/** * Get a specific stick variable * * @param string $variable The name of the variable * @param mixed $default Default value if the variable does not exist in sticky cache * @param boolean $filter_result Filter for bad input if true * @return mixed */ function elgg_get_sticky_value($variable, $default = "", $filter_result = true) { if (isset($_SESSION['sticky'][$variable])) { $var = $_SESSION['sticky'][$variable]; if ($filter_result) { // XSS filter result $var = filter_tags($var); } return $var; } return $default; }
/** * Get some input from variables passed on the GET or POST line. * * @param $variable string The variable we want to return. * @param $default mixed A default value for the variable if it is not found. * @param $filter_result If true then the result is filtered for bad tags. */ function get_input($variable, $default = "", $filter_result = true) { global $CONFIG; if (isset($CONFIG->input[$variable])) { return $CONFIG->input[$variable]; } if (isset($_REQUEST[$variable])) { if (is_array($_REQUEST[$variable])) { $var = $_REQUEST[$variable]; } else { $var = trim($_REQUEST[$variable]); } if ($filter_result) { $var = filter_tags($var); } return $var; } return $default; }
function widget_twitter_search_settings_save_hook($hook_name, $entity_type, $return_value, $params) { $widget = elgg_extract("widget", $params); if ($widget && $entity_type == "twitter_search") { $embed_code = elgg_extract("embed_code", get_input("params", array(), false)); // do not strip code $widget_id = false; if ($embed_code) { $start_pos = strpos($embed_code, 'data-widget-id="') + strlen('data-widget-id="'); $end_pos = strpos($embed_code, '"', $start_pos); $widget_id = filter_tags(substr($embed_code, $start_pos, $end_pos - $start_pos)); if ($widget_id) { $widget->widget_id = $widget_id; } else { register_error(elgg_echo("widgets:twitter_search:embed_code:error")); } } } }
/** * Get all the available entries from the database * @param $view is the name of the view. By default view rule is empty. * @param $page is the page in the view * @return Array of associative arrays for each entry. */ function get_entries($view = '', $page = 1) { global $dbh, $config; $rule = get_view_rule($view); $r = rule2sql($rule, 'id, feed_id, authors, title, links, description, content, enclosures, comments, guid, pubDate, lastUpdate', $config->entries_per_page, ($page - 1) * $config->entries_per_page); $query = $dbh->prepare($r[0]); $query->execute($r[1]); $fetched_entries = $query->fetchall(PDO::FETCH_ASSOC); $entries = array(); foreach ($fetched_entries as $entry) { switch ($config->display_entries) { case 'content': if (!empty($entry['content'])) { $entry['displayed_content'] = $entry['content']; } else { $entry['displayed_content'] = $entry['description']; } break; case 'description': $entry['displayed_content'] = $entry['description']; break; case 'title': $entry['displayed_content'] = ''; break; default: $entry['displayed_content'] = $entry['description']; break; } $entry['authors'] = clean_authors(json_decode($entry['authors'])); $entry['links'] = json_decode($entry['links']); $entry['enclosures'] = json_decode($entry['enclosures']); $entry_tags = get_entry_tags($entry['id']); $feed_tags = get_feed_tags($entry['feed_id']); $tags = array_merge($entry_tags, $feed_tags); $entry['system_tags'] = filter_tags($tags, SYSTEM_TAGS); $entry['tags'] = filter_tags($tags, USER_TAGS); $entries[] = $entry; } return $entries; }
/** * validates the form and its attributes * compulsory fields are checked,filter the tags and * push the attributes to the config * @global global $CONFIG */ function izap_actionhook_bridge() { global $CONFIG; $CONFIG->post_byizap->form_validated = true; if (isset($_REQUEST['attributes'])) { @array_walk_recursive($_REQUEST['attributes'], 'get_input'); foreach ($_REQUEST['attributes'] as $key => $val) { if ($key[0] == "_") { $attr = substr($key, 1); if ($val !== '0' && empty($val)) { $CONFIG->post_byizap->form_validated = FALSE; $CONFIG->post_byizap->form_errors[] = elgg_echo($_POST['attributes']['plugin'] . ':form_error:empty:' . $attr); } } else { $attr = $key; } $CONFIG->post_byizap->attributes[$attr] = filter_tags($val); } // put every thing to session elgg_make_sticky_form($CONFIG->post_byizap->attributes['plugin']); unset($_POST['attributes']); } }
/** * {@inheritdoc} */ public function execute() { if (!$this->post) { if ($this->subtype == 'thewire' && is_callable('thewire_save_post')) { $guid = thewire_save_post($this->status, $this->poster->guid, $this->access_id, 0, 'wall'); $this->post = get_entity($guid); } else { $this->post = new Post(); $this->post->subtype = $this->subtype; $this->post->owner_guid = $this->poster->guid; $this->post->container_guid = $this->container->guid; $guid = $this->post->save(); } } $this->post->title = $this->title; $this->post->description = $this->status; $this->post->access_id = $this->access_id; if (!$this->post->guid) { $this->result->addError(elgg_echo('wall:create:error')); return; } if (Integration::isElggVersionBelow('1.9.0')) { $river_id = add_to_river('river/object/hjwall/create', 'create', $this->poster->guid, $this->post->guid); } else { // Create a river entry for this wall post $river_id = elgg_create_river_item(array('view' => 'river/object/hjwall/create', 'action_type' => 'create', 'subject_guid' => $this->post->owner_guid, 'object_guid' => $this->post->guid, 'target_guid' => $this->post->container_guid)); } $river = elgg_get_river(array('ids' => $river_id)); $this->river = $river ? $river[0] : null; $this->post->origin = 'wall'; $qualifiers = elgg_trigger_plugin_hook('extract:qualifiers', 'wall', array('source' => $this->post->description), array()); if (count($qualifiers['hashtags'])) { $this->post->tags = $qualifiers['hashtags']; } if (count($qualifiers['usernames'])) { foreach ($qualifiers['usernames'] as $username) { $user = get_user_by_username($username); if (elgg_instanceof($user) && !in_array($user->guid, $this->friend_guids)) { $this->friend_guids[] = $user->guid; } } } // Add 'tagged_in' relationships // If the access level for the post is not set to private, also create a river item // with the access level specified in their settings by the tagged user if (!empty($this->friend_guids)) { foreach ($this->friend_guids as $friend_guid) { if (add_entity_relationship($friend_guid, 'tagged_in', $this->post->guid)) { if (!in_array($this->access_id, array(ACCESS_PRIVATE, ACCESS_LOGGED_IN, ACCESS_PUBLIC))) { $river_access_id = elgg_get_plugin_user_setting('river_access_id', $friend_guid, 'hypeWall'); if (!is_null($river_access_id) && $river_access_id !== ACCESS_PRIVATE) { $river_id = elgg_create_river_item(array('view' => 'river/relationship/tagged/create', 'action_type' => 'tagged', 'subject_guid' => $friend_guid, 'object_guid' => $this->post->getGUID(), 'target_guid' => $this->post->getContainerGUID(), 'access_id' => $river_access_id)); } } } } } // Wall post access id is set to private, which means it should be visible only to the poster and tagged users // Creating a new ACL for that if ($this->access_id == ACCESS_PRIVATE && count($this->friend_guids)) { $members = $this->friend_guids; $members[] = $this->poster->guid; $members[] = $this->container->guid; $acl_id = AccessCollection::create($members); $this->post->access_id = $acl_id; $this->post->save(); } if (!empty($this->attachment_guids)) { foreach ($this->attachment_guids as $attachment_guid) { add_entity_relationship($attachment_guid, 'attached', $this->post->guid); } } // files being uploaded via $_FILES $uploads = hypeApps()->uploader->handle('upload_guids'); $uploaded_file_guids = []; if ($uploads) { foreach ($uploads as $upload) { if ($upload instanceof \ElggFile) { $file_obj = $upload; } else { if ($upload instanceof \hypeJunction\Files\Upload) { $file_obj = $upload->file; } } if ($file_obj->guid) { $uploaded_file_guids[] = $file_obj->guid; } } } // Something is broken in the hypeApps setter, so doing this hack for now $this->upload_guids = array_merge($this->upload_guids, $uploaded_file_guids); if (!empty($this->upload_guids)) { foreach ($this->upload_guids as $upload_guid) { $upload = get_entity($upload_guid); if ($upload) { $upload->description = $this->post->description; $upload->origin = 'wall'; $upload->access_id = $this->post->access_id; $upload->container_guid = $this->container->canWriteToContainer($this->poster->guid, 'object', 'file') ? $this->container->guid : ELGG_ENTITIES_ANY_VALUE; if ($upload->save()) { add_entity_relationship($upload_guid, 'attached', $this->post->guid); } } } } $this->post->setLocation($this->location); $this->post->address = $this->address; if ($this->post->address && $this->make_bookmark) { $document = elgg_trigger_plugin_hook('extract:meta', 'wall', array('src' => $this->post->address)); $bookmark = new ElggObject(); $bookmark->subtype = "bookmarks"; $bookmark->container_guid = $this->container->canWriteToContainer($this->poster->guid, 'object', 'bookmarks') ? $this->container->guid : ELGG_ENTITIES_ANY_VALUE; $bookmark->address = $this->post->address; $bookmark->access_id = $this->post->access_id; $bookmark->origin = 'wall'; if (!$document) { $bookmark->title = $this->post->title; $bookmark->description = $this->post->description; $bookmark->tags = $this->post->tags; } else { $bookmark->title = filter_tags($document->meta->title); $bookmark->description = filter_tags($document->meta->description); $bookmark->tags = string_to_tag_array(filter_tags($document->meta->keywords)); } $bookmark->save(); $this->bookmark = $bookmark; } if ($this->post->save()) { $message = $this->post->formatMessage(); $params = array('entity' => $this->post, 'user' => $this->poster, 'message' => $message, 'url' => $this->post->getURL(), 'origin' => 'wall'); elgg_trigger_plugin_hook('status', 'user', $params); // Trigger a publish event, so that we can send out notifications elgg_trigger_event('publish', 'object', $this->post); if (get_input('widget')) { elgg_push_context('widgets'); } if (elgg_is_xhr()) { $this->result->output .= elgg_list_river(array('object_guids' => $this->post->guid, 'pagination' => false, 'pagination_type' => false, 'limit' => 0)); } $this->result->addMessage(elgg_echo('wall:create:success')); if ($this->container instanceof \ElggUser) { $this->result->setForwardURL(hypeWall()->router->normalize("owner/{$this->container->username}")); } else { $this->result->setForwardURL(hypeWall()->router->normalize("container/{$this->container->guid}")); } } else { $this->result->addError(elgg_echo('wall:create:error')); } }
<?php /** * EXIF sidebar module */ $image = $vars["image"]; elgg_load_library("tidypics:exif"); $exif = tp_exif_formatted($image); if ($exif) { $title = "EXIF"; $body = "<table class='elgg-table elgg-table-alt'>"; foreach ($exif as $key => $value) { $body .= "<tr>"; $body .= "<td>" . elgg_view("output/text", array("value" => filter_tags($key))) . "</td>"; $body .= "<td>" . elgg_view("output/text", array("value" => filter_tags($value))) . "</td>"; $body .= "</tr>"; } $body .= "</table>"; echo elgg_view_module("aside", $title, $body); }
/** * Get all the values in a sticky form in an array * * @param string $form_name The name of the form * @param bool $filter_result Filter for bad input if true * * @return array */ function getStickyValues($form_name, $filter_result = true) { $session = _elgg_services()->session; $data = $session->get('sticky_forms', array()); if (!isset($data[$form_name])) { return array(); } $values = $data[$form_name]; if ($filter_result) { foreach ($values as $key => $value) { // XSS filter result $values[$key] = filter_tags($value); } } return $values; }
<?php /** * Elgg display long text * Displays a large amount of text, with new lines converted to line breaks * * @package Elgg * @subpackage Core * @author Curverider Ltd * @link http://elgg.org/ * * @uses $vars['text'] The text to display * */ global $CONFIG; echo autop(parse_urls(filter_tags($vars['value'])));
<?php /** * Elgg display long text * Displays a large amount of text, with new lines converted to line breaks * * @package Elgg * @subpackage Core * * @uses $vars['value'] The text to display * @uses $vars['parse_urls'] Whether to turn urls into links. Default is true. * @uses $vars['class'] */ $class = 'elgg-output'; $additional_class = elgg_extract('class', $vars, ''); if ($additional_class) { $vars['class'] = "{$class} {$additional_class}"; } else { $vars['class'] = $class; } $parse_urls = elgg_extract('parse_urls', $vars, true); unset($vars['parse_urls']); $text = $vars['value']; unset($vars['value']); if ($parse_urls) { $text = parse_urls($text); } $text = filter_tags($text); $text = elgg_autop($text); $attributes = elgg_format_attributes($vars); echo "<div {$attributes}>{$text}</div>";
/** * Get a specific stick variable * * @param string $variable The name of the variable * @param mixed $default Default value if the variable does not exist in sticky cache * @param boolean $filter_result Filter for bad input if true * @return mixed * * @todo should this filter the default value? */ function elgg_get_sticky_value($form_name, $variable, $default = NULL, $filter_result = true) { if (isset($_SESSION['sticky_forms'][$form_name][$variable])) { $value = $_SESSION['sticky_forms'][$form_name][$variable]; if ($filter_result) { // XSS filter result $value = filter_tags($value); } return $value; } return $default; }
$embedder = new Embedder($wall_post->address); $document = $embedder->extractMeta('iframely'); $bookmark = new ElggObject(); $bookmark->subtype = "bookmarks"; $bookmark->container_guid = $container->canWriteToContainer($poster->guid, 'object', 'bookmarks') ? $container->guid : ELGG_ENTITIES_ANY_VALUE; $bookmark->address = $wall_post->address; $bookmark->access_id = $access_id; $bookmark->origin = 'wall'; if (!$document) { $bookmark->title = $wall_post->title; $bookmark->description = $wall_post->description; $bookmark->tags = $wall_post->tags; } else { $bookmark->title = filter_tags($document->meta->title); $bookmark->description = filter_tags($document->meta->description); $bookmark->tags = string_to_tag_array(filter_tags($document->meta->keywords)); } $bookmark->save(); } if ($wall_post->save()) { $message = format_wall_message($wall_post); $params = array('entity' => $wall_post, 'user' => $poster, 'message' => $message, 'url' => $wall_post->getURL(), 'origin' => 'wall'); elgg_trigger_plugin_hook('status', 'user', $params); // Trigger a publish event, so that we can send out notifications elgg_trigger_event('publish', 'object', $wall_post); if (get_input('widget')) { elgg_push_context('widgets'); } if (elgg_is_xhr()) { if (get_input('river') && get_input('river') != 'false') { echo elgg_list_river(array('object_guids' => $wall_post->guid));
static function getBookmarks($a, $args, $c) { $user = elgg_get_logged_in_user_entity(); if ($user) { $options = ["relationship_guid" => $user->guid, "relationship" => "bookmarked", "offset" => (int) $args["offset"], "limit" => (int) $args["limit"]]; $total = elgg_get_entities_from_relationship(array_merge($options, ["count" => true])); foreach (elgg_get_entities_from_relationship($options) as $entity) { $entities[] = ["guid" => $entity->guid, "ownerGuid" => $entity->owner_guid, "title" => $entity->title, "type" => $entity->type, "description" => elgg_autop(filter_tags($entity->description)), "timeCreated" => date("c", $entity->time_created), "timeUpdated" => date("c", $entity->time_updated), "tags" => Helpers::renderTags($entity->tags)]; } } else { $total = 0; $entities = []; } return ["total" => $total, "entities" => $entities]; }
/** * Do the same as get_input() and /action/profile/edit on sync data values * * @param string $value the value to filter * * @see get_input() * * @return string */ function profile_sync_filter_var($value) { // convert to UTF-8 $value = profile_sync_convert_string_encoding($value); // filter tags $value = filter_tags($value); // correct html encoding if (is_array($value)) { array_walk_recursive($value, 'profile_sync_array_decoder'); } else { $value = trim(elgg_html_decode($value)); } return $value; }
<!-- top navbar --> <div class="rcproject-navbar navbar navbar-default navbar-fixed-top" role="navigation"> <div class="container"> <div class="navbar-header"> <span class="navbar-brand" style="max-width:80%;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;"><?php echo filter_tags($app_title) ?></span> <button type="button" class="navbar-toggle" onclick="toggleProjectMenuMobile($('#west'))"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> </div> </div> </div> <!-- main window --> <div class="container-fluid mainwindow"> <div class="row row-offcanvas row-offcanvas-left"> <div id="west" class="hidden-xs col-sm-4 col-md-3" role="navigation"> <?php echo $westHtml ?> </div> <div id="center" class="col-xs-12 col-sm-8 col-md-9"> <div id="subheader"> <?php if ($display_project_logo_institution) { ?> <?php if (trim($headerlogo) != "") echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='margin:-5px 0 5px 20px;max-width:700px; expression(this.width > 700 ? 700 : true);'>"; ?> <div id="subheaderDiv1" class="bot-left"> <?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?> </div> <?php } ?> <div id="subheaderDiv2" class="bot-left"><?php echo filter_tags($app_title) ?></div> </div>
<?php /** * iZAP izap_videos * * @package Elgg videotizer, by iZAP Web Solutions. * @license GNU Public License version 3 * @Contact iZAP Team "<*****@*****.**>" * @Founder Tarun Jangra "<*****@*****.**>" * @link http://www.izap.in/ * */ global $CONFIG; //echo $vars['value']; echo autop(izapParseUrls_izap_videos(filter_tags($vars['value'])));
/** * iZAP izap_videos * * @package Elgg videotizer, by iZAP Web Solutions. * @license GNU Public License version 3 * @Contact iZAP Team "<*****@*****.**>" * @Founder Tarun Jangra "<*****@*****.**>" * @link http://www.izap.in/ * */ action_gatekeeper(); admin_gatekeeper(); $postedArray = get_input('izap'); $plugin = find_plugin_settings('izap_videos'); // get the video options checkboxes $videoOptions = filter_tags($_POST['izap']['izapVideoOptions']); if (empty($videoOptions)) { register_error(elgg_echo('izap_videos:error:videoOptionBlank')); forward($_SERVER['HTTP_REFERER']); } $postedArray['izapVideoOptions'] = $videoOptions; // get the index page widget if (!empty($postedArray['izapExtendVideoSupport'])) { $postedArray['izapExtendVideoSupport'] = 'YES'; } else { $postedArray['izapExtendVideoSupport'] = 'NO'; } // get the index page widget if (!empty($postedArray['izapIndexPageWidget'])) { $postedArray['izapIndexPageWidget'] = 'YES'; } else {
function search_tags($tags, $start = 0, $end = false) { global $db, $config, $auth; $topics_count = (int) $db->sql_fetchfield('num_topics'); if ($end === false) { $end = $config['topics_per_page']; } $tag_array = filter_tags($tags); $sql = "SELECT topi.topic_id,\n\t\t\ttopi.forum_id,\n\t\t\ttopi.topic_type,\n\t\t\ttopi.topic_replies_real,\n\t\t\ttopi.topic_replies,\n\t\t\ttopi.topic_status,\n\t\t\ttopi.topic_moved_id,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_approved,\n\t\t\ttopi.topic_poster,\n\t\t\ttopi.topic_first_poster_name,\n\t\t\ttopi.topic_time,\n\t\t\ttopi.topic_last_post_subject,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_last_poster_id,\n\t\t\ttopi.topic_views,\n\t\t\ttopi.topic_title,\n\t\t\ttopi.icon_id,\n\t\t\ttopi.topic_attachment,\n\t\t\ttopi.topic_first_poster_name,\n\t\t\ttopi.topic_last_post_id,\n\t\t\ttopi.topic_last_poster_id,\n\t\t\ttopi.topic_last_poster_name,\n\t\t\ttopi.topic_last_poster_colour,\n\t\t\ttopi.topic_last_post_subject,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_last_view_time,\n topi.poll_start,\n\t\t\tCOUNT(topi.topic_id) count\n\t\t\tFROM " . TAGS_TABLE . " t, " . TOPICS_TABLE . " topi"; if (!empty($tag_array['include'])) { $sql .= " WHERE (t.tag IN ("; $sql .= prepare_search_string($tag_array['include']); $sql .= "))"; } if (!empty($tag_array['include']) && !empty($tag_array['exclude'])) { $sql .= " AND "; } else { if (empty($tag_array['include']) && !empty($tag_array['exclude'])) { $sql .= " WHERE "; } } if (!empty($tag_array['exclude'])) { $sql .= "(topi.topic_id NOT IN ( \n\t\t\t\t\t\tSELECT top2.topic_id\n\t\t\t\t\t\tFROM " . TAGS_TABLE . " t2, " . TOPICS_TABLE . " top2\n\t\t\t\t\t\tWHERE t2.topic_id = top2.topic_id"; $sql .= prep_exclusion_string($tag_array['exclude']); $sql .= "))"; } $sql .= "AND topi.topic_id = t.topic_id\n\t\t\t GROUP BY topi.topic_id,\n\t\t\t topi.forum_id,\n\t\t\t topi.topic_type,\n\t\t\t topi.topic_replies_real,\n\t\t\t topi.topic_replies,\n\t\t\t topi.topic_status,\n\t\t\t topi.topic_moved_id,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_approved,\n\t\t\t topi.topic_poster,\n\t\t\t topi.topic_first_poster_name,\n\t\t\t topi.topic_time,\n\t\t\t topi.topic_last_post_subject,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_last_poster_id,\n\t\t\t topi.topic_views,\n\t\t\t topi.topic_title,\n\t\t\t topi.icon_id,\n\t\t\t topi.topic_attachment,\n\t\t\t topi.topic_first_poster_name,\n\t\t\t topi.topic_last_post_id,\n\t\t\t topi.topic_last_poster_id,\n\t\t\t topi.topic_last_poster_name,\n\t\t\t topi.topic_last_poster_colour,\n\t\t\t topi.topic_last_post_subject,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_last_view_time\n\t\t\t ORDER BY topic_time DESC"; if (!($result = $db->sql_query_limit($sql, $end, $start))) { message_die(GENERAL_ERROR, 'Error retrieving search results', '', __LINE__, __FILE__, $sql); } $topic_list = array(); while ($row = $db->sql_fetchrow($result)) { // Do not include those topics the user has no permission to access if ($auth->acl_get('f_read', $row['forum_id'])) { $topic_list[] = $row; } } return $topic_list; }
/** * loads the form with the pre-filled values from the sticky form or entity * supplied * * @param array $params * 'entity' => entity for filling the values in edit case * 'plugin' => pluign id to get the sticky form values * * @return stdClass object values */ public static function getFormValues($params) { // params must be array if (!is_array($params)) { return FALSE; } $return_value = $params['entity']; if (elgg_is_sticky_form($params['plugin'])) { $attribs = $_SESSION['sticky_forms'][$params['plugin']]['attributes']; foreach ($attribs as $key => $val) { if ($key[0] == "_") { $attr = substr($key, 1); } else { $attr = $key; } $return_value->{$attr} = filter_tags($_SESSION['sticky_forms'][$params['plugin']]['attributes'][$key]); } } elgg_clear_sticky_form($params['plugin']); return $return_value; }
public static function getCustomRecordLabelsSecondaryFieldAllRecords($records = array(), $removeHtml = false, $arm = null, $boldSecondaryPkValue = false, $cssClass = 'crl') { global $is_child, $secondary_pk, $custom_record_label, $Proj; // Determine which arm to pull these values for if ($arm == 'all' && $Proj->longitudinal && $Proj->multiple_arms) { // If project has more than one arm, then get first event_id of each arm $event_ids = array(); foreach (array_keys($Proj->events) as $this_arm) { $event_ids[] = $Proj->getFirstEventIdArm($this_arm); } } else { // Get arm if ($arm === null) { $arm = getArm(); } // Get event_id of first event of the given arm $event_ids = array($Proj->getFirstEventIdArm(is_numeric($arm) ? $arm : getArm())); } // Place all records/labels in array $extra_record_labels = array(); // If $records is a string, then convert to array $singleRecordName = null; if (!is_array($records)) { $singleRecordName = $records; $records = array($records); } // Set flag to limit records $limitRecords = !empty($records); // Customize the Record ID pulldown menus using the SECONDARY_PK appended on end, if set. if ($secondary_pk != '' && !$is_child) { // Get validation type of secondary unique field $val_type = $Proj->metadata[$secondary_pk]['element_validation_type']; $convert_date_format = substr($val_type, 0, 5) == 'date_' && (substr($val_type, -4) == '_mdy' || substr($val_type, -4) == '_mdy'); // Set secondary PK field label $secondary_pk_label = $Proj->metadata[$secondary_pk]['element_label']; // PIPING: Obtain saved data for all piping receivers used in secondary PK label if (strpos($secondary_pk_label, '[') !== false && strpos($secondary_pk_label, ']') !== false) { // Get fields in the label $secondary_pk_label_fields = array_keys(getBracketedFields($secondary_pk_label, true, true, true)); // If has at least one field piped in the label, then get all the data for these fields and insert one at a time below if (!empty($secondary_pk_label_fields)) { $piping_record_data = Records::getData('array', $records, $secondary_pk_label_fields, $event_ids); } } // Get back-end data for the secondary PK field $sql = "select record, event_id, value from redcap_data \n\t\t\t\t\twhere project_id = " . PROJECT_ID . " and field_name = '{$secondary_pk}' \n\t\t\t\t\tand event_id in (" . prep_implode($event_ids) . ")"; if ($limitRecords) { $sql .= " and record in (" . prep_implode($records) . ")"; } $q = db_query($sql); while ($row = db_fetch_assoc($q)) { // Set the label for this loop (label may be different if using piping in it) if (isset($piping_record_data)) { // Piping: pipe record data into label for each record $this_secondary_pk_label = Piping::replaceVariablesInLabel($secondary_pk_label, $row['record'], $event_ids, $piping_record_data); } else { // Static label for all records $this_secondary_pk_label = $secondary_pk_label; } // If the secondary unique field is a date/time field in MDY or DMY format, then convert to that format if ($convert_date_format) { $row['value'] = DateTimeRC::datetimeConvert($row['value'], 'ymd', substr($val_type, -3)); } // Set text value $this_string = "(" . remBr($this_secondary_pk_label . " " . ($boldSecondaryPkValue ? "<b>" : "") . filter_tags(label_decode($row['value']))) . ($boldSecondaryPkValue ? "</b>" : "") . ")"; // Add HTML around string (unless specified otherwise) $extra_record_labels[$Proj->eventInfo[$row['event_id']]['arm_num']][$row['record']] = $removeHtml ? $this_string : RCView::span(array('class' => $cssClass), $this_string); } db_free_result($q); } // [Retrieval of ALL records] If Custom Record Label is specified (such as "[last_name], [first_name]"), then parse and display // ONLY get data from FIRST EVENT if (!empty($custom_record_label)) { // Loop through each event (will only be one UNLESS we are attempting to get label for multiple arms) $customRecordLabelsArm = array(); foreach ($event_ids as $this_event_id) { $customRecordLabels = getCustomRecordLabels($custom_record_label, $this_event_id, $singleRecordName ? $records[0] : null); if (!is_array($customRecordLabels)) { $customRecordLabels = array($records[0] => $customRecordLabels); } $customRecordLabelsArm[$Proj->eventInfo[$this_event_id]['arm_num']] = $customRecordLabels; } foreach ($customRecordLabelsArm as $this_arm => &$customRecordLabels) { foreach ($customRecordLabels as $this_record => $this_custom_record_label) { // If limiting by records, ignore if not in $records array if ($limitRecords && !in_array($this_record, $records)) { continue; } // Set text value $this_string = remBr(filter_tags(label_decode($this_custom_record_label))); // Add initial space OR add placeholder if (isset($extra_record_labels[$this_arm][$this_record])) { $extra_record_labels[$this_arm][$this_record] .= ' '; } else { $extra_record_labels[$this_arm][$this_record] = ''; } // Add HTML around string (unless specified otherwise) $extra_record_labels[$this_arm][$this_record] .= $removeHtml ? $this_string : RCView::span(array('class' => $cssClass), $this_string); } } } // If we're not collecting multiple arms here, then remove arm key if ($arm != 'all') { $extra_record_labels = array_shift($extra_record_labels); } // Return string (single record only) if ($singleRecordName != null) { return isset($extra_record_labels[$singleRecordName]) ? $extra_record_labels[$singleRecordName] : ''; } else { // Return array return $extra_record_labels; } }
HTML; } elseif (elgg_in_context('gallery')) { echo <<<HTML <div class="bookmarks-gallery-item"> \t<h3>{$bookmark->title}</h3> \t<p class='subtitle'>{$owner_link} {$date}</p> </div> HTML; } else { // brief view $url = $bookmark->address; $display_text = $url; $excerpt = elgg_get_excerpt($bookmark->description); if ($excerpt) { $excerpt = " - {$excerpt}"; } if (strlen($url) > 25) { $bits = parse_url($url); if (isset($bits['host'])) { $display_text = $bits['host']; } else { $display_text = elgg_get_excerpt($url, 100); } } $link = filter_tags(elgg_view('output/url', array('href' => $bookmark->address, 'text' => $display_text, 'rel' => 'nofollow'))); $content = elgg_view_icon('push-pin-alt') . "{$link}{$excerpt}"; $params = array('entity' => $bookmark, 'metadata' => $metadata, 'subtitle' => $subtitle, 'tags' => $tags, 'content' => $content); $params = $params + $vars; $body = elgg_view('object/elements/summary', $params); echo elgg_view_image_block($owner_icon, $body); }
$site = elgg_get_site_entity(); $entity = new ElggObject(); $entity->subtype = 'profile_sync_datasource'; $entity->owner_guid = $site->getGUID(); $entity->container_guid = $site->getGUID(); $entity->access_id = ACCESS_PUBLIC; if (!$entity->save()) { unset($entity); } } if ($entity) { $entity->title = $title; // some inputs need to be unfiltered $unfiltered_params = ['dbquery']; foreach ($params as $key => $param) { // filter input if (!in_array($key, $unfiltered_params)) { $param = filter_tags($param); } if (empty($param)) { unset($entity->{$key}); } else { $entity->{$key} = $param; } } $entity->save(); system_message(elgg_echo('admin:configuration:success')); } else { register_error(elgg_echo('profile_sync:action:datasource:edit:error:entity')); } forward(REFERER);
function search_tags($tags, $start = 0){ global $db, $config; $topics_count = (int) $db->sql_fetchfield('num_topics'); $end = $config['topics_per_page']; $tag_array = filter_tags($tags); $sql = "SELECT top.*, COUNT(top.topic_id) count FROM ". TAGS_TABLE ." t, ". TOPICS_TABLE ." top WHERE (t.tag IN ("; $sql .= prepare_search_string($tag_array['include']); $sql .= "))"; if(!empty($tag_array['exclude'])){ $sql .= "AND (top.topic_id NOT IN ( SELECT top2.topic_id FROM ". TAGS_TABLE ." t2, ". TOPICS_TABLE ." top2 WHERE t2.topic_id = top2.topic_id"; $sql .= prep_exclusion_string($tag_array['exclude']); $sql .= "))"; } $sql .= "AND top.topic_id = t.topic_id GROUP BY top.topic_id ORDER BY count DESC LIMIT $start, $end"; //echo '<pre>'; //echo $sql; if(!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error retrieving search results', '', __LINE__, __FILE__, $sql); } $result_set = $db->sql_fetchrowset($result); //echo '<pre>'; //echo var_dump($result_set); return $result_set; }
<?php $params = get_input("params", null, false); $plugin_id = get_input("plugin_id"); $plugin = elgg_get_plugin_from_id($plugin_id); $plugin_name = $plugin->getManifest()->getName(); if (!empty($plugin)) { if (!empty($params) && is_array($params)) { $special_inputs = array("custom_text_site_header", "custom_text_site_footer", "custom_text_group_header", "custom_text_group_footer"); foreach ($params as $key => $value) { if (!in_array($key, $special_inputs)) { $value = filter_tags($value); } if (!$plugin->setSetting($key, $value)) { register_error(elgg_echo("plugins:settings:save:fail", array($plugin_name))); break; } } } else { register_error(elgg_echo("plugins:settings:save:fail", array($plugin_name))); } } else { register_error(elgg_echo("PluginException:InvalidID")); } forward(REFERER);
{ // Since no 'pid' is in URL, then give warning that header/footer will not display properly $westHtml = renderPanel(" ", "<div style='padding:20px 15px;'><img src='".APP_PATH_IMAGES."exclamation.png' class='imgfix'> <b style='color:#800000;'>{$lang['bottom_54']}</b><br>{$lang['bottom_55']}</div>"); } /** * PAGE CONTENT */ ?> <table border=0 cellspacing=0 style="width:100%;"> <tr> <td valign="top" id="west" style="width:250px;"> <div id="west_inner" style="width:250px;"><?php echo $westHtml ?></div> </td> <td valign="top" id="westpad"> </td> <td valign="top" id="center"> <div id="center_inner"> <div id="subheader" class="notranslate"> <?php if ($display_project_logo_institution) { ?> <?php if (trim($headerlogo) != "") echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='max-width:700px; expression(this.width > 700 ? 700 : true);'>"; ?> <div id="subheaderDiv1"> <?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?> </div> <?php } ?> <div id="subheaderDiv2" <?php if (!$display_project_logo_institution) echo 'style="border:0;padding-top:0;"'; ?>> <div style="max-width:700px;"><?php echo filter_tags($app_title) ?></div> </div> </div>
<?php /** * Elgg display long text, no_p * Displays a large amount of text, with new lines converted to line breaks * * This version modified to remove paragraph wrapper and replace internal * paragraph tags with <br /><br /> * * @package Elgg * @subpackage Core * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 * @author Curverider Ltd * @copyright Curverider Ltd 2008-2009 * @link http://elgg.org/ * * @uses $vars['text'] The text to display * */ global $CONFIG; $value = trim(autop(parse_urls(filter_tags($vars['value'])))); // strip off last </p> if any if (substr($value, strlen($value) - 4, 4) == '</p>') { $value = substr($value, 0, strlen($value) - 4); } // eliminate <p> tags $value = str_replace('<p>', '', $value); // replace </p> tags with <br /><br /> $value = str_replace('</p>', '<br /><br />', $value); echo $value;
<?php /** * Display comment view */ if (isset($vars['entity'])) { $comment = $vars['entity']; $owner = get_user($comment->owner_guid); $canedit = answers_can_edit_comment($comment); $markdown = is_callable('markdown_text'); if ($comment && $owner) { $full_comment_text = parse_urls(filter_tags($comment->value)) . ($markdown ? "\n" : " ") . "— " . "<span class=\"answers_comment_owner\">" . "<a href=\"" . $owner->getURL() . "\">" . $owner->name . "</a>" . " " . elgg_view_friendly_time($comment->time_created) . "</span>"; if ($canedit) { $full_comment_text .= " " . elgg_view("output/confirmlink", array('href' => $vars['url'] . "action/answers/comment/delete?comment_id=" . $comment->id, 'text' => elgg_echo('delete'), 'confirm' => elgg_echo('deleteconfirm'), 'class' => '', 'is_action' => true)); $edit = elgg_echo('edit'); $full_comment_text .= " <a class=\"collapsibleboxlink\">{$edit}</a>"; } if ($markdown) { $full_comment_text = markdown_text($full_comment_text); } else { $full_comment_text = autop($full_comment_text); } ?> <div class="answers_comment"> <a name="<?php echo $comment->id; ?> "></a> <?php echo $full_comment_text; ?>
/** * Get some input from variables passed submitted through GET or POST. * * If using any data obtained from get_input() in a web page, please be aware that * it is a possible vector for a reflected XSS attack. If you are expecting an * integer, cast it to an int. If it is a string, escape quotes. * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. * @todo Is this ^ still true? * * @param string $variable The variable name we want. * @param mixed $default A default value for the variable if it is not found. * @param bool $filter_result If true, then the result is filtered for bad tags. * * @return mixed */ function get($variable, $default = null, $filter_result = true) { $result = $default; elgg_push_context('input'); if (isset($this->CONFIG->input[$variable])) { // a plugin has already set this variable $result = $this->CONFIG->input[$variable]; if ($filter_result) { $result = filter_tags($result); } } else { $request = _elgg_services()->request; $value = $request->get($variable); if ($value !== null) { $result = $value; if (is_string($result)) { // @todo why trim $result = trim($result); } if ($filter_result) { $result = filter_tags($result); } } } elgg_pop_context(); return $result; }
/** * Get all the values in a sticky form in an array * * @param string $form_name The name of the form * @param bool $filter_result Filter for bad input if true * * @return array * @since 1.8.0 */ function elgg_get_sticky_values($form_name, $filter_result = true) { if (!isset($_SESSION['sticky_forms'][$form_name])) { return array(); } $values = $_SESSION['sticky_forms'][$form_name]; if ($filter_result) { foreach ($values as $key => $value) { // XSS filter result $values[$key] = filter_tags($value); } } return $values; }
public function vxBlogComposeCheck() { $rt = array(); $rt['errors'] = 0; /* bge_title (max: 50) */ $rt['bge_title_value'] = ''; $rt['bge_title_maxlength'] = 50; $rt['bge_title_error'] = 0; $rt['bge_title_error_msg'] = array(1 => '你没有写文章的标题', 2 => '你输入的文章的标题过长'); if (isset($_POST['bge_title'])) { $rt['bge_title_value'] = fetch_single($_POST['bge_title']); if ($rt['bge_title_value'] == '') { $rt['errors']++; $rt['bge_title_error'] = 1; } else { if (mb_strlen($rt['bge_title_value'], 'UTF-8') > $rt['bge_title_maxlength']) { $rt['errors']++; $rt['bge_title_error'] = 2; } } } else { $rt['errors']++; $rt['bge_title_error'] = 1; } /* bge_body (null) (text) */ $rt['bge_body_value'] = ''; $rt['bge_body_maxlength'] = 1024 * 1024 * 2; $rt['bge_body_error'] = 0; $rt['bge_body_error_msg'] = array(2 => '你输入的文章内容过长'); if (isset($_POST['bge_body'])) { $rt['bge_body_value'] = fetch_multi($_POST['bge_body']); if (mb_strlen($rt['bge_body_value'], 'UTF-8') > $rt['bge_body_maxlength']) { $rt['errors']++; $rt['bge_body_error'] = 2; } } /* bge_mode */ $_modes = Weblog::vxGetEditorModes(); $mode_default = Weblog::vxGetDefaultEditorMode(); $rt['bge_mode_value'] = $mode_default; if (isset($_POST['bge_mode'])) { $rt['bge_mode_value'] = intval($_POST['bge_mode']); if (!in_array($rt['bge_mode_value'], array_keys($_modes))) { $rt['bge_mode_value'] = $mode_default; } } /* bge_comment_permission */ $_comment_permissions = Weblog::vxGetCommentPermissions(); $comment_permission_default = Weblog::vxGetDefaultCommentPermission(); $rt['bge_comment_permission_value'] = $comment_permission_default; if (isset($_POST['bge_comment_permission'])) { $rt['bge_comment_permission_value'] = intval($_POST['bge_comment_permission']); if (!in_array($rt['bge_comment_permission_value'], array_keys($_comment_permissions))) { $rt['bge_comment_permission_value'] = $comment_permission_default; } } /* bge_status (0 => draft, 1 => publish) */ $rt['bge_status_value'] = 0; if (isset($_POST['bge_status'])) { $rt['bge_status_value'] = intval($_POST['bge_status']); if (!in_array($rt['bge_status_value'], array(0, 1))) { $rt['bge_status_value'] = 0; } } /* bge_tags */ if (isset($_POST['bge_tags'])) { $rt['bge_tags_value'] = fetch_single($_POST['bge_tags']); if ($rt['bge_tags_value'] != '') { $tags = filter_tags(strtolower(fetch_single($_POST['bge_tags']))); $tags = explode(' ', $tags); $tags = array_unique($tags); $rt['bge_tags_value'] = $tags; } else { $rt['bge_tags_value'] = array(); } } /* bge_published_date & bge_published_time */ if (isset($_POST['bge_published_date']) && isset($_POST['bge_published_time'])) { $rt['bge_published_date_value'] = fetch_single($_POST['bge_published_date']); $rt['bge_published_time_value'] = fetch_single($_POST['bge_published_time']); $rt['published'] = strtotime($rt['bge_published_date_value'] . ' ' . $rt['bge_published_time_value']); if ($rt['published'] - mktime(0, 0, 0, 5, 31, 1985, 0) < 3600) { $rt['published'] = time(); } } else { $rt['published'] = time(); } return $rt; }