public function testPaginationLinksAvoidXssAttack()
{
$attackUrl = '/items/browse/%22%3e%3cscript%3ealert(11639)%3c/script%3e';
$escapedUrl = '/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?page=3';
// Have to dispatch a request in order for view script directories to
// be added to the View instance.
$this->dispatch($attackUrl);
Zend_Registry::set('pagination', array("menu" => NULL, "page" => "2", "per_page" => 2, "total_results" => 10, "link" => ""));
$html = pagination_links();
$this->assertContains("href=\"{$escapedUrl}\"", $html, 'Should have escaped the pagination URLs to avoid XSS attack.');
}
public function page()
{
$invoices = $this->data['invoices'] = $this->core->get_user_invoices(user_id());
// pagination
$this->data['base_pagination'] = base_url('client/invoices/page/');
$this->data['total_rows'] = count($invoices);
$this->data['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'Your Invoices';
}
public function page()
{
$users = $this->data['users'] = $this->ion_auth->get_users();
// pagination
$this->data['base_pagination'] = base_url('admin/clients/page/');
$this->data['total_rows'] = count($users);
$this->data['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'All Clients';
}
public function page()
{
$tickets = $this->data['tickets'] = $this->core->get_tickets();
// pagination
$this->data['base_pagination'] = base_url('admin/tickets/page/');
$this->data['total_rows'] = count($tickets);
$this->data['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'All Tickets';
}
public function page()
{
$invoices = $this->data['invoices'] = $this->core->get_invoices();
// pagination
$this->load->library('pagination');
$this->data['base_pagination'] = $config['base_url'] = base_url('admin/invoices/page/');
$this->data['total_rows'] = $config['total_rows'] = count($invoices);
$this->data['per_page'] = $config['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'All Projects';
}
public function page()
{
$settings = $this->data['settings'] = $this->settings->get_settings();
$options = $this->data['options'] = $this->core->get_settings_as_objs();
// pagination
$this->data['base_pagination'] = base_url('admin/options/page/');
$this->data['total_rows'] = count($options);
$this->data['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'Global Options';
}
function sb_search_page_func($atts)
{
global $sb_config, $post, $size_low, $size_high, $price_low, $price_high;
if (is_array($atts) and array_key_exists('server_override', $atts)) {
$sb_config['server_address'] = $atts['server_override'];
unset($atts['server_override']);
}
//add search box
$a = "<div class='sb_wrapper'>\r\n\t\t\t<div class='smartbroker_section smartbroker_group'>\r\n\t\t\t<div class='smartbroker_col smartbroker_span_1_of_3'>";
$a .= sb_search_box_func($atts, get_the_ID());
$a .= '</div>';
$a .= "<div class='smartbroker_col smartbroker_span_2_of_3'>";
if (is_array($atts) and array_key_exists('parent_type', $atts)) {
$sb_config['data']['pt'] = (int) $atts['parent_type'];
}
//print_r($sb_config['data']);
$xml = load_results_xml($sb_config['data']);
if ($xml !== FALSE) {
$total_rows = $xml['count'];
$returned_rows = count($xml);
$requested_rows = $xml['requested_rows'];
$start_row = $xml['start'];
$end_row = $start_row + $returned_rows - 1;
if ($total_rows > 0) {
$results_string = sprintf(__('%s results found - showing results %s to %s.', 'smartbroker'), $total_rows, $start_row, $end_row);
$a .= " {$results_string}<div id='results'>";
foreach ($xml->boat as $boat) {
$a .= search_result_item($boat);
}
$a .= pagination_links($total_rows, $start_row, $requested_rows);
} else {
$a .= "<div id='results'>";
$a .= blank_slate_row();
}
//data required by javascript
$a .= "<div style='display: none;' id='sb_server_address'>" . $sb_config['server_address'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_listing_page'>" . $sb_config['listing_page'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_currency_1'>" . $sb_config['currency_1'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_currency_1_symbol'>" . $sb_config['currencies'][$sb_config['currency_1']]['symbol'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_currency_2'>" . $sb_config['currency_2'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_currency_2_symbol'>" . $sb_config['currencies'][$sb_config['currency_2']]['symbol'] . "</div>\r\n";
$a .= "<div style='display: none;' id='sb_curr_2_rate'>" . $sb_config['currencies'][$sb_config['currency_2']]['rate'] / $sb_config['currencies'][$sb_config['currency_1']]['rate'] . "</div>\r\n";
}
$a .= "</div>";
//end span 2_of_3
$a .= "</div>";
//end row
$a .= "<!-- end sb_wrapper -->";
//end sb_wrapper
return $a;
}
$exhibitCount++;
?>
<?php
}
?>
<?php
echo pagination_links();
?>
<?php
} else {
?>
<p><?php
echo 'Nenhuma exposição foi adicionado ainda.';
?>
</p>
<?php
}
?>
<div class="col-md-12"><?php
echo pagination_links();
?>
</div>
</div> <!-- /.row -->
<br/>
<br/>
</div>
</div>
</div>
<!--Fim do container -->
<?php
echo foot();
<img src="<?php
echo ASSETS . $product->image_path();
?>
" width="210" alt="<?php
echo $product->name;
?>
" />
</a>
</div>
</div>
<?php
}
?>
<div id="pagination" style="clear: both;">
<?php
echo pagination_links($pagination, "all-products", $page);
?>
</div>
</div>
</div>
<!-- Showing search results -->
<div id="search-results">
</div>
<?php
include $dir_public . 'lightbox.php';
?>
</div><!-- End Content Row -->
<?php
include_layout_template('admin_footer.php');
?>
<div style="position: absolute; z-index: 2; width: 100%; height: 100%; top: 0; left: 0; padding: 0px; margin: 0px;">
<a class="fill-div" style="padding: 0px; margin: 0px;" href="' . $link . '"></a>
</div>
<span class="information">' . $count . '</span>
</td>
<td width="19%" class="tablecontents"><a href="' . $link . '">' . $SoldierName . '</a></td>
<td width="19%" class="tablecontents">' . $Score . '</td>
<td width="19%" class="tablecontents">' . $Kills . '</td>
<td width="19%" class="tablecontents">' . $KDR . '</td>
<td width="19%" class="tablecontents">' . $HSR . '<span class="information"> %</span></td>
</tr>
</table>
';
}
// build the pagination links
pagination_links($ServerID, './index.php', 'leaders', $currentpage, $totalpages, $rank, $order, '');
} else {
echo '
<div class="subsection" style="margin-top: 2px;">
<div class="headline">
No player stats found for';
if (!empty($ServerID)) {
echo ' this server.';
} else {
echo ' these servers.';
}
echo '
</div>
</div>
';
}
?>
<a class="view" target="_blank" href="<?php
echo item_url($item);
?>
?result=1">Voir la fiche</a>
</div>
<?php
$i++;
?>
<?php
}
?>
<?php
echo '<div style="clear:both; padding-top:50px;" />' . pagination_links() . '</div>';
?>
<?php
fire_plugin_hook('public_items_browse', array('items' => $items, 'view' => $this));
?>
<?php
} else {
?>
<h1 style="margin-left:235px;">Aucun résultat</h1>
<br /><br />
<div style="text-align:center">Votre recherche ne comporte aucun résultat.</div>
<br /><br />
<div style="text-align:center;"><a class="back" style="margin: 0 auto;" href="javascript:history.back();">Modifier les critères</a></div>
public function page()
{
if (isset($_POST['new_ticket'])) {
// Quick and dirty - add a new ticket
$this->form_validation->set_rules('subject', 'Ticket Subject', 'required|trim|xss_clean');
$this->form_validation->set_rules('issue', 'Issue Description', 'required|trim|xss_clean');
$this->form_validation->set_rules('project', 'Project', 'required');
if ($this->form_validation->run() == TRUE) {
$query = $this->db->query("INSERT INTO tickets (code, subject, issue, client, project, status) VALUES ('" . $this->generate_ticket_code(5) . "', '" . mysql_real_escape_string($_POST['subject']) . "', '" . mysql_real_escape_string($_POST['issue']) . "', '" . user_id() . "', '{$_POST['project']}', 'Open')");
if ($query) {
$project = $this->core->get_project($_POST['project']);
flashmsg('New ticket created for project: ' . $project->name . '.', 'success');
redirect('/client/tickets');
}
}
}
$all_projects = $this->core->get_projects();
$projects = array('' => 'Select one');
foreach ($all_projects as $project) {
$projects[$project->id] = $project->name;
}
$this->data['projects'] = $projects;
$tickets = $this->data['tickets'] = $this->core->get_client_tickets(user_id());
// pagination
$this->data['base_pagination'] = base_url('client/tickets/page/');
$this->data['total_rows'] = count($tickets);
$this->data['per_page'] = 10;
$this->data['row_start'] = intval($this->uri->segment(4));
$this->data['links'] = pagination_links($this->data);
// end pagination
$this->data['meta_title'] = 'Your Tickets';
}
<?php
echo pagination_links(array('url' => url(array('controller' => 'exhibits', 'action' => 'items', 'page' => null))));
?>
<div id="item-list">
<?php
echo item_search_filters();
if (!has_loop_records('items')) {
?>
<p><?php
echo __('There are no items to choose from. Please refine your search or %s.', '<a href="' . html_escape(url('items/add')) . '">' . __('add some items') . '</a>');
?>
</p>
<?php
}
foreach (loop('items') as $item) {
?>
<?php
echo $this->exhibitItemListing($item);
}
?>
</div>
public function view($slug_rubric = '', $slug_content = '', $page_number = 0)
{
$data['query_all_rubrics'] = $this->all_rubrics;
$data['all_authors'] = $this->all_authors;
$data['all_tags'] = $this->all_tags;
$params = $this->front->about();
if (!empty($params)) {
$data['p_title'] = $params->p_title;
$data['about'] = $params->p_about;
$data['twitter'] = $params->p_twitter;
$data['google'] = $params->p_google;
} else {
$data['p_title'] = $data['about'] = $data['twitter'] = $data['google'] = '';
}
// Rubric case
if ($this->uri->total_segments() == 1 or $this->uri->total_segments() == 3) {
$data['all_content'] = $this->front->get_all_content();
$config = pagination_custom($params->p_nb_listing);
$total_rows = $this->model_content->get_contents_rubric_listing($slug_rubric, '', '')->num_rows();
// Config for pagination : base_url, first_url, total_rows, num_link, uri_segment
$pagination = pagination_links(base_url($slug_rubric . '/page'), base_url($this->uri->segment(1)), $total_rows, round($total_rows / $config['per_page'] + 1), 3);
$this->pagination->initialize(array_merge($config, $pagination));
if ($page_number > $pagination['num_links']) {
redirect(show_404());
} else {
$data['query'] = $this->model_content->get_contents_rubric_listing($slug_rubric, $page_number, $config['per_page']);
if ($data['query']->num_rows == 0) {
redirect(show_404());
}
$data['pagination'] = $this->pagination->create_links();
}
// Nb comments
foreach ($data['all_content']->result() as $row) {
$nb_comments[$row->c_id] = $this->front->get_comments($row->c_id)->num_rows();
}
$data['nb_comments'] = $nb_comments;
$row = $data['query']->row();
$data['page'] = 'rubric';
$data['title'] = $row->r_title;
if (!empty($params)) {
$data['meta_title'] = $row->r_title . ' - ' . $params->p_title;
} else {
$data['meta_title'] = $row->r_title;
}
if ($this->uri->total_segments() == 3 && $page_number <= 1) {
redirect(base_url($slug_rubric), 302);
} elseif ($page_number == 0) {
$data['breadcrumb'] = $data['title'];
} else {
$data['page_number'] = $page_number;
$data['meta_title'] .= ' - page ' . $page_number;
$data['breadcrumb'] = '<a href="' . base_url($slug_rubric) . '">' . $data['title'] . '</a> - page ' . $page_number;
}
$data['meta_desc'] = $row->r_description;
//$data['meta_pagination'] = $this->front->get_pagination_seo($pagination['base_url'], $pagination['first_url'], $page_number, $total_rows, $config['per_page'], $type='POST');
// Article case
} elseif ($this->uri->total_segments() <= 2) {
$query_article = $this->model_content->get_content_by_slug($slug_rubric, $slug_content);
if ($query_article->num_rows() == 1) {
$data['page'] = 'content';
$row = $query_article->row();
$row->c_content = Parsedown::instance()->parse($row->c_content);
$c_id = $row->c_id;
$data['title'] = $data['c_title'] = $row->c_title;
$data['c_content'] = $row->c_content;
$data['c_image'] = $row->c_image;
$data['c_pdate'] = $row->c_pdate;
$data['c_date'] = date_fr(date("d", strtotime($row->c_pdate)), date("m", strtotime($row->c_pdate)), date("Y", strtotime($row->c_pdate)));
$data['c_udate'] = $row->c_udate;
$data['udate'] = date_complete_fr(date("d", strtotime($row->c_udate)), date("m", strtotime($row->c_udate)), date("Y", strtotime($row->c_udate)), date("h", strtotime($row->c_udate)), date("i", strtotime($row->c_udate)));
$data['c_url_rw'] = $row->c_url_rw;
$data['r_title'] = $row->r_title;
$data['r_url_rw'] = $row->r_url_rw;
$data['u_id'] = $row->u_id;
$data['u_login'] = $row->u_login;
$data['u_biography'] = $row->u_biography;
$data['u_twitter'] = $row->u_twitter;
$data['u_google'] = $row->u_google;
$data['nb_comments'] = $this->front->get_comments($row->c_id)->num_rows();
if (!empty($params)) {
$data['meta_title'] = $row->c_title . ' - ' . $params->p_title;
} else {
$data['meta_title'] = $row->c_title;
}
$data['meta_desc'] = character_limiter(strip_tags($row->c_content), 254);
$data['breadcrumb'] = $row->c_title;
if (isset($row->c_tags)) {
$data['tags'] = explode(';', $row->c_tags);
}
$data['query_same_user'] = $this->model_content->get_content_by_user($data['u_id'], 5, $c_id);
$data['query_same_rubric'] = $this->model_content->get_contents_same_rubric($slug_rubric, $slug_content);
$c_tags = array_values(array_filter(explode(';', $row->c_tags)));
$data['query_same_tag'] = $this->model_content->get_contents_same_tag($slug_rubric, $slug_content, $c_tags);
$data['all_content'] = $this->model_content->get_contents_others($slug_content);
$data['comments'] = $this->model_comment->get_comment($c_id);
$this->form_validation->set_rules('com_nickname', 'Nom', 'trim|required|min_length[2]');
$this->form_validation->set_rules('com_content', 'Contenu', 'trim|required|min_length[2]');
$this->form_validation->set_rules('captcha', 'Captcha', 'callback_check_captcha');
$com_nickname = $this->input->post('com_nickname');
$com_content = $this->input->post('com_content');
$captcha = $this->input->post('captcha');
$this->form_validation->set_message('com_nickname', 'Le pseudo doit faire 2 caractères mininum');
$this->form_validation->set_message('com_content', 'Le pseudo doit faire 2 caractères mininum');
$this->load->library('session');
if ($this->form_validation->run() !== FALSE) {
$this->model_comment->create_comment($c_id, $com_nickname, $com_content);
$this->session->set_flashdata('success', 'Commentaire ajouté.');
redirect(current_url());
} else {
// Génération du captcha
$word = substr(sha1(rand()), -5);
$path_captcha = 'assets/captcha/';
$the_captcha = array('word' => $word, 'img_path' => $path_captcha, 'img_url' => site_url() . $path_captcha, 'img_width' => '150', 'img_height' => 30, 'expiration' => 60);
$this->session->set_userdata('captcha', $word);
$this->session->set_userdata('image', $the_captcha['img_url']);
$data['captcha'] = create_captcha($the_captcha);
$data['captcha_image'] = $data['captcha']['image'];
//$this->session->unset_userdata('captcha');
}
} else {
redirect(show_404());
}
} else {
redirect(show_404());
}
$this->load->view(URL_LAYOUT, $data);
}
<?php
if (is_allowed('ArchiveFolder_Index', 'delete')) {
?>
<input type="submit" class="small red batch-actiorran button" name="submit-batch-delete" value="<?php
echo __('Delete');
?>
">
<?php
}
?>
</div>
<?php
echo common('quick-filters');
?>
<div class="pagination"><?php
echo $paginationLinks = pagination_links();
?>
</div>
<table id="archive-folders">
<thead>
<tr>
<?php
if (is_allowed('ArchiveFolder_Index', 'edit')) {
?>
<th class="batch-edit-heading"><?php
// echo __('Select');
?>
</th>
<?php
}
$browseHeadings[__('Folder')] = 'uri';
?>
</td>
<td><?php
echo $product->description;
?>
</td>
<td><a href="<?php
echo HOME;
?>
delete-product?id=<?php
echo $product->id;
?>
" onclick="return confirm('Are you sure?')">Remove</a>
</tr>
<?php
}
?>
</table>
</div><!-- End div for Table -->
<!-- Display pagination links -->
<div id="pagination" style="clear: both;">
<?php
echo pagination_links($pagination, "dashboard", $page);
?>
</div>
</div>
</div><!-- End content Row -->
<?php
include_layout_template('admin_footer.php');
';
} else {
echo '
<td width="5%" class="count"><span class="information">' . $count . '</span></td>
<td width="15%" class="tablecontents">' . $logDate . '</td>
<td width="15%" class="tablecontents">' . $logSoldierName . '</td>
';
}
echo '
<td width="65%" class="tablecontents">' . $logMessage . '</td>
</tr>
</table>
';
}
// build the pagination links
pagination_links($ServerID, 'index.php', $page, $currentpage, $totalpages, $rank, $order, $query);
} else {
echo '
<div class="subsection" style="margin-top: -2px;">
<div class="headline">
No relevant chat content found for
';
// if there is a ServerID, this is a server stats page
if (!empty($ServerID)) {
echo ' this server.';
} else {
echo ' these servers.';
}
echo '
</div>
</div>
?>
" data-gallery>
<img src="<?php
echo ASSETS . $product->image_path();
?>
" width="210" alt="<?php
echo $product->name;
?>
" />
</a>
</div>
</div>
<?php
}
?>
<div id="pagination" style="clear: both;">
<?php
echo pagination_links($pagination, "home", $page);
?>
</div>
</div>
<!-- Showing search results -->
<div id="search-results">
</div>
<?php
include $dir_public . 'lightbox.php';
?>
</div><!-- End Content -->
</div><!-- End Row containing Navigation and Content -->
<?php
include_layout_template("footer.php");
" value="remove">
<p class="bagit-small">[-] Check to Remove</p>
<?php
}
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="pagination">
<?php
echo pagination_links(array('scrolling_style' => 'All', 'page_range' => '5', 'partial_file' => 'common' . DIRECTORY_SEPARATOR . 'pagination_control.php', 'page' => $current_page, 'per_page' => $results_per_page, 'total_results' => $total_results));
?>
</div>
<?php
echo submit(array('name' => 'export', 'class' => 'bagit-create-bag'), 'Export');
?>
<?php
echo submit(array('name' => 'update_collection', 'class' => 'bagit-left-submit'), 'Update Bag');
?>
<?php
echo submit(array('name' => 'add_all_files', 'class' => 'bagit-left-submit'), 'Add All Files');
?>
<?php
echo submit(array('name' => 'remove_all_files', 'class' => 'bagit-delete bagit-left-submit'), 'Remove All Files');
?>
