function filter_url($url)
{
if (is_array($url)) {
foreach ($url as $key => $value) {
// recursion
$url[$key] = filter_url($value);
}
return $url;
} else {
// remove everything except for a-ZA-Z0-9_.-&=
$url = preg_replace('/[^a-zA-Z0-9_\\.\\-&=]/', '', $url);
return $url;
}
}
function filter_link($_filters, $text)
{
global $is_archive;
if (isset($_filters['referrer']) || isset($_filters['resource'])) {
$text = urldecode($text);
}
$text = htmlspecialchars($text);
// avoid super-long referrer strings
if (strlen($text) > 100) {
$text = substr($text, 0, 100) . '…';
}
// cannot filter archives
if ($is_archive) {
return $text;
}
$url = filter_url($_filters);
return "<a href='./{$url}' class='filter'>{$text}</a>";
}
array_pop($parts);
$parentpath = implode('/', $parts);
define('TTPDS_URL', $_SERVER['HTTP_HOST'] . $parentpath);
// script url
define('TTPDS_DIR', $_SERVER['DOCUMENT_ROOT'] . $parentpath);
// script directory
include TTPDS_DIR . '/config.php';
include TTPDS_DIR . '/inc/lang.php';
include TTPDS_DIR . '/inc/files.php';
include TTPDS_DIR . '/inc/browserargs.php';
// Parsing arguments manually as $_GET is not working due to htaccess redirect
$uri_parts = explode('?', $_SERVER['REQUEST_URI'], 2);
$page_redirected_from = 'http://' . TTPDS_URL . substr($uri_parts[0], strlen($parentpath));
parse_str(isset($uri_parts[1]) ? $uri_parts[1] : "", $output_get);
$acc = filter_url(getargfrom('acc', $output_get));
$lang = filter_url(getargfrom('lang', $output_get));
asort($TTPDS_langs);
if ($lang == "" || !in_array($lang, $TTPDS_langs)) {
$lang = prefered_language($TTPDS_langs);
}
switch ($lang) {
case 'de':
include TTPDS_DIR . '/lang/de.php';
break;
case 'en':
include TTPDS_DIR . '/lang/en.php';
break;
default:
// 'en'
include TTPDS_DIR . '/lang/en.php';
$lang = 'en';
">所有</a>
<a href="<?php
echo filter_url('status:1');
?>
" class="btn <?php
if ($_GPC['status'] == '1') {
?>
btn-primary<?php
} else {
?>
btn-default<?php
}
?>
">启用</a>
<a href="<?php
echo filter_url('status:0');
?>
" class="btn <?php
if ($_GPC['status'] == '0') {
?>
btn-primary<?php
} else {
?>
btn-default<?php
}
?>
">禁用</a>
</div>
</div>
</div>
<div class="form-group">
$id = 0;
if (count($uri_e) == 2) {
$act = filter_ln($uri_e[1]);
} elseif (count($uri_e) == 3) {
$act = filter_ln($uri_e[1]);
$id = filter_n($uri_e[2]);
}
// ---------------- authorization ---------------- //
//include 'auth.php';
// -------------------------------- file -------------------------------- //
if ($act == 'i' || $act == 'f') {
//if ($act == 'foto') $table = 'foto';
//if ($act == 'catfoto') $table = 'cat';
//$id = filter_n($uri_e[2]);
$qn = filter_n($uri_e[2]);
$qt = filter_url($uri_e[2]);
if ($qn != $qt) {
$id = db_read(array('table' => 'file', 'col' => 'id', 'where' => '`url` = \'' . $qt . '\''));
} else {
$id = $qn;
}
if ($id) {
$file = db_read(array('table' => 'file', 'col' => array('name', 'mime'), 'where' => '`id` = ' . $id));
$mime = db_read(array('table' => 'mime', 'col' => 'mimed', 'where' => '`id` = ' . $file['mime']));
$data = img_get_fdb('file', $id);
if (ob_get_level()) {
ob_end_clean();
}
header('Content-Type: ' . $mime);
header('Content-Length: ' . strlen($data['data']));
//header('Content-Disposition: '.(($act == 'f')?'attachment; ':'').'filename="'.mb_convert_encoding($fname, 'Windows-1251', 'UTF-8').'"');
function show_unit_row($unit, $class, $level, $is_answer)
{
global $breakdown, $breakdown_cat;
global $rownum, $course_id;
$a = $is_answer ? " (answer)" : "";
$j = $rownum++ % 2;
echo "<tr class=row{$j}>";
if ($breakdown && $breakdown_cat) {
echo "\n\t\t\t<td><br></td>\n\t\t\t<td><br></td>\n\t\t";
} else {
$c = class_name($class);
echo "\n\t\t\t<td><b>" . spaces($level) . "{$unit->name}</b></td>\n\t\t\t<td>{$c} {$a}</td>\n\t\t";
}
if ($breakdown) {
if ($breakdown_cat) {
echo "<td>{$breakdown_cat}</td>\n";
} else {
echo "<td>Total</td>\n";
}
}
switch ($class) {
case "BoltLesson":
$mode = BOLT_MODE_LESSON;
$views = get_views($unit, $mode);
$n = count($views);
$out = outcomes($views);
$t = avg_time($views);
echo "<td>{$n}</td>";
$n = get_nquestions($unit, $mode);
if ($n) {
echo "<td><a href=bolt_map.php?action=questions&course_id={$course_id}&name={$unit->name}&mode={$mode}" . filter_url() . ">{$n}</a></td>\n";
} else {
echo "<td>0</td>\n";
}
echo outcome_graph($out, 200);
echo empty_cell();
echo time_graph($t, 200);
break;
case "BoltExercise":
$mode = $is_answer ? BOLT_MODE_ANSWER : BOLT_MODE_SHOW;
$views = get_views($unit, $mode);
$n = count($views);
$out = outcomes($views);
$t = avg_time($views);
echo "<td>{$n}</td>";
$n = get_nquestions($unit, $mode);
if ($n) {
echo "<td><a href=bolt_map.php?action=questions&course_id={$course_id}&name={$unit->name}&mode={$mode}>{$n}</a></td>\n";
} else {
echo "<td>0</td>\n";
}
echo outcome_graph($out, 200);
if ($is_answer) {
echo empty_cell();
} else {
$results = get_results($unit);
$score = avg_score($results);
echo score_graph($score, 200);
}
echo time_graph($t, 200);
break;
case "BoltExerciseSet":
$xr = get_xset_results($unit);
$n = count($xr);
echo "<td>{$n}</td>";
echo empty_cell();
echo empty_cell();
$score = avg_score($xr);
echo score_graph($score, 200);
echo empty_cell();
break;
default:
echo empty_cell();
echo empty_cell();
echo empty_cell();
echo empty_cell();
echo empty_cell();
}
echo "</tr>\n";
}
// -------------------------------- init -------------------------------- //
$title = '';
$body = '';
include 'l/lib.php';
//include 'lib_mini.php';
db_open();
// ---------------- parse request URI ---------------- //
$uri_e = explode('?', $_SERVER['REQUEST_URI']);
//$uri_q = (isset($uri_e[1]) ? $uri_e[1] : '');
$uri_e = explode('/', $uri_e[0]);
$act = '';
$url = '';
$id = 1;
//if (count($uri_e) == 2 && $uri_e[1]) {
if (count($uri_e) == 2) {
$url = filter_url($uri_e[1]) || 'main';
} elseif (count($uri_e) == 3) {
$act = filter_ln($uri_e[1]);
$id = filter_n($uri_e[2]);
}
// ---------------- determine parameters ---------------- //
$language = FALSE;
if (getb('language')) {
$language = gets('language');
setcookie('language', $language, 2000000000, '/');
} elseif (isset($_COOKIE['language'])) {
$language = filter_ln($_COOKIE['language']);
} elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$accept_language = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
$accept_language = explode(';', $accept_language[0]);
$accept_language = explode('-', $accept_language[0]);
function calendar_widget()
{
global $filters, $is_archive;
$start_offset = gmdate('w', gmmktime(12, 0, 0, $filters['mo'], 1, $filters['yr']));
$days_in_month = days_in_month($filters['mo'], $filters['yr']);
$table = array();
for ($d = 1; $d <= $days_in_month; $d++) {
$this_w = intval(floor(($d + $start_offset - 1) / 7));
$target_w = $this_w;
if (!isset($table[$target_w])) {
$table[$target_w] = array();
for ($x = 0; $x < 7; $x++) {
$table[$target_w][$x] = 0;
}
}
$table[$target_w][$d + $start_offset - 1 - $this_w * 7] = $d;
}
$prev = prev_period($filters, true);
$prev_link = '<a href="./' . filter_url($prev) . '" title="' . date_label($prev, false) . '">←</a>';
if ($filters['yr'] < date('Y') || $filters['mo'] < date('n')) {
$next = next_period($filters, true);
$next_link = '<a href="./' . filter_url($next) . '" title="' . date_label($next, false) . '">→</a>';
} else {
$next_link = '';
}
echo '<table class="calendar center"><thead>';
echo '<tr>';
echo "<th>{$prev_link}";
echo '<th colspan="5"><a href="./' . filter_url(next_period($prev)) . '" title="' . date_label($filters, false) . '">' . date_label($filters, false) . '</a>';
echo "<th>{$next_link}";
if ($is_archive) {
echo '</table>';
return;
}
echo '<tbody>';
echo '<tr>';
foreach (array(__('Sunday'), __('Monday'), __('Tuesday'), __('Wednesday'), __('Thursday'), __('Friday'), __('Saturday')) as $day) {
$day = htmlspecialchars($day);
$d = substr($day, 0, 1);
echo "<th title='{$day}'>{$d}";
}
$actual_dy = intval(date('d'));
$actual_mo = intval(date('m'));
$actual_yr = intval(date('Y'));
$dy_filters = $filters;
for ($w = 0; $w < sizeof($table); $w++) {
echo '<tr>';
for ($d = 0; $d < 7; $d++) {
$class = isset($filters['dy']) && $filters['dy'] == $table[$w][$d] ? ' class="selected"' : '';
echo "<td{$class}>";
if ($table[$w][$d] > 0) {
if ($filters['yr'] == $actual_yr && $filters['mo'] == $actual_mo && $table[$w][$d] > $actual_dy) {
echo '<a class="future">' . $table[$w][$d] . '</a>';
} else {
$dy_filters['dy'] = $table[$w][$d];
echo '<a href="./' . filter_url($dy_filters) . '" title="';
echo date_label($filters, $table[$w][$d]) . '">' . $table[$w][$d] . '</a>';
}
}
}
}
echo '</table>';
}
} else {
if (strlen($excerpt) > 300) {
$excerpt = subString($excerpt, 0, 300) . " ...";
}
}
//检查过滤
if (!filter_ip($userdetail['ip'])) {
tb_xml_error("Your IP address is banned from sending trackbacks.");
}
$weburl = str_replace("http://", "", $url);
$weburl = str_replace("https://", "", $weburl);
$posurl = strpos($weburl, "/");
if ($posurl >= 1) {
$weburl = substr($weburl, 0, $posurl);
}
if (!filter_url($weburl)) {
tb_xml_error("Your Web address is banned from sending trackbacks.");
}
if (replace_filter($excerpt) || replace_filter($title) || replace_filter($blog_name)) {
tb_xml_error("The trackback content contains some words that are not welcomed on our site. You may edit your post and send it again. Sorry for the inconvenience.");
}
//同一个网址,在10分钟这内发送不给通过
$trytb = $DMC->numRows($DMC->query("SELECT * FROM " . $DBPrefix . "trackbacks WHERE blogUrl like '%{$weburl}%' AND postTime+600>='" . time() . "'"));
if ($trytb > 0) {
tb_xml_error("Same Blog try to send after 10 minutes!");
}
$trytb = $DMC->numRows($DMC->query("SELECT * FROM " . $DBPrefix . "trackbacks WHERE ip='" . getip() . "' AND postTime+30>='" . time() . "'"));
if ($trytb > 0) {
tb_xml_error("Same IP try to send after 30 seconds !");
}
$spam = $settingInfo['isTbApp'];
