function safe_post_data() { if ($_SERVER["REQUEST_METHOD"] == "POST") { foreach ($_POST as $key => $value) { if (is_string($value)) { $_POST[$key] = clean_query_string($_POST[$key]); } } } }
<th scope="row">업데이트</th> <td> <?php echo $write['fo_datetime']; ?> </td> </tr> <?php } ?> </tbody> </table> </div> <div class="btn_confirm01 btn_confirm"> <input type="submit" value="확인" class="btn_submit" accesskey="s"> <a href="./form_list.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?> ">목록</a> </div> </form> <script> function add(str) { var conts = document.getElementById('sms_contents'); var bytes = document.getElementById('sms_bytes'); conts.focus(); conts.value+=str; byte_check('sms_contents', 'sms_bytes'); return; } function byte_check(sms_contents, sms_bytes)
if (!get_session('ss_view_' . $bo_table . '_' . $wr_id)) { alert('잘못된 접근입니다.'); } // 다운로드 차감일 때 비회원은 다운로드 불가 if ($board['bo_download_point'] < 0 && $is_guest) { alert('다운로드 권한이 없습니다.\\n회원이시라면 로그인 후 이용해 보십시오.', G5_BBS_URL . '/login.php?wr_id=' . $wr_id . '&' . $qstr . '&url=' . urlencode(G5_BBS_URL . '/board.php?bo_table=' . $bo_table . '&wr_id=' . $wr_id)); } $sql = " select bf_source, bf_file from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$no}' "; $file = sql_fetch($sql); if (!$file['bf_file']) { alert('파일 정보가 존재하지 않습니다.'); } // JavaScript 불가일 때 if ($js != 'on' && $board['bo_download_point'] < 0) { $msg = $file['bf_source'] . ' 파일을 다운로드 하시면 포인트가 차감(' . number_format($board['bo_download_point']) . '점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?'; $url1 = G5_BBS_URL . '/download.php?' . clean_query_string($_SERVER['QUERY_STRING']) . '&js=on'; $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']); //$url1 = 확인link, $url2=취소link // 특정주소로 이동시키려면 $url3 이용 confirm($msg, $url1, $url2); } if ($member['mb_level'] < $board['bo_download_level']) { $alert_msg = '다운로드 권한이 없습니다.'; if ($member['mb_id']) { alert($alert_msg); } else { alert($alert_msg . '\\n회원이시라면 로그인 후 이용해 보십시오.', G5_BBS_URL . '/login.php?wr_id=' . $wr_id . '&' . $qstr . '&url=' . urlencode(G5_BBS_URL . '/board.php?bo_table=' . $bo_table . '&wr_id=' . $wr_id)); } } $filepath = G5_DATA_PATH . '/file/' . $bo_table . '/' . $file['bf_file']; $filepath = addslashes($filepath);
$session->confirmation_protected_page(); if (User::is_employee() || User::is_visitor()) { redirect_to('index.php'); } ?> <?php if (isset($_GET['class_name'])) { $class_name = $_GET['class_name']; call_user_func_array(array($class_name, 'change_to_unique_data'), ['ajax']); $is_data = true; } else { $class_name = "ToDoList"; $is_data = false; } $url = clean_query_string('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?" . "class_name=" . u($class_name) . "&id=" . u($_GET['id']) . "&test=1"); //echo $url; http: //localhost/rajah_production/public/admin/edit_data.php?class_name=BlacklistIp&id=12 ; if (isset($_GET['id'])) { $post_link = $_SERVER["PHP_SELF"] . "?class_name=" . u($class_name) . "&id=" . urlencode($_GET['id']); $page = "Update"; $page1 = "Update "; $text_post = "Updated"; $text_post1 = "update"; } else { $post_link = $_SERVER["PHP_SELF"] . "?class_name=" . u($class_name); $page = "New"; $page1 = "Add New "; $text_post = "created"; $text_post1 = "creation";
public function display_table_new($long_short = 0, $edit) { $this->set_up_display(); $output = ""; $output .= "<tr class=\"gradeX\">"; if ($long_short == 1) { $table_field = static::$db_fields_table_display_full; } else { $table_field = static::$db_fields_table_display_short; } foreach ($table_field as $fieldname) { if (property_exists($this, $fieldname)) { if (in_array($fieldname, static::$fields_numeric_format)) { if ((double) $this->{$fieldname} < 0) { $style = "color:red;"; } else { $style = ""; } // $output.= "<td $style class='text-right'>".number_format ( $this->$fieldname,2)."</td>"; $output .= "<td><span style='{$style}' class='text-right'>" . number_format($this->{$fieldname}, 2) . "</span></td>"; } else { $output .= "<td class='text-center text-capitalize'>" . $this->{$fieldname} . "</td>"; } } } if ($edit) { $href = clean_query_string("class_edit?class_name=" . get_called_class() . "&id=" . urlencode($this->id)); $output .= "<td class='text-center'><a class='btn btn-primary table-btn' style='width: 5em' href='" . "class_edit?class_name=" . get_called_class() . "&id=" . urlencode($this->id) . "'>Edit</a></td>"; $output .= "<td class='text-center'><a class='btn btn-primary table-btn' style='width: 5em' href='" . $href . "'>Edit</a></td>"; $href = clean_query_string("class_delete?class_name=" . get_called_class() . "&id=" . urlencode($this->id)); $output .= "<td class='text-center'><a class='btn btn-danger table-btn' href='class_delete?class_name=" . get_called_class() . "&id=" . urlencode($this->id) . "'>Delete</a></td>"; } $output .= "</tr>"; return $output; }
public static function table_nav_additional() { $order_name = !empty($_GET["order_name"]) ? $_GET["order_name"] : 'id'; $order_type = !empty($_GET["order_type"]) ? $_GET["order_type"] : 'ASC'; $page = !empty($_GET['page']) ? (int) $_GET["page"] : 1; if (strtoupper($order_type) == 'ASC' && !empty($_GET["order_type"])) { $order_type = 'DESC'; } else { $order_type = 'ASC'; } $qstr = "?search_all=&done=0&submit=&page=" . $page . "&order_name=progress&order_type=" . $order_type; // $qstr="?search_all=&done=0&submit=&page=1&order_name=progress&order_type=DESC"; if (isset($_GET['done']) && (int) $_GET['done'] == 0) { $done = 1; $done_txt = 'Show finished'; } else { $done = 0; $done_txt = 'Show Open'; } $output = "</a><span> </span>"; $href = clean_query_string(static::$page_manage . "?search_all=&done={$done}&submit="); $output .= "<a class=\"btn btn-info\" href=\"" . $href . "\">{$done_txt} " . " </a><span> </span>"; $output .= "<a class=\"btn btn-info\" href=\"" . clean_query_string(static::$page_manage . $qstr) . "\">progress" . " </a><span> </span>"; return $output; }
$array = array(); $current_time = time(); foreach ($file as $value) { $toc = get_line_data('news_toc', $value); if ($toc['timestamp'] > $current_time) { // This is an _archive_, not something that displays all posted news. continue; } $time = mktime(0, 0, 0, date('n', $toc['timestamp']), 1, date('y', $toc['timestamp'])); $allready_added = false; $result = array_search($time, $array); if ($result === NULL || $result === false) { $array[] = $time; } } $qs = clean_query_string(); foreach ($array as $val) { $month = date('n', $val); $year = date("Y", $val); echo '<a href="?fn_month=' . $month . '&fn_year=' . $year . $qs . '">' . $months[$month] . ' ' . $year . '</a><br />' . "\n"; } break; } } else { /*id Month*/ $file = get_ordered_toc(); if ($flip_news) { $file = array_reverse($file); } if ($post_per_day) { $ppp_data = array();
/** * Parses news text or news data so that it is displayed along with its template. * @param string|array $news_string News text to parse, or the array from the required news file. * @param array $settings Override settings when parsing. * @return Parsed news text */ function parse_news_to_view($news_string, $settings = array()) { assert(is_array($settings)); global $fsnw, $wfpost, $ht, $smilies, $bb, $stfpop, $compop, $furl, $fullnewsh, $fullnewsw, $fullnewss, $fullnewsz, $fslink, $datefor, $stflink, $stfheight, $stfwidth, $stfscrolls, $stfresize, $pclink, $datefor, $link_headline_fullstory, $hurl, $comheight, $comwidth, $comscrolls, $comresize; $news_text = array(); if (!empty($news_string)) { $icon = ''; $email = ''; $writer = ''; $link_full_news = ''; $link_comments = ''; $link_tell_friend = ''; $article = $news_string; if (!is_array($news_string)) { $article = get_line_data('news', $news_string); } // Get the template HTML $news_tmpl = get_template((isset($settings['template']) ? $settings['template'] : 'news_temp') . '.php', false); $other_qs = clean_query_string(); $news_url = isset($settings['news_url']) ? $settings['news_url'] : ''; $sep = strpos($news_url, '?') === false ? '?' : '&'; // Create the 'read more...' link if ($article['fullnews'] != '') { if ($fsnw) { $link_full_news = '<a href="' . $furl . '/fullnews.php?fn_id=' . $article['news_id'] . '" onclick="window.open(this.href,\'\',\'height=' . $fullnewsh . ',width=' . $fullnewsw . ',toolbar=no,menubar=no,scrollbars=' . $fullnewss . ',resizable=' . $fullnewsz . '\'); return false">' . $fslink . '</a>'; } else { $link_full_news = '<a href="' . $news_url . $sep . 'fn_mode=fullnews&fn_id=' . $article['news_id'] . $other_qs . '">' . $fslink . '</a>'; } } // Create the comments link if ($compop) { $link_comments = '<a href="' . $furl . '/comments.php?fn_id=' . $article['news_id'] . '" onclick="window.open(this.href,\'\',\'height=' . $comheight . ',width=' . $comwidth . ',toolbar=no,menubar=no,scrollbars=' . $comscrolls . ',resizable=' . $comresize . '\'); return false">' . $pclink . '</a>'; } else { $link_comments = '<a href="' . $news_url . $sep . 'fn_mode=comments&fn_id=' . $article['news_id'] . $other_qs . '">' . $pclink . '</a>'; } // Create the tell a friend link if ($stfpop) { $link_tell_friend = '<a href="' . $furl . '/send.php?fn_id=' . $article['news_id'] . '" onclick="window.open(this.href,\'\',\'height=' . $stfheight . ',width=' . $stfwidth . ',toolbar=no,menubar=no,scrollbars=' . $stfscrolls . ',resizable=' . $stfresize . '\'); return false">' . $stflink . '</a>'; } else { $link_tell_friend = '<a href="' . $news_url . $sep . 'fn_mode=send&fn_id=' . $article['news_id'] . $other_qs . '">' . $stflink . '</a>'; } // Make sure the number of comments is 0 or above. $num_comments = max((int) $article['numcomments'], 0); // Get author information $author = get_author($article['author']); if ($author === false) { $author = array('showemail' => false, 'nick' => $article['author']); } // Create the icon if (strpos($news_tmpl, '{icon}') !== false && !empty($author['icon'])) { $icon = '<img src="' . $author['icon'] . '" alt="" />'; } // Put the writer's name with his email as a link, or in some cases not. $email = $author['showemail'] ? $author['email'] : ''; if (!$email) { $writer = $author['nick']; } else { $writer = '<a href="mailto:' . $author['email'] . '">' . $author['nick'] . '</a>'; } // Get our new lines back $article['shortnews'] = str_replace('&br;', $ht ? '' : '<br />', $article['shortnews']); $article['fullnews'] = str_replace('&br;', $ht ? '' : '<br />', $article['fullnews']); $article['headline'] = format_message($article['headline'], $ht, $bb, $smilies, $wfpost); $article['shortnews'] = format_message($article['shortnews'], $ht, $bb, $smilies, $wfpost); $article['fullnews'] = format_message($article['fullnews'], $ht, $bb, $smilies, $wfpost); $file = file(FNEWS_ROOT_PATH . 'categories.php'); array_shift($file); $categories = explode(',', $article['categories']); $cat_icon = ''; $cat_id = 0; $cat_name = ''; $category_filter = isset($settings['category']) ? $settings['category'] : array(); $num_category_filter = sizeof($category_filter); foreach ($file as $category) { $category = get_line_data('categories', $category); if ($num_category_filter > 0 && in_array($category['category_id'], $category_filter) || $num_category_filter == 0 && in_array($category['category_id'], $categories)) { $cat_icon = $category['icon'] != '' ? '<img src="' . $category['icon'] . '" alt="" />' : ''; $cat_id = $category['category_id']; $cat_name = $category['name']; break; } } $news_text = array('post_id' => $article['news_id'], 'link_tell_friend' => $link_tell_friend, 'link_full_news' => $link_full_news, 'subject' => $article['headline'], 'description' => $article['description'], 'writer' => $writer, 'email' => $email, 'date' => date($datefor, (int) $article['timestamp']), 'icon' => $icon, 'news' => $article['shortnews'], 'fullnews' => $article['fullnews'], 'cat_icon' => $cat_icon, 'cat_id' => $cat_id, 'cat_name' => $cat_name); if (strpos($news_tmpl, '{comments}') !== false) { $news_text += array('nrc' => $num_comments, 'link_comments' => $link_comments); } else { $news_text += array('nrc' => '', 'link_comments' => ''); } // Replace in the values! $news_tmpl = replace_masks($news_tmpl, array('post_id' => $news_text['post_id'], 'user' => $news_text['writer'], 'date' => $news_text['date'], 'icon' => $news_text['icon'], 'send' => $news_text['link_tell_friend'], 'nrc' => $news_text['nrc'], 'cat_id' => $news_text['cat_id'], 'cat_name' => $news_text['cat_name'], 'cat_icon' => $news_text['cat_icon'], 'fullstory' => $news_text['link_full_news'], 'comments' => $news_text['link_comments'], 'subject' => '<a id="fus_' . $news_text['post_id'] . '"></a>' . $news_text['subject'], 'news' => $news_text['news'], 'description' => $news_text['description'])); $news_text += array('display' => $news_tmpl); } return $news_text; }
$news_file = file(FNEWS_ROOT_PATH . 'news/news.' . $toc['news_id'] . '.php'); $valid_posts[] = get_line_data('news', $news_file[1]); } } ob_start(); if (sizeof($valid_posts) > 0) { if ($fn_date_order == 'asc') { $valid_posts = array_reverse($valid_posts); } if ($fn_pagination) { $total_posts = sizeof($valid_posts); $pagination = ''; $max_pages = ceil($total_posts / $fn_news_per_page); if ($max_pages > 1) { $fn_page = $fn_page > $max_pages ? $max_pages : $fn_page; $other_qs = clean_query_string(); if ($news_pagination_arrows) { if ($fn_page - 1 >= 1) { $pagination .= '<a href="?fn_page=' . ($fn_page - 1) . $other_qs . '">' . $news_pagination_prv . '</a> '; } else { $pagination .= $news_pagination_prv . ' '; } } if ($news_pagination_numbers || !$news_pagination_numbers && !$news_pagination_arrows) { $pagination .= create_page_numbers($max_pages, $fn_page, '?' . $other_qs, 'fn_page'); } if ($news_pagination_arrows) { if ($fn_page + 1 <= $max_pages) { $pagination .= ' <a href="?fn_page=' . ($fn_page + 1) . $other_qs . '">' . $news_pagination_nxt . '</a>'; } else { $pagination .= ' ' . $news_pagination_nxt;
$text = 'http://localhost/rajah_production/public/admin/edit_data.php?class_name=LinksCategory?id=1'; $text = "http://localhost/rajah_production/public/admin/delete_data.php?class_name=Links?id=4"; $text = "http://localhost/rajah_production/public/admin/manage_data.php?class_name=Links?&page=8"; $text = "http://localhost/rajah_production/public/admin/manage_data.php?class_name=Links?class_name=Links&page=1&view=1"; $text_qry_str = "/rajah_production/public/admin/edit_data.php?id=4"; $text = "http://localhost/rajah_production/public/admin/edit_data.php?id=4"; function clean_query_string($text_qry_str) { if (substr_count($text_qry_str, '?') > 1) { $occ = substr_count($text_qry_str, '?'); // echo "\n"."Number time ? ".$occ."\n"; $pos = (int) strpos($text_qry_str, '?'); // echo"position ".$pos."\n"; $qry_str_part1 = substr($text_qry_str, 0, $pos + 1); // echo "\n"; $qry_str_part2 = substr($text_qry_str, $pos + 1); // echo "\n"; $qry_str_part2 = str_replace("&?", "&", $qry_str_part2, $count); $qry_str_part2 = str_replace("&&", "&", $qry_str_part2, $count); $qry_str_part2 = str_replace("??", "&", $qry_str_part2, $count); $qry_str_part2 = str_replace("?&", "&", $qry_str_part2, $count); echo $text_qry_str; echo "\n"; $new_url = $qry_str_part1 . str_replace("?", "&", $qry_str_part2, $count) . "\n"; return $new_url; } else { return $text_qry_str; } } echo clean_query_string($text);