/**
* Get a specific stick variable
*
* @param string $variable The name of the variable
* @param mixed $default Default value if the variable does not exist in sticky cache
* @param boolean $filter_result Filter for bad input if true
* @return mixed
*/
function elgg_get_sticky_value($variable, $default = "", $filter_result = true)
{
if (isset($_SESSION['sticky'][$variable])) {
$var = $_SESSION['sticky'][$variable];
if ($filter_result) {
// XSS filter result
$var = filter_tags($var);
}
return $var;
}
return $default;
}
/**
* Get some input from variables passed on the GET or POST line.
*
* @param $variable string The variable we want to return.
* @param $default mixed A default value for the variable if it is not found.
* @param $filter_result If true then the result is filtered for bad tags.
*/
function get_input($variable, $default = "", $filter_result = true)
{
global $CONFIG;
if (isset($CONFIG->input[$variable])) {
return $CONFIG->input[$variable];
}
if (isset($_REQUEST[$variable])) {
if (is_array($_REQUEST[$variable])) {
$var = $_REQUEST[$variable];
} else {
$var = trim($_REQUEST[$variable]);
}
if ($filter_result) {
$var = filter_tags($var);
}
return $var;
}
return $default;
}
function widget_twitter_search_settings_save_hook($hook_name, $entity_type, $return_value, $params)
{
$widget = elgg_extract("widget", $params);
if ($widget && $entity_type == "twitter_search") {
$embed_code = elgg_extract("embed_code", get_input("params", array(), false));
// do not strip code
$widget_id = false;
if ($embed_code) {
$start_pos = strpos($embed_code, 'data-widget-id="') + strlen('data-widget-id="');
$end_pos = strpos($embed_code, '"', $start_pos);
$widget_id = filter_tags(substr($embed_code, $start_pos, $end_pos - $start_pos));
if ($widget_id) {
$widget->widget_id = $widget_id;
} else {
register_error(elgg_echo("widgets:twitter_search:embed_code:error"));
}
}
}
}
/**
* Get all the available entries from the database
* @param $view is the name of the view. By default view rule is empty.
* @param $page is the page in the view
* @return Array of associative arrays for each entry.
*/
function get_entries($view = '', $page = 1)
{
global $dbh, $config;
$rule = get_view_rule($view);
$r = rule2sql($rule, 'id, feed_id, authors, title, links, description, content, enclosures, comments, guid, pubDate, lastUpdate', $config->entries_per_page, ($page - 1) * $config->entries_per_page);
$query = $dbh->prepare($r[0]);
$query->execute($r[1]);
$fetched_entries = $query->fetchall(PDO::FETCH_ASSOC);
$entries = array();
foreach ($fetched_entries as $entry) {
switch ($config->display_entries) {
case 'content':
if (!empty($entry['content'])) {
$entry['displayed_content'] = $entry['content'];
} else {
$entry['displayed_content'] = $entry['description'];
}
break;
case 'description':
$entry['displayed_content'] = $entry['description'];
break;
case 'title':
$entry['displayed_content'] = '';
break;
default:
$entry['displayed_content'] = $entry['description'];
break;
}
$entry['authors'] = clean_authors(json_decode($entry['authors']));
$entry['links'] = json_decode($entry['links']);
$entry['enclosures'] = json_decode($entry['enclosures']);
$entry_tags = get_entry_tags($entry['id']);
$feed_tags = get_feed_tags($entry['feed_id']);
$tags = array_merge($entry_tags, $feed_tags);
$entry['system_tags'] = filter_tags($tags, SYSTEM_TAGS);
$entry['tags'] = filter_tags($tags, USER_TAGS);
$entries[] = $entry;
}
return $entries;
}
/**
* validates the form and its attributes
* compulsory fields are checked,filter the tags and
* push the attributes to the config
* @global global $CONFIG
*/
function izap_actionhook_bridge()
{
global $CONFIG;
$CONFIG->post_byizap->form_validated = true;
if (isset($_REQUEST['attributes'])) {
@array_walk_recursive($_REQUEST['attributes'], 'get_input');
foreach ($_REQUEST['attributes'] as $key => $val) {
if ($key[0] == "_") {
$attr = substr($key, 1);
if ($val !== '0' && empty($val)) {
$CONFIG->post_byizap->form_validated = FALSE;
$CONFIG->post_byizap->form_errors[] = elgg_echo($_POST['attributes']['plugin'] . ':form_error:empty:' . $attr);
}
} else {
$attr = $key;
}
$CONFIG->post_byizap->attributes[$attr] = filter_tags($val);
}
// put every thing to session
elgg_make_sticky_form($CONFIG->post_byizap->attributes['plugin']);
unset($_POST['attributes']);
}
}
/**
* {@inheritdoc}
*/
public function execute()
{
if (!$this->post) {
if ($this->subtype == 'thewire' && is_callable('thewire_save_post')) {
$guid = thewire_save_post($this->status, $this->poster->guid, $this->access_id, 0, 'wall');
$this->post = get_entity($guid);
} else {
$this->post = new Post();
$this->post->subtype = $this->subtype;
$this->post->owner_guid = $this->poster->guid;
$this->post->container_guid = $this->container->guid;
$guid = $this->post->save();
}
}
$this->post->title = $this->title;
$this->post->description = $this->status;
$this->post->access_id = $this->access_id;
if (!$this->post->guid) {
$this->result->addError(elgg_echo('wall:create:error'));
return;
}
if (Integration::isElggVersionBelow('1.9.0')) {
$river_id = add_to_river('river/object/hjwall/create', 'create', $this->poster->guid, $this->post->guid);
} else {
// Create a river entry for this wall post
$river_id = elgg_create_river_item(array('view' => 'river/object/hjwall/create', 'action_type' => 'create', 'subject_guid' => $this->post->owner_guid, 'object_guid' => $this->post->guid, 'target_guid' => $this->post->container_guid));
}
$river = elgg_get_river(array('ids' => $river_id));
$this->river = $river ? $river[0] : null;
$this->post->origin = 'wall';
$qualifiers = elgg_trigger_plugin_hook('extract:qualifiers', 'wall', array('source' => $this->post->description), array());
if (count($qualifiers['hashtags'])) {
$this->post->tags = $qualifiers['hashtags'];
}
if (count($qualifiers['usernames'])) {
foreach ($qualifiers['usernames'] as $username) {
$user = get_user_by_username($username);
if (elgg_instanceof($user) && !in_array($user->guid, $this->friend_guids)) {
$this->friend_guids[] = $user->guid;
}
}
}
// Add 'tagged_in' relationships
// If the access level for the post is not set to private, also create a river item
// with the access level specified in their settings by the tagged user
if (!empty($this->friend_guids)) {
foreach ($this->friend_guids as $friend_guid) {
if (add_entity_relationship($friend_guid, 'tagged_in', $this->post->guid)) {
if (!in_array($this->access_id, array(ACCESS_PRIVATE, ACCESS_LOGGED_IN, ACCESS_PUBLIC))) {
$river_access_id = elgg_get_plugin_user_setting('river_access_id', $friend_guid, 'hypeWall');
if (!is_null($river_access_id) && $river_access_id !== ACCESS_PRIVATE) {
$river_id = elgg_create_river_item(array('view' => 'river/relationship/tagged/create', 'action_type' => 'tagged', 'subject_guid' => $friend_guid, 'object_guid' => $this->post->getGUID(), 'target_guid' => $this->post->getContainerGUID(), 'access_id' => $river_access_id));
}
}
}
}
}
// Wall post access id is set to private, which means it should be visible only to the poster and tagged users
// Creating a new ACL for that
if ($this->access_id == ACCESS_PRIVATE && count($this->friend_guids)) {
$members = $this->friend_guids;
$members[] = $this->poster->guid;
$members[] = $this->container->guid;
$acl_id = AccessCollection::create($members);
$this->post->access_id = $acl_id;
$this->post->save();
}
if (!empty($this->attachment_guids)) {
foreach ($this->attachment_guids as $attachment_guid) {
add_entity_relationship($attachment_guid, 'attached', $this->post->guid);
}
}
// files being uploaded via $_FILES
$uploads = hypeApps()->uploader->handle('upload_guids');
$uploaded_file_guids = [];
if ($uploads) {
foreach ($uploads as $upload) {
if ($upload instanceof \ElggFile) {
$file_obj = $upload;
} else {
if ($upload instanceof \hypeJunction\Files\Upload) {
$file_obj = $upload->file;
}
}
if ($file_obj->guid) {
$uploaded_file_guids[] = $file_obj->guid;
}
}
}
// Something is broken in the hypeApps setter, so doing this hack for now
$this->upload_guids = array_merge($this->upload_guids, $uploaded_file_guids);
if (!empty($this->upload_guids)) {
foreach ($this->upload_guids as $upload_guid) {
$upload = get_entity($upload_guid);
if ($upload) {
$upload->description = $this->post->description;
$upload->origin = 'wall';
$upload->access_id = $this->post->access_id;
$upload->container_guid = $this->container->canWriteToContainer($this->poster->guid, 'object', 'file') ? $this->container->guid : ELGG_ENTITIES_ANY_VALUE;
if ($upload->save()) {
add_entity_relationship($upload_guid, 'attached', $this->post->guid);
}
}
}
}
$this->post->setLocation($this->location);
$this->post->address = $this->address;
if ($this->post->address && $this->make_bookmark) {
$document = elgg_trigger_plugin_hook('extract:meta', 'wall', array('src' => $this->post->address));
$bookmark = new ElggObject();
$bookmark->subtype = "bookmarks";
$bookmark->container_guid = $this->container->canWriteToContainer($this->poster->guid, 'object', 'bookmarks') ? $this->container->guid : ELGG_ENTITIES_ANY_VALUE;
$bookmark->address = $this->post->address;
$bookmark->access_id = $this->post->access_id;
$bookmark->origin = 'wall';
if (!$document) {
$bookmark->title = $this->post->title;
$bookmark->description = $this->post->description;
$bookmark->tags = $this->post->tags;
} else {
$bookmark->title = filter_tags($document->meta->title);
$bookmark->description = filter_tags($document->meta->description);
$bookmark->tags = string_to_tag_array(filter_tags($document->meta->keywords));
}
$bookmark->save();
$this->bookmark = $bookmark;
}
if ($this->post->save()) {
$message = $this->post->formatMessage();
$params = array('entity' => $this->post, 'user' => $this->poster, 'message' => $message, 'url' => $this->post->getURL(), 'origin' => 'wall');
elgg_trigger_plugin_hook('status', 'user', $params);
// Trigger a publish event, so that we can send out notifications
elgg_trigger_event('publish', 'object', $this->post);
if (get_input('widget')) {
elgg_push_context('widgets');
}
if (elgg_is_xhr()) {
$this->result->output .= elgg_list_river(array('object_guids' => $this->post->guid, 'pagination' => false, 'pagination_type' => false, 'limit' => 0));
}
$this->result->addMessage(elgg_echo('wall:create:success'));
if ($this->container instanceof \ElggUser) {
$this->result->setForwardURL(hypeWall()->router->normalize("owner/{$this->container->username}"));
} else {
$this->result->setForwardURL(hypeWall()->router->normalize("container/{$this->container->guid}"));
}
} else {
$this->result->addError(elgg_echo('wall:create:error'));
}
}
<?php
/**
* EXIF sidebar module
*/
$image = $vars["image"];
elgg_load_library("tidypics:exif");
$exif = tp_exif_formatted($image);
if ($exif) {
$title = "EXIF";
$body = "<table class='elgg-table elgg-table-alt'>";
foreach ($exif as $key => $value) {
$body .= "<tr>";
$body .= "<td>" . elgg_view("output/text", array("value" => filter_tags($key))) . "</td>";
$body .= "<td>" . elgg_view("output/text", array("value" => filter_tags($value))) . "</td>";
$body .= "</tr>";
}
$body .= "</table>";
echo elgg_view_module("aside", $title, $body);
}
/**
* Get all the values in a sticky form in an array
*
* @param string $form_name The name of the form
* @param bool $filter_result Filter for bad input if true
*
* @return array
*/
function getStickyValues($form_name, $filter_result = true)
{
$session = _elgg_services()->session;
$data = $session->get('sticky_forms', array());
if (!isset($data[$form_name])) {
return array();
}
$values = $data[$form_name];
if ($filter_result) {
foreach ($values as $key => $value) {
// XSS filter result
$values[$key] = filter_tags($value);
}
}
return $values;
}
<?php /** * Elgg display long text * Displays a large amount of text, with new lines converted to line breaks * * @package Elgg * @subpackage Core * @author Curverider Ltd * @link http://elgg.org/ * * @uses $vars['text'] The text to display * */ global $CONFIG; echo autop(parse_urls(filter_tags($vars['value'])));
<?php
/**
* Elgg display long text
* Displays a large amount of text, with new lines converted to line breaks
*
* @package Elgg
* @subpackage Core
*
* @uses $vars['value'] The text to display
* @uses $vars['parse_urls'] Whether to turn urls into links. Default is true.
* @uses $vars['class']
*/
$class = 'elgg-output';
$additional_class = elgg_extract('class', $vars, '');
if ($additional_class) {
$vars['class'] = "{$class} {$additional_class}";
} else {
$vars['class'] = $class;
}
$parse_urls = elgg_extract('parse_urls', $vars, true);
unset($vars['parse_urls']);
$text = $vars['value'];
unset($vars['value']);
if ($parse_urls) {
$text = parse_urls($text);
}
$text = filter_tags($text);
$text = elgg_autop($text);
$attributes = elgg_format_attributes($vars);
echo "<div {$attributes}>{$text}</div>";
/**
* Get a specific stick variable
*
* @param string $variable The name of the variable
* @param mixed $default Default value if the variable does not exist in sticky cache
* @param boolean $filter_result Filter for bad input if true
* @return mixed
*
* @todo should this filter the default value?
*/
function elgg_get_sticky_value($form_name, $variable, $default = NULL, $filter_result = true)
{
if (isset($_SESSION['sticky_forms'][$form_name][$variable])) {
$value = $_SESSION['sticky_forms'][$form_name][$variable];
if ($filter_result) {
// XSS filter result
$value = filter_tags($value);
}
return $value;
}
return $default;
}
$embedder = new Embedder($wall_post->address);
$document = $embedder->extractMeta('iframely');
$bookmark = new ElggObject();
$bookmark->subtype = "bookmarks";
$bookmark->container_guid = $container->canWriteToContainer($poster->guid, 'object', 'bookmarks') ? $container->guid : ELGG_ENTITIES_ANY_VALUE;
$bookmark->address = $wall_post->address;
$bookmark->access_id = $access_id;
$bookmark->origin = 'wall';
if (!$document) {
$bookmark->title = $wall_post->title;
$bookmark->description = $wall_post->description;
$bookmark->tags = $wall_post->tags;
} else {
$bookmark->title = filter_tags($document->meta->title);
$bookmark->description = filter_tags($document->meta->description);
$bookmark->tags = string_to_tag_array(filter_tags($document->meta->keywords));
}
$bookmark->save();
}
if ($wall_post->save()) {
$message = format_wall_message($wall_post);
$params = array('entity' => $wall_post, 'user' => $poster, 'message' => $message, 'url' => $wall_post->getURL(), 'origin' => 'wall');
elgg_trigger_plugin_hook('status', 'user', $params);
// Trigger a publish event, so that we can send out notifications
elgg_trigger_event('publish', 'object', $wall_post);
if (get_input('widget')) {
elgg_push_context('widgets');
}
if (elgg_is_xhr()) {
if (get_input('river') && get_input('river') != 'false') {
echo elgg_list_river(array('object_guids' => $wall_post->guid));
static function getBookmarks($a, $args, $c)
{
$user = elgg_get_logged_in_user_entity();
if ($user) {
$options = ["relationship_guid" => $user->guid, "relationship" => "bookmarked", "offset" => (int) $args["offset"], "limit" => (int) $args["limit"]];
$total = elgg_get_entities_from_relationship(array_merge($options, ["count" => true]));
foreach (elgg_get_entities_from_relationship($options) as $entity) {
$entities[] = ["guid" => $entity->guid, "ownerGuid" => $entity->owner_guid, "title" => $entity->title, "type" => $entity->type, "description" => elgg_autop(filter_tags($entity->description)), "timeCreated" => date("c", $entity->time_created), "timeUpdated" => date("c", $entity->time_updated), "tags" => Helpers::renderTags($entity->tags)];
}
} else {
$total = 0;
$entities = [];
}
return ["total" => $total, "entities" => $entities];
}
/**
* Do the same as get_input() and /action/profile/edit on sync data values
*
* @param string $value the value to filter
*
* @see get_input()
*
* @return string
*/
function profile_sync_filter_var($value)
{
// convert to UTF-8
$value = profile_sync_convert_string_encoding($value);
// filter tags
$value = filter_tags($value);
// correct html encoding
if (is_array($value)) {
array_walk_recursive($value, 'profile_sync_array_decoder');
} else {
$value = trim(elgg_html_decode($value));
}
return $value;
}
<!-- top navbar -->
<div class="rcproject-navbar navbar navbar-default navbar-fixed-top" role="navigation">
<div class="container">
<div class="navbar-header">
<span class="navbar-brand" style="max-width:80%;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;"><?php echo filter_tags($app_title) ?></span>
<button type="button" class="navbar-toggle" onclick="toggleProjectMenuMobile($('#west'))">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
</div>
</div>
<!-- main window -->
<div class="container-fluid mainwindow">
<div class="row row-offcanvas row-offcanvas-left">
<div id="west" class="hidden-xs col-sm-4 col-md-3" role="navigation">
<?php echo $westHtml ?>
</div>
<div id="center" class="col-xs-12 col-sm-8 col-md-9">
<div id="subheader">
<?php if ($display_project_logo_institution) { ?>
<?php if (trim($headerlogo) != "")
echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='margin:-5px 0 5px 20px;max-width:700px; expression(this.width > 700 ? 700 : true);'>";
?>
<div id="subheaderDiv1" class="bot-left">
<?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?>
</div>
<?php } ?>
<div id="subheaderDiv2" class="bot-left"><?php echo filter_tags($app_title) ?></div>
</div>
<?php /** * iZAP izap_videos * * @package Elgg videotizer, by iZAP Web Solutions. * @license GNU Public License version 3 * @Contact iZAP Team "<*****@*****.**>" * @Founder Tarun Jangra "<*****@*****.**>" * @link http://www.izap.in/ * */ global $CONFIG; //echo $vars['value']; echo autop(izapParseUrls_izap_videos(filter_tags($vars['value'])));
/**
* iZAP izap_videos
*
* @package Elgg videotizer, by iZAP Web Solutions.
* @license GNU Public License version 3
* @Contact iZAP Team "<*****@*****.**>"
* @Founder Tarun Jangra "<*****@*****.**>"
* @link http://www.izap.in/
*
*/
action_gatekeeper();
admin_gatekeeper();
$postedArray = get_input('izap');
$plugin = find_plugin_settings('izap_videos');
// get the video options checkboxes
$videoOptions = filter_tags($_POST['izap']['izapVideoOptions']);
if (empty($videoOptions)) {
register_error(elgg_echo('izap_videos:error:videoOptionBlank'));
forward($_SERVER['HTTP_REFERER']);
}
$postedArray['izapVideoOptions'] = $videoOptions;
// get the index page widget
if (!empty($postedArray['izapExtendVideoSupport'])) {
$postedArray['izapExtendVideoSupport'] = 'YES';
} else {
$postedArray['izapExtendVideoSupport'] = 'NO';
}
// get the index page widget
if (!empty($postedArray['izapIndexPageWidget'])) {
$postedArray['izapIndexPageWidget'] = 'YES';
} else {
function search_tags($tags, $start = 0, $end = false)
{
global $db, $config, $auth;
$topics_count = (int) $db->sql_fetchfield('num_topics');
if ($end === false) {
$end = $config['topics_per_page'];
}
$tag_array = filter_tags($tags);
$sql = "SELECT topi.topic_id,\n\t\t\ttopi.forum_id,\n\t\t\ttopi.topic_type,\n\t\t\ttopi.topic_replies_real,\n\t\t\ttopi.topic_replies,\n\t\t\ttopi.topic_status,\n\t\t\ttopi.topic_moved_id,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_approved,\n\t\t\ttopi.topic_poster,\n\t\t\ttopi.topic_first_poster_name,\n\t\t\ttopi.topic_time,\n\t\t\ttopi.topic_last_post_subject,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_last_poster_id,\n\t\t\ttopi.topic_views,\n\t\t\ttopi.topic_title,\n\t\t\ttopi.icon_id,\n\t\t\ttopi.topic_attachment,\n\t\t\ttopi.topic_first_poster_name,\n\t\t\ttopi.topic_last_post_id,\n\t\t\ttopi.topic_last_poster_id,\n\t\t\ttopi.topic_last_poster_name,\n\t\t\ttopi.topic_last_poster_colour,\n\t\t\ttopi.topic_last_post_subject,\n\t\t\ttopi.topic_last_post_time,\n\t\t\ttopi.topic_last_view_time,\n topi.poll_start,\n\t\t\tCOUNT(topi.topic_id) count\n\t\t\tFROM " . TAGS_TABLE . " t, " . TOPICS_TABLE . " topi";
if (!empty($tag_array['include'])) {
$sql .= " WHERE (t.tag IN (";
$sql .= prepare_search_string($tag_array['include']);
$sql .= "))";
}
if (!empty($tag_array['include']) && !empty($tag_array['exclude'])) {
$sql .= " AND ";
} else {
if (empty($tag_array['include']) && !empty($tag_array['exclude'])) {
$sql .= " WHERE ";
}
}
if (!empty($tag_array['exclude'])) {
$sql .= "(topi.topic_id NOT IN ( \n\t\t\t\t\t\tSELECT top2.topic_id\n\t\t\t\t\t\tFROM " . TAGS_TABLE . " t2, " . TOPICS_TABLE . " top2\n\t\t\t\t\t\tWHERE t2.topic_id = top2.topic_id";
$sql .= prep_exclusion_string($tag_array['exclude']);
$sql .= "))";
}
$sql .= "AND topi.topic_id = t.topic_id\n\t\t\t GROUP BY topi.topic_id,\n\t\t\t topi.forum_id,\n\t\t\t topi.topic_type,\n\t\t\t topi.topic_replies_real,\n\t\t\t topi.topic_replies,\n\t\t\t topi.topic_status,\n\t\t\t topi.topic_moved_id,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_approved,\n\t\t\t topi.topic_poster,\n\t\t\t topi.topic_first_poster_name,\n\t\t\t topi.topic_time,\n\t\t\t topi.topic_last_post_subject,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_last_poster_id,\n\t\t\t topi.topic_views,\n\t\t\t topi.topic_title,\n\t\t\t topi.icon_id,\n\t\t\t topi.topic_attachment,\n\t\t\t topi.topic_first_poster_name,\n\t\t\t topi.topic_last_post_id,\n\t\t\t topi.topic_last_poster_id,\n\t\t\t topi.topic_last_poster_name,\n\t\t\t topi.topic_last_poster_colour,\n\t\t\t topi.topic_last_post_subject,\n\t\t\t topi.topic_last_post_time,\n\t\t\t topi.topic_last_view_time\n\t\t\t ORDER BY topic_time DESC";
if (!($result = $db->sql_query_limit($sql, $end, $start))) {
message_die(GENERAL_ERROR, 'Error retrieving search results', '', __LINE__, __FILE__, $sql);
}
$topic_list = array();
while ($row = $db->sql_fetchrow($result)) {
// Do not include those topics the user has no permission to access
if ($auth->acl_get('f_read', $row['forum_id'])) {
$topic_list[] = $row;
}
}
return $topic_list;
}
/**
* loads the form with the pre-filled values from the sticky form or entity
* supplied
*
* @param array $params
* 'entity' => entity for filling the values in edit case
* 'plugin' => pluign id to get the sticky form values
*
* @return stdClass object values
*/
public static function getFormValues($params)
{
// params must be array
if (!is_array($params)) {
return FALSE;
}
$return_value = $params['entity'];
if (elgg_is_sticky_form($params['plugin'])) {
$attribs = $_SESSION['sticky_forms'][$params['plugin']]['attributes'];
foreach ($attribs as $key => $val) {
if ($key[0] == "_") {
$attr = substr($key, 1);
} else {
$attr = $key;
}
$return_value->{$attr} = filter_tags($_SESSION['sticky_forms'][$params['plugin']]['attributes'][$key]);
}
}
elgg_clear_sticky_form($params['plugin']);
return $return_value;
}
public static function getCustomRecordLabelsSecondaryFieldAllRecords($records = array(), $removeHtml = false, $arm = null, $boldSecondaryPkValue = false, $cssClass = 'crl')
{
global $is_child, $secondary_pk, $custom_record_label, $Proj;
// Determine which arm to pull these values for
if ($arm == 'all' && $Proj->longitudinal && $Proj->multiple_arms) {
// If project has more than one arm, then get first event_id of each arm
$event_ids = array();
foreach (array_keys($Proj->events) as $this_arm) {
$event_ids[] = $Proj->getFirstEventIdArm($this_arm);
}
} else {
// Get arm
if ($arm === null) {
$arm = getArm();
}
// Get event_id of first event of the given arm
$event_ids = array($Proj->getFirstEventIdArm(is_numeric($arm) ? $arm : getArm()));
}
// Place all records/labels in array
$extra_record_labels = array();
// If $records is a string, then convert to array
$singleRecordName = null;
if (!is_array($records)) {
$singleRecordName = $records;
$records = array($records);
}
// Set flag to limit records
$limitRecords = !empty($records);
// Customize the Record ID pulldown menus using the SECONDARY_PK appended on end, if set.
if ($secondary_pk != '' && !$is_child) {
// Get validation type of secondary unique field
$val_type = $Proj->metadata[$secondary_pk]['element_validation_type'];
$convert_date_format = substr($val_type, 0, 5) == 'date_' && (substr($val_type, -4) == '_mdy' || substr($val_type, -4) == '_mdy');
// Set secondary PK field label
$secondary_pk_label = $Proj->metadata[$secondary_pk]['element_label'];
// PIPING: Obtain saved data for all piping receivers used in secondary PK label
if (strpos($secondary_pk_label, '[') !== false && strpos($secondary_pk_label, ']') !== false) {
// Get fields in the label
$secondary_pk_label_fields = array_keys(getBracketedFields($secondary_pk_label, true, true, true));
// If has at least one field piped in the label, then get all the data for these fields and insert one at a time below
if (!empty($secondary_pk_label_fields)) {
$piping_record_data = Records::getData('array', $records, $secondary_pk_label_fields, $event_ids);
}
}
// Get back-end data for the secondary PK field
$sql = "select record, event_id, value from redcap_data \n\t\t\t\t\twhere project_id = " . PROJECT_ID . " and field_name = '{$secondary_pk}' \n\t\t\t\t\tand event_id in (" . prep_implode($event_ids) . ")";
if ($limitRecords) {
$sql .= " and record in (" . prep_implode($records) . ")";
}
$q = db_query($sql);
while ($row = db_fetch_assoc($q)) {
// Set the label for this loop (label may be different if using piping in it)
if (isset($piping_record_data)) {
// Piping: pipe record data into label for each record
$this_secondary_pk_label = Piping::replaceVariablesInLabel($secondary_pk_label, $row['record'], $event_ids, $piping_record_data);
} else {
// Static label for all records
$this_secondary_pk_label = $secondary_pk_label;
}
// If the secondary unique field is a date/time field in MDY or DMY format, then convert to that format
if ($convert_date_format) {
$row['value'] = DateTimeRC::datetimeConvert($row['value'], 'ymd', substr($val_type, -3));
}
// Set text value
$this_string = "(" . remBr($this_secondary_pk_label . " " . ($boldSecondaryPkValue ? "<b>" : "") . filter_tags(label_decode($row['value']))) . ($boldSecondaryPkValue ? "</b>" : "") . ")";
// Add HTML around string (unless specified otherwise)
$extra_record_labels[$Proj->eventInfo[$row['event_id']]['arm_num']][$row['record']] = $removeHtml ? $this_string : RCView::span(array('class' => $cssClass), $this_string);
}
db_free_result($q);
}
// [Retrieval of ALL records] If Custom Record Label is specified (such as "[last_name], [first_name]"), then parse and display
// ONLY get data from FIRST EVENT
if (!empty($custom_record_label)) {
// Loop through each event (will only be one UNLESS we are attempting to get label for multiple arms)
$customRecordLabelsArm = array();
foreach ($event_ids as $this_event_id) {
$customRecordLabels = getCustomRecordLabels($custom_record_label, $this_event_id, $singleRecordName ? $records[0] : null);
if (!is_array($customRecordLabels)) {
$customRecordLabels = array($records[0] => $customRecordLabels);
}
$customRecordLabelsArm[$Proj->eventInfo[$this_event_id]['arm_num']] = $customRecordLabels;
}
foreach ($customRecordLabelsArm as $this_arm => &$customRecordLabels) {
foreach ($customRecordLabels as $this_record => $this_custom_record_label) {
// If limiting by records, ignore if not in $records array
if ($limitRecords && !in_array($this_record, $records)) {
continue;
}
// Set text value
$this_string = remBr(filter_tags(label_decode($this_custom_record_label)));
// Add initial space OR add placeholder
if (isset($extra_record_labels[$this_arm][$this_record])) {
$extra_record_labels[$this_arm][$this_record] .= ' ';
} else {
$extra_record_labels[$this_arm][$this_record] = '';
}
// Add HTML around string (unless specified otherwise)
$extra_record_labels[$this_arm][$this_record] .= $removeHtml ? $this_string : RCView::span(array('class' => $cssClass), $this_string);
}
}
}
// If we're not collecting multiple arms here, then remove arm key
if ($arm != 'all') {
$extra_record_labels = array_shift($extra_record_labels);
}
// Return string (single record only)
if ($singleRecordName != null) {
return isset($extra_record_labels[$singleRecordName]) ? $extra_record_labels[$singleRecordName] : '';
} else {
// Return array
return $extra_record_labels;
}
}
HTML;
} elseif (elgg_in_context('gallery')) {
echo <<<HTML
<div class="bookmarks-gallery-item">
\t<h3>{$bookmark->title}</h3>
\t<p class='subtitle'>{$owner_link} {$date}</p>
</div>
HTML;
} else {
// brief view
$url = $bookmark->address;
$display_text = $url;
$excerpt = elgg_get_excerpt($bookmark->description);
if ($excerpt) {
$excerpt = " - {$excerpt}";
}
if (strlen($url) > 25) {
$bits = parse_url($url);
if (isset($bits['host'])) {
$display_text = $bits['host'];
} else {
$display_text = elgg_get_excerpt($url, 100);
}
}
$link = filter_tags(elgg_view('output/url', array('href' => $bookmark->address, 'text' => $display_text, 'rel' => 'nofollow')));
$content = elgg_view_icon('push-pin-alt') . "{$link}{$excerpt}";
$params = array('entity' => $bookmark, 'metadata' => $metadata, 'subtitle' => $subtitle, 'tags' => $tags, 'content' => $content);
$params = $params + $vars;
$body = elgg_view('object/elements/summary', $params);
echo elgg_view_image_block($owner_icon, $body);
}
$site = elgg_get_site_entity();
$entity = new ElggObject();
$entity->subtype = 'profile_sync_datasource';
$entity->owner_guid = $site->getGUID();
$entity->container_guid = $site->getGUID();
$entity->access_id = ACCESS_PUBLIC;
if (!$entity->save()) {
unset($entity);
}
}
if ($entity) {
$entity->title = $title;
// some inputs need to be unfiltered
$unfiltered_params = ['dbquery'];
foreach ($params as $key => $param) {
// filter input
if (!in_array($key, $unfiltered_params)) {
$param = filter_tags($param);
}
if (empty($param)) {
unset($entity->{$key});
} else {
$entity->{$key} = $param;
}
}
$entity->save();
system_message(elgg_echo('admin:configuration:success'));
} else {
register_error(elgg_echo('profile_sync:action:datasource:edit:error:entity'));
}
forward(REFERER);
function search_tags($tags, $start = 0){
global $db, $config;
$topics_count = (int) $db->sql_fetchfield('num_topics');
$end = $config['topics_per_page'];
$tag_array = filter_tags($tags);
$sql = "SELECT top.*, COUNT(top.topic_id) count
FROM ". TAGS_TABLE ." t, ". TOPICS_TABLE ." top
WHERE (t.tag IN (";
$sql .= prepare_search_string($tag_array['include']);
$sql .= "))";
if(!empty($tag_array['exclude'])){
$sql .= "AND (top.topic_id NOT IN (
SELECT top2.topic_id
FROM ". TAGS_TABLE ." t2, ". TOPICS_TABLE ." top2
WHERE t2.topic_id = top2.topic_id";
$sql .= prep_exclusion_string($tag_array['exclude']);
$sql .= "))";
}
$sql .= "AND top.topic_id = t.topic_id
GROUP BY top.topic_id
ORDER BY count DESC
LIMIT $start, $end";
//echo '<pre>';
//echo $sql;
if(!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Error retrieving search results', '', __LINE__, __FILE__, $sql);
}
$result_set = $db->sql_fetchrowset($result);
//echo '<pre>';
//echo var_dump($result_set);
return $result_set;
}
<?php
$params = get_input("params", null, false);
$plugin_id = get_input("plugin_id");
$plugin = elgg_get_plugin_from_id($plugin_id);
$plugin_name = $plugin->getManifest()->getName();
if (!empty($plugin)) {
if (!empty($params) && is_array($params)) {
$special_inputs = array("custom_text_site_header", "custom_text_site_footer", "custom_text_group_header", "custom_text_group_footer");
foreach ($params as $key => $value) {
if (!in_array($key, $special_inputs)) {
$value = filter_tags($value);
}
if (!$plugin->setSetting($key, $value)) {
register_error(elgg_echo("plugins:settings:save:fail", array($plugin_name)));
break;
}
}
} else {
register_error(elgg_echo("plugins:settings:save:fail", array($plugin_name)));
}
} else {
register_error(elgg_echo("PluginException:InvalidID"));
}
forward(REFERER);
{
// Since no 'pid' is in URL, then give warning that header/footer will not display properly
$westHtml = renderPanel(" ", "<div style='padding:20px 15px;'><img src='".APP_PATH_IMAGES."exclamation.png' class='imgfix'> <b style='color:#800000;'>{$lang['bottom_54']}</b><br>{$lang['bottom_55']}</div>");
}
/**
* PAGE CONTENT
*/
?>
<table border=0 cellspacing=0 style="width:100%;">
<tr>
<td valign="top" id="west" style="width:250px;">
<div id="west_inner" style="width:250px;"><?php echo $westHtml ?></div>
</td>
<td valign="top" id="westpad"> </td>
<td valign="top" id="center">
<div id="center_inner">
<div id="subheader" class="notranslate">
<?php if ($display_project_logo_institution) { ?>
<?php if (trim($headerlogo) != "") echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='max-width:700px; expression(this.width > 700 ? 700 : true);'>"; ?>
<div id="subheaderDiv1">
<?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?>
</div>
<?php } ?>
<div id="subheaderDiv2" <?php if (!$display_project_logo_institution) echo 'style="border:0;padding-top:0;"'; ?>>
<div style="max-width:700px;"><?php echo filter_tags($app_title) ?></div>
</div>
</div>
<?php
/**
* Elgg display long text, no_p
* Displays a large amount of text, with new lines converted to line breaks
*
* This version modified to remove paragraph wrapper and replace internal
* paragraph tags with <br /><br />
*
* @package Elgg
* @subpackage Core
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.org/
*
* @uses $vars['text'] The text to display
*
*/
global $CONFIG;
$value = trim(autop(parse_urls(filter_tags($vars['value']))));
// strip off last </p> if any
if (substr($value, strlen($value) - 4, 4) == '</p>') {
$value = substr($value, 0, strlen($value) - 4);
}
// eliminate <p> tags
$value = str_replace('<p>', '', $value);
// replace </p> tags with <br /><br />
$value = str_replace('</p>', '<br /><br />', $value);
echo $value;
<?php
/**
* Display comment view
*/
if (isset($vars['entity'])) {
$comment = $vars['entity'];
$owner = get_user($comment->owner_guid);
$canedit = answers_can_edit_comment($comment);
$markdown = is_callable('markdown_text');
if ($comment && $owner) {
$full_comment_text = parse_urls(filter_tags($comment->value)) . ($markdown ? "\n" : " ") . "— " . "<span class=\"answers_comment_owner\">" . "<a href=\"" . $owner->getURL() . "\">" . $owner->name . "</a>" . " " . elgg_view_friendly_time($comment->time_created) . "</span>";
if ($canedit) {
$full_comment_text .= " " . elgg_view("output/confirmlink", array('href' => $vars['url'] . "action/answers/comment/delete?comment_id=" . $comment->id, 'text' => elgg_echo('delete'), 'confirm' => elgg_echo('deleteconfirm'), 'class' => '', 'is_action' => true));
$edit = elgg_echo('edit');
$full_comment_text .= " <a class=\"collapsibleboxlink\">{$edit}</a>";
}
if ($markdown) {
$full_comment_text = markdown_text($full_comment_text);
} else {
$full_comment_text = autop($full_comment_text);
}
?>
<div class="answers_comment">
<a name="<?php
echo $comment->id;
?>
"></a>
<?php
echo $full_comment_text;
?>
/**
* Get some input from variables passed submitted through GET or POST.
*
* If using any data obtained from get_input() in a web page, please be aware that
* it is a possible vector for a reflected XSS attack. If you are expecting an
* integer, cast it to an int. If it is a string, escape quotes.
*
* Note: this function does not handle nested arrays (ex: form input of param[m][n])
* because of the filtering done in htmlawed from the filter_tags call.
* @todo Is this ^ still true?
*
* @param string $variable The variable name we want.
* @param mixed $default A default value for the variable if it is not found.
* @param bool $filter_result If true, then the result is filtered for bad tags.
*
* @return mixed
*/
function get($variable, $default = null, $filter_result = true)
{
$result = $default;
elgg_push_context('input');
if (isset($this->CONFIG->input[$variable])) {
// a plugin has already set this variable
$result = $this->CONFIG->input[$variable];
if ($filter_result) {
$result = filter_tags($result);
}
} else {
$request = _elgg_services()->request;
$value = $request->get($variable);
if ($value !== null) {
$result = $value;
if (is_string($result)) {
// @todo why trim
$result = trim($result);
}
if ($filter_result) {
$result = filter_tags($result);
}
}
}
elgg_pop_context();
return $result;
}
/**
* Get all the values in a sticky form in an array
*
* @param string $form_name The name of the form
* @param bool $filter_result Filter for bad input if true
*
* @return array
* @since 1.8.0
*/
function elgg_get_sticky_values($form_name, $filter_result = true)
{
if (!isset($_SESSION['sticky_forms'][$form_name])) {
return array();
}
$values = $_SESSION['sticky_forms'][$form_name];
if ($filter_result) {
foreach ($values as $key => $value) {
// XSS filter result
$values[$key] = filter_tags($value);
}
}
return $values;
}
public function vxBlogComposeCheck()
{
$rt = array();
$rt['errors'] = 0;
/* bge_title (max: 50) */
$rt['bge_title_value'] = '';
$rt['bge_title_maxlength'] = 50;
$rt['bge_title_error'] = 0;
$rt['bge_title_error_msg'] = array(1 => '你没有写文章的标题', 2 => '你输入的文章的标题过长');
if (isset($_POST['bge_title'])) {
$rt['bge_title_value'] = fetch_single($_POST['bge_title']);
if ($rt['bge_title_value'] == '') {
$rt['errors']++;
$rt['bge_title_error'] = 1;
} else {
if (mb_strlen($rt['bge_title_value'], 'UTF-8') > $rt['bge_title_maxlength']) {
$rt['errors']++;
$rt['bge_title_error'] = 2;
}
}
} else {
$rt['errors']++;
$rt['bge_title_error'] = 1;
}
/* bge_body (null) (text) */
$rt['bge_body_value'] = '';
$rt['bge_body_maxlength'] = 1024 * 1024 * 2;
$rt['bge_body_error'] = 0;
$rt['bge_body_error_msg'] = array(2 => '你输入的文章内容过长');
if (isset($_POST['bge_body'])) {
$rt['bge_body_value'] = fetch_multi($_POST['bge_body']);
if (mb_strlen($rt['bge_body_value'], 'UTF-8') > $rt['bge_body_maxlength']) {
$rt['errors']++;
$rt['bge_body_error'] = 2;
}
}
/* bge_mode */
$_modes = Weblog::vxGetEditorModes();
$mode_default = Weblog::vxGetDefaultEditorMode();
$rt['bge_mode_value'] = $mode_default;
if (isset($_POST['bge_mode'])) {
$rt['bge_mode_value'] = intval($_POST['bge_mode']);
if (!in_array($rt['bge_mode_value'], array_keys($_modes))) {
$rt['bge_mode_value'] = $mode_default;
}
}
/* bge_comment_permission */
$_comment_permissions = Weblog::vxGetCommentPermissions();
$comment_permission_default = Weblog::vxGetDefaultCommentPermission();
$rt['bge_comment_permission_value'] = $comment_permission_default;
if (isset($_POST['bge_comment_permission'])) {
$rt['bge_comment_permission_value'] = intval($_POST['bge_comment_permission']);
if (!in_array($rt['bge_comment_permission_value'], array_keys($_comment_permissions))) {
$rt['bge_comment_permission_value'] = $comment_permission_default;
}
}
/* bge_status (0 => draft, 1 => publish) */
$rt['bge_status_value'] = 0;
if (isset($_POST['bge_status'])) {
$rt['bge_status_value'] = intval($_POST['bge_status']);
if (!in_array($rt['bge_status_value'], array(0, 1))) {
$rt['bge_status_value'] = 0;
}
}
/* bge_tags */
if (isset($_POST['bge_tags'])) {
$rt['bge_tags_value'] = fetch_single($_POST['bge_tags']);
if ($rt['bge_tags_value'] != '') {
$tags = filter_tags(strtolower(fetch_single($_POST['bge_tags'])));
$tags = explode(' ', $tags);
$tags = array_unique($tags);
$rt['bge_tags_value'] = $tags;
} else {
$rt['bge_tags_value'] = array();
}
}
/* bge_published_date & bge_published_time */
if (isset($_POST['bge_published_date']) && isset($_POST['bge_published_time'])) {
$rt['bge_published_date_value'] = fetch_single($_POST['bge_published_date']);
$rt['bge_published_time_value'] = fetch_single($_POST['bge_published_time']);
$rt['published'] = strtotime($rt['bge_published_date_value'] . ' ' . $rt['bge_published_time_value']);
if ($rt['published'] - mktime(0, 0, 0, 5, 31, 1985, 0) < 3600) {
$rt['published'] = time();
}
} else {
$rt['published'] = time();
}
return $rt;
}
