function cs($thing) { if (isset($_COOKIE[$thing])) { if (get_magic_quotes_gpc()) { return doStrip($_COOKIE[$thing]); } else { return $_COOKIE[$thing]; } } return ''; }
function stripPost() { if (isset($_POST)) { if (get_magic_quotes_gpc() == 1) { return doStrip($_POST); } else { return $_POST; } } return ''; }
function link_save($vars) { global $txpcfg, $txpac; $varray = gpsa($vars); if ($txpac['textile_links']) { include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $varray['linkname'] = $textile->TextileThis($varray['linkname'], '', 1); $varray['description'] = $textile->TextileThis($varray['description'], 1); } extract(doSlash($varray)); if (!$linksort) { $linksort = $linkname; } $rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = '{$id}'"); if ($rs) { link_edit(messenger('link', doStrip($linkname), 'saved')); } }
function gs($name, $default = '') { if (isset($_GET[$thing])) { if (MAGIC_QUOTES_GPC) { return doStrip($_GET[$thing]); } else { return $_GET[$thing]; } } return $default; }
function parsePostedCSS() { $post = MAGIC_QUOTES_GPC ? doStrip($_POST) : $_POST; foreach ($post as $a => $b) { if (preg_match("/^\\d+\$/", $a)) { $selector = $b; } if (preg_match("/^\\d+-\\d+(?:p|v)\$/", $a)) { if (strstr($a, 'p')) { $property = $b; } else { if (trim($property) && trim($selector)) { $out[$selector][$property] = $b; } } } } return isset($out) ? $out : array(); }
/* This is Textpattern Copyright 2004 by Dean Allen www.textpattern.com All rights reserved Use of this software indicates acceptance of the Textpattern license agreement */ //------------------------------------------------------------- check_privs(1, 2); $step = ps('step'); if ($step == 'save') { $prefnames = safe_column("name", "txp_prefs", "prefs_id='1'"); $post = get_magic_quotes_gpc() ? doStrip($_POST) : $_POST; $post = doSlash($post); foreach ($prefnames as $prefname) { if (isset($post[$prefname])) { if ($prefname == 'lastmod') { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } else { if ($prefname == 'siteurl') { $post[$prefname] = str_replace("http://", '', $post[$prefname]); } safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '{$prefname}' and prefs_id ='1'"); } } } $message = gTxt('preferences_saved'); }
function yab_shop_clean_input($input, $modus = 'output') { if (empty($input)) { $cleaned = $input; } if (is_array($input)) { foreach ($input as $key => $val) { $cleaned[$key] = yab_shop_clean_input($val); } } else { $cleaned = str_replace(array('=', '&', '"', '\'', '<', '>', ';', '\\'), '', $input); if ($modus != 'output') { $cleaned = doSlash($cleaned); } else { $cleaned = doStrip($cleaned); } } return $cleaned; }
function link_save() { global $txpcfg, $vars; $varray = gpsa($vars); extract(doSlash($varray)); if (!$linksort) { $linksort = $linkname; } $id = assert_int($id); $rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}"); if ($rs) { update_lastmod(); $message = gTxt('link_updated', array('{name}' => doStrip($linkname))); link_edit($message); } }
function link_save() { global $txpcfg, $prefs, $vars; $varray = gpsa($vars); if ($prefs['textile_links']) { include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $varray['linkname'] = $textile->TextileThis($varray['linkname'], '', 1); $varray['description'] = $textile->TextileThis($varray['description'], 1); } extract(doSlash($varray)); if (!$linksort) { $linksort = $linkname; } $id = assert_int($id); $rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}"); if ($rs) { update_lastmod(); $message = gTxt('link_updated', array('{name}' => doStrip($linkname))); link_edit($message); } }
/** * Saves a category from HTTP POST data. * * @param string $event Type of category * @param string $table Affected database table */ function cat_event_category_save($event, $table_name) { extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title'))))); $id = assert_int($id); $rawname = $name; $name = sanitizeForUrl($rawname); // Make sure the name is valid. if (!$name) { $message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR); return cat_event_category_edit($event, $message); } // Don't allow rename to clobber an existing category. $existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'"); if ($existing_id and $existing_id != $id) { $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR); return cat_event_category_edit($event, $message); } // TODO: validate parent? $parent = $parent ? $parent : 'root'; $message = array(gTxt('category_save_failed'), E_ERROR); if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) { rebuild_tree_full($event); if ($event == 'article') { if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) { $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); } } else { if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) { $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); } } } cat_category_list($message); }
function cs($thing, $default = '') { if (isset($_COOKIE[$thing])) { if (MAGIC_QUOTES_GPC) { return doStrip($_COOKIE[$thing]); } else { return $_COOKIE[$thing]; } } return $default; }
function _permlinkurl($article_array, $type = PERMLINKURL, $pl_index = NULL) { global $pretext, $prefs, $production_status; if ($type == PAGELINKURL) { return $this->toggle_custom_url_func('pagelinkurl', $article_array); } if (empty($article_array)) { return; } if ($pl_index) { $pl = $this->get_permlink($pl_index); } else { // Get the matched pretext replacement array. $matched = count($this->matched_permlink) ? $this->matched_permlink : @array_shift(array_slice($this->partial_matches, -1)); if (!isset($pl) && $matched && array_key_exists('id', $matched)) { // The permlink id is stored in the pretext replacement array, so we can find the permlink. $pl = $this->get_permlink($matched['permlink_id']); foreach ($pl['components'] as $pl_c) { if (in_array($pl_c['type'], array('feed', 'page')) || !$this->check_permlink_conditions($pl, $article_array)) { unset($pl); break; } } } if (!isset($pl)) { // We have no permlink id so grab the permlink with the highest precedence. $permlinks = $this->get_all_permlinks(1, array('feed', 'page')); foreach ($permlinks as $key => $pl) { if (!$this->check_permlink_conditions($pl, $article_array)) { unset($permlinks[$key]); } } $pl = array_shift($permlinks); } } $uri = ''; if (is_array($pl) && array_key_exists('components', $pl)) { extract($article_array); if (!isset($title)) { $title = $Title; } if (empty($url_title)) { $url_title = stripSpace($title); } if (empty($section)) { $section = $Section; } if (empty($posted)) { $posted = $Posted; } if (empty($authorid)) { $authorid = @$AuthorID; } if (empty($category1)) { $category1 = @$Category1; } if (empty($category2)) { $category2 = @$Category2; } if (empty($thisid)) { $thisid = $ID; } $pl_components = $pl['components']; // Check to see if there is a title component. $title = false; foreach ($pl_components as $pl_c) { if ($pl_c['type'] == 'title' || $pl_c['type'] == 'id') { $title = true; } } // If there isn't a title component then we need to append one to the end of the URI if (!$title && $this->pref('automatically_append_title')) { $pl_components[] = array('type' => 'title', 'prefix' => '', 'suffix' => '', 'regex' => '', 'text' => ''); } $uri = rtrim(doStrip(@$pretext['subpath']), '/'); foreach ($pl_components as $pl_c) { $uri .= '/'; $type = $pl_c['type']; switch ($type) { case 'category': if (!@$pl_c['category']) { $pl_c['category'] = 1; } $primary = 'category' . $pl_c['category']; $secondary = 'category' . (3 - (int) $pl_c['category']); $check_context = $this->pref('join_pretext_to_pagelinks') && $this->pref('check_pretext_category_context'); if (!$check_context || ${$primary} == $pretext['c']) { $uri_c = ${$primary}; } else { if (!$check_context || ${$secondary} == $pretext['c']) { $uri_c = ${$secondary}; } else { if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) { $uri_c = '--INVALID_CATEGORY--'; } else { unset($uri); break 2; } } } break; case 'section': $check_context = $this->pref('join_pretext_to_pagelinks') && $this->pref('check_pretext_section_context'); if (!$check_context || $section == $pretext['s']) { $uri_c = $section; } else { unset($uri); break 2; } break; case 'title': $uri_c = $url_title; break; case 'id': $uri_c = $thisid; break; case 'author': $uri_c = safe_field('RealName', 'txp_users', "name like '{$authorid}'"); break; case 'login': $uri_c = $authorid; break; case 'date': $uri_c = explode('/', date('Y/m/d', $posted)); break; case 'year': $uri_c = date('Y', $posted); break; case 'month': $uri_c = date('m', $posted); break; case 'day': $uri_c = date('d', $posted); break; case 'custom': if ($uri_c = @$article_array[$prefs["custom_{$pl_c['custom']}_set"]]) { } else { if ($uri_c = @$article_array["custom_{$pl_c['custom']}"]) { } else { if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) { $uri_c = '--UNSET_CUSTOM_FIELD--'; } else { unset($uri); break 2; } } } break; case 'text': $uri_c = $pl_c['text']; break; case 'regex': // Check to see if regex is valid without outputting error messages. ob_start(); preg_match($pl_c['regex'], $pl_c['regex'], $regex_matches); $is_valid_regex = !ob_get_clean(); if ($is_valid_regex) { $key = "permlink_regex_{$pl_c['name']}"; $uri_c = array_key_exists($key, $pretext) ? $pretext[$key] : $regex_matches[0]; } else { if ($this->pref('debug')) { $uri_c = '--INVALID_REGEX--'; } } break; } if (empty($uri_c)) { if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) { $uri_c = '--PERMLINK_FORMAT_ERROR--'; } else { unset($uri); break; } } if (@$pl_c['prefix']) { $uri .= $this->encode_url($pl_c['prefix']); } if (is_array($uri_c)) { foreach ($uri_c as $uri_c2) { $uri .= $this->encode_url($uri_c2) . '/'; } $uri = rtrim($uri, '/'); } else { $uri .= $this->encode_url($uri_c); } if (@$pl_c['suffix']) { $uri .= $this->encode_url($pl_c['suffix']); } unset($uri_c); } if (isset($uri)) { $uri .= '/'; } } if ($uri_empty = empty($uri)) { // It is possible the uri is still empty if there is no match or if we're using // strict matching if so try the default permlink mode. $uri = $this->toggle_permlink_mode('permlinkurl', $article_array); } if ($this->pref('omit_trailing_slash')) { $uri = rtrim($uri, '/'); } if (!$uri_empty && in_array(txpath . '/publish/rss.php', get_included_files()) || in_array(txpath . '/publish/atom.php', get_included_files()) || txpinterface == 'admin') { $host = rtrim(str_replace(rtrim(doStrip(@$pretext['subpath']), '/'), '', hu), '/'); $uri = $host . $uri; } return $this->pref('force_lowercase_urls') ? strtolower($uri) : $uri; }
function edit_post() { extract(doSlash(psa(array('name', 'old_name', 'title', 'type')))); $id = $this->psi('id'); $parent = $this->ps('parent'); if (!$parent) { $parent = tree_root_id('txp_category', "type='" . doSlash($type) . "'"); } $name = sanitizeForUrl($name); // make sure the name is valid if (!$name) { $this->_error(gTxt($type . '_category_invalid', array('{name}' => $name))); return; } // don't allow rename to clobber an existing category if (safe_field('id', 'txp_category', "name = '{$name}' and type = '{$type}' and id != {$id}")) { $this->_error(gTxt($type . '_category_already_exists', array('{name}' => $name))); return; } safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}"); tree_rebuild_full('txp_category', "type='{$type}'"); if ($type == 'article') { safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'"); safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'"); } elseif ($type == 'link') { safe_update('txp_link', "category = '{$name}'", "category = '{$old_name}'"); } elseif ($type == 'image') { safe_update('txp_image', "category = '{$name}'", "category = '{$old_name}'"); } elseif ($type == 'file') { safe_update('txp_file', "category = '{$name}'", "category = '{$old_name}'"); } // show a success message and switch back to the list view $this->_message(gTxt($type . '_category_updated', array('{name}' => doStrip($name)))); $this->_set_view('list'); }
function link_save() { global $txpcfg, $vars; $varray = gpsa($vars); extract(doSlash($varray)); if (!$linksort) { $linksort = $linkname; } $id = assert_int($id); $rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}"); if ($rs) { link_edit(messenger('link', doStrip($linkname), 'saved')); } }
function image_save() { global $txp_user; $varray = array_map('assert_string', gpsa(array('id', 'name', 'category', 'caption', 'alt'))); extract(doSlash($varray)); $id = $varray['id'] = assert_int($id); $author = fetch('author', 'txp_image', 'id', $id); if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) { image_list(gTxt('restricted_area')); return; } $constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'image'))); callback_event_ref('image_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate() && safe_update("txp_image", "name = '{$name}',\n category = '{$category}',\n alt = '{$alt}',\n caption = '{$caption}'", "id = {$id}")) { $message = gTxt('image_updated', array('{name}' => doStrip($name))); update_lastmod(); } else { $message = array(gTxt('image_save_failed'), E_ERROR); } image_list($message); }
function link_save() { global $vars, $txp_user; $varray = array_map('assert_string', gpsa($vars)); extract(doSlash($varray)); if ($id) { $id = $varray['id'] = assert_int($id); } if ($linkname === '' && $url === '' && $description === '') { link_list(array(gTxt('link_empty'), E_ERROR)); return; } $author = fetch('author', 'txp_link', 'id', $id); if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) { link_list(gTxt('restricted_area')); return; } if (!$linksort) { $linksort = $linkname; } $constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link'))); callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate()) { if ($id) { $ok = safe_update('txp_link', "category = '{$category}',\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'", "id = {$id}"); } else { $ok = safe_insert('txp_link', "category = '{$category}',\n\t\t\t\t\tdate = now(),\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'"); if ($ok) { $GLOBALS['ID'] = $_POST['id'] = $ok; } } if ($ok) { // update lastmod due to link feeds update_lastmod(); $message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname))); } else { $message = array(gTxt('link_save_failed'), E_ERROR); } } else { $message = array(gTxt('link_save_failed'), E_ERROR); } link_list($message); }
function cat_event_category_save($event, $table_name) { global $txpcfg; extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title')))); $id = assert_int($id); $name = sanitizeForUrl($name); // make sure the name is valid if (!$name) { $message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR); return cat_category_list($message); } // don't allow rename to clobber an existing category $existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'"); if ($existing_id and $existing_id != $id) { $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR); return cat_category_list($message); } $parent = $parent ? $parent : 'root'; if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) { safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'"); } rebuild_tree_full($event); if ($event == 'article') { safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'"); safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'"); } else { safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'"); } $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); cat_category_list($message); }
/** * Gets a HTTP post parameter. * * @param string $name The parameter name * @return mixed */ public function getPost($name) { $out = ''; if (isset($_POST[$name])) { $out = $_POST[$name]; if ($this->magicQuotesGpc) { $out = doStrip($out); } } return doArray($out, 'deNull'); }
function link_save() { global $txpcfg, $vars, $txp_user; $varray = gpsa($vars); extract(doSlash($varray)); $id = assert_int($id); if ($linkname === '' && $url === '' && $description === '') { link_edit(); return; } $author = fetch('author', 'txp_link', 'id', $id); if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) { link_edit(gTxt('restricted_area')); return; } if (!$linksort) { $linksort = $linkname; } $rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}',\n\t\t\tauthor \t\t= '" . doSlash($txp_user) . "'", "id = {$id}"); if ($rs) { update_lastmod(); $message = gTxt('link_updated', array('{name}' => doStrip($linkname))); link_edit($message); } }
function cs($thing) { if (isset($_COOKIE[$thing])) { if (MAGIC_QUOTES_GPC) { return doStrip($_COOKIE[$thing]); } else { return $_COOKIE[$thing]; } } return ''; }
function zem_event_cat_tab_save() { global $txpcfg; extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title')))); $id = assert_int($id); $name = sanitizeForUrl($name); // make sure the name is valid if (!$name) { $message = zem_event_gTxt('category_invalid', array('{name}' => $name)); return zem_event_cat_tab_list($message); } // don't allow rename to clobber an existing category $existing_id = safe_field('id', 'txp_category', "type = 'event' and name = '{$name}'"); if ($existing_id and $existing_id != $id) { $message = zem_event_gTxt('category_already_exists', array('{name}' => $name)); return zem_event_cat_tab_list($message); } $parent = $parent ? $parent : 'root'; if (safe_update('txp_category', "parent = '{$parent}', name = '{$name}', title = '{$title}'", "id = {$id}")) { safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'"); } if (function_exists('rebuild_tree_full')) { rebuild_tree_full('event'); } else { rebuild_tree('root', 1, 'event'); } $message = zem_event_gTxt('category_updated', array('{name}' => doStrip($name))); zem_event_cat_tab_list($message); }