/** * Sets the tags of the image * * @param string $tags the tag string */ function setTags($tags) { if (!is_array($tags)) { $tags = explode(',', $tags); } storeTags(filterTags($tags), $this->id, 'images'); }
/** * Stores tags for an album/image * * @param array $tags the tag values * @param int $id the record id of the album/image * @param string $tbl 'albums' or 'images' */ function storeTags($tags, $id, $tbl) { global $_zp_UTF8; $tags = filterTags($tags); $tagsLC = array(); foreach ($tags as $tag) { $tagsLC[$tag] = $_zp_UTF8->strtolower($tag); } $sql = "SELECT `id`, `tagid` from " . prefix('obj_to_tag') . " WHERE `objectid`='" . $id . "' AND `type`='" . $tbl . "'"; $result = query_full_array($sql); $existing = array(); if (is_array($result)) { foreach ($result as $row) { $dbtag = query_single_row("SELECT `name` FROM " . prefix('tags') . " WHERE `id`='" . $row['tagid'] . "'"); $existingLC = $_zp_UTF8->strtolower($dbtag['name']); if (in_array($existingLC, $tagsLC)) { // tag already set no action needed $existing[] = $existingLC; } else { // tag no longer set, remove it query("DELETE FROM " . prefix('obj_to_tag') . " WHERE `id`='" . $row['id'] . "'"); } } } $tags = array_flip(array_diff($tagsLC, $existing)); // new tags for the object foreach ($tags as $tag) { $dbtag = query_single_row("SELECT `id` FROM " . prefix('tags') . " WHERE `name`='" . mysql_real_escape_string($tag) . "'"); if (!is_array($dbtag)) { // tag does not exist query("INSERT INTO " . prefix('tags') . " (name) VALUES ('" . mysql_real_escape_string($tag) . "')"); $dbtag = query_single_row("SELECT `id` FROM " . prefix('tags') . " WHERE `name`='" . mysql_real_escape_string($tag) . "'"); } query("INSERT INTO " . prefix('obj_to_tag') . "(`objectid`, `tagid`, `type`) VALUES (" . $id . "," . $dbtag['id'] . ",'" . $tbl . "')"); } }
function cleanXSS($val) { if ($val != "") { global $XSS_cache; if (!empty($XSS_cache) && array_key_exists($val, $XSS_cache)) { return $XSS_cache[$val]; } $source = html_entity_decode($val, ENT_QUOTES, 'ISO-8859-1'); $source = preg_replace('/&#(\\d+);/me', 'chr(\\1)', $source); $source = preg_replace('/&#x([a-f0-9]+);/mei', 'chr(0x\\1)', $source); while ($source != filterTags($source)) { $source = filterTags($source); } $source = nl2br($source); $XSS_cache[$val] = $source; return $source; } return $val; }