Exemplos de S::slashes em PHP

Exemplo n.º 1

Arquivo: usermanage.php Projeto: jechiy/PHPWind

    include PrintEot('usermanage');
    exit;
} elseif ($adminitem == 'unituser') {
    require_once R_P . 'require/credit.php';
    if ($_POST['action'] == "unit") {
        S::gp(array('uids', 'newuid'), 'P');
        if (!$uids) {
            adminmsg('unituser_username_empty');
        }
        if (!$newuid) {
            adminmsg('unituser_newname_empty');
        }
        $userService = L::loadClass('UserService', 'user');
        /* @var $userService PW_UserService */
        $touser = $userService->get($newuid);
        S::slashes($touser);
        if (!$touser['username']) {
            adminmsg('unituser_newname_error');
        }
        $oldinfo = array();
        $uids = explode(',', $uids);
        foreach ($uids as $key => $value) {
            if (is_numeric($value)) {
                if ($value == $newuid) {
                    adminmsg('unituser_samename');
                }
                $rt = $userService->get($value, true, true, true);
                if (!$rt['uid']) {
                    adminmsg('unituser_username_error');
                } else {
                    $oldinfo[] = $rt;

Exemplo n.º 2

Arquivo: setforum.php Projeto: jechiy/PHPWind

         $checked = $ifsave == 1 ? 'checked' : '';
         empty($forumnum) && ($forumnum = 5);
         require_once R_P . "require/forum.php";
         $setfid_style = getstyles($style);
     }
     include PrintEot('setforum');
     exit;
 } else {
     S::gp(array('vieworder', 'forumadmin', 'style', 'keywords', 'descrip', 'logo', 'ifsave', 'addtype'));
     S::gp(array('descrip'), 'P', 0);
     $fidArr = array();
     //存放新增的版块id数组
     $forumtype = $forum[$fup]['type'] == 'category' ? 'forum' : ($forum[$fup]['type'] == 'forum' ? 'sub' : 'sub2');
     if ($forum[$fup]['type'] != 'category') {
         $fupset = $db->get_one("SELECT f.allowhide,f.allowrob,f.allowsell,f.allowtype,f.copyctrl,f.viewsub,f.allowvisit,f.allowpost,f.allowrp,f.allowdownload,f.allowupload,f.f_type,f.f_check,f.cms,f.ifhide,fe.creditset,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . S::sqlEscape($fup));
         S::slashes($fupset);
         @extract($fupset, EXTR_OVERWRITE);
     }
     foreach ($name as $key => $value) {
         if (empty($value)) {
             continue;
         }
         $value = str_replace('<iframe', '&lt;iframe', $value);
         $descrip[$key] = str_replace('<iframe', '&lt;iframe', $descrip[$key]);
         $keywords[$key] = S::escapeChar($keywords[$key]);
         //			strlen($descrip[$key])>250 && adminmsg('descrip_long');
         $newadmin = array();
         $str_admin = '';
         $admin_a = explode(",", $forumadmin[$key]);
         foreach ($admin_a as $aid => $avalue) {
             $avalue = trim($avalue);

Exemplo n.º 3

Arquivo: forumcp.php Projeto: sherlockhouse/aliyun

function updatecache_fd1()
{
    global $db;
    require_once R_P . 'admin/cache.php';
    //* $db->update("UPDATE pw_forums SET childid='0',fupadmin=''");
    $db->update(pwQuery::buildClause("UPDATE :pw_table SET childid='0',fupadmin=''", array('pw_forums')));
    $query = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='category' ORDER BY vieworder");
    while ($cate = $db->fetch_array($query)) {
        S::slashes($cate);
        $query2 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='forum' AND fup=" . S::sqlEscape($cate['fid']));
        if ($db->num_rows($query2)) {
            $havechild[] = $cate['fid'];
            while ($forum = $db->fetch_array($query2)) {
                S::slashes($forum);
                $fupadmin = trim($cate['forumadmin']);
                if ($fupadmin) {
                    //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin)." WHERE fid=".S::sqlEscape($forum['fid']));
                    pwQuery::update('pw_forums', 'fid=:fid', array($forum['fid']), array('fupadmin' => $fupadmin));
                }
                if (trim($forum['forumadmin'])) {
                    $fupadmin .= $fupadmin ? substr($forum['forumadmin'], 1) : $forum['forumadmin'];
                    //is
                }
                $query3 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . S::sqlEscape($forum['fid']));
                if ($db->num_rows($query3)) {
                    $havechild[] = $forum['fid'];
                    while ($sub1 = $db->fetch_array($query3)) {
                        S::slashes($sub1);
                        $fupadmin1 = $fupadmin;
                        if ($fupadmin1) {
                            //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin1)." WHERE fid=".S::sqlEscape($sub1['fid']));
                            pwQuery::update('pw_forums', 'fid=:fid', array($sub1['fid']), array('fupadmin' => $fupadmin1));
                        }
                        if (trim($sub1['forumadmin'])) {
                            $fupadmin1 .= $fupadmin1 ? substr($sub1['forumadmin'], 1) : $sub1['forumadmin'];
                        }
                        $query4 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . S::sqlEscape($sub1['fid']));
                        if ($db->num_rows($query4)) {
                            $havechild[] = $sub1['fid'];
                            while ($sub2 = $db->fetch_array($query4)) {
                                S::slashes($sub2);
                                $fupadmin2 = $fupadmin1;
                                if ($fupadmin2) {
                                    //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin2)." WHERE fid=".S::sqlEscape($sub2['fid']));
                                    pwQuery::update('pw_forums', 'fid=:fid', array($sub2['fid']), array('fupadmin' => $fupadmin2));
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if ($havechild) {
        /*
        $havechilds = S::sqlImplode($havechild);
        $db->update("UPDATE pw_forums SET childid='1' WHERE fid IN($havechilds)");
        */
        pwQuery::update('pw_forums', 'fid IN(:fid)', array($havechild), array('childid' => '1'));
    }
}

Exemplo n.º 4

Arquivo: security.php Projeto: justinyaoqi/qyhr

 /**
  * 变量转义
  * @param $array
  */
 function slashes(&$array)
 {
     if (is_array($array)) {
         foreach ($array as $key => $value) {
             if (is_array($value)) {
                 S::slashes($array[$key]);
             } else {
                 $array[$key] = addslashes($value);
             }
         }
     }
 }

Exemplo n.º 5

Arquivo: mawhole.php Projeto: jechiy/PHPWind

     }
 }
 !$mids && Showmsg('mawhole_nodata');
 $pw_attachs = L::loadDB('attachs', 'forum');
 $pw_attachs->updateByTid($mids, array('fid' => $to_id));
 //* $threads = L::loadClass('Threads', 'forum');
 //* $threads->delThreads($mids);
 Perf::gatherInfo('changeThreadWithThreadIds', array('tid' => $mids));
 //$mids = S::sqlImplode($mids);
 $updatetop = $todaypost = $topic_all = $replies_all = 0;
 $cy_tids = array();
 $query = $db->query("SELECT tid,fid as tfid,author,postdate,subject,replies,topped,ptable,ifcheck,tpcstatus,modelid,special,specialsort FROM pw_threads WHERE tid IN(" . S::sqlImplode($mids) . ")");
 //tucool
 $tucoolService = L::loadClass('Tucool', 'forum');
 while ($rt = $db->fetch_array($query)) {
     S::slashes($rt);
     @extract($rt);
     $tfid != $fid && Showmsg('admin_forum_right');
     $ptable_a[$ptable] = 1;
     $postdate > $tdtime && ($todaypost += $replies + 1);
     $ifcheck && $topic_all++;
     $replies_all += $replies;
     if ($rt['tpcstatus'] && getstatus($rt['tpcstatus'], 1)) {
         $cy_tids[$rt['tid']] = $rt['tid'];
     }
     // 静态模版更新
     if ($foruminfo['allowhtm'] == 1) {
         $date = date('ym', $postdate);
         $htmurldel = R_P . $db_readdir . '/' . $fid . '/' . $date . '/' . $tid . '.html';
         P_unlink($htmurldel);
     }

Exemplo n.º 6

Arquivo: info_face.php Projeto: sherlockhouse/aliyun

        $icon_encode_url = 'saveFace=' . $save_param . '&url=' . $default_pic . '&imgsize=' . $db_imgsize . '&';
    } else {
        $icon_encode_url = '';
    }
    if ($icontype == 2) {
        $httpurl = $iconurl;
    }
    if ($icontype != 1) {
        $iconfile = '';
    }
    require_once uTemplate::PrintEot('info_face');
    pwOutPut();
} else {
    if ($step == '2') {
        PostCheck();
        S::slashes($userdb);
        S::gp(array('facetype', 'proicon'), 'P');
        require_once R_P . 'require/showimg.php';
        $user_a = explode('|', $winddb['icon']);
        $usericon = '';
        if ($facetype == 1) {
            $usericon = setIcon($proicon, $facetype, $user_a);
        } elseif ($_G['allowportait'] && $facetype == 2) {
            $httpurl = S::getGP('httpurl', 'P');
            if (strncmp($httpurl[0], 'http://', 7) != 0 || strrpos($httpurl[0], '|') !== false) {
                refreshto("profile.php?action=modify&info_type={$info_type}&facetype={$facetype}", getLangInfo('msg', 'illegal_customimg'), 2, true);
            }
            $proicon = S::escapeChar($httpurl[0]);
            $httpurl[1] = (int) $httpurl[1];
            $httpurl[2] = (int) $httpurl[2];
            $httpurl[3] = (int) $httpurl[3];

Exemplo n.º 7

Arquivo: admincp.php Projeto: jechiy/PHPWind

function checkpass($CK)
{
    S::slashes($CK);
    global $db, $manager, $db_ifsafecv;
    if (S::inArray($CK[1], $manager)) {
        global $manager_pwd;
        $v_key = array_search($CK[1], $manager);
        $ifQuery = true;
        // In order ot get bubble info
        if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) {
            $userService = L::loadClass('UserService', 'user');
            /* @var $userService PW_UserService */
            $rt = $userService->getByUserName($CK[1], true, true);
            if (!SafeCheck($CK, PwdCode($rt['password'])) || $db_ifsafecv && $rt['safecv'] != $CK['3']) {
                return false;
            }
            if (!admincheck($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups'], 'check')) {
                return false;
            }
            $ifQuery = false;
        } elseif ($db_ifsafecv) {
            $userService = L::loadClass('UserService', 'user');
            /* @var $userService PW_UserService */
            $rt = $userService->getByUserName($CK[1], true, true);
            if ($rt && $rt['safecv'] != $CK['3']) {
                return false;
            }
            $ifQuery = false;
        }
        if ($ifQuery) {
            $userService = L::loadClass('UserService', 'user');
            /* @var $userService PW_UserService */
            $rt = $userService->getByUserName($CK[1], true, true);
        }
        define('If_manager', 1);
        $rightset['gid'] = 3;
        $rightset['all'] = 1;
        $rightset['bubble'] = $rt['bubble'];
        require GetLang('purview');
        foreach ($purview as $key => $value) {
            $rightset[$key] = 1;
        }
        foreach ($nav_manager['option'] as $key => $value) {
            $rightset[$key] = 1;
        }
    } else {
        $rt = $db->get_one("SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp,md.bubble FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' LEFT JOIN pw_memberdata md ON md.uid = m.uid WHERE m.username=" . S::sqlEscape($CK[1]));
        if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) {
            return false;
        }
        if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) {
            return false;
        }
        $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . S::sqlEscape($rt['groupid']));
        if ($rightset) {
            if (!is_array($rightset = unserialize($rightset))) {
                $rightset = array();
            }
        } else {
            $rightset = array();
        }
        require GetLang('purview');
        foreach ($rightset as $key => $value) {
            $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0;
        }
        $rightset['gid'] = $rt['groupid'];
        $rightset['bubble'] = $rt['bubble'];
    }
    $rightset['uid'] = $rt['uid'];
    return $rightset;
}

Exemplo n.º 8

Arquivo: common.php Projeto: jechiy/PHPWind

/**
 * 加转义
 *
 * @param mixed $array
 */
function Add_S(&$array)
{
    S::slashes($array);
}