, 'area.onmouseup' => $enforce_javascript, 'area.shape' => '(rect|circle|poly|default)', 'area.style' => '.*', 'area.tabindex' => $enforce_inumber, 'area.title' => '.+', 'b.class' => $enforce_class, 'b.dir' => $enforce_direction, 'b.id' => $enforce_id, 'b.lang' => $enforce_lang, 'b.onclick' => $enforce_javascript, 'b.ondblclick' => $enforce_javascript, 'b.onkeydown' => $enforce_javascript, 'b.onkeypress' => $enforce_javascript, 'b.onkeyup' => $enforce_javascript, 'b.onmousedown' => $enforce_javascript, 'b.onmousemove' => $enforce_javascript, 'b.onmouseout' => $enforce_javascript, 'b.onmouseover' => $enforce_javascript, 'b.onmouseup' => $enforce_javascript, 'b.style' => '.*', 'b.title' => '.+', 'base.href' => $enforce_link, 'bdo.class' => $enforce_class, 'bdo.dir' => $enforce_direction, 'bdo.id' => $enforce_id, 'bdo.lang' => $enforce_lang, 'bdo.style' => '.*', 'bdo.title' => '.+', 'big.class' => $enforce_class, 'big.dir' => $enforce_direction, 'big.id' => $enforce_id, 'big.lang' => $enforce_lang, 'big.onclick' => $enforce_javascript, 'big.ondblclick' => $enforce_javascript, 'big.onkeydown' => $enforce_javascript, 'big.onkeypress' => $enforce_javascript, 'big.onkeyup' => $enforce_javascript, 'big.onmousedown' => $enforce_javascript, 'big.onmousemove' => $enforce_javascript, 'big.onmouseout' => $enforce_javascript, 'big.onmouseover' => $enforce_javascript, 'big.onmouseup' => $enforce_javascript, 'big.style' => '.*', 'big.title' => '.+', 'blockquote.cite' => '.+', 'blockquote.class' => $enforce_class, 'blockquote.dir' => $enforce_direction, 'blockquote.id' => $enforce_id, 'blockquote.lang' => $enforce_lang, 'blockquote.onclick' => $enforce_javascript, 'blockquote.ondblclick' => $enforce_javascript, 'blockquote.onkeydown' => $enforce_javascript, 'blockquote.onkeypress' => $enforce_javascript, 'blockquote.onkeyup' => $enforce_javascript, 'blockquote.onmousedown' => $enforce_javascript, 'blockquote.onmousemove' => $enforce_javascript, 'blockquote.onmouseout' => $enforce_javascript, 'blockquote.onmouseover' => $enforce_javascript, 'blockquote.onmouseup' => $enforce_javascript, 'blockquote.style' => '.*', 'blockquote.title' => '.+', 'body.background' => '.+', 'body.class' => $enforce_class, 'body.dir' => $enforce_direction, 'body.id' => $enforce_id, 'body.lang' => $enforce_lang, 'body.onclick' => $enforce_javascript, 'body.ondblclick' => $enforce_javascript, 'body.onkeydown' => $enforce_javascript, 'body.onkeypress' => $enforce_javascript, 'body.onkeyup' => $enforce_javascript, 'body.onload' => $enforce_javascript, 'body.onmousedown' => $enforce_javascript, 'body.onmousemove' => $enforce_javascript, 'body.onmouseout' => $enforce_javascript, 'body.onmouseover' => $enforce_javascript, 'body.onmouseup' => $enforce_javascript, 'body.onunload' => $enforce_javascript, 'body.style' => '.*', 'body.title' => '.+', 'br.class' => $enforce_class, 'br.id' => $enforce_id, 'br.style' => '.*', 'br.title' => '.+', 'button.accesskey' => $enforce_character, 'button.class' => $enforce_class, 'button.dir' => $enforce_direction, 'button.disabled' => 'disabled', 'button.id' => $enforce_id, 'button.lang' => $enforce_lang, 'button.name' => $enforce_id, 'button.onblur' => $enforce_javascript, 'button.onclick' => $enforce_javascript, 'button.ondblclick' => $enforce_javascript, 'button.onfocus' => $enforce_javascript, 'button.onkeydown' => $enforce_javascript, 'button.onkeypress' => $enforce_javascript, 'button.onkeyup' => $enforce_javascript, 'button.onmousedown' => $enforce_javascript, 'button.onmousemove' => $enforce_javascript, 'button.onmouseout' => $enforce_javascript, 'button.onmouseover' => $enforce_javascript, 'button.onmouseup' => $enforce_javascript, 'button.style' => '.*', 'button.tabindex' => $enforce_inumber, 'button.title' => '.+', 'button.type' => '(button|submit|reset)', 'button.value' => '.+', 'caption.class' => $enforce_class, 'caption.dir' => $enforce_direction, 'caption.id' => $enforce_id, 'caption.lang' => $enforce_lang, 'caption.onclick' => $enforce_javascript, 'caption.ondblclick' => $enforce_javascript, 'caption.onkeydown' => $enforce_javascript, 'caption.onkeypress' => $enforce_javascript, 'caption.onkeyup' => $enforce_javascript, 'caption.onmousedown' => $enforce_javascript, 'caption.onmousemove' => $enforce_javascript, 'caption.onmouseout' => $enforce_javascript, 'caption.onmouseover' => $enforce_javascript, 'caption.onmouseup' => $enforce_javascript, 'caption.style' => '.*', 'caption.title' => '.+', 'cite.class' => $enforce_class, 'cite.dir' => $enforce_direction, 'cite.id' => $enforce_id, 'cite.lang' => $enforce_lang, 'cite.onclick' => $enforce_javascript, 'cite.ondblclick' => $enforce_javascript, 'cite.onkeydown' => $enforce_javascript, 'cite.onkeypress' => $enforce_javascript, 'cite.onkeyup' => $enforce_javascript, 'cite.onmousedown' => $enforce_javascript, 'cite.onmousemove' => $enforce_javascript, 'cite.onmouseout' => $enforce_javascript, 'cite.onmouseover' => $enforce_javascript, 'cite.onmouseup' => $enforce_javascript, 'cite.style' => '.*', 'cite.title' => '.+', 'code.class' => $enforce_class, 'code.dir' => $enforce_direction, 'code.id' => $enforce_id, 'code.lang' => $enforce_lang, 'code.onclick' => $enforce_javascript, 'code.ondblclick' => $enforce_javascript, 'code.onkeydown' => $enforce_javascript, 'code.onkeypress' => $enforce_javascript, 'code.onkeyup' => $enforce_javascript, 'code.onmousedown' => $enforce_javascript, 'code.onmousemove' => $enforce_javascript, 'code.onmouseout' => $enforce_javascript, 'code.onmouseover' => $enforce_javascript, 'code.onmouseup' => $enforce_javascript, 'code.style' => '.*', 'code.title' => '.+', 'col.align' => $enforce_align, 'col.char' => $enforce_character, 'col.charoff' => $enforce_length, 'col.class' => $enforce_class, 'col.dir' => $enforce_direction, 'col.id' => $enforce_id, 'col.lang' => $enforce_lang, 'col.onclick' => $enforce_javascript, 'col.ondblclick' => $enforce_javascript, 'col.onkeydown' => $enforce_javascript, 'col.onkeypress' => $enforce_javascript, 'col.onkeyup' => $enforce_javascript, 'col.onmousedown' => $enforce_javascript, 'col.onmousemove' => $enforce_javascript, 'col.onmouseout' => $enforce_javascript, 'col.onmouseover' => $enforce_javascript, 'col.onmouseup' => $enforce_javascript, 'col.span' => $enforce_inumber, 'col.style' => '.*', 'col.title' => '.+', 'col.width' => $enforce_length, 'colgroup.align' => $enforce_align, 'colgroup.char' => $enforce_character, 'colgroup.charoff' => $enforce_length, 'colgroup.class' => $enforce_class, 'colgroup.dir' => $enforce_direction, 'colgroup.id' => $enforce_id, 'colgroup.lang' => $enforce_lang, 'colgroup.onclick' => $enforce_javascript, 'colgroup.ondblclick' => $enforce_javascript, 'colgroup.onkeydown' => $enforce_javascript, 'colgroup.onkeypress' => $enforce_javascript, 'colgroup.onkeyup' => $enforce_javascript, 'colgroup.onmousedown' => $enforce_javascript, 'colgroup.onmousemove' => $enforce_javascript, 'colgroup.onmouseout' => $enforce_javascript, 'colgroup.onmouseover' => $enforce_javascript, 'colgroup.onmouseup' => $enforce_javascript, 'colgroup.span' => $enforce_inumber, 'colgroup.style' => '.*', 'colgroup.title' => '.+', 'colgroup.width' => $enforce_length, 'dd.class' => $enforce_class, 'dd.dir' => $enforce_direction, 'dd.id' => $enforce_id, 'dd.lang' => $enforce_lang, 'dd.onclick' => $enforce_javascript, 'dd.ondblclick' => $enforce_javascript, 'dd.onkeydown' => $enforce_javascript, 'dd.onkeypress' => $enforce_javascript, 'dd.onkeyup' => $enforce_javascript, 'dd.onmousedown' => $enforce_javascript, 'dd.onmousemove' => $enforce_javascript, 'dd.onmouseout' => $enforce_javascript, 'dd.onmouseover' => $enforce_javascript, 'dd.onmouseup' => $enforce_javascript, 'dd.style' => '.*', 'dd.title' => '.+', 'del.cite' => '.+', 'del.class' => $enforce_class, 'del.datetime' => '.+', 'del.dir' => $enforce_direction, 'del.id' => $enforce_id, 'del.lang' => $enforce_lang, 'del.onclick' => $enforce_javascript, 'del.ondblclick' => $enforce_javascript, 'del.onkeydown' => $enforce_javascript, 'del.onkeypress' => $enforce_javascript, 'del.onkeyup' => $enforce_javascript, 'del.onmousedown' => $enforce_javascript, 'del.onmousemove' => $enforce_javascript, 'del.onmouseout' => $enforce_javascript, 'del.onmouseover' => $enforce_javascript, 'del.onmouseup' => $enforce_javascript, 'del.style' => '.*', 'del.title' => '.+', 'dfn.class' => $enforce_class, 'dfn.dir' => $enforce_direction, 'dfn.id' => $enforce_id, 'dfn.lang' => $enforce_lang, 'dfn.onclick' => $enforce_javascript, 'dfn.ondblclick' => $enforce_javascript, 'dfn.onkeydown' => $enforce_javascript, 'dfn.onkeypress' => $enforce_javascript, 'dfn.onkeyup' => $enforce_javascript, 'dfn.onmousedown' => $enforce_javascript, 'dfn.onmousemove' => $enforce_javascript, 'dfn.onmouseout' => $enforce_javascript, 'dfn.onmouseover' => $enforce_javascript, 'dfn.onmouseup' => $enforce_javascript, 'dfn.style' => '.*', 'dfn.title' => '.+', 'div.class' => $enforce_class, 'div.dir' => $enforce_direction, 'div.id' => $enforce_id, 'div.xml:lang' => $enforce_lang, 'div.lang' => $enforce_lang, 'div.onclick' => $enforce_javascript, 'div.ondblclick' => $enforce_javascript, 'div.onkeydown' => $enforce_javascript, 'div.onkeypress' => $enforce_javascript, 'div.onkeyup' => $enforce_javascript, 'div.onmousedown' => $enforce_javascript, 'div.onmousemove' => $enforce_javascript, 'div.onmouseout' => $enforce_javascript, 'div.onmouseover' => $enforce_javascript, 'div.onmouseup' => $enforce_javascript, 'div.style' => '.*', 'div.title' => '.+', 'dl.class' => $enforce_class, 'dl.dir' => $enforce_direction, 'dl.id' => $enforce_id, 'dl.lang' => $enforce_lang, 'dl.onclick' => $enforce_javascript, 'dl.ondblclick' => $enforce_javascript, 'dl.onkeydown' => $enforce_javascript, 'dl.onkeypress' => $enforce_javascript, 'dl.onkeyup' => $enforce_javascript, 'dl.onmousedown' => $enforce_javascript, 'dl.onmousemove' => $enforce_javascript, 'dl.onmouseout' => $enforce_javascript, 'dl.onmouseover' => $enforce_javascript, 'dl.onmouseup' => $enforce_javascript, 'dl.style' => '.*', 'dl.title' => '.+', 'dt.class' => $enforce_class, 'dt.dir' => $enforce_direction, 'dt.id' => $enforce_id, 'dt.lang' => $enforce_lang, 'dt.onclick' => $enforce_javascript, 'dt.ondblclick' => $enforce_javascript, 'dt.onkeydown' => $enforce_javascript, 'dt.onkeypress' => $enforce_javascript, 'dt.onkeyup' => $enforce_javascript, 'dt.onmousedown' => $enforce_javascript, 'dt.onmousemove' => $enforce_javascript, 'dt.onmouseout' => $enforce_javascript, 'dt.onmouseover' => $enforce_javascript, 'dt.onmouseup' => $enforce_javascript, 'dt.style' => '.*', 'dt.title' => '.+', 'em.class' => $enforce_class, 'em.dir' => $enforce_direction, 'em.id' => $enforce_id, 'em.lang' => $enforce_lang, 'em.onclick' => $enforce_javascript, 'em.ondblclick' => $enforce_javascript, 'em.onkeydown' => $enforce_javascript, 'em.onkeypress' => $enforce_javascript, 'em.onkeyup' => $enforce_javascript, 'em.onmousedown' => $enforce_javascript, 'em.onmousemove' => $enforce_javascript, 'em.onmouseout' => $enforce_javascript, 'em.onmouseover' => $enforce_javascript, 'em.onmouseup' => $enforce_javascript, 'em.style' => '.*', 'em.title' => '.+', 'fieldset.class' => $enforce_class, 'fieldset.dir' => $enforce_direction, 'fieldset.id' => $enforce_id, 'fieldset.lang' => $enforce_lang, 'fieldset.onclick' => $enforce_javascript, 'fieldset.ondblclick' => $enforce_javascript, 'fieldset.onkeydown' => $enforce_javascript, 'fieldset.onkeypress' => $enforce_javascript, 'fieldset.onkeyup' => $enforce_javascript, 'fieldset.onmousedown' => $enforce_javascript, 'fieldset.onmousemove' => $enforce_javascript, 'fieldset.onmouseout' => $enforce_javascript, 'fieldset.onmouseover' => $enforce_javascript, 'fieldset.onmouseup' => $enforce_javascript, 'fieldset.style' => '.*', 'fieldset.title' => '.+', 'form.accept-charset' => '.+', 'form.action' => $enforce_link, 'form.class' => $enforce_class, 'form.dir' => $enforce_direction, 'form.id' => $enforce_id, 'form.enctype' => 'multipart/form-data|application/x-www-form-urlencoded', 'form.lang' => $enforce_lang, 'form.method' => '(get|post)', 'form.onclick' => $enforce_javascript, 'form.ondblclick' => $enforce_javascript, 'form.onkeydown' => $enforce_javascript, 'form.onkeypress' => $enforce_javascript, 'form.onkeyup' => $enforce_javascript, 'form.onmousedown' => $enforce_javascript, 'form.onmousemove' => $enforce_javascript, 'form.onmouseout' => $enforce_javascript, 'form.onmouseover' => $enforce_javascript, 'form.onmouseup' => $enforce_javascript, 'form.onreset' => '.+', 'form.style' => '.*', 'form.title' => '.+', 'form.onsubmit' => '.+', 'h1.class' => $enforce_class, 'h1.dir' => $enforce_direction, 'h1.id' => $enforce_id, 'h1.lang' => $enforce_lang, 'h1.onclick' => $enforce_javascript, 'h1.ondblclick' => $enforce_javascript, 'h1.onkeydown' => $enforce_javascript, 'h1.onkeypress' => $enforce_javascript, 'h1.onkeyup' => $enforce_javascript, 'h1.onmousedown' => $enforce_javascript, 'h1.onmousemove' => $enforce_javascript, 'h1.onmouseout' => $enforce_javascript, 'h1.onmouseover' => $enforce_javascript, 'h1.onmouseup' => $enforce_javascript, 'h1.style' => '.*', 'h1.title' => '.+', 'h2.class' => $enforce_class, 'h2.dir' => $enforce_direction, 'h2.id' => $enforce_id, 'h2.lang' => $enforce_lang, 'h2.onclick' => $enforce_javascript, 'h2.ondblclick' => $enforce_javascript, 'h2.onkeydown' => $enforce_javascript, 'h2.onkeypress' => $enforce_javascript, 'h2.onkeyup' => $enforce_javascript, 'h2.onmousedown' => $enforce_javascript, 'h2.onmousemove' => $enforce_javascript, 'h2.onmouseout' => $enforce_javascript, 'h2.onmouseover' => $enforce_javascript, 'h2.onmouseup' => $enforce_javascript, 'h2.style' => '.*', 'h2.title' => '.+', 'h3.class' => $enforce_class, 'h3.dir' => $enforce_direction, 'h3.id' => $enforce_id, 'h3.lang' => $enforce_lang, 'h3.onclick' => $enforce_javascript, 'h3.ondblclick' => $enforce_javascript, 'h3.onkeydown' => $enforce_javascript, 'h3.onkeypress' => $enforce_javascript, 'h3.onkeyup' => $enforce_javascript, 'h3.onmousedown' => $enforce_javascript, 'h3.onmousemove' => $enforce_javascript, 'h3.onmouseout' => $enforce_javascript, 'h3.onmouseover' => $enforce_javascript, 'h3.onmouseup' => $enforce_javascript, 'h3.style' => '.*', 'h3.title' => '.+', 'h4.class' => $enforce_class, 'h4.dir' => $enforce_direction, 'h4.id' => $enforce_id, 'h4.lang' => $enforce_lang, 'h4.onclick' => $enforce_javascript, 'h4.ondblclick' => $enforce_javascript, 'h4.onkeydown' => $enforce_javascript, 'h4.onkeypress' => $enforce_javascript, 'h4.onkeyup' => $enforce_javascript, 'h4.onmousedown' => $enforce_javascript, 'h4.onmousemove' => $enforce_javascript, 'h4.onmouseout' => $enforce_javascript, 'h4.onmouseover' => $enforce_javascript, 'h4.onmouseup' => $enforce_javascript, 'h4.style' => '.*', 'h4.title' => '.+', 'h5.class' => $enforce_class, 'h5.dir' => $enforce_direction, 'h5.id' => $enforce_id, 'h5.lang' => $enforce_lang, 'h5.onclick' => $enforce_javascript, 'h5.ondblclick' => $enforce_javascript, 'h5.onkeydown' => $enforce_javascript, 'h5.onkeypress' => $enforce_javascript, 'h5.onkeyup' => $enforce_javascript, 'h5.onmousedown' => $enforce_javascript, 'h5.onmousemove' => $enforce_javascript, 'h5.onmouseout' => $enforce_javascript, 'h5.onmouseover' => $enforce_javascript, 'h5.onmouseup' => $enforce_javascript, 'h5.style' => '.*', 'h5.title' => '.+', 'h6.class' => $enforce_class, 'h6.dir' => $enforce_direction, 'h6.id' => $enforce_id, 'h6.lang' => $enforce_lang, 'h6.onclick' => $enforce_javascript, 'h6.ondblclick' => $enforce_javascript, 'h6.onkeydown' => $enforce_javascript, 'h6.onkeypress' => $enforce_javascript, 'h6.onkeyup' => $enforce_javascript, 'h6.onmousedown' => $enforce_javascript, 'h6.onmousemove' => $enforce_javascript, 'h6.onmouseout' => $enforce_javascript, 'h6.onmouseover' => $enforce_javascript, 'h6.onmouseup' => $enforce_javascript, 'h6.style' => '.*', 'h6.title' => '.+', 'head.dir' => $enforce_direction, 'head.lang' => $enforce_lang, 'head.profile' => '.+', 'hr.class' => $enforce_class, 'hr.id' => $enforce_id, 'hr.onclick' => $enforce_javascript, 'hr.ondblclick' => $enforce_javascript, 'hr.onkeydown' => $enforce_javascript, 'hr.onkeypress' => $enforce_javascript, 'hr.onkeyup' => $enforce_javascript, 'hr.onmousedown' => $enforce_javascript, 'hr.onmousemove' => $enforce_javascript, 'hr.onmouseout' => $enforce_javascript, 'hr.onmouseover' => $enforce_javascript, 'hr.onmouseup' => $enforce_javascript, 'hr.style' => '.*', 'hr.title' => '.+', 'hr.width' => $enforce_length, 'html.dir' => $enforce_direction, 'html.lang' => $enforce_lang, 'html.xml:lang' => $enforce_lang, 'html.version' => '.+', 'html.xmlns' => '.+', 'i.class' => $enforce_class, 'i.dir' => $enforce_direction, 'i.id' => $enforce_id, 'i.lang' => $enforce_lang, 'i.onclick' => $enforce_javascript, 'i.ondblclick' => $enforce_javascript, 'i.onkeydown' => $enforce_javascript, 'i.onkeypress' => $enforce_javascript, 'i.onkeyup' => $enforce_javascript, 'i.onmousedown' => $enforce_javascript, 'i.onmousemove' => $enforce_javascript, 'i.onmouseout' => $enforce_javascript, 'i.onmouseover' => $enforce_javascript, 'i.onmouseup' => $enforce_javascript, 'i.style' => '.*', 'i.title' => '.+', 'img.alt' => '.*', 'img.class' => $enforce_class, 'img.dir' => $enforce_direction, 'img.height' => $enforce_number, 'img.id' => $enforce_id, 'img.ismap' => 'ismap', 'img.lang' => $enforce_lang, 'img.longdesc' => '.+', 'img.onclick' => $enforce_javascript, 'img.ondblclick' => $enforce_javascript, 'img.onkeydown' => $enforce_javascript, 'img.onkeypress' => $enforce_javascript, 'img.onkeyup' => $enforce_javascript, 'img.onmousedown' => $enforce_javascript, 'img.onmousemove' => $enforce_javascript, 'img.onmouseout' => $enforce_javascript, 'img.onmouseover' => $enforce_javascript, 'img.onmouseup' => $enforce_javascript, 'img.src' => $enforce_link, 'img.style' => '.*', 'img.title' => '.*', 'img.usemap' => '.+', 'img.width' => $enforce_number, 'input.accept' => '.+', 'input.accesskey' => $enforce_character, 'input.alt' => '.*', 'input.checked' => 'checked', 'input.class' => $enforce_class, 'input.dir' => $enforce_direction, 'input.disabled' => 'disabled', 'input.id' => $enforce_id, 'input.lang' => $enforce_lang, 'input.maxlength' => $enforce_inumber, 'input.name' => $enforce_id, 'input.onblur' => '.+', 'input.onchange' => '.+', 'input.onclick' => $enforce_javascript, 'input.ondblclick' => $enforce_javascript, 'input.onfocus' => $enforce_javascript, 'input.onkeydown' => $enforce_javascript, 'input.onkeypress' => $enforce_javascript, 'input.onkeyup' => $enforce_javascript, 'input.onmousedown' => $enforce_javascript, 'input.onmousemove' => $enforce_javascript, 'input.onmouseout' => $enforce_javascript, 'input.onmouseover' => $enforce_javascript, 'input.onmouseup' => $enforce_javascript, 'input.onselect' => '.+', 'input.readonly' => 'readonly', 'input.size' => '.+', 'input.src' => '.+', 'input.style' => '.*', 'input.tabindex' => $enforce_inumber, 'input.title' => '.+', 'input.type' => '(text|password|checkbox|radio|submit|reset|file|hidden|image|button)', 'input.usemap' => '.+', 'input.value' => '.' . ($strict_form_accessibility ? '+' : '*'), 'ins.cite' => '.+', 'ins.class' => $enforce_class, 'ins.datetime' => '.+', 'ins.dir' => $enforce_direction, 'ins.id' => $enforce_id, 'ins.lang' => $enforce_lang, 'ins.onclick' => $enforce_javascript, 'ins.ondblclick' => $enforce_javascript, 'ins.onkeydown' => $enforce_javascript, 'ins.onkeypress' => $enforce_javascript, 'ins.onkeyup' => $enforce_javascript, 'ins.onmousedown' => $enforce_javascript, 'ins.onmousemove' => $enforce_javascript, 'ins.onmouseout' => $enforce_javascript, 'ins.onmouseover' => $enforce_javascript, 'ins.onmouseup' => $enforce_javascript, 'ins.style' => '.*', 'ins.title' => '.+', 'kbd.class' => $enforce_class, 'kbd.dir' => $enforce_direction, 'kbd.id' => $enforce_id, 'kbd.lang' => $enforce_lang, 'kbd.onclick' => $enforce_javascript, 'kbd.ondblclick' => $enforce_javascript, 'kbd.onkeydown' => $enforce_javascript, 'kbd.onkeypress' => $enforce_javascript, 'kbd.onkeyup' => $enforce_javascript, 'kbd.onmousedown' => $enforce_javascript, 'kbd.onmousemove' => $enforce_javascript, 'kbd.onmouseout' => $enforce_javascript, 'kbd.onmouseover' => $enforce_javascript, 'kbd.onmouseup' => $enforce_javascript, 'kbd.style' => '.*', 'kbd.title' => '.+', 'label.accesskey' => $enforce_character, 'label.class' => $enforce_class, 'label.dir' => $enforce_direction, 'label.for' => '.+', 'label.id' => $enforce_id, 'label.lang' => $enforce_lang, 'label.onblur' => '.+', 'label.onclick' => $enforce_javascript, 'label.ondblclick' => $enforce_javascript, 'label.onfocus' => $enforce_javascript, 'label.onkeydown' => $enforce_javascript, 'label.onkeypress' => $enforce_javascript, 'label.onkeyup' => $enforce_javascript, 'label.onmousedown' => $enforce_javascript, 'label.onmousemove' => $enforce_javascript, 'label.onmouseout' => $enforce_javascript, 'label.onmouseover' => $enforce_javascript, 'label.onmouseup' => $enforce_javascript, 'label.style' => '.*', 'label.title' => '.+', 'legend.accesskey' => $enforce_character, 'legend.align' => $enforce_align4, 'legend.class' => $enforce_class, 'legend.dir' => $enforce_direction, 'legend.id' => $enforce_id, 'legend.lang' => $enforce_lang, 'legend.onclick' => $enforce_javascript, 'legend.ondblclick' => $enforce_javascript, 'legend.onkeydown' => $enforce_javascript, 'legend.onkeypress' => $enforce_javascript, 'legend.onkeyup' => $enforce_javascript, 'legend.onmousedown' => $enforce_javascript, 'legend.onmousemove' => $enforce_javascript, 'legend.onmouseout' => $enforce_javascript, 'legend.onmouseover' => $enforce_javascript, 'legend.onmouseup' => $enforce_javascript, 'legend.style' => '.*', 'legend.title' => '.+', 'li.class' => $enforce_class, 'li.dir' => $enforce_direction, 'li.id' => $enforce_id, 'li.lang' => $enforce_lang, 'li.onclick' => $enforce_javascript, 'li.ondblclick' => $enforce_javascript, 'li.onkeydown' => $enforce_javascript, 'li.onkeypress' => $enforce_javascript, 'li.onkeyup' => $enforce_javascript, 'li.onmousedown' => $enforce_javascript, 'li.onmousemove' => $enforce_javascript, 'li.onmouseout' => $enforce_javascript, 'li.onmouseover' => $enforce_javascript, 'li.onmouseup' => $enforce_javascript, 'li.style' => '.*', 'li.title' => '.+', 'link.charset' => '.+', 'link.class' => $enforce_class, 'link.dir' => $enforce_direction, 'link.href' => $enforce_link, 'link.hreflang' => $enforce_lang, 'link.id' => $enforce_id, 'link.lang' => $enforce_lang, 'link.media' => '.+', 'link.onclick' => $enforce_javascript, 'link.ondblclick' => $enforce_javascript, 'link.onkeydown' => $enforce_javascript, 'link.onkeypress' => $enforce_javascript, 'link.onkeyup' => $enforce_javascript, 'link.onmousedown' => $enforce_javascript, 'link.onmousemove' => $enforce_javascript, 'link.onmouseout' => $enforce_javascript, 'link.onmouseover' => $enforce_javascript, 'link.onmouseup' => $enforce_javascript, 'link.rel' => '.+', 'link.rev' => '.+', 'link.style' => '.*', 'link.title' => '.+', 'link.type' => '.+', 'map.class' => $enforce_class, 'map.dir' => $enforce_direction, 'map.id' => $enforce_id, 'map.lang' => $enforce_lang, 'map.onclick' => $enforce_javascript, 'map.ondblclick' => $enforce_javascript, 'map.onkeydown' => $enforce_javascript, 'map.onkeypress' => $enforce_javascript, 'map.onkeyup' => $enforce_javascript, 'map.onmousedown' => $enforce_javascript, 'map.onmousemove' => $enforce_javascript, 'map.onmouseout' => $enforce_javascript, 'map.onmouseover' => $enforce_javascript, 'map.onmouseup' => $enforce_javascript, 'map.style' => '.*', 'map.title' => '.+', 'meta.content' => '.*', 'meta.dir' => $enforce_direction, 'meta.http-equiv' => '[a-zA-Z].+', 'meta.lang' => $enforce_lang, 'meta.name' => '[a-zA-Z].+', 'meta.scheme' => '.+', 'noscript.class' => $enforce_class, 'noscript.dir' => $enforce_direction, 'noscript.id' => $enforce_id, 'noscript.lang' => $enforce_lang, 'noscript.onclick' => $enforce_javascript, 'noscript.ondblclick' => $enforce_javascript, 'noscript.onkeydown' => $enforce_javascript, 'noscript.onkeypress' => $enforce_javascript, 'noscript.onkeyup' => $enforce_javascript, 'noscript.onmousedown' => $enforce_javascript, 'noscript.onmousemove' => $enforce_javascript, 'noscript.onmouseout' => $enforce_javascript, 'noscript.onmouseover' => $enforce_javascript, 'noscript.onmouseup' => $enforce_javascript, 'noscript.style' => '.*', 'noscript.title' => '.+', 'object.archive' => '.+', 'object.class' => $enforce_class, 'object.classid' => '.+', 'object.codebase' => $enforce_link, 'object.codetype' => '.+', 'object.data' => $enforce_link, 'object.declare' => 'declare', 'object.dir' => $enforce_direction, 'object.height' => $enforce_length, 'object.id' => $enforce_id, 'object.lang' => $enforce_lang, 'object.name' => $enforce_id, 'object.onclick' => $enforce_javascript, 'object.ondblclick' => $enforce_javascript, 'object.onkeydown' => $enforce_javascript, 'object.onkeypress' => $enforce_javascript, 'object.onkeyup' => $enforce_javascript, 'object.onmousedown' => $enforce_javascript, 'object.onmousemove' => $enforce_javascript, 'object.onmouseout' => $enforce_javascript, 'object.onmouseover' => $enforce_javascript, 'object.onmouseup' => $enforce_javascript, 'object.standby' => '.+', 'object.style' => '.*', 'object.tabindex' => $enforce_inumber, 'object.title' => '.+', 'object.type' => '.+', 'object.usemap' => '.+', 'object.width' => $enforce_length, 'ol.class' => $enforce_class, 'ol.dir' => $enforce_direction, 'ol.id' => $enforce_id, 'ol.lang' => $enforce_lang, 'ol.onclick' => $enforce_javascript, 'ol.ondblclick' => $enforce_javascript, 'ol.onkeydown' => $enforce_javascript, 'ol.onkeypress' => $enforce_javascript, 'ol.onkeyup' => $enforce_javascript, 'ol.onmousedown' => $enforce_javascript, 'ol.onmousemove' => $enforce_javascript, 'ol.onmouseout' => $enforce_javascript, 'ol.onmouseover' => $enforce_javascript, 'ol.onmouseup' => $enforce_javascript, 'ol.style' => '.*', 'ol.title' => '.+', 'optgroup.class' => $enforce_class, 'optgroup.dir' => $enforce_direction, 'optgroup.disabled' => 'disabled', 'optgroup.id' => $enforce_id, 'optgroup.label' => '.+', 'optgroup.lang' => $enforce_lang, 'optgroup.onclick' => $enforce_javascript, 'optgroup.ondblclick' => $enforce_javascript, 'optgroup.onkeydown' => $enforce_javascript, 'optgroup.onkeypress' => $enforce_javascript, 'optgroup.onkeyup' => $enforce_javascript, 'optgroup.onmousedown' => $enforce_javascript, 'optgroup.onmousemove' => $enforce_javascript, 'optgroup.onmouseout' => $enforce_javascript, 'optgroup.onmouseover' => $enforce_javascript, 'optgroup.onmouseup' => $enforce_javascript, 'optgroup.style' => '.*', 'optgroup.title' => '.+', 'option.class' => $enforce_class, 'option.dir' => $enforce_direction, 'option.disabled' => 'disabled', 'option.id' => $enforce_id, 'option.label' => '.+', 'option.lang' => $enforce_lang, 'option.onclick' => $enforce_javascript, 'option.ondblclick' => $enforce_javascript, 'option.onkeydown' => $enforce_javascript, 'option.onkeypress' => $enforce_javascript, 'option.onkeyup' => $enforce_javascript, 'option.onmousedown' => $enforce_javascript, 'option.onmousemove' => $enforce_javascript, 'option.onmouseout' => $enforce_javascript, 'option.onmouseover' => $enforce_javascript, 'option.onmouseup' => $enforce_javascript, 'option.selected' => 'selected', 'option.style' => '.*', 'option.title' => '.+', 'option.value' => '.*', 'p.class' => $enforce_class, 'p.dir' => $enforce_direction, 'p.id' => $enforce_id, 'p.lang' => $enforce_lang, 'p.onclick' => $enforce_javascript, 'p.ondblclick' => $enforce_javascript, 'p.onkeydown' => $enforce_javascript, 'p.onkeypress' => $enforce_javascript, 'p.onkeyup' => $enforce_javascript, 'p.onmousedown' => $enforce_javascript, 'p.onmousemove' => $enforce_javascript, 'p.onmouseout' => $enforce_javascript, 'p.onmouseover' => $enforce_javascript, 'p.onmouseup' => $enforce_javascript, 'p.style' => '.*', 'p.title' => '.+', 'param.id' => $enforce_id, 'param.name' => $enforce_id, 'param.type' => '.+', 'param.value' => '.+', 'param.valuetype' => '(data|ref|object)', 'pre.class' => $enforce_class, 'pre.dir' => $enforce_direction, 'pre.id' => $enforce_id, 'pre.lang' => $enforce_lang, 'pre.onclick' => $enforce_javascript, 'pre.ondblclick' => $enforce_javascript, 'pre.onkeydown' => $enforce_javascript, 'pre.onkeypress' => $enforce_javascript, 'pre.onkeyup' => $enforce_javascript, 'pre.onmousedown' => $enforce_javascript, 'pre.onmousemove' => $enforce_javascript, 'pre.onmouseout' => $enforce_javascript, 'pre.onmouseover' => $enforce_javascript, 'pre.onmouseup' => $enforce_javascript, 'pre.style' => '.*', 'pre.title' => '.+', 'q.cite' => '.+', 'q.class' => $enforce_class, 'q.dir' => $enforce_direction, 'q.id' => $enforce_id, 'q.lang' => $enforce_lang, 'q.onclick' => $enforce_javascript, 'q.ondblclick' => $enforce_javascript, 'q.onkeydown' => $enforce_javascript, 'q.onkeypress' => $enforce_javascript, 'q.onkeyup' => $enforce_javascript, 'q.onmousedown' => $enforce_javascript, 'q.onmousemove' => $enforce_javascript, 'q.onmouseout' => $enforce_javascript, 'q.onmouseover' => $enforce_javascript, 'q.onmouseup' => $enforce_javascript, 'q.style' => '.*', 'q.title' => '.+', 'samp.class' => $enforce_class, 'samp.dir' => $enforce_direction, 'samp.id' => $enforce_id, 'samp.lang' => $enforce_lang, 'samp.onclick' => $enforce_javascript, 'samp.ondblclick' => $enforce_javascript, 'samp.onkeydown' => $enforce_javascript, 'samp.onkeypress' => $enforce_javascript, 'samp.onkeyup' => $enforce_javascript, 'samp.onmousedown' => $enforce_javascript, 'samp.onmousemove' => $enforce_javascript, 'samp.onmouseout' => $enforce_javascript, 'samp.onmouseover' => $enforce_javascript, 'samp.onmouseup' => $enforce_javascript, 'samp.style' => '.*', 'samp.title' => '.+', 'script.charset' => '.+', 'script.defer' => 'defer', 'script.event' => '.+', 'script.for' => '.+', 'script.src' => '.+', 'script.type' => 'text/javascript', 'select.class' => $enforce_class, 'select.dir' => $enforce_direction, 'select.disabled' => 'disabled', 'select.id' => $enforce_id, 'select.lang' => $enforce_lang, 'select.multiple' => 'multiple', 'select.name' => $enforce_name, 'select.onblur' => '.+', 'select.onchange' => '.+', 'select.onclick' => $enforce_javascript, 'select.ondblclick' => $enforce_javascript, 'select.onfocus' => $enforce_javascript, 'select.onkeydown' => $enforce_javascript, 'select.onkeypress' => $enforce_javascript, 'select.onkeyup' => $enforce_javascript, 'select.onmousedown' => $enforce_javascript, 'select.onmousemove' => $enforce_javascript, 'select.onmouseout' => $enforce_javascript, 'select.onmouseover' => $enforce_javascript, 'select.onmouseup' => $enforce_javascript, 'select.size' => $enforce_inumber, 'select.style' => '.*', 'select.tabindex' => $enforce_inumber, 'select.title' => '.*', 'small.class' => $enforce_class, 'small.dir' => $enforce_direction, 'small.id' => $enforce_id, 'small.lang' => $enforce_lang, 'small.onclick' => $enforce_javascript, 'small.ondblclick' => $enforce_javascript, 'small.onkeydown' => $enforce_javascript, 'small.onkeypress' => $enforce_javascript, 'small.onkeyup' => $enforce_javascript, 'small.onmousedown' => $enforce_javascript, 'small.onmousemove' => $enforce_javascript, 'small.onmouseout' => $enforce_javascript, 'small.onmouseover' => $enforce_javascript, 'small.onmouseup' => $enforce_javascript, 'small.style' => '.*', 'small.title' => '.+', 'span.class' => $enforce_class, 'span.dir' => $enforce_direction, 'span.id' => $enforce_id, 'span.xml:lang' => $enforce_lang, 'span.lang' => $enforce_lang, 'span.onclick' => $enforce_javascript, 'span.ondblclick' => $enforce_javascript, 'span.onkeydown' => $enforce_javascript, 'span.onkeypress' => $enforce_javascript, 'span.onkeyup' => $enforce_javascript, 'span.onmousedown' => $enforce_javascript, 'span.onmousemove' => $enforce_javascript, 'span.onmouseout' => $enforce_javascript, 'span.onmouseover' => $enforce_javascript, 'span.onmouseup' => $enforce_javascript, 'span.style' => '.*', 'span.title' => '.+', 'strong.class' => $enforce_class, 'strong.dir' => $enforce_direction, 'strong.id' => $enforce_id, 'strong.lang' => $enforce_lang, 'strong.onclick' => $enforce_javascript, 'strong.ondblclick' => $enforce_javascript, 'strong.onkeydown' => $enforce_javascript, 'strong.onkeypress' => $enforce_javascript, 'strong.onkeyup' => $enforce_javascript, 'strong.onmousedown' => $enforce_javascript, 'strong.onmousemove' => $enforce_javascript, 'strong.onmouseout' => $enforce_javascript, 'strong.onmouseover' => $enforce_javascript, 'strong.onmouseup' => $enforce_javascript, 'strong.style' => '.*', 'strong.title' => '.+', 'style.dir' => $enforce_direction, 'style.lang' => $enforce_lang, 'style.media' => '.+', 'style.title' => '.+', 'style.type' => 'text/css', 'sub.class' => $enforce_class, 'sub.dir' => $enforce_direction, 'sub.id' => $enforce_id, 'sub.lang' => $enforce_lang, 'sub.onclick' => $enforce_javascript, 'sub.ondblclick' => $enforce_javascript, 'sub.onkeydown' => $enforce_javascript, 'sub.onkeypress' => $enforce_javascript, 'sub.onkeyup' => $enforce_javascript, 'sub.onmousedown' => $enforce_javascript, 'sub.onmousemove' => $enforce_javascript, 'sub.onmouseout' => $enforce_javascript, 'sub.onmouseover' => $enforce_javascript, 'sub.onmouseup' => $enforce_javascript, 'sub.style' => '.*', 'sub.title' => '.+', 'sup.class' => $enforce_class, 'sup.dir' => $enforce_direction, 'sup.id' => $enforce_id, 'sup.lang' => $enforce_lang, 'sup.onclick' => $enforce_javascript, 'sup.ondblclick' => $enforce_javascript, 'sup.onkeydown' => $enforce_javascript, 'sup.onkeypress' => $enforce_javascript, 'sup.onkeyup' => $enforce_javascript, 'sup.onmousedown' => $enforce_javascript, 'sup.onmousemove' => $enforce_javascript, 'sup.onmouseout' => $enforce_javascript, 'sup.onmouseover' => $enforce_javascript, 'sup.onmouseup' => $enforce_javascript, 'sup.style' => '.*', 'sup.title' => '.+', 'table.border' => $enforce_pixels, 'table.cellpadding' => $enforce_length, 'table.cellspacing' => $enforce_length, 'table.class' => $enforce_class, 'table.dir' => $enforce_direction, 'table.frame' => '(void|above|below|hsides|lhs|rhs|vsides|box|border)', 'table.id' => $enforce_id, 'table.lang' => $enforce_lang, 'table.onclick' => $enforce_javascript, 'table.ondblclick' => $enforce_javascript, 'table.onkeydown' => $enforce_javascript, 'table.onkeypress' => $enforce_javascript, 'table.onkeyup' => $enforce_javascript, 'table.onmousedown' => $enforce_javascript, 'table.onmousemove' => $enforce_javascript, 'table.onmouseout' => $enforce_javascript, 'table.onmouseover' => $enforce_javascript, 'table.onmouseup' => $enforce_javascript, 'table.rules' => '(none|groups|rows|cols|all)', 'table.style' => '.*', 'table.summary' => '.*', 'table.title' => '.+', 'table.width' => $enforce_length, 'tbody.align' => $enforce_align, 'tbody.char' => $enforce_character, 'tbody.charoff' => $enforce_length, 'tbody.class' => $enforce_class, 'tbody.dir' => $enforce_direction, 'tbody.id' => $enforce_id, 'tbody.lang' => $enforce_lang, 'tbody.onclick' => $enforce_javascript, 'tbody.ondblclick' => $enforce_javascript, 'tbody.onkeydown' => $enforce_javascript, 'tbody.onkeypress' => $enforce_javascript, 'tbody.onkeyup' => $enforce_javascript, 'tbody.onmousedown' => $enforce_javascript, 'tbody.onmousemove' => $enforce_javascript, 'tbody.onmouseout' => $enforce_javascript, 'tbody.onmouseover' => $enforce_javascript, 'tbody.onmouseup' => $enforce_javascript, 'tbody.style' => '.*', 'tbody.title' => '.+', 'td.abbr' => '.+', 'td.align' => $enforce_align, 'td.axis' => '.+', 'td.char' => $enforce_character, 'td.charoff' => $enforce_length, 'td.class' => $enforce_class, 'td.colspan' => $enforce_inumber, 'td.dir' => $enforce_direction, 'td.headers' => '.+', 'td.id' => $enforce_id, 'td.lang' => $enforce_lang, 'td.onclick' => $enforce_javascript, 'td.ondblclick' => $enforce_javascript, 'td.onkeydown' => $enforce_javascript, 'td.onkeypress' => $enforce_javascript, 'td.onkeyup' => $enforce_javascript, 'td.onmousedown' => $enforce_javascript, 'td.onmousemove' => $enforce_javascript, 'td.onmouseout' => $enforce_javascript, 'td.onmouseover' => $enforce_javascript, 'td.onmouseup' => $enforce_javascript, 'td.rowspan' => $enforce_inumber, 'td.scope' => '(row|col|rowgroup|colgroup)', 'td.style' => '.*', 'td.title' => '.+', 'textarea.accesskey' => $enforce_character, 'textarea.class' => $enforce_class, 'textarea.cols' => $enforce_inumber, 'textarea.dir' => $enforce_direction, 'textarea.disabled' => 'disabled', 'textarea.id' => $enforce_id, 'textarea.lang' => $enforce_lang, 'textarea.name' => $enforce_id, 'textarea.onblur' => '.+', 'textarea.onchange' => '.+', 'textarea.onclick' => $enforce_javascript, 'textarea.ondblclick' => $enforce_javascript, 'textarea.onfocus' => $enforce_javascript, 'textarea.onkeydown' => $enforce_javascript, 'textarea.onkeypress' => $enforce_javascript, 'textarea.onkeyup' => $enforce_javascript, 'textarea.onmousedown' => $enforce_javascript, 'textarea.onmousemove' => $enforce_javascript, 'textarea.onmouseout' => $enforce_javascript, 'textarea.onmouseover' => $enforce_javascript, 'textarea.onmouseup' => $enforce_javascript, 'textarea.onselect' => '.+', 'textarea.readonly' => 'readonly', 'textarea.rows' => $enforce_inumber, 'textarea.style' => '.*', 'textarea.tabindex' => $enforce_inumber, 'textarea.title' => '.+', 'tfoot.align' => $enforce_align, 'tfoot.char' => $enforce_character, 'tfoot.charoff' => $enforce_length, 'tfoot.class' => $enforce_class, 'tfoot.dir' => $enforce_direction, 'tfoot.id' => $enforce_id, 'tfoot.lang' => $enforce_lang, 'tfoot.onclick' => $enforce_javascript, 'tfoot.ondblclick' => $enforce_javascript, 'tfoot.onkeydown' => $enforce_javascript, 'tfoot.onkeypress' => $enforce_javascript, 'tfoot.onkeyup' => $enforce_javascript, 'tfoot.onmousedown' => $enforce_javascript, 'tfoot.onmousemove' => $enforce_javascript, 'tfoot.onmouseout' => $enforce_javascript, 'tfoot.onmouseover' => $enforce_javascript, 'tfoot.onmouseup' => $enforce_javascript, 'tfoot.style' => '.*', 'tfoot.title' => '.+', 'th.abbr' => '.+', 'th.align' => $enforce_align, 'th.axis' => '.+', 'th.char' => $enforce_character, 'th.charoff' => $enforce_length, 'th.class' => $enforce_class, 'th.colspan' => $enforce_inumber, 'th.dir' => $enforce_direction, 'th.headers' => '.+', 'th.height' => $enforce_length, 'th.id' => $enforce_id, 'th.lang' => $enforce_lang, 'th.onclick' => $enforce_javascript, 'th.ondblclick' => $enforce_javascript, 'th.onkeydown' => $enforce_javascript, 'th.onkeypress' => $enforce_javascript, 'th.onkeyup' => $enforce_javascript, 'th.onmousedown' => $enforce_javascript, 'th.onmousemove' => $enforce_javascript, 'th.onmouseout' => $enforce_javascript, 'th.onmouseover' => $enforce_javascript, 'th.onmouseup' => $enforce_javascript, 'th.rowspan' => $enforce_inumber, 'th.scope' => '(row|col|rowgroup|colgroup)', 'th.style' => '.*', 'th.title' => '.+', 'th.width' => $enforce_length, 'thead.align' => $enforce_align, 'thead.char' => $enforce_character, 'thead.charoff' => $enforce_length, 'thead.class' => $enforce_class, 'thead.dir' => $enforce_direction, 'thead.id' => $enforce_id, 'thead.lang' => $enforce_lang, 'thead.onclick' => $enforce_javascript, 'thead.ondblclick' => $enforce_javascript, 'thead.onkeydown' => $enforce_javascript, 'thead.onkeypress' => $enforce_javascript, 'thead.onkeyup' => $enforce_javascript, 'thead.onmousedown' => $enforce_javascript, 'thead.onmousemove' => $enforce_javascript, 'thead.onmouseout' => $enforce_javascript, 'thead.onmouseover' => $enforce_javascript, 'thead.onmouseup' => $enforce_javascript, 'thead.style' => '.*', 'thead.title' => '.+', 'title.dir' => $enforce_direction, 'title.lang' => $enforce_lang, 'tr.align' => $enforce_align, 'tr.char' => $enforce_character, 'tr.charoff' => $enforce_length, 'tr.class' => $enforce_class, 'tr.dir' => $enforce_direction, 'tr.id' => $enforce_id, 'tr.lang' => $enforce_lang, 'tr.onclick' => $enforce_javascript, 'tr.ondblclick' => $enforce_javascript, 'tr.onkeydown' => $enforce_javascript, 'tr.onkeypress' => $enforce_javascript, 'tr.onkeyup' => $enforce_javascript, 'tr.onmousedown' => $enforce_javascript, 'tr.onmousemove' => $enforce_javascript, 'tr.onmouseout' => $enforce_javascript, 'tr.onmouseover' => $enforce_javascript, 'tr.onmouseup' => $enforce_javascript, 'tr.style' => '.*', 'tr.title' => '.+', 'tt.class' => $enforce_class, 'tt.dir' => $enforce_direction, 'tt.id' => $enforce_id, 'tt.lang' => $enforce_lang, 'tt.onclick' => $enforce_javascript, 'tt.ondblclick' => $enforce_javascript, 'tt.onkeydown' => $enforce_javascript, 'tt.onkeypress' => $enforce_javascript, 'tt.onkeyup' => $enforce_javascript, 'tt.onmousedown' => $enforce_javascript, 'tt.onmousemove' => $enforce_javascript, 'tt.onmouseout' => $enforce_javascript, 'tt.onmouseover' => $enforce_javascript, 'tt.onmouseup' => $enforce_javascript, 'tt.style' => '.*', 'tt.title' => '.+', 'ul.class' => $enforce_class, 'ul.dir' => $enforce_direction, 'ul.id' => $enforce_id, 'ul.lang' => $enforce_lang, 'ul.onclick' => $enforce_javascript, 'ul.ondblclick' => $enforce_javascript, 'ul.onkeydown' => $enforce_javascript, 'ul.onkeypress' => $enforce_javascript, 'ul.onkeyup' => $enforce_javascript, 'ul.onmousedown' => $enforce_javascript, 'ul.onmousemove' => $enforce_javascript, 'ul.onmouseout' => $enforce_javascript, 'ul.onmouseover' => $enforce_javascript, 'ul.onmouseup' => $enforce_javascript, 'ul.style' => '.*', 'ul.title' => '.+', 'var.class' => $enforce_class, 'var.dir' => $enforce_direction, 'var.id' => $enforce_id, 'var.lang' => $enforce_lang, 'var.onclick' => $enforce_javascript, 'var.ondblclick' => $enforce_javascript, 'var.onkeydown' => $enforce_javascript, 'var.onkeypress' => $enforce_javascript, 'var.onkeyup' => $enforce_javascript, 'var.onmousedown' => $enforce_javascript, 'var.onmousemove' => $enforce_javascript, 'var.onmouseout' => $enforce_javascript, 'var.onmouseover' => $enforce_javascript, 'var.onmouseup' => $enforce_javascript, 'var.style' => '.*', 'var.title' => '.+', 'map.name' => $enforce_id, 'a.target' => '.+', 'base.target' => '.+', 'form.target' => '.+', 'iframe.align' => $enforce_align2, 'iframe.class' => $enforce_class, 'iframe.height' => $enforce_length, 'iframe.id' => $enforce_id, 'iframe.longdesc' => '.+', 'iframe.name' => $enforce_id, 'iframe.scrolling' => '(yes|no|auto)', 'iframe.src' => '.+', 'iframe.style' => '.*', 'iframe.title' => '.*', 'iframe.frameborder' => '(1|0)', 'iframe.marginheight' => $enforce_pixels, 'iframe.marginwidth' => $enforce_pixels, 'ruby.class' => $enforce_class, 'ruby.dir' => $enforce_direction, 'ruby.id' => $enforce_id, 'ruby.lang' => $enforce_lang, 'ruby.onclick' => $enforce_javascript, 'ruby.ondblclick' => $enforce_javascript, 'ruby.onkeydown' => $enforce_javascript, 'ruby.onkeypress' => $enforce_javascript, 'ruby.onkeyup' => $enforce_javascript, 'ruby.onmousedown' => $enforce_javascript, 'ruby.onmousemove' => $enforce_javascript, 'ruby.onmouseout' => $enforce_javascript, 'ruby.onmouseover' => $enforce_javascript, 'ruby.onmouseup' => $enforce_javascript, 'ruby.style' => '.*', 'ruby.title' => '.+', 'rbc.class' => $enforce_class, 'rbc.dir' => $enforce_direction, 'rbc.id' => $enforce_id, 'rbc.lang' => $enforce_lang, 'rbc.onclick' => $enforce_javascript, 'rbc.ondblclick' => $enforce_javascript, 'rbc.onkeydown' => $enforce_javascript, 'rbc.onkeypress' => $enforce_javascript, 'rbc.onkeyup' => $enforce_javascript, 'rbc.onmousedown' => $enforce_javascript, 'rbc.onmousemove' => $enforce_javascript, 'rbc.onmouseout' => $enforce_javascript, 'rbc.onmouseover' => $enforce_javascript, 'rbc.onmouseup' => $enforce_javascript, 'rbc.style' => '.*', 'rbc.title' => '.+', 'rtc.class' => $enforce_class, 'rtc.dir' => $enforce_direction, 'rtc.id' => $enforce_id, 'rtc.lang' => $enforce_lang, 'rtc.onclick' => $enforce_javascript, 'rtc.ondblclick' => $enforce_javascript, 'rtc.onkeydown' => $enforce_javascript, 'rtc.onkeypress' => $enforce_javascript, 'rtc.onkeyup' => $enforce_javascript, 'rtc.onmousedown' => $enforce_javascript, 'rtc.onmousemove' => $enforce_javascript, 'rtc.onmouseout' => $enforce_javascript, 'rtc.onmouseover' => $enforce_javascript, 'rtc.onmouseup' => $enforce_javascript, 'rtc.style' => '.*', 'rtc.title' => '.+', 'rb.class' => $enforce_class, 'rb.dir' => $enforce_direction, 'rb.id' => $enforce_id, 'rb.lang' => $enforce_lang, 'rb.onclick' => $enforce_javascript, 'rb.ondblclick' => $enforce_javascript, 'rb.onkeydown' => $enforce_javascript, 'rb.onkeypress' => $enforce_javascript, 'rb.onkeyup' => $enforce_javascript, 'rb.onmousedown' => $enforce_javascript, 'rb.onmousemove' => $enforce_javascript, 'rb.onmouseout' => $enforce_javascript, 'rb.onmouseover' => $enforce_javascript, 'rb.onmouseup' => $enforce_javascript, 'rb.style' => '.*', 'rb.title' => '.+', 'rt.class' => $enforce_class, 'rt.dir' => $enforce_direction, 'rt.id' => $enforce_id, 'rt.lang' => $enforce_lang, 'rt.onclick' => $enforce_javascript, 'rt.ondblclick' => $enforce_javascript, 'rt.onkeydown' => $enforce_javascript, 'rt.onkeypress' => $enforce_javascript, 'rt.onkeyup' => $enforce_javascript, 'rt.onmousedown' => $enforce_javascript, 'rt.onmousemove' => $enforce_javascript, 'rt.onmouseout' => $enforce_javascript, 'rt.onmouseover' => $enforce_javascript, 'rt.onmouseup' => $enforce_javascript, 'rt.style' => '.*', 'rt.title' => '.+', 'rt.rbspan' => $enforce_inumber);
global $TAG_ATTRIBUTES_DEPRECATED;
$TAG_ATTRIBUTES_DEPRECATED = array('img.align' => $enforce_align2, 'iframe.width' => $enforce_length, 'script.language' => 'Javascript', 'dir.class' => $enforce_class, 'dir.compact' => 'compact', 'dir.dir' => $enforce_direction, 'dir.id' => $enforce_id, 'dir.lang' => $enforce_lang, 'dir.onclick' => $enforce_javascript, 'dir.ondblclick' => $enforce_javascript, 'dir.onkeydown' => $enforce_javascript, 'dir.onkeypress' => $enforce_javascript, 'dir.onkeyup' => $enforce_javascript, 'dir.onmousedown' => $enforce_javascript, 'dir.onmousemove' => $enforce_javascript, 'dir.onmouseout' => $enforce_javascript, 'dir.onmouseover' => $enforce_javascript, 'dir.onmouseup' => $enforce_javascript, 'dir.style' => '.*', 'dir.title' => '.+', 'menu.class' => $enforce_class, 'menu.compact' => 'compact', 'menu.dir' => $enforce_direction, 'menu.id' => $enforce_id, 'menu.lang' => $enforce_lang, 'menu.onclick' => $enforce_javascript, 'menu.ondblclick' => $enforce_javascript, 'menu.onkeydown' => $enforce_javascript, 'menu.onkeypress' => $enforce_javascript, 'menu.onkeyup' => $enforce_javascript, 'menu.onmousedown' => $enforce_javascript, 'menu.onmousemove' => $enforce_javascript, 'menu.onmouseout' => $enforce_javascript, 'menu.onmouseover' => $enforce_javascript, 'menu.onmouseup' => $enforce_javascript, 'menu.style' => '.*', 'menu.title' => '.+', 'center.class' => $enforce_class, 'center.dir' => $enforce_direction, 'center.id' => $enforce_id, 'center.lang' => $enforce_lang, 'center.onclick' => $enforce_javascript, 'center.ondblclick' => $enforce_javascript, 'center.onkeydown' => $enforce_javascript, 'center.onkeypress' => $enforce_javascript, 'center.onkeyup' => $enforce_javascript, 'center.onmousedown' => $enforce_javascript, 'center.onmousemove' => $enforce_javascript, 'center.onmouseout' => $enforce_javascript, 'center.onmouseover' => $enforce_javascript, 'center.onmouseup' => $enforce_javascript, 'center.style' => '.*', 'center.title' => '.+', 'applet.align' => $enforce_align2, 'applet.alt' => '.*', 'applet.archive' => '.+', 'applet.class' => $enforce_class, 'applet.code' => '.+', 'applet.codebase' => '.+', 'applet.height' => $enforce_length, 'applet.hspace' => $enforce_pixels, 'applet.id' => $enforce_id, 'applet.name' => $enforce_id, 'applet.object' => '.+', 'applet.style' => '.*', 'applet.title' => '.+', 'applet.vspace' => $enforce_pixels, 'applet.width' => $enforce_length, 'font.class' => $enforce_class, 'font.color' => $enforce_color, 'font.dir' => $enforce_direction, 'font.face' => '.+', 'font.id' => $enforce_id, 'font.lang' => $enforce_lang, 'font.size' => '.+', 'font.style' => '.*', 'font.title' => '.+', 'basefont.color' => $enforce_color, 'basefont.face' => '.+', 'basefont.id' => $enforce_id, 'basefont.size' => '.+', 's.class' => $enforce_class, 's.dir' => $enforce_direction, 's.id' => $enforce_id, 's.lang' => $enforce_lang, 's.onclick' => $enforce_javascript, 's.ondblclick' => $enforce_javascript, 's.onkeydown' => $enforce_javascript, 's.onkeypress' => $enforce_javascript, 's.onkeyup' => $enforce_javascript, 's.onmousedown' => $enforce_javascript, 's.onmousemove' => $enforce_javascript, 's.onmouseout' => $enforce_javascript, 's.onmouseover' => $enforce_javascript, 's.onmouseup' => $enforce_javascript, 's.style' => '.*', 's.title' => '.+', 'strike.class' => $enforce_class, 'strike.dir' => $enforce_direction, 'strike.id' => $enforce_id, 'strike.lang' => $enforce_lang, 'strike.onclick' => $enforce_javascript, 'strike.ondblclick' => $enforce_javascript, 'strike.onkeydown' => $enforce_javascript, 'strike.onkeypress' => $enforce_javascript, 'strike.onkeyup' => $enforce_javascript, 'strike.onmousedown' => $enforce_javascript, 'strike.onmousemove' => $enforce_javascript, 'strike.onmouseout' => $enforce_javascript, 'strike.onmouseover' => $enforce_javascript, 'strike.onmouseup' => $enforce_javascript, 'strike.style' => '.*', 'strike.title' => '.+', 'u.class' => $enforce_class, 'u.dir' => $enforce_direction, 'u.id' => $enforce_id, 'u.lang' => $enforce_lang, 'u.onclick' => $enforce_javascript, 'u.ondblclick' => $enforce_javascript, 'u.onkeydown' => $enforce_javascript, 'u.onkeypress' => $enforce_javascript, 'u.onkeyup' => $enforce_javascript, 'u.onmousedown' => $enforce_javascript, 'u.onmousemove' => $enforce_javascript, 'u.onmouseout' => $enforce_javascript, 'u.onmouseover' => $enforce_javascript, 'u.onmouseup' => $enforce_javascript, 'u.style' => '.*', 'u.title' => '.+', 'base.target' => '.+', 'link.target' => '.+', 'body.bgcolor' => $enforce_color, 'body.text' => $enforce_color, 'body.vlink' => $enforce_color, 'body.link' => $enforce_color, 'body.alink' => $enforce_color, 'div.align' => $enforce_align3, 'p.align' => $enforce_align3, 'h1.align' => $enforce_align3, 'h2.align' => $enforce_align3, 'h3.align' => $enforce_align3, 'h4.align' => $enforce_align3, 'h5.align' => $enforce_align3, 'h6.align' => $enforce_align3, 'ul.compact' => 'compact', 'ul.type' => '(disc|square|circle)', 'ol.compact' => 'compact', 'ol.start' => $enforce_inumber, 'ol.type' => '.+', 'li.type' => '.+', 'li.value' => $enforce_inumber, 'dl.compact' => 'compact', 'hr.align' => '(left|center|right)', 'hr.noshade' => 'noshade', 'hr.size' => '.+', 'pre.width' => $enforce_inumber, 'br.clear' => '(left|all|right|none)', 'object.align' => $enforce_align2, 'object.border' => $enforce_pixels, 'object.hspace' => $enforce_pixels, 'object.vspace' => $enforce_pixels, 'img.hspace' => $enforce_pixels, 'img.vspace' => $enforce_pixels, 'input.align' => $enforce_align2, 'table.align' => '(left|center|right)', 'table.bgcolor' => $enforce_color, 'caption.align' => $enforce_align4, 'tr.bgcolor' => $enforce_color, 'th.nowrap' => 'nowrap', 'th.bgcolor' => $enforce_color, 'td.bgcolor' => $enforce_color, 'td.nowrap' => 'nowrap', 'td.width' => $enforce_number, 'td.height' => $enforce_number);
global $TAG_ATTRIBUTES_REQUIRED;
$TAG_ATTRIBUTES_REQUIRED = array('base' => array('href'), 'html' => array('xmlns', 'xml:lang'), 'meta' => array('content'), 'style' => array('type'), 'script' => array('type'), 'bdo' => array('dir'), 'basefont' => array('size'), 'iframe' => array('src', 'title'), 'img' => array('src', 'alt'), 'label' => array('for'), 'map' => array('id'), 'area' => array('alt'), 'form' => array('action'), 'textarea' => array('cols', 'rows'), 'table' => array('summary'), 'optgroup' => array('label'));
// B's may not appear under A
global $PROHIBITIONS;
$PROHIBITIONS = array('a' => array('a'), 'button' => array('input', 'select', 'textarea', 'label', 'button', 'form', 'fieldset', 'iframe'), 'p' => array('p', 'table', 'div', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'pre', 'hr'), 'form' => array('form'), 'em' => array('em'), 'abbr' => array('abbr'), 'acronym' => array('acronym'), 'strong' => array('strong'), 'label' => array('label', 'div'));
// Only B's can be under A
global $ONLY_CHILDREN;
$ONLY_CHILDREN = array('ruby' => array('rbc', 'rtc', 'rp'), 'tr' => array('td', 'th'), 'thead' => array('tr'), 'tbody' => array('tr'), 'tfoot' => array('tr'), 'table' => array('tbody', 'thead', 'tfoot', 'tr', 'colgroup', 'col', 'caption'), 'colgroup' => array('col'), 'select' => array('option'), 'legend' => array('ins', 'del'), 'html' => array('head', 'body'), 'object' => array('param', 'object', 'embed'), 'embed' => array('noembed'), 'applet' => array('param'), 'head' => array('meta', 'base', 'basefont', 'script', 'link', 'noscript', 'map', 'title', 'style'), 'ul' => array('li'), 'ol' => array('li'), 'menu' => array('li'), 'dl' => array('li', 'dt', 'dd'), 'dir' => array('li'), 'hr' => array(), 'img' => array(), 'input' => array(), 'br' => array(), 'meta' => array(), 'base' => array(), 'title' => array(), 'textarea' => array(), 'style' => array(), 'pre' => array(), 'script' => array(), 'param' => array(), 'area' => array(), 'link' => array('link'), 'basefont' => array(), 'col' => array());
// A can only occur underneath B's
global $ONLY_PARENT;
$ONLY_PARENT = array('rb' => array('rbc'), 'rt' => array('rtc'), 'rbc' => array('ruby'), 'rtc' => array('ruby'), 'rp' => array('ruby'), 'area' => array('map'), 'base' => array('head'), 'body' => array('html'), 'head' => array('html'), 'param' => array('script', 'object'), 'meta' => array('head'), 'link' => array('head', 'link'), 'li' => array('ul', 'ol', 'dd', 'menu', 'dt', 'dl', 'dir'), 'style' => array('head'), 'tbody' => array('table'), 'tfoot' => array('table'), 'thead' => array('table'), 'th' => array('tr'), 'td' => array('tr'), 'tr' => array('table', 'thead', 'tbody', 'tfoot'), 'title' => array('head'), 'caption' => array('table'), 'col' => array('colgroup', 'table'), 'colgroup' => array('table'), 'option' => array('select'), 'noembed' => array('embed'));
global $REQUIRE_ANCESTER;
$REQUIRE_ANCESTER = array('legend' => 'fieldset', 'textarea' => 'form', 'input' => 'form', 'option' => 'form', 'optgroup' => 'form', 'select' => 'form');
global $TEXT_NO_BLOCK;
$TEXT_NO_BLOCK = array('table' => 1, 'tr' => 1, 'tfoot' => 1, 'thead' => 1, 'ul' => 1, 'ol' => 1, 'dl' => 1, 'optgroup' => 1, 'select' => 1, 'colgroup' => 1, 'map' => 1, 'body' => 1, 'form' => 1);
define('IN_XML_TAG', -3);
define('IN_DTD_TAG', -2);
define('NO_MANS_LAND', -1);
define('IN_COMMENT', 0);
define('IN_TAG_NAME', 1);
define('STARTING_TAG', 2);
define('IN_TAG_BETWEEN_ATTRIBUTES', 3);
define('IN_TAG_ATTRIBUTE_NAME', 4);
define('IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT', 5);
define('IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT', 7);
define('IN_TAG_ATTRIBUTE_VALUE_BIG_QUOTES', 10);
define('IN_TAG_ATTRIBUTE_VALUE_NO_QUOTES', 12);
define('IN_TAG_EMBEDDED_COMMENT', 9);
define('IN_TAG_ATTRIBUTE_VALUE_LITTLE_QUOTES', 8);
define('IN_CDATA', 11);
define('CSS_AT_RULE_BLOCK', -4);
define('CSS_AT_RULE', -3);
define('CSS_NO_MANS_LAND', -2);
define('CSS_EXPECTING_CLASS_NAME', -1);
define('CSS_IN_COMMENT', 0);
define('CSS_IN_CLASS', 1);
define('CSS_EXPECTING_SEP_OR_CLASS_NAME_OR_CLASS', 2);
define('CSS_IN_CLASS_NAME', 3);
define('_CSS_NO_MANS_LAND', 0);
define('_CSS_IN_PROPERTY_KEY', 1);
define('_CSS_IN_PROPERTY_BETWEEN', 2);
define('_CSS_IN_PROPERTY_VALUE', 3);
define('_CSS_IN_COMMENT', 4);
define('_CSS_EXPECTING_END', 5);
}
/**
* Take a URL and process it to make a hard include. We'll get the HTML and we'll also load up some global stuff for 'do_header' to use.
*
* @param URLPATH The URL that we're operating on.
* @param URLPATH We open up linked URLs under this recursively.
* @return string The cleaned up contents at the URL, set up for the recursive integrator usage.
*/
function reprocess_url($url, $operation_base_url)
{
if (url_is_local($url)) {
return '';
}
$trail_end = strrpos($url, '/');
if ($trail_end !== false) {
$url_base = substr($url, 0, $trail_end);
}
$val = mixed();
// Cookie relaying from client through to server
$url_bits = @parse_url($url) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $url));
$url_bits_2 = parse_url(get_base_url());
$cookies_relayed = NULL;
if (!array_key_exists('host', $url_bits)) {
$url_bits['host'] = 'localhost';
}
if (!array_key_exists('host', $url_bits_2)) {
$url_bits_2['host'] = 'localhost';
}
if ($url_bits['host'] == $url_bits_2['host']) {
$cookies_relayed = array();
foreach ($_COOKIE as $key => $val) {
if (is_array($val)) {
$cookies_relayed[$key] = array();
foreach ($val as $_val) {
if (get_magic_quotes_gpc()) {
$_val = stripslashes($_val);
}
$cookies_relayed[$key][] = $_val;
}
} else {
if (get_magic_quotes_gpc()) {
$val = stripslashes($val);
}
$cookies_relayed[$key] = $val;
}
}
}
// Download the document
$ua = ocp_srv('HTTP_USER_AGENT');
if ($ua == '') {
$ua = 'ocP-integrator';
}
$accept = ocp_srv('HTTP_ACCEPT');
if ($accept == '') {
$accept = NULL;
}
$accept_charset = ocp_srv('HTTP_ACCEPT_CHARSET');
if ($accept_charset == '') {
$accept_charset = NULL;
}
$accept_language = ocp_srv('HTTP_ACCEPT_LANGUAGE');
if ($accept_language == '') {
$accept_language = NULL;
}
$post_relayed = NULL;
if (count($_POST) != 0) {
$post_relayed = array();
foreach ($_POST as $key => $val) {
if (is_array($val)) {
$post_relayed[$key] = array();
foreach ($val as $_val) {
if (get_magic_quotes_gpc()) {
$_val = stripslashes($_val);
}
$post_relayed[$key] = $val;
}
} else {
if (get_magic_quotes_gpc()) {
$val = stripslashes($val);
}
$post_relayed[$key] = $val;
}
}
}
require_code('character_sets');
$document = convert_to_internal_encoding(http_download_file($url, NULL, true, false, $ua, $post_relayed, $cookies_relayed, $accept, $accept_charset, $accept_language));
global $HTTP_DOWNLOAD_MIME_TYPE;
if ($HTTP_DOWNLOAD_MIME_TYPE != 'text/html' && $HTTP_DOWNLOAD_MIME_TYPE != 'application/xhtml+xml') {
header('Location: ' . str_replace("\r", '', str_replace(chr(10), '', $url)));
return '';
}
// Were we asked to set any cookies?
if ($url_bits['host'] == $url_bits_2['host']) {
global $HTTP_NEW_COOKIES;
if (!is_null($HTTP_NEW_COOKIES)) {
foreach ($HTTP_NEW_COOKIES as $key => $val) {
$parts = explode('; ', $val);
foreach ($parts as $i => $part) {
if ($i != 0) {
$temp = explode('=', $part, 2);
if (array_key_exists(1, $temp)) {
$parts[trim($temp[0])] = trim(rawurldecode($temp[1]));
}
}
}
//$parts['domain']=$url_bits_2['host']; // To fix an inconvenience caused by mismatching cookie settings (e.g. cookie on subdomain)
//echo($key.'->'.trim(rawurldecode($parts[0])));
//print_r($parts);
//exit();
$parts['domain'] = get_cookie_domain();
setcookie($key, trim(rawurldecode($parts[0])), array_key_exists('expires', $parts) ? strtotime($parts['expires']) : 0, array_key_exists('path', $parts) ? $parts['path'] : '', array_key_exists('domain', $parts) ? $parts['domain'] : '');
}
}
}
// Sort out title
$matches = array();
if (preg_match('#<\\s*title[^>]*>(.*)<\\s*/\\s*title\\s*>#is', $document, $matches) != 0) {
global $SEO_TITLE;
$title = str_replace('•', '-', str_replace('–', '-', str_replace('—', '-', @html_entity_decode($matches[1], ENT_QUOTES, get_charset()))));
$SEO_TITLE = $title;
get_page_title(trim($title), false);
}
// Better base?
$matches = array();
if (preg_match('#<\\s*base\\s+href\\s*=\\s*["\']?(.*)["\']?\\s*/?\\s*>#is', $document, $matches) != 0) {
$url_base = trim(@html_entity_decode($matches[1], ENT_QUOTES, get_charset()));
}
// Sort out body
if (preg_match('#<\\s*body[^>]*>(.*)<\\s*/\\s*body\\s*>#is', $document, $matches) != 0) {
$body = '<div>' . $matches[1] . '</div>';
} else {
$body = '<div>' . $document . '</div>';
}
// Link filtering, so as to make non-external/non-new-window hyperlinks link through the ocPortal module
$_self_url = build_url(array('page' => '_SELF'), '_SELF', NULL, false, true);
$self_url = $_self_url->evaluate();
$expressions = array('(src)="([^"]*)"', '(src)=\'([^\'])*\'', '(href)="([^"]*)"', '(href)=\'([^\'])*\'', '(data)="([^"]*)"', '(data)=\'([^\']*)\'', '(action)="([^"]*)"', '(action)=\'([^\']*)\'');
foreach ($expressions as $expression) {
$all_matches = array();
$count = preg_match_all('#(<[^>]*)' . $expression . '([^>]*>)#i', $body, $all_matches);
if ($count != 0) {
for ($i = 0; $i < count($all_matches[0]); $i++) {
$m_to_replace = $all_matches[0][$i];
$m_type = trim(@html_entity_decode($all_matches[2][$i], ENT_QUOTES, get_charset()));
$m_url = trim(@html_entity_decode($all_matches[3][$i], ENT_QUOTES, get_charset()));
if (url_is_local($m_url)) {
$m_url = qualify_url($m_url, $url_base);
}
$non_local = substr($m_url, 0, strlen($operation_base_url)) != $operation_base_url;
if ($m_type == 'src' || $m_type == 'data' || $non_local) {
$new_url = $m_url;
} else {
$new_url = $self_url . '&url=' . rawurlencode($m_url);
}
$body = str_replace($m_to_replace, $all_matches[1][$i] . $m_type . '="' . escape_html($new_url) . '"' . $all_matches[4][$i], $body);
}
}
}
// Moving of CSS sheet imports, etc, into ocPortal's head section
if (preg_match('#<head[^<>]*>(.*)</head>#is', $document, $matches) != 0) {
$head = $matches[1];
// meta
global $SEO_KEYWORDS, $SEO_DESCRIPTION;
$count = preg_match_all('#\\<\\s*meta[^\\>]*name=["\']([^"\']*)["\'][^\\>]*content="([^"]*)"[^\\>]*/?\\s*>#i', $head, $all_matches);
if ($count == 0) {
$count = preg_match_all('#\\<\\s*meta\\s+[^\\>]*name=["\']([^"\']*)["\']\\s+[^\\>]*content=\'([^\']*)\'[^\\>]*/?\\s*>#i', $head, $all_matches);
}
if ($count != 0) {
for ($i = 0; $i < count($all_matches[0]); $i++) {
$m_name = trim(@html_entity_decode($all_matches[1][$i], ENT_QUOTES, get_charset()));
$m_content = trim(@html_entity_decode($all_matches[2][$i], ENT_QUOTES, get_charset()));
if ($m_name == 'description') {
$SEO_DESCRIPTION = $m_content;
} elseif ($m_name == 'keywords') {
$SEO_KEYWORDS = explode(',', $m_content);
}
}
}
// Stuff to copy
global $EXTRA_HEAD;
$head_patterns = array('#<\\s*script.*<\\s*/\\s*script\\s*>#isU', '#<\\s*link[^<>]*>#isU', '#<\\s*style.*<\\s*/\\s*style\\s*>#isU');
foreach ($head_patterns as $pattern) {
$num_matches = preg_match_all($pattern, $head, $matches);
for ($i = 0; $i < $num_matches; $i++) {
$x = $matches[0][$i];
$match_x = array();
if (preg_match('#\\s(src|href)=["\']([^"\']+)["\']#i', $x, $match_x) != 0) {
if (url_is_local($match_x[1])) {
$url_new = qualify_url($match_x[2], $url_base);
$x = str_replace($match_x[0], str_replace($match_x[2], $url_new, $match_x[0]), $x);
}
}
$EXTRA_HEAD->attach($x);
}
}
}
return $body;
}
/**
* Helper function to work out a results browser URL.
*
* @param array Map of GET array segments to use (others will be added by this function)
* @param array Map of POST array segments (relayed as GET) to use
* @param ?ID_TEXT The page type this browser is browsing through (e.g. 'category') (NULL: none)
* @param ?mixed The virtual root category this browser uses (NULL: no such concept for our results browser)
* @param ?mixed The category ID we are browsing in (NULL: not applicable)
* @param boolean Whether to keep get data when browsing through
* @param ID_TEXT Hash component to URL
* @return mixed The URL
*/
function _build_results_browser_cat_url($url_array, $post_array, $type, $root, $category_id, $keep_all, $hash)
{
if (!is_null($category_id)) {
if (!is_string($category_id)) {
$category_id = strval($category_id);
}
}
$url_array = array_merge($url_array, $post_array);
if (!is_null($type)) {
$url_array['type'] = $type;
}
if (!is_null($root)) {
$url_array['root'] = $root;
}
if (!is_null($category_id)) {
$url_array['id'] = $category_id;
$url_array['kfs' . $category_id] = NULL;
// For OCF. We don't need this anymore because we're using 'start' explicitly here
}
if (strpos(ocp_srv('REQUEST_URI'), '/iframe.php') !== false) {
$cat_url = make_string_tempcode(find_script('iframe') . '?zone=' . get_zone_name());
if ($keep_all) {
$url_array = array_merge($_GET, $_POST, $url_array);
}
foreach ($url_array as $key => $param) {
if ($key == 'wide_high') {
continue;
}
if (is_array($param)) {
continue;
}
if (substr($key, 0, 5) == 'keep_' && skippable_keep($key, $param)) {
continue;
}
if ($param === '_SELF') {
$param = get_page_name();
}
if (get_magic_quotes_gpc()) {
$param = stripslashes($param);
}
if ($key != 'zone') {
$cat_url->attach('&' . $key . '=' . urlencode($param));
}
}
} else {
$cat_url = build_url($url_array, '_SELF', NULL, $keep_all, false, false, $hash);
}
return $cat_url;
}
/**
* Searches for forum auto-config at this path.
*
* @param PATH The path in which to search
* @return boolean Whether the forum auto-config could be found
*/
function _helper_install_test_load_from($path)
{
unset($path);
global $INFO;
$INFO['sql_database'] = 'ocf';
$INFO['sql_user'] = $GLOBALS['DB_STATIC_OBJECT']->db_default_user();
$INFO['sql_pass'] = $GLOBALS['DB_STATIC_OBJECT']->db_default_password();
$domain = ocp_srv('HTTP_HOST');
if (substr($domain, 0, 4) == 'www.') {
$domain = substr($domain, 4);
}
$colon_pos = strpos($domain, ':');
if ($colon_pos !== false) {
$domain = substr($domain, 0, $colon_pos);
}
$pos = strpos(ocp_srv('PHP_SELF'), 'install.php');
if ($pos === false) {
$pos = strlen(ocp_srv('PHP_SELF'));
} else {
$pos--;
}
$port = ocp_srv('SERVER_PORT');
if ($port == '' || $port == '80' || $port == '443') {
$port = '';
} else {
$port = ':' . $port;
}
$base_url = post_param('base_url', 'http://' . $domain . $port . substr(ocp_srv('PHP_SELF'), 0, $pos));
$INFO['board_url'] = $base_url . '/forum';
return true;
}
/**
* Farm out the files for downloads.
*/
function dload_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
require_lang('downloads');
$id = get_param_integer('id', 0);
// Lookup
$rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('*'), array('id' => $id), '', 1);
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
// Permission
if (!has_category_access(get_member(), 'downloads', strval($myrow['category_id']))) {
access_denied('CATEGORY_ACCESS');
}
// Cost?
$got_before = $GLOBALS['SITE_DB']->query_value_null_ok('download_logging', 'the_user', array('the_user' => get_member(), 'id' => $id));
if (addon_installed('points')) {
if ($myrow['download_cost'] > 0) {
require_code('points2');
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
// Check they haven't downloaded this before (they only get charged once - maybe they are resuming)
if (is_null($got_before)) {
$cost = $myrow['download_cost'];
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
$dif = $cost - available_points($member);
if ($dif > 0 && !has_specific_permission(get_member(), 'have_negative_gift_points')) {
warn_exit(do_lang_tempcode('LACKING_POINTS', integer_format($dif)));
}
require_code('points2');
charge_member($member, $cost, do_lang('DOWNLOADED_THIS', get_translated_text($myrow['name'])));
if ($myrow['download_submitter_gets_points'] == 1) {
system_gift_transfer(do_lang('THEY_DOWNLOADED_THIS', get_translated_text($myrow['name'])), $cost, $myrow['submitter']);
}
}
}
}
// Filename
$full = $myrow['url'];
$breakdown = @pathinfo($full) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $full));
// $filename=$breakdown['basename'];
if (!array_key_exists('extension', $breakdown)) {
$extension = '';
} else {
$extension = strtolower($breakdown['extension']);
}
if (url_is_local($full)) {
$_full = get_custom_file_base() . '/' . rawurldecode($full);
} else {
$_full = rawurldecode($full);
}
// Is it non-local? If so, redirect
if (!url_is_local($full) || !file_exists(get_file_base() . '/' . rawurldecode(filter_naughty($full)))) {
if (url_is_local($full)) {
$full = get_custom_base_url() . '/' . $full;
}
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
log_download($id, 0, !is_null($got_before));
// Bandwidth used is 0 for an external download
return;
}
// Some basic security: don't fopen php files
if ($extension == 'php') {
log_hack_attack_and_exit('PHP_DOWNLOAD_INNOCENT', integer_format($id));
}
// Size, bandwidth, logging
$size = filesize($_full);
if (is_null($got_before)) {
$bandwidth = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT SUM(file_size) AS answer FROM ' . get_table_prefix() . 'download_logging l LEFT JOIN ' . get_table_prefix() . 'download_downloads d ON l.id=d.id WHERE date_and_time>' . strval(time() - 24 * 60 * 60 * 32));
if ($bandwidth + floatval($size) > floatval(get_option('maximum_download')) * 1024 * 1024 * 1024 && !has_specific_permission(get_member(), 'bypass_bandwidth_restriction')) {
warn_exit(do_lang_tempcode('TOO_MUCH_DOWNLOAD'));
}
require_code('files2');
check_shared_bandwidth_usage($size);
}
log_download($id, $size, !is_null($got_before));
// Send header
if (strpos($myrow['original_filename'], chr(10)) !== false || strpos($myrow['original_filename'], chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (get_option('immediate_downloads') == '1') {
require_code('mime_types');
header('Content-Type: ' . get_mime_type(get_file_extension($myrow['original_filename'])) . '; authoritative=true;');
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
}
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
$time = is_null($myrow['edit_date']) ? $myrow['add_date'] : $myrow['edit_date'];
$time = max($time, filemtime($_full));
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $time) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
/*
Security note... at the download adding/editing stage, we ensured that
only files accessible to the web server (in raw form) could end up in
our database.
Therefore we did not check here that our file was accessible in raw
form.
*/
}
/**
* The UI to view subscribers on the newsletter.
*
* @return tempcode The UI
*/
function view_subscribers()
{
$title = get_page_title('VIEW_NEWSLETTER_SUBSCRIBERS');
$lang = choose_language($title);
if (is_object($lang)) {
return $lang;
}
$id = either_param('id', NULL);
$level = get_param_integer('level', NULL);
require_lang('ocf');
// Select newsletter
if (is_null($id)) {
$fields = new ocp_tempcode();
require_code('form_templates');
// Selection
$newsletters = new ocp_tempcode();
$rows = $GLOBALS['SITE_DB']->query_select('newsletters', array('id', 'title'));
foreach ($rows as $newsletter) {
$newsletters->attach(form_input_list_entry(strval($newsletter['id']), false, get_translated_text($newsletter['title'])));
}
if (get_forum_type() == 'ocf') {
$newsletters->attach(form_input_list_entry('-1', false, do_lang_tempcode('NEWSLETTER_OCF')));
$groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list();
foreach ($groups as $group_id => $group) {
if ($group_id != db_get_first_id()) {
$map = array();
$map['g' . strval($group_id)] = 1;
$_c = newsletter_who_send_to($map, $lang, 0, 0);
$c6 = $_c[6]['g' . strval($group_id)];
if ($c6 != 0) {
$newsletters->attach(form_input_list_entry('g' . strval($group_id), false, do_lang_tempcode('THIS_WITH', do_lang_tempcode('GROUP'), make_string_tempcode(escape_html($group)))));
}
}
}
}
if ($newsletters->is_empty()) {
inform_exit(do_lang_tempcode('NO_CATEGORIES'));
}
$fields->attach(form_input_list(do_lang_tempcode('NEWSLETTER'), '', 'id', $newsletters));
// CSV option
$fields->attach(form_input_tick(do_lang_tempcode('DOWNLOAD_AS_CSV'), do_lang_tempcode('DESCRIPTION_DOWNLOAD_AS_CSV'), 'csv', false));
$submit_name = do_lang_tempcode('VIEW_SUBSCRIBERS');
$post_url = get_self_url();
$prune_url = build_url(array('page' => '_SELF', 'type' => 'bounce_filter_a'), '_SELF');
return do_template('FORM_SCREEN', array('GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => do_lang_tempcode('NEWSLETTER_SUBSCRIBERS_FORM', escape_html($prune_url->evaluate())), 'FIELDS' => $fields, 'SUBMIT_NAME' => $submit_name, 'URL' => $post_url));
}
// Send to CSV file?
$csv = either_param_integer('csv', 0);
if ($csv == 1) {
$filename = 'subscribers_' . $id . '.csv';
header('Content-type: text/csv');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"');
} else {
header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"');
}
@ini_set('ocproducts.xss_detect', '0');
}
// Show subscribers
$levels = is_null($level) ? $id == '-1' || substr($id, 0, 1) == 'g' ? array(4) : array(1, 2, 3, 4) : array($level);
$outs = array();
foreach ($levels as $level) {
$max = get_param_integer('max_' . (is_null($level) ? '' : strval($level)), 100);
$start = get_param_integer('start_' . (is_null($level) ? '' : strval($level)), 0);
$max_rows = 0;
if (is_null($level)) {
$map[$id] = 1;
// $id will be -1
$_c = newsletter_who_send_to($map, $lang, 0, 0, true);
if (isset($_c[6][$id])) {
$max_rows = $_c[6][$id];
}
} else {
$map[$id] = $level;
// We're requesting that we probe subscribers of $id on $level
$_c = newsletter_who_send_to($map, $lang, 0, 0, true);
if (isset($_c[6][$id])) {
$max_rows = $_c[6][$id];
}
}
$num = 0;
$start2 = 0;
do {
$map = array();
if (is_null($level)) {
$map[$id] = 1;
// $id will be -1
$_c = newsletter_who_send_to($map, $lang, $start + $start2, $max, true);
} else {
$map[$id] = $level;
// We're requesting that we probe subscribers of $id on $level
$_c = newsletter_who_send_to($map, $lang, $start + $start2, $max, true);
}
$rows = $_c[7];
if ($csv == 1) {
if ($start2 == 0) {
if (!is_null($level)) {
echo '"LEVEL ' . do_lang('NEWSLETTER_' . strval($level)) . '"' . chr(10);
}
echo '"' . str_replace('"', '""', do_lang('EMAIL_ADDRESS')) . '",' . '"' . str_replace('"', '""', do_lang('FORENAME')) . '",' . '"' . str_replace('"', '""', do_lang('SURNAME')) . '",' . '"' . str_replace('"', '""', do_lang('NAME')) . '",' . '"' . str_replace('"', '""', do_lang('NEWSLETTER_SEND_ID')) . '",' . '"' . str_replace('"', '""', do_lang('NEWSLETTER_HASH')) . '",' . '"' . str_replace('"', '""', do_lang('PASSWORD_HASH')) . '",' . '"' . str_replace('"', '""', do_lang('SALT')) . '",' . '"' . str_replace('"', '""', do_lang('LANGUAGE')) . '",' . '"' . str_replace('"', '""', do_lang('CONFIRM_CODE')) . '",' . '"' . str_replace('"', '""', do_lang('JOIN_DATE')) . '"' . chr(10);
}
} else {
$out = '';
}
foreach ($rows as $r) {
$email = array_key_exists('email', $r) ? $r['email'] : $r['m_email_address'];
$forename = array_key_exists('n_forename', $r) ? $r['n_forename'] : '';
$surname = array_key_exists('n_surname', $r) ? $r['n_surname'] : '';
$name = array_key_exists('m_username', $r) ? $r['m_username'] : '';
$salt = array_key_exists('pass_salt', $r) ? $r['pass_salt'] : '';
$_lang = array_key_exists('language', $r) ? $r['language'] : '';
$confirm_code = array_key_exists('confirm_code', $r) ? $r['confirm_code'] : 0;
$join_time = array_key_exists('join_time', $r) ? $r['join_time'] : time();
$send_id = (array_key_exists('m_username', $r) ? 'm' : 'n') . (array_key_exists('id', $r) ? strval($r['id']) : $email);
$hash = array_key_exists('the_password', $r) ? $r['the_password'] : '';
$unsub = array_key_exists('the_password', $r) ? best_hash($r['the_password'], 'xunsub') : '';
if ($csv == 1) {
echo '"' . str_replace('"', '""', $email) . '",' . '"' . str_replace('"', '""', $forename) . '",' . '"' . str_replace('"', '""', $surname) . '",' . '"' . str_replace('"', '""', $name) . '",' . '"' . str_replace('"', '""', $send_id) . '",' . '"' . str_replace('"', '""', $unsub) . '",' . '"' . str_replace('"', '""', $hash) . '",' . '"' . str_replace('"', '""', $salt) . '",' . '"' . str_replace('"', '""', $_lang) . '",' . '"' . str_replace('"', '""', strval($confirm_code)) . '",' . '"' . str_replace('"', '""', date('Y-m-d h:i:s', $join_time)) . '"' . chr(10);
} else {
$tpl = do_template('NEWSLETTER_SUBSCRIBER', array('EMAIL' => $email, 'FORENAME' => $forename, 'SURNAME' => $surname, 'NAME' => $name, 'NEWSLETTER_SEND_ID' => $send_id, 'NEWSLETTER_HASH' => $hash));
$out .= $tpl->evaluate();
}
}
$start2 += $max;
} while ($csv == 1 && array_key_exists(0, $rows));
if (count($rows) == 0 && $start2 == 0) {
if ($csv == 1) {
echo '"(' . do_lang('NONE') . ')"' . chr(10);
} else {
}
}
$text = do_lang_tempcode('NEWSLETTER_PEOPLE_ON_LEVEL', is_numeric($level) && intval($level) > 0 ? make_string_tempcode(escape_html(do_lang('NEWSLETTER_' . strval($level)))) : do_lang_tempcode('NA_EM'));
if ($csv == 1) {
} else {
require_code('templates_results_browser');
$results_browser = results_browser(do_lang_tempcode('VIEW_NEWSLETTER_SUBSCRIBERS'), NULL, $start, 'start_' . (is_null($level) ? '' : strval($level)), $max, 'max_' . (is_null($level) ? '' : strval($level)), $max_rows, NULL, 'subscribers', true);
$outs[] = array('RESULTS_BROWSER' => $results_browser, 'SUB' => $out, 'TEXT' => $text);
}
}
if ($csv == 1) {
$GLOBALS['SCREEN_TEMPLATE_CALLED'] = '';
exit;
}
// Work out stats of what domains are used
$domains = array();
$start = 0;
do {
if (strpos(get_db_type(), 'mysql') !== false) {
$rows = $GLOBALS['SITE_DB']->query_select('newsletter', array('email', 'COUNT(*) as cnt'), NULL, 'GROUP BY SUBSTRING_INDEX(email,\'@\',-1)');
// Far less PHP processing
} else {
$rows = $GLOBALS['SITE_DB']->query_select('newsletter', array('email'), NULL, 500, $start);
}
foreach ($rows as $row) {
$email = $row['email'];
if (strpos($email, '@') === false) {
continue;
}
$domain = substr($email, strpos($email, '@') + 1);
if (!is_string($domain)) {
continue;
}
$cnt = array_key_exists('cnt', $row) ? $row['cnt'] : 1;
if (!array_key_exists($domain, $domains)) {
$domains[$domain] = 0;
}
$domains[$domain] += $cnt;
}
$start += 500;
} while (array_key_exists(0, $rows) && strpos(get_db_type(), 'mysql') === false);
arsort($domains);
foreach ($domains as $key => $val) {
$domains[$key] = strval($val);
if (count($domains) > 100) {
if ($val == 1) {
unset($domains[$key]);
}
}
}
return do_template('NEWSLETTER_SUBSCRIBERS_SCREEN', array('_GUID' => '52e5d97d451b622d59f87f021a5b8f01', 'DOMAINS' => $domains, 'SUBSCRIBERS' => $outs, 'TITLE' => $title));
}
/**
* Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
* All authorisation, cookies, and form-logins, are passed through this function.
* Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param MEMBER The member id
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
*/
function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
{
$out = array();
$out['id'] = NULL;
if (is_null($userid)) {
$rows = $this->connection->query_select('members', array('*'), array('name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
} else {
$rows = $this->connection->query_select('members', array('*'), array('members_display_name' => $this->ipb_escape($username)), '', 1);
if (array_key_exists(0, $rows)) {
$this->MEMBER_ROWS_CACHED[$rows[0]['member_id']] = $rows[0];
}
}
} else {
$rows[0] = $this->get_member_row($userid);
}
if (!array_key_exists(0, $rows)) {
$out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
return $out;
}
$row = $rows[0];
if ($row['member_banned'] == 1) {
$out['error'] = do_lang_tempcode('USER_BANNED');
return $out;
}
if ($cookie_login) {
if ($password_hashed != $row['member_login_key']) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
// Check stronghold
global $SITE_INFO;
if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) {
$ip_octets = explode('.', ocp_srv('REMOTE_ADDR'));
$crypt_salt = md5(get_db_forums_password() . get_db_forums_user());
$a = get_member_cookie();
$b = get_pass_cookie();
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
if ($a[$i] != $b[$i]) {
break;
}
}
$cookie_prefix = substr($a, 0, $i);
$cookie = ocp_admirecookie($cookie_prefix . 'ipb_stronghold');
$stronghold = md5(md5(strval($row['member_id']) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $row['member_login_key']) . $crypt_salt);
if ($cookie != $stronghold) {
$out['error'] = do_lang_tempcode('USER_BAD_STRONGHOLD');
return $out;
}
}
} else {
if (!$this->_auth_hashed($row['member_id'], $password_hashed)) {
$out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
return $out;
}
}
$pos = strpos(get_member_cookie(), 'member_id');
ocp_eatcookie(substr(get_member_cookie(), 0, $pos) . 'session_id');
$out['id'] = $row['member_id'];
return $out;
}
/**
* Get the name of a webcrawler bot, or NULL if no bot detected
*
* @return ?string Webcrawling bot name (NULL: not a bot)
*/
function get_bot_type()
{
global $CACHE_BOT_TYPE;
if ($CACHE_BOT_TYPE !== false) {
return $CACHE_BOT_TYPE;
}
$agent = strtolower(ocp_srv('HTTP_USER_AGENT'));
global $BOT_MAP, $SITE_INFO;
if ($BOT_MAP === NULL) {
if ((!isset($SITE_INFO['no_extra_bots']) || $SITE_INFO['no_extra_bots'] == '0') && is_file(get_file_base() . '/text_custom/bots.txt')) {
require_code('files');
$BOT_MAP = better_parse_ini_file(get_file_base() . '/text_custom/bots.txt');
} else {
$BOT_MAP = array('zyborg' => 'Looksmart', 'googlebot' => 'Google', 'teoma' => 'Teoma', 'scooter' => 'Altavista', 'jeeves' => 'Ask Jeeves', 'infoseek' => 'Infoseek', 'ultraseek' => 'Infoseek', 'ia_archiver' => 'Alexa/Archive.org', 'slurp' => 'Inktomi/Yahoo/Hot Bot', 'yahoo' => 'Yahoo/Overture', 'msnbot' => 'Bing', 'bingbot' => 'Bing', 'architextspider' => 'Excite', 'lycos' => 'Lycos', 'mercator' => 'Altavista', 'mantraagent' => 'LookSmart', 'wisenutbot' => 'Looksmart', 'paros' => 'Paros', 'sqworm' => 'Aol.com');
}
}
foreach ($BOT_MAP as $id => $name) {
if ($name == '') {
continue;
}
if (strpos($agent, $id) !== false) {
$CACHE_BOT_TYPE = $name;
return $name;
}
}
if (strpos($agent, 'bot') !== false || strpos($agent, 'spider') !== false) {
$to_a = strpos($agent, ' ');
if ($to_a === false) {
$to_a = strlen($agent);
}
$to_b = strpos($agent, '/');
if ($to_b === false) {
$to_b = strlen($agent);
}
$CACHE_BOT_TYPE = substr($agent, 0, min($to_a, $to_b));
return $agent;
}
$CACHE_BOT_TYPE = NULL;
return NULL;
}
/**
* Ensure that the specified file/folder is writeable for the FTP user (so that it can be deleted by the system), and should be called whenever a file is uploaded/created, or a folder is made. We call this function assuming we are giving world permissions
*
* @param PATH The full pathname to the file/directory
* @param integer The permissions to make (not the permissions are reduced if the function finds that the file is owned by the web user [doesn't need world permissions then])
*/
function fix_permissions($path, $perms = 0666)
{
// If the file user is different to the FTP user, we need to make it world writeable
if (!is_suexec_like() || ocp_srv('REQUEST_METHOD') == '') {
@chmod($path, $perms);
} else {
if ($perms == 0666) {
@chmod($path, 0644);
} elseif ($perms == 0777) {
@chmod($path, 0755);
} else {
@chmod($path, $perms);
}
}
global $_CREATED_FILES;
// From ocProducts PHP version, for development testing
if (isset($_CREATED_FILES)) {
foreach ($_CREATED_FILES as $i => $x) {
if ($x == $path) {
unset($_CREATED_FILES[$i]);
}
}
}
}
/*
ocPortal
Copyright (c) ocProducts, 2004-2012
See text/EN/licence.txt for full licencing information.
NOTE TO PROGRAMMERS:
Do not edit this file. If you need to make changes, save your changed file to the appropriate *_custom folder
**** If you ignore this advice, then your website upgrades (e.g. for bug fixes) will likely kill your changes ****
*/
/*
Used to generate a database schema in the form of SQL code that can be imported into MySQL Workbench
First run this, then import it all into a new database (existing is problematic as it needs to be InnoDB), then run SQLEditor on that database -- or if you like try your luck importing, but that was crashing for me.
*/
$filename = 'ocportal-erd.sql';
if (!isset($_GET['testing'])) {
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"');
} else {
header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"');
}
} else {
header('Content-type: text/plain');
}
require_code('relations');
$relation_map = get_relation_map();
$tables = get_all_tables();
echo get_innodb_table_sql($tables, $tables);
$GLOBALS['SCREEN_TEMPLATE_CALLED'] = '';
exit;
/**
* Check to see if an IP address is banned.
*
* @param string The IP address to check for banning (potentially encoded with *'s)
* @return boolean Whether the IP address is banned
*/
function ip_banned($ip)
{
if (!addon_installed('securitylogging')) {
return false;
}
$ip4 = strpos($ip, '.') !== false;
if ($ip4) {
$ip_parts = explode('.', $ip);
} else {
$ip_parts = explode(':', $ip);
}
global $SITE_INFO;
if (isset($SITE_INFO['known_suexec']) && $SITE_INFO['known_suexec'] == '1' || is_writable_wrap(get_file_base() . '/.htaccess')) {
$bans = array();
$ban_count = preg_match_all('#\\ndeny from (.*)#', file_get_contents(get_file_base() . '/.htaccess'), $bans);
$ip_bans = array();
for ($i = 0; $i < $ban_count; $i++) {
$ip_bans[] = array('ip' => $bans[1][$i]);
}
} else {
$ip_bans = persistant_cache_get('IP_BANS');
if (!is_array($ip_bans)) {
$ip_bans = $GLOBALS['SITE_DB']->query('SELECT ip FROM ' . get_table_prefix() . 'usersubmitban_ip', NULL, NULL, true);
if (!is_null($ip_bans)) {
persistant_cache_set('IP_BANS', $ip_bans);
}
}
if (is_null($ip_bans)) {
critical_error('DATABASE_FAIL');
}
}
$self_ip = NULL;
foreach ($ip_bans as $ban) {
if ($ip4 && compare_ip_address_ip4($ban['ip'], $ip_parts) || !$ip4 && compare_ip_address_ip6($ban['ip'], $ip_parts)) {
if (is_null($self_ip)) {
$self_host = ocp_srv('HTTP_HOST');
if ($self_host == '' || preg_match('#^localhost[\\.\\:$]#', $self_host) != 0) {
$self_ip = '';
} else {
if (preg_match('#(\\s|,|^)gethostbyname(\\s|$|,)#i', @ini_get('disable_functions')) == 0) {
$self_ip = gethostbyname($self_host);
} else {
$self_ip = '';
}
if ($self_ip == '') {
$self_ip = ocp_srv('SERVER_ADDR');
}
}
}
if ($self_ip != '' && compare_ip_address($ban['ip'], $self_ip)) {
continue;
}
if (compare_ip_address($ban['ip'], '127.0.0.1')) {
continue;
}
if (compare_ip_address($ban['ip'], 'fe00:0000:0000:0000:0000:0000:0000:0000')) {
continue;
}
return true;
}
}
return false;
}
/**
* Parse the current tempcode object, then echo it to the browser.
*
* @param ?LANGUAGE_NAME The language to evaluate with (NULL: current users language)
* @param mixed Whether to escape the tempcode object (children may be recursively escaped regardless if those children/parents are marked to be)
* @return string Blank string. Allows chaining within echo statements
*/
function evaluate_echo($lang = NULL, $_escape = false)
{
if (ocp_srv('REQUEST_METHOD') == 'HEAD') {
return '';
}
global $HTML_ESCAPE_1_STRREP, $HTML_ESCAPE_2, $RECORD_TEMPLATES_TREE, $SIMPLE_ESCAPED;
$empty_array = array();
$before = @ini_get('ocproducts.xss_detect');
@ini_set('ocproducts.xss_detect', '0');
foreach ($this->bits as $bit) {
$bit_0 = $bit[0];
if ($_escape !== false) {
array_unshift($bit_0, $_escape);
}
if ($bit[1] == TC_KNOWN) {
if ($bit_0 == $empty_array) {
echo $bit[2];
} elseif ($bit_0 == $SIMPLE_ESCAPED) {
echo str_replace($HTML_ESCAPE_1_STRREP, $HTML_ESCAPE_2, $bit[2]);
} else {
apply_tempcode_escaping($bit_0, $bit[2]);
echo $bit[2];
}
} else {
$bit_3 = $bit[3];
if ($bit_3 && $bit[1] != TC_DIRECTIVE) {
foreach ($bit_3 as $i => $decode_bit) {
if (is_object($decode_bit)) {
if ($RECORD_TEMPLATES_TREE) {
if (!isset($this->children)) {
$this->children = array();
}
if (!isset($decode_bit->children)) {
$decode_bit->children = array();
}
if (!isset($decode_bit->fresh)) {
$decode_bit->fresh = false;
}
$this->children[] = array($decode_bit->codename, $decode_bit->children, $decode_bit->fresh);
}
$bit_3[$i] = $decode_bit->evaluate($lang, false);
}
}
}
echo ecv($lang, $bit_0, $bit[1], $bit[2], is_null($bit_3) ? array() : $bit_3);
}
}
@ini_set('ocproducts.xss_detect', $before);
return '';
}
/**
* The actualiser to edit a configuration page.
*
* @return tempcode The UI
*/
function config_set()
{
$page = get_param('id', 'MAIN');
$title = get_page_title(do_lang_tempcode('CONFIG_CATEGORY_' . $page), false);
// Make sure we haven't locked ourselves out due to clean URL support
if (post_param_integer('mod_rewrite', 0) == 1 && substr(ocp_srv('SERVER_SOFTWARE'), 0, 6) == 'Apache' && (!file_exists(get_file_base() . '/.htaccess') || strpos(file_get_contents(get_file_base() . '/.htaccess'), 'RewriteEngine on') === false)) {
warn_exit(do_lang_tempcode('BEFORE_MOD_REWRITE'));
}
// Make sure we haven't just locked staff out
$new_site_name = substr(post_param('site_name', ''), 0, 200);
if ($new_site_name != '' && get_option('is_on_sync_staff', true) === '1') {
$admin_groups = array_merge($GLOBALS['FORUM_DRIVER']->get_super_admin_groups(), $GLOBALS['FORUM_DRIVER']->get_moderator_groups());
$staff = $GLOBALS['FORUM_DRIVER']->member_group_query($admin_groups, 100);
if (count($staff) < 100) {
foreach ($staff as $row_staff) {
$member = $GLOBALS['FORUM_DRIVER']->pname_id($row_staff);
if ($GLOBALS['FORUM_DRIVER']->is_staff($member)) {
$sites = get_ocp_cpf('sites');
$sites = str_replace(', ' . get_site_name(), '', $sites);
$sites = str_replace(',' . get_site_name(), '', $sites);
$sites = str_replace(get_site_name() . ', ', '', $sites);
$sites = str_replace(get_site_name() . ',', '', $sites);
$sites = str_replace(get_site_name(), '', $sites);
if ($sites != '') {
$sites .= ', ';
}
$sites .= $new_site_name;
$GLOBALS['FORUM_DRIVER']->set_custom_field($member, 'sites', $sites);
}
}
}
}
// Empty thumbnail cache if needed
if (get_option('is_on_gd') == '1' && function_exists('imagetypes')) {
if (!is_null(post_param('thumb_width', NULL)) && post_param('thumb_width') != get_option('thumb_width')) {
$thumb_fields = $GLOBALS['SITE_DB']->query('SELECT m_name,m_table FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'db_meta WHERE m_name LIKE \'' . db_encode_like('%thumb_url') . '\'');
$GLOBALS['NO_DB_SCOPE_CHECK'] = true;
foreach ($thumb_fields as $field) {
if ($field['m_table'] == 'videos') {
continue;
}
$GLOBALS['SITE_DB']->query_update($field['m_table'], array($field['m_name'] => ''));
}
$GLOBALS['NO_DB_SCOPE_CHECK'] = false;
}
}
$rows = $GLOBALS['SITE_DB']->query_select('config', array('*'), array('the_page' => $page));
if ($page == 'SITE') {
$rows[] = array('the_name' => 'timezone', 'shared_hosting_restricted' => 0, 'the_type' => 'special', 'eval' => '');
}
foreach ($rows as $myrow) {
if ($myrow['eval'] != '') {
if (defined('HIPHOP_PHP')) {
require_code('hooks/systems/config_default/' . $myrow['the_name']);
$hook = object_factory('Hook_config_default_' . $myrow['the_name']);
if (is_null($hook->get_default())) {
continue;
}
} else {
$GLOBALS['REQUIRE_LANG_LOOP'] = 10;
// LEGACY Workaround for corrupt webhost installers
if (is_null(@eval($myrow['eval'] . ';'))) {
continue;
}
// @'d in case default is corrupt, don't want it to give errors forever
$GLOBALS['REQUIRE_LANG_LOOP'] = 0;
// LEGACY
}
}
if ($myrow['shared_hosting_restricted'] == 1 && !is_null($GLOBALS['CURRENT_SHARE_USER'])) {
continue;
}
if ($myrow['the_type'] == 'tick') {
$value = strval(post_param_integer($myrow['the_name'], 0));
} elseif ($myrow['the_type'] == 'date') {
$date_value = get_input_date($myrow['the_name']);
$value = is_null($date_value) ? '' : strval($date_value);
} elseif (($myrow['the_type'] == 'forum' || $myrow['the_type'] == '?forum') && get_forum_type() == 'ocf') {
$value = post_param($myrow['the_name']);
if (is_numeric($value)) {
$value = $GLOBALS['FORUM_DB']->query_value_null_ok('f_forums', 'f_name', array('id' => post_param_integer($myrow['the_name'])));
}
if (is_null($value)) {
$value = '';
}
} elseif ($myrow['the_type'] == 'category' && get_forum_type() == 'ocf') {
$value = post_param($myrow['the_name']);
if (is_numeric($value)) {
$value = $GLOBALS['FORUM_DB']->query_value_null_ok('f_categories', 'c_title', array('id' => post_param_integer($myrow['the_name'])));
}
if (is_null($value)) {
$value = '';
}
} elseif ($myrow['the_type'] == 'usergroup' && get_forum_type() == 'ocf') {
$value = $GLOBALS['FORUM_DB']->query_value_null_ok('f_groups g LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'translate t ON t.id=g.g_name', 'text_original', array('g.id' => post_param_integer($myrow['the_name'])));
if (is_null($value)) {
$value = '';
}
} else {
$value = post_param($myrow['the_name'], '');
}
if ($myrow['the_type'] == 'special') {
if ($myrow['the_name'] == 'timezone') {
set_value('timezone', $value);
}
} else {
if (($myrow['the_type'] == 'transline' || $myrow['the_type'] == 'transtext') && is_numeric($myrow['config_value'])) {
$old_value = get_translated_text(intval($myrow['config_value']));
} else {
$old_value = $myrow['config_value'];
}
// If the option was changed
if ($old_value != $value || $myrow['c_set'] == 0) {
set_option($myrow['the_name'], $value, $myrow['the_type'], $myrow['config_value']);
}
}
}
// Clear some cacheing
require_code('view_modes');
require_code('zones2');
require_code('zones3');
erase_comcode_page_cache();
erase_tempcode_cache();
//persistant_cache_delete('OPTIONS'); Done by set_option
persistant_cache_empty();
erase_cached_templates();
// Show it worked / Refresh
$redirect = get_param('redirect', NULL);
if ($redirect === NULL) {
$url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
// ,'type'=>'category','id'=>$page
} else {
$url = make_string_tempcode($redirect);
}
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
/**
* Script handler for downloading a gallery, as specified by GET parameters.
*/
function download_gallery_script()
{
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
require_code('galleries');
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
require_lang('galleries');
require_code('zip');
$cat = get_param('cat');
if (!has_category_access(get_member(), 'galleries', $cat)) {
access_denied('CATEGORY_ACCESS');
}
check_specific_permission('may_download_gallery', array('galleries', $cat));
if (strpos($cat, chr(10)) !== false || strpos($cat, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
$gallery_rows = $GLOBALS['SITE_DB']->query_select('galleries', array('*'), array('name' => $cat), '', 1);
if (!array_key_exists(0, $gallery_rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$gallery_row = $gallery_rows[0];
// Send header
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="gallery-' . $cat . '.zip"');
} else {
header('Content-Disposition: attachment; filename="gallery-' . $cat . '.zip"');
}
disable_php_memory_limit();
$rows = array_merge($GLOBALS['SITE_DB']->query_select('videos', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)), $GLOBALS['SITE_DB']->query_select('images', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)));
$array = array();
foreach ($rows as $row) {
$full_path = NULL;
$data = NULL;
if (url_is_local($row['url']) && file_exists(get_file_base() . '/' . urldecode($row['url']))) {
$path = urldecode($row['url']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
} else {
continue;
}
} else {
continue;
// Actually we won't include them, if they are not local it implies it is not reasonable for them to lead to server load, and they may not even be native files
$time = $row['add_date'];
$name = basename(urldecode($row['url']));
$data = http_download_file($row['url']);
}
$array[] = array('name' => preg_replace('#^uploads/galleries/#', '', $name), 'time' => $time, 'data' => $data, 'full_path' => $full_path);
}
if ($gallery_row['rep_image'] != '') {
if (url_is_local($gallery_row['rep_image']) && file_exists(get_file_base() . '/' . urldecode($gallery_row['rep_image']))) {
$path = urldecode($gallery_row['rep_image']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
$data = file_get_contents($full_path);
}
} else {
$time = $gallery_row['add_date'];
$name = basename(urldecode($gallery_row['rep_image']));
$data = http_download_file($gallery_row['rep_image']);
}
$array[] = array('name' => preg_replace('#^uploads/(galleries|grepimages)/#', '', $name), 'time' => $time, 'data' => $data);
}
@ini_set('zlib.output_compression', 'Off');
//$zip_file=create_zip_file($array);
//header('Content-Length: '.strval(strlen($zip_file)));
//echo $zip_file;
create_zip_file($array, true);
}
/**
* Handle RSS/Atom output.
*/
function backend_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && get_ip_address() != ocp_srv('SERVER_ADDR') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
if (get_option('is_on_rss') == '0') {
return;
}
$type = get_param('type', 'RSS2');
$mode = get_param('mode', 'opml');
require_lang('rss');
if ($type == 'xslt-rss') {
// Feed stylesheet for RSS
header('Content-Type: text/xsl');
require_css('rss');
$js = get_custom_base_url() . substr(javascript_enforce('JAVASCRIPT_XSL_MOPUP'), strlen(get_custom_file_base()));
$echo = do_template('RSS_XSLT', array('_GUID' => 'c443e0195c935117cf0d9a7bc2730d7a', 'JAVASCRIPT_XSL_MOPUP' => $js));
$echo->evaluate_echo();
return;
}
if ($type == 'xslt-atom') {
// Feed stylesheet for Atom
header('Content-Type: text/xsl');
require_css('rss');
$js = get_custom_base_url() . substr(javascript_enforce('JAVASCRIPT_XSL_MOPUP'), strlen(get_custom_file_base()));
$echo = do_template('ATOM_XSLT', array('_GUID' => '27fec456a6b3144aa847130e74463d99', 'JAVASCRIPT_XSL_MOPUP' => $js));
$echo->evaluate_echo();
return;
}
if ($type == 'xslt-opml') {
// Feed stylesheet for Atom
header('Content-Type: text/xsl');
require_css('rss');
$js = get_custom_base_url() . substr(javascript_enforce('JAVASCRIPT_XSL_MOPUP'), strlen(get_custom_file_base()));
$echo = do_template('OPML_XSLT', array('_GUID' => 'c0c6bd1d7a0e263768a2208061f799f5', 'JAVASCRIPT_XSL_MOPUP' => $js));
$echo->evaluate_echo();
return;
}
$type = strtoupper($type);
if ($type != 'RSS2' && $type != 'ATOM') {
$type = 'RSS2';
}
if ($type == 'RSS2') {
$prefix = 'RSS_';
} else {
$prefix = 'ATOM_';
}
/*if (get_param_integer('force_text',0)==0)
{
if ($type=='atom') header('Content-Type: text/xml+atom; charset='.get_charset());
else header('Content-Type: text/xml');
}
header('Content-Disposition: inline');*/
if ($type == 'RSS2') {
$date_string = 'r';
} else {
$offset_seconds = intval(date('Z'));
$offset_minutes = abs(intval(round(floatval($offset_seconds) / 60.0)));
$offset_hours = intval(round(floatval($offset_minutes) / 60.0));
$offset_minutes -= $offset_hours * 60;
$offset = sprintf('%02d:%02d', $offset_hours, $offset_minutes);
$date_string = 'Y-m-d\\TH:i:s';
if ($offset_seconds >= 0) {
$date_string .= '+';
} else {
$date_string .= '-';
}
for ($i = 0; $i < strlen($offset); $i++) {
$date_string .= '\\' . $offset[$i];
}
}
$date = date($date_string);
$site_about = xmlentities(get_option('description'));
$logo_url = xmlentities(find_theme_image('logo/trimmed-logo'));
$copyright = xmlentities(trim(str_replace('©', '', str_replace('$CURRENT_YEAR', date('Y'), get_option('copyright')))));
$cutoff = get_param_integer('cutoff', time() - 60 * 60 * 24 * get_param_integer('days', 30));
$max = get_param_integer('max', 100);
$filter = get_param('filter', '*');
if ($filter == '') {
$filter = '*';
}
if ($mode == 'opml') {
header('Content-Type: text/xml');
$_feeds = find_all_hooks('systems', 'rss');
$feeds = array();
foreach (array_keys($_feeds) as $feed) {
if (get_forum_type() != 'ocf' && substr($feed, 0, 4) == 'ocf_') {
continue;
}
$feed_title = ucwords(str_replace('_', ' ', $feed));
// Try and get a better feed title
require_code('hooks/systems/rss/' . filter_naughty_harsh($feed), true);
$object = object_factory('Hook_rss_' . $feed);
require_code('ocfiltering');
$_content = $object->run('', time(), 'ATOM_', '', 0);
if (is_array($_content)) {
list(, $feed_title) = $_content;
}
$feeds[] = array('MODE' => $feed, 'TITLE' => $feed_title);
}
$echo = do_template('OPML_WRAPPER', array('_GUID' => '712b78d1b4c23aefc8a92603477f84ed', 'FEEDS' => $feeds, 'ABOUT' => $site_about, 'DATE' => $date));
$echo->evaluate_echo();
return;
}
require_code('hooks/systems/rss/' . filter_naughty_harsh($mode), true);
$object = object_factory('Hook_rss_' . $mode);
require_code('ocfiltering');
$_content = $object->run($filter, $cutoff, $prefix, $date_string, $max);
$mode_nice = $mode;
if (is_array($_content)) {
list($content, $mode_nice) = $_content;
} else {
$content = is_null($_content) ? array() : $_content;
}
if ($type == 'RSS2' && function_exists('xmlrpc_encode')) {
// Change a full url into constituent parts
$base_url = get_base_url();
$port = 80;
$end_protocol_pos = strpos($base_url, '://');
$colon_pos = strpos($base_url, ':', $end_protocol_pos + 1);
if ($colon_pos !== false) {
$after_port_pos = strpos($base_url, '/', $colon_pos);
if ($after_port_pos === false) {
$after_port_pos = strlen($base_url);
}
$port = intval(substr($base_url, $colon_pos, $after_port_pos - $colon_pos));
}
$start_path_pos = strpos($base_url, '/', $end_protocol_pos + 4);
if ($start_path_pos !== false) {
$local_base_url = substr($base_url, $start_path_pos);
} else {
$local_base_url = '';
}
$rss_cloud = do_template('RSS_CLOUD', array('_GUID' => 'a47c40a4c137ea1e5abfc71346547313', 'TYPE' => $type == 'news' ? '' : $type, 'PORT' => strval($port), 'LOCAL_BASE_URL' => $local_base_url));
} else {
$rss_cloud = new ocp_tempcode();
}
// Firefox (and probably other browsers, but I didn't test) doesn't want to display Atom feeds inline if they're sent as text/xml+atom, even if the Content-Disposition is sent to inline :(
header('Content-Type: text/xml');
// application/rss+xml ?
$echo = do_template($prefix . 'WRAPPER', array('FILTER' => $filter, 'CUTOFF' => strval($cutoff), 'MODE' => $mode, 'MODE_NICE' => $mode_nice, 'RSS_CLOUD' => $rss_cloud, 'VERSION' => ocp_version_full(), 'COPYRIGHT' => $copyright, 'DATE' => $date, 'LOGO_URL' => $logo_url, 'ABOUT' => $site_about, 'CONTENT' => $content));
$echo->evaluate_echo();
}
/**
* Check a posted field isn't 'evil'.
*
* @param string The name of the parameter
* @param string The value retrieved
* @return string The filtered value
*/
function check_posted_field($name, &$val)
{
if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
$true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://';
$canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER')))));
$canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url()))));
if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) {
if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) {
$allowed_partners = explode(chr(10), get_option('allowed_post_submitters'));
$allowed_partners[] = 'paypal.com';
$allowed_partners[] = 'www.paypal.com';
$found = false;
foreach ($allowed_partners as $partner) {
if (trim($partner) == '') {
continue;
}
if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) {
$found = true;
break;
}
}
if (!$found) {
$_POST = array();
// To stop loops
log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER'));
}
}
}
}
// Custom fields.xml filter system
$val = filter_form_field_default($name, $val);
}
/**
* Get the tempcode for a results table title row. You would take the output of this, and feed it in as $fields_title, in a results_table function call.
*
* @param array The array of field titles that define the entries in the results table
* @param ?array A map of sortable code (usually, db field names), to strings giving the human name for the sort order (NULL: no sortables)
* @param ID_TEXT The parameter name used to store our sortable
* @param ID_TEXT The current ordering ("$sortable $sort_order")
* @param string GUID to pass to template
* @return tempcode The generated title
*/
function results_field_title($values, $sortables = NULL, $order_param = 'sort', $current_ordering = '', $guid = 'fbcaf8b021e3939bfce1dce9ff8ed63a')
{
if (is_null($sortables)) {
$sortables = array();
}
$cells = new ocp_tempcode();
foreach ($values as $value) {
$found = mixed();
foreach ($sortables as $key => $sortable) {
$_value = is_object($value) ? $value->evaluate() : $value;
if (is_string($sortable) && $sortable == $_value || is_object($sortable) && $sortable->evaluate() == $_value) {
$found = $key;
break;
}
}
if (!is_null($found)) {
if (strpos(ocp_srv('REQUEST_URI'), '/iframe.php') !== false) {
$cat_url = find_script('iframe') . '?zone=' . get_zone_name();
$url_array = array_merge($_GET, $_POST);
unset($url_array[$order_param]);
foreach ($url_array as $key => $param) {
if (is_array($param)) {
continue;
}
if ($key == 'wide_high') {
continue;
}
if (substr($key, 0, 5) == 'keep_' && skippable_keep($key, $param)) {
continue;
}
if ($param === '_SELF') {
$param = get_page_name();
}
if (get_magic_quotes_gpc()) {
$param = stripslashes($param);
}
$cat_url .= '&' . $key . '=' . urlencode($param);
}
$sort_url_asc = $cat_url . '&' . $order_param . '=' . urlencode($found) . ' ASC';
$sort_url_desc = $cat_url . '&' . $order_param . '=' . urlencode($found) . ' DESC';
} else {
$sort_url_asc = get_self_url(false, false, array($order_param => $found . ' ASC'), true);
$sort_url_desc = get_self_url(false, false, array($order_param => $found . ' DESC'), true);
}
$sort_asc_selected = $current_ordering == $found . ' ASC';
$sort_desc_selected = $current_ordering == $found . ' DESC';
$cells->attach(do_template('RESULTS_TABLE_FIELD_TITLE_SORTABLE', array('_GUID' => $guid, 'VALUE' => $value, 'SORT_ASC_SELECTED' => $sort_asc_selected, 'SORT_DESC_SELECTED' => $sort_desc_selected, 'SORT_URL_DESC' => $sort_url_desc, 'SORT_URL_ASC' => $sort_url_asc)));
} else {
$cells->attach(do_template('RESULTS_TABLE_FIELD_TITLE', array('_GUID' => $guid, 'VALUE' => $value)));
}
}
return $cells;
}
/**
* Try to return the human-readable version of the language id, passed in as $entry.
*
* @param integer The id
* @param ?object The database connection to use (NULL: standard site connection)
* @param ?LANGUAGE_NAME The language (NULL: uses the current language)
* @return string The human-readable version
*/
function get_translated_text($entry, $connection = NULL, $lang = NULL)
{
if ($entry == 0) {
return do_lang('FAILED_ENTRY');
}
if ($entry === NULL) {
fatal_exit(do_lang_tempcode('NULL_LANG_STRING'));
}
if ($connection === NULL) {
$connection = $GLOBALS['SITE_DB'];
}
global $RECORD_LANG_STRINGS_CONTENT;
if ($RECORD_LANG_STRINGS_CONTENT) {
global $RECORDED_LANG_STRINGS_CONTENT;
$RECORDED_LANG_STRINGS_CONTENT[$entry] = $connection->connection_write != $GLOBALS['SITE_DB']->connection_write;
}
if ($lang === NULL) {
$lang = user_lang();
}
if (array_key_exists($entry, $connection->text_lookup_original_cache) && $lang == user_lang()) {
return $connection->text_lookup_original_cache[$entry];
}
if ($lang == 'xxx') {
return '!!!';
}
// Helpful for testing language compliancy. We don't expect to see non x's/!'s if we're running this language
$result = $connection->query_select('translate', array('text_original', 'text_parsed'), array('id' => $entry, 'language' => $lang), '', 1);
if (!array_key_exists(0, $result)) {
$result = $connection->query_select('translate', array('*'), array('id' => $entry, 'language' => get_site_default_lang()), '', 1);
if (!array_key_exists(0, $result)) {
$result = $connection->query_select('translate', array('*'), array('id' => $entry), '', 1);
}
if (array_key_exists(0, $result)) {
$result[0]['text_original'] = google_translate($result[0]['text_original'], $lang);
$result[0]['text_parsed'] = '';
$connection->query_insert('translate', array('broken' => 1, 'language' => $lang) + $result[0]);
}
}
if (!array_key_exists(0, $result)) {
$member_id = function_exists('get_member') ? get_member() : $GLOBALS['FORUM_DRIVER']->get_guest_id();
$connection->query_insert('translate', array('id' => $entry, 'source_user' => $member_id, 'broken' => 0, 'importance_level' => 3, 'text_original' => '', 'text_parsed' => '', 'language' => $lang));
$msg = do_lang('LANGUAGE_CORRUPTION', strval($entry));
if (preg_match('#^localhost[\\.\\:$]#', ocp_srv('HTTP_HOST')) != 0) {
fatal_exit($msg);
}
require_code('site');
attach_message(make_string_tempcode($msg), 'warn');
return '';
}
if ($lang == user_lang()) {
$connection->text_lookup_original_cache[$entry] = $result[0]['text_original'];
$connection->text_lookup_cache[$entry] = $result[0]['text_parsed'];
}
return $result[0]['text_original'];
}
/**
* The actualiser for managing banned IPs.
*
* @return tempcode The UI
*/
function actual()
{
require_code('failure');
$old_bans = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip'));
$bans = post_param('bans');
$_bans = explode(chr(10), $bans);
foreach ($old_bans as $ban) {
if (preg_match('#^' . preg_quote($ban, '#') . '(\\s|$)#m', $bans) == 0) {
remove_ip_ban($ban);
}
}
$matches = array();
foreach ($_bans as $ban) {
if (trim($ban) == '') {
continue;
}
preg_match('#^([^\\s]+)(.*)$#', $ban, $matches);
$ip = $matches[1];
if (preg_match('#^[a-f0-9\\.\\*:]+$#U', $ip) == 0) {
attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', $ban), 'warn');
} else {
if ($ip == get_ip_address()) {
attach_message(do_lang_tempcode('WONT_BAN_SELF', $ban), 'warn');
} elseif ($ip == ocp_srv('SERVER_ADDR')) {
attach_message(do_lang_tempcode('WONT_BAN_SERVER', $ban), 'warn');
}
if (!in_array($ip, $old_bans)) {
ban_ip($ip, trim($matches[2]));
$old_bans[] = $ip;
}
}
}
// Show it worked / Refresh
$title = get_page_title('IP_BANS');
$refresh_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
return redirect_screen($title, $refresh_url, do_lang_tempcode('SUCCESS'));
}