/**
* Removes script tags and their content from the given string or array thereof
* @param mixed $raw The original string or array
* @return mixed The string or array with script tags removed
* @todo Check for event handlers
*/
function contrexx_remove_script_tags($raw)
{
if (is_array($raw)) {
$arr = array();
foreach ($raw as $i => $_raw) {
$arr[$i] = contrexx_remove_script_tags($_raw);
}
return $arr;
}
// Remove closed script tags and content
$result = preg_replace('/<\\s*script[^>]*>.*?<\\s*\\/script\\s*>/is', '', $raw);
// Remove unclosed script tags
$result = preg_replace('/<\\s*script[^>]*>/is', '', $result);
return $result;
}
private function fetchSubmittedData()
{
// set default values
$data['newsText'] = '';
$data['newsTeaserText'] = '';
$data['newsTitle'] = '';
$data['newsRedirect'] = 'http://';
$data['newsSource'] = 'http://';
$data['newsUrl1'] = 'http://';
$data['newsUrl2'] = 'http://';
$data['newsCat'] = '';
$data['newsType'] = '';
$data['newsTypeRedirect'] = 0;
if (!isset($_POST['submitNews'])) {
return array(false, $data);
}
$objValidator = new \FWValidator();
// set POST data
$data['newsTitle'] = contrexx_input2raw(html_entity_decode($_POST['newsTitle'], ENT_QUOTES, CONTREXX_CHARSET));
$data['newsTeaserText'] = contrexx_input2raw(html_entity_decode($_POST['newsTeaserText'], ENT_QUOTES, CONTREXX_CHARSET));
$data['newsRedirect'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsRedirect'], ENT_QUOTES, CONTREXX_CHARSET)));
$data['newsText'] = contrexx_remove_script_tags($this->filterBodyTag(contrexx_input2raw(html_entity_decode($_POST['newsText'], ENT_QUOTES, CONTREXX_CHARSET))));
$data['newsSource'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsSource'], ENT_QUOTES, CONTREXX_CHARSET)));
$data['newsUrl1'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsUrl1'], ENT_QUOTES, CONTREXX_CHARSET)));
$data['newsUrl2'] = $objValidator->getUrl(contrexx_input2raw(html_entity_decode($_POST['newsUrl2'], ENT_QUOTES, CONTREXX_CHARSET)));
$data['newsCat'] = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array();
$data['newsType'] = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0;
$data['newsTypeRedirect'] = !empty($_POST['newsTypeRedirect']) ? true : false;
$data['enableRelatedNews'] = !empty($this->arrSettings['use_related_news']) ? 1 : 0;
$data['relatedNews'] = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array();
$data['enableTags'] = !empty($this->arrSettings['news_use_tags']) ? 1 : 0;
$data['newsTags'] = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array();
return array(true, $data);
}
function csvAdditionalinfo()
{
global $_CORELANG, $_ARRAYLANG, $objDatabase;
$id = contrexx_input2raw($_GET['id']);
$CsvData = '';
if (!empty($id)) {
$objDatasurvey = $objDatabase->Execute('SELECT `title` FROM `' . DBPREFIX . 'module_survey_surveygroup` WHERE id = ' . $id . ' ORDER BY id');
$CsvData .= "Survey Title:";
$CsvData .= trim(contrexx_remove_script_tags($objDatasurvey->fields['title']));
$objDateuser = $objDatabase->Execute('SELECT * FROM `' . DBPREFIX . 'module_survey_addtionalfields` WHERE survey_id = ' . $id . ' ORDER BY id');
$i = 1;
$CsvData .= "\n\n\n" . "No;Date;Salutation;Nickname;Forename;Surname;Age-group;E-mail;Telephone;Street;Zipcode;City;";
/*
* Fetch question info
*/
$Questionquery = 'SELECT `id` as `QuestionId`, `Question`, `QuestionType`, `isCommentable`, `column_choice`
FROM `' . DBPREFIX . 'module_survey_surveyQuestions`
WHERE `survey_id` = ' . $id . '
ORDER BY `id`';
$objQuestion = $objDatabase->Execute($Questionquery);
$Qno = 1;
while (!$objQuestion->EOF) {
$CsvData .= "Question" . $Qno . ";";
$query = 'SELECT `answer` FROM `' . DBPREFIX . 'module_survey_surveyAnswers` WHERE `question_id` = ' . $objQuestion->fields['QuestionId'] . ' ORDER BY id';
$objAnswer = $objDatabase->Execute($query);
$answer = '';
while (!$objAnswer->EOF) {
$answer = trim($objAnswer->fields['answer'], "\r");
if ($answer != '') {
$CsvData .= $answer . ";";
}
$objAnswer->MoveNext();
}
if ($objQuestion->fields['isCommentable'] == 1) {
$CsvData .= "Comment;";
}
$Qno++;
$objQuestion->MoveNext();
}
while (!$objDateuser->EOF) {
$CsvData .= "\n";
$date = trim(contrexx_raw2xhtml($objDateuser->fields['added_date']));
$Salutation = trim(contrexx_raw2xhtml($objDateuser->fields['salutation']));
$Nickname = trim(contrexx_raw2xhtml($objDateuser->fields['nickname']));
$Forename = trim(contrexx_raw2xhtml($objDateuser->fields['forename']));
$Surname = trim(contrexx_raw2xhtml($objDateuser->fields['surname']));
$Agegroup = trim(contrexx_raw2xhtml($objDateuser->fields['agegroup']));
$Telephone = trim(contrexx_raw2xhtml($objDateuser->fields['phone']));
$Street = trim(contrexx_raw2xhtml($objDateuser->fields['street']));
$Zipcode = trim(contrexx_raw2xhtml($objDateuser->fields['zip']));
$Email = trim(contrexx_raw2xhtml($objDateuser->fields['email']));
$City = trim(contrexx_raw2xhtml($objDateuser->fields['city']));
$CsvData .= "{$i};{$date};{$Salutation};{$Nickname};{$Forename};{$Surname};{$Agegroup};{$Email};{$Telephone};{$Street};{$Zipcode};{$City};";
$objQuestion = $objDatabase->Execute($Questionquery);
while (!$objQuestion->EOF) {
$CsvData .= $objQuestion->fields['Question'] . ";";
$choiceArr = explode(';', $objQuestion->fields['column_choice']);
$query = "SELECT `comment`, `answers` FROM `" . DBPREFIX . "module_survey_poll_result`\n WHERE `user_id` = " . $objDateuser->fields['id'] . "\n AND `question_id` = " . $objQuestion->fields['QuestionId'] . "\n LIMIT 1";
$objPollResult = $objDatabase->Execute($query);
$query = 'SELECT `id` as `answer_id`, `answer` FROM `' . DBPREFIX . 'module_survey_surveyAnswers` WHERE `question_id` = ' . $objQuestion->fields['QuestionId'] . ' ORDER BY id';
$objAnswer = $objDatabase->Execute($query);
$multiQno = 0;
while (!$objAnswer->EOF) {
$answer_id = $objAnswer->fields['answer_id'];
$poll_result = $objPollResult->fields['answers'];
switch ($objQuestion->fields['QuestionType']) {
case '1':
if ($answer_id == $poll_result) {
$CsvData .= "x;";
} else {
$CsvData .= ";";
}
break;
case '2':
$result = json_decode($poll_result);
if ($result != null) {
if (in_array($answer_id, $result)) {
$CsvData .= "x;";
} else {
$CsvData .= ";";
}
} else {
$CsvData .= ";";
}
break;
case '3':
$result = json_decode($poll_result);
$ansArr = array();
$choArr = array();
if (is_array($result)) {
foreach ($result as $val) {
$valArr = explode('_', $val);
$ansArr[] = $valArr[0];
$choArr[] = isset($valArr[1]) ? $valArr[1] : '';
}
}
if ($result != null) {
if (in_array($answer_id, $ansArr)) {
$ansKey = array_keys($ansArr, $answer_id);
$choKey = $choArr[$ansKey[0]];
$CsvData .= trim($choiceArr[$choKey[0]], "\r") . ";";
} else {
$CsvData .= ";";
}
} else {
$CsvData .= ";";
}
break;
case '4':
$json_result = json_decode($poll_result);
$poll_result_str = is_array($json_result) ? serialize($json_result) : '';
if (strlen($poll_result_str) != 0) {
$found = 0;
foreach ($json_result as $result) {
$ansCount = 0;
$ansArr = array();
$choArr = array();
if (is_array($result)) {
foreach ($result as $val) {
$valArr = explode('_', $val);
$ansArr[] = $valArr[0];
$choArr[] = $valArr[1];
}
}
if (in_array($answer_id, $ansArr)) {
$ansKey = array_keys($ansArr, $answer_id);
$temp = array();
$choKey = array();
foreach ($ansKey as $key) {
$temp[] = $choArr[$key];
}
foreach ($temp as $key) {
$choKey[] = trim($choiceArr[$key], "\r");
}
if ($found == 1) {
$CsvData = substr_replace($CsvData, "", -1);
}
$CsvData .= implode(',', $choKey) . ";";
$found = 1;
}
if (empty($ansArr) && $found == 0) {
$CsvData .= ";";
$found = 1;
}
}
} else {
$CsvData .= ";";
}
break;
case 5:
$CsvData .= $poll_result . ";";
break;
case 6:
$result = json_decode($poll_result);
$CsvData .= $result[$multiQno++] . ";";
break;
default:
$CsvData .= ";";
}
$objAnswer->MoveNext();
}
if ($objQuestion->fields['isCommentable'] == 1) {
$CsvData .= preg_replace("/\n|\r/", " ", $objPollResult->fields['comment']) . ";";
}
$objQuestion->MoveNext();
}
$i++;
$objDateuser->MoveNext();
}
\Cx\Core\Csrf\Controller\Csrf::header("Content-Type: text/csv");
\Cx\Core\Csrf\Controller\Csrf::header("Content-Disposition: Attachment; filename=\"exportAdditionaldetails.csv\"");
echo utf8_decode($CsvData);
exit;
}
}
/**
* Creates an array containing all values of the surveys. Example: $arrValue[randomIndex]['xxx'].
*
* @global object $objDatabase
* @return array $arrReturn
*/
function createSurveyValuesArray()
{
global $objDatabase;
$arrReturn = array();
$objResult = $objDatabase->Execute('SELECT id,
redirect,
created,
lastvote,
participant,
isActive,
isExtended,
isCommentable,
isHomeBox
FROM ' . DBPREFIX . 'module_survey_groups
ORDER BY created DESC');
$intIndex = 0;
if ($objResult) {
while (!$objResult->EOF) {
$arrReturn[$intIndex] = array('id' => $objResult->fields['id'], 'redirect' => contrexx_remove_script_tags($objResult->fields['redirect']), 'created' => date(ASCMS_DATE_FORMAT, $objResult->fields['created']), 'lastvote' => intval($objResult->fields['lastvote']) == 0 ? 'Keine Teilnehmer.' : date(ASCMS_DATE_FORMAT, $objResult->fields['lastvote']), 'participant' => intval($objResult->fields['participant']), 'isActive' => intval($objResult->fields['isActive']), 'isExtended' => intval($objResult->fields['isExtended']), 'isCommentable' => intval($objResult->fields['isCommentable']), 'isHomeBox' => intval($objResult->fields['isHomeBox']));
++$intIndex;
$objResult->MoveNext();
}
}
return $arrReturn;
}
/**
* Show Thanks Message Attend this survey
*
* @access Authendicated
*/
function SurveyAttend()
{
global $_ARRAYLANG, $objDatabase;
$thanksMSG = "";
if (!empty($_GET['id'])) {
$query = "SELECT thanksMSG FROM " . DBPREFIX . "module_survey_surveygroup WHERE id='" . contrexx_input2raw($_GET['id']) . "'";
} else {
$query = "SELECT thanksMSG FROM " . DBPREFIX . "module_survey_surveygroup WHERE isHomeBox='1'";
}
$objResult = $objDatabase->Execute($query);
if (!empty($objResult->fields['thanksMSG'])) {
$thanksMSG = $objResult->fields['thanksMSG'];
}
//Query to get the Question and answer details.
// Static Place holders for labels
$this->_objTpl->setVariable(array('THANKS_MSG' => contrexx_remove_script_tags($thanksMSG), 'TXT_SURVEY_OK_TXT' => '<a href="index.php?section=Survey&cmd=activesurveys"><input type="submit" name="submit_survey" value="' . $_ARRAYLANG['TXT_SURVEY_OK_TXT'] . '" > </a>'));
}
