* @name Comment * @version 2.0 * @package Fiyo CMS * @copyright Copyright (C) 2014 Fiyo CMS. * @license GNU/GPL, see LICENSE.txt * @description **/ defined('_FINDEX_') or die('Access Denied'); $db = new FQuery(); $db->connect(); loadLang(__DIR__); if (!defined('SEF_URL')) { $link = check_permalink('link', getLink(), 'link'); $go_link = FUrl . getLink() . "&pid={$_GET['pid']}"; } else { $link = @check_permalink('permalink', $_REQUEST['link'], 'link'); $go_link = FUrl . @$_REQUEST['link'] . SEF_EXT; } require 'entry_comment.php'; define('CAPTCHA', false); if (!CAPTCHA) { $valid = true; if (!isset($_SESSION['captcha'])) { $_SESSION['captcha'] = 99; } $_POST['secure'] = $_SESSION['captcha']; $_SESSION['ENABLE_CAPTCHA'] = false; } if (isset($_POST['send-comment'])) { //reCaptcha $privatekey = oneQuery('comment_setting', 'name', "'recaptcha_privatekey'", 'value');
$id = app_param('id'); if ($view != 'default') { $a = FQuery("pustaka_category", "id={$id}", '', 1); if (!$a) { $a = FQuery("pustaka_file", "id={$id}", '', 1); } if (!$a and app_param('label') != null) { $a = app_param('label'); } } else { $a = app_param('view') == 'default'; } if ($a) { $sef_prefix = "pustaka"; if (defined('SEF_URL')) { $page = check_permalink('permalink', 'addons', 'pid'); if ($view == 'item') { $item = oneQuery('pustaka_file', 'id', $id, 'title'); $vcat = oneQuery('pustaka_file', 'id', $id, 'category'); $ncat = oneQuery('pustaka_category', 'id', $vcat, 'name'); $page = oneQuery('menu', 'link', "'?app=pdf&view=category&id={$vcat}'", 'id'); if (!$page) { $page = oneQuery('permalink', 'link', "'?app=pdf&view=default'", 'pid'); } if (app_param('go') != 'pdf') { add_permalink("{$id}-{$item}", "{$sef_prefix}/{$ncat}", $page); } else { add_permalink("{$id}-{$item}/pdf", "{$sef_prefix}/{$ncat}", $page); } } else { if ($view == 'category') {
define('_FINDEX_', 1); session_start(); if (!isset($_SESSION['USER_ID']) or !isset($_SESSION['USER_ID']) or $_SESSION['USER_LEVEL'] > 3 or !isset($_POST['url'])) { die; } require_once '../../../system/jscore.php'; ?> <table class="table tools"> <tbody> <?php $db = new FQuery(); $db->connect(); $sql = $db->select(FDBPrefix . "article", "*,DATE_FORMAT(date,'%W, %b %d %Y') as dates", "", 'date DESC LIMIT 10'); $no = 1; while ($qr = mysql_fetch_array($sql)) { $read = check_permalink("link", "?app=article&view=item&id={$qr['id']}", "permalink"); if ($read) { $read = $_POST['url'] . $read; } else { $read = $_POST['url'] . "?app=article&view=item&id={$qr['id']}"; } $edit = "?app=article&act=edit&id={$qr['id']}"; $auth = userInfo("name", "{$qr['author_id']}"); $info = "{$qr['date']}"; $read_article = Read; $edit_article = Edit; if ($no % 2 == 0) { $class = 'clr'; } else { $class = 'cln'; }
function getLink() { if (defined('SEF_URL') and _FINDEX_ != 'BACK') { $tapos = strpos($_SERVER['REQUEST_URI'], "?"); if (!_Page) { $link = substr($_SERVER['REQUEST_URI'], $tapos); } else { $link = substr($_SERVER['REQUEST_URI'], 0, $tapos); } if (isset($_GET['pid'])) { echo 1; $link = str_replace("&pid={$_GET['pid']}", "", $link); } $link = str_replace("&pid=", "", $link); } else { $trim = strlen(siteConfig('sef_extention')); $link = str_replace(siteConfig('site_url'), "", getUrl()); $trim = strlen($link) - $trim; if (defined('SEF_URL')) { $link = substr($link, 0, $trim); } else { $link = substr($link, 0); } } //no inject please :) $link = str_replace("'", "", $link); $link = str_replace('"', "", $link); if (checkLocalhost()) { $base = str_replace('localhost', '', FBase); $link = str_replace($base, '', $link); } if (SEF_URL and check_permalink('permalink', $link, 'link')) { $link = check_permalink('permalink', $link, 'link'); } return $link; }
function add_permalink($title, $cat = NULL, $pid = null, $ext = null, $next = null) { $page = _Page; if (!preg_match("/[0-9]/", $page)) { $page = null; } if (SEF_URL and !checkHomePage() and !$page) { $db = new FQuery(); $db->connect(); $eqpos = strpos($_SERVER['REQUEST_URI'], "="); $tapos = strpos($_SERVER['REQUEST_URI'], "?"); if ($eqpos > 0 and $tapos > 0 and empty($_GET['page'])) { $permalink = str_replace(" ", "-", strtolower($title)); if (app_param('app') == 'article' and app_param('view') == 'item') { while (substr_count($permalink, '/')) { $permalink = str_replace("/", "-", $permalink); } } $category = str_replace(" ", "-", strtolower($cat)); if (!empty($cat)) { $permalink = strtolower($category) . "/" . $permalink; } else { $permalink = $permalink; } while (substr_count($permalink, "[")) { $permalink = str_replace("[", "", $permalink); } while (substr_count($permalink, "]")) { $permalink = str_replace("]", "", $permalink); } while (substr_count($permalink, "(")) { $permalink = str_replace("(", "", $permalink); } while (substr_count($permalink, ")")) { $permalink = str_replace(")", "", $permalink); } while (substr_count($permalink, "{")) { $permalink = str_replace("{", "", $permalink); } while (substr_count($permalink, "}")) { $permalink = str_replace("}", "", $permalink); } while (substr_count($permalink, "&")) { $permalink = str_replace("&", "", $permalink); } while (substr_count($permalink, "&")) { $permalink = str_replace("&", "", $permalink); } /************ ? removal **************/ while (substr_count($permalink, "?")) { $permalink = str_replace("?", "", $permalink); } /************ + removal **************/ while (substr_count($permalink, "+")) { $permalink = str_replace("+", "", $permalink); } /************ # removal **************/ while (substr_count($permalink, "#")) { $permalink = str_replace("#", "", $permalink); } /************ & removal **************/ while (substr_count($permalink, "\\&")) { $permalink = str_replace("\\&", "", $permalink); } /************ . removal **************/ while (substr_count($permalink, ".")) { $permalink = str_replace(".", "-", $permalink); } /************ ! removal **************/ while (substr_count($permalink, "!")) { $permalink = str_replace("!", "", $permalink); } /************ ` removal **************/ while (substr_count($permalink, "`")) { $permalink = str_replace("`", "", $permalink); } /************ ' removal **************/ while (substr_count($permalink, "'")) { $permalink = str_replace("'", "", $permalink); } /************ " removal **************/ while (substr_count($permalink, "\"")) { $permalink = str_replace('"', "", $permalink); } /************ ; removal **************/ while (substr_count($permalink, ";")) { $permalink = str_replace(';', "", $permalink); } /************ " removal **************/ while (substr_count($permalink, '|')) { $permalink = str_replace('|', "", $permalink); } /************ % removal **************/ while (substr_count($permalink, '%')) { $permalink = str_replace('%', "", $permalink); } /************ * removal **************/ while (substr_count($permalink, '*')) { $permalink = str_replace('*', "", $permalink); } /************ ^ removal **************/ while (substr_count($permalink, '^')) { $permalink = str_replace('^', "", $permalink); } /************ \ removal **************/ while (substr_count($permalink, '\\')) { $permalink = str_replace("\\", "", $permalink); } /************ \ removal **************/ /************ , removal **************/ while (substr_count($permalink, ',')) { $permalink = str_replace(",", "", $permalink); } /************ $ removal **************/ while (substr_count($permalink, '$')) { $permalink = str_replace("\$", "", $permalink); } /************ @ removal **************/ while (substr_count($permalink, '@')) { $permalink = str_replace("@", "", $permalink); } while (substr_count($permalink, "--")) { $permalink = str_replace("--", "-", $permalink); } if (empty($pid)) { $pid = Page_ID; } $link = getLink(); if (!empty($category) and empty($ext)) { $permalink = $permalink . SEF_EXT; } else { if (!empty($ext)) { $ext = str_replace(".", "", $ext); $permalink = "{$permalink}.{$ext}"; } } if (check_permalink('link', $link)) { redirect(FUrl . $permalink); } else { if (!empty($permalink)) { if ($c = check_permalink('permalink', $permalink)) { $x = 2; $permalink = str_replace(SEF_EXT, "", $permalink); while ($c) { $p = "{$permalink}-{$x}"; $c = check_permalink('permalink', $p . SEF_EXT); $x++; } $permalink = $p . SEF_EXT; } if (!empty($permalink) and $permalink != "-" and !empty($link)) { $qr = $db->insert(FDBPrefix . 'permalink', array("", "{$link}", "{$permalink}", $pid, 1, 0)); } if (isset($qr)) { redirect(FUrl . $permalink); } } } } } }
$info = "{$qr['date']}"; $imgr = md5("{$qr['email']}"); $foto = " <span class='c_gravatar' data-gravatar-hash=\"{$imgr}\"></span>"; $comment = cutWords(htmlToText($qr['comment']), 10); $hide = Hide; $cedit = Edit; $read = Read; $delete = Delete; $approve = Approve; $app = link_param('app', "{$qr['link']}"); $aid = link_param('id', "{$qr['link']}"); $app = "{$qr['apps']}"; if (empty($app)) { $app = 'article'; } $lread = $_POST['url'] . check_permalink("link", "?app=article&view=item&id={$aid}", "permalink"); $edit = "?app={$app}&view=comment&act=edit&id={$id}"; $title = oneQuery('article', 'id', $aid, 'title'); $red = ''; if ($qr['status']) { $approven = "<a class='btn-tools btn btn-danger btn-sm btn-grad disable-user' title='{$hide}' data-id='{$id}'>{$hide}</a><a class='btn-tools btn btn-success btn-sm btn-grad approve-user' title='{$approve}' style='display:none;' data-id='{$id}'>{$approve}</a>"; } else { $approven = "<a data-id='{$id}' class='btn-tools btn btn-success btn-sm btn-grad approve-user' title='{$approve}'>{$approve}</a><a data-id='{$id}' class='btn-tools btn btn-danger btn-sm btn-grad disable-user' title='{$hide}' style='display:none;'>{$hide}</a>"; $red = "class='unapproved'"; } echo "<tr {$red}><td style='text-align: center; vertical-align: middle; padding: 7px 8px 6px 10px;'>{$foto}</td><td style='width: 97%; padding: 7px 8px 8px 0;'><b>{$qr['name']}</b> <span>on</span> {$title}<a data-toggle='tooltip' data-placement='right' title='{$info}' class='icon-time tooltips'></a><a data-toggle='tooltip' data-placement='left' title='{$qr['email']}' class='icon-envelope-alt tooltips'></a>\n\t\t\t<br/><span>{$comment} ...</span><br/>\n\t\t\t<div class='tool-box tool-{$no}'>\n\t\t\t\t{$approven}\n\t\t\t\t<a href='{$edit}' class='btn btn-tools tips' title='{$cedit}'>{$cedit}</a>\n\t\t\t\t<a href='{$lread}#comment-{$qr['id']}' target='_blank' class='btn btn-tools tips' title='{$read}'>{$read}</a>\n\t\t\t\t<!--a class='btn btn-tools tips' title='{$delete}'>{$delete}</a-->\n\t\t\t</div>\n\t\t\t</td></tr>"; $no++; } if ($no < 1) { echo "<tr><td style='text-align:center; padding: 40px 0; color: #ccc; font-size: 1.5em'>" . No_Comment . "</td></tr>"; }
if (isset($_GET['pid']) and is_numeric($_GET['pid'])) { define('Page_ID', pageInfo($_GET['pid'], 'id')); } else { define('Page_ID', oneQuery('menu', 'global', 1, 'id')); } } } } else { if (SEF_URL) { if (!empty($pid) and $pid == menuInfo('id')) { define('Page_ID', $pid); } else { if (isset($_GET['pid']) and is_numeric($_GET['pid'])) { define('Page_ID', pageInfo($_GET['pid'], 'id')); } else { $pid = @check_permalink('permalink', $_REQUEST['link'], 'pid'); if ($pid == 0) { $pid = oneQuery('menu', 'global', 1, 'id'); } if ($pid == 0) { $pid = oneQuery('menu', 'home', 1, 'id'); } define('Page_ID', $pid); } } } } } } /********************************************/ /* Delete Installer */
break; } $lcat = "{$ncat}/{$lcat}"; $i++; } $lcat = strtolower($lcat); $item = articleInfo('title'); add_permalink($item, $lcat, $page); } else { if ($view == 'category' or $view == 'catlist') { $icat = categoryInfo('id'); $ncat = categoryInfo('name'); $page = menuInfo('id', "?app=article&view=category&id={$icat}"); $lcat = "{$ncat}"; $i = 1; while (empty($page) and !check_permalink('link', getLink()) and $i < 10 and $icat != 0) { $icat = categoryInfo('parent_id', $icat); $ncat = categoryInfo('name', $icat); $page = menuInfo('id', "?app=article&view=category&id={$icat}"); if ($icat == 0) { break; } $lcat = "{$ncat}/{$lcat}"; $i++; } $lcat = strtolower($lcat); $item = articleInfo('title'); if (_FEED_ == 'rss') { add_permalink("{$lcat}", "", "", "rss"); } else { add_permalink($lcat, '', $page);