<div class="clear"></div> <form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <input type="hidden" name="view" value="<?php echo $view; ?> "/> <input type="hidden" name="tab" value="<?php echo $tab; ?> "/> <input type="hidden" name="action" value="controlcap"/> <input type="hidden" name="cid" value="<?php echo requestVar('cid'); ?> "/> <?php if ($tab != 'main') { ?> <input type="hidden" name="newControl[Name]" value="<?php echo validHtmlStr($newControl['Name']); ?> "/> <input type="hidden" name="newControl[Type]" value="<?php echo validHtmlStr($newControl['Type']); ?> "/> <input type="hidden" name="newControl[Protocol]" value="<?php echo validHtmlStr($newControl['Protocol']);
function sb_log() { global $oPluginAdmin; $startpos = requestVar('startpos') ? requestVar('startpos') : 0; $filter = requestVar('filter') ? requestVar('filter') : 'all'; $filtertype = requestVar('filtertype') ? requestVar('filtertype') : 'all'; $ipp = requestVar('ipp') ? requestVar('ipp') : 10; $keyword = requestVar('keyword'); $filterform = buildfilterform($filter, $filtertype, $keyword, $ipp); $total = $oPluginAdmin->plugin->spambayes->nbs->countlogtable($filter, $filtertype, $keyword); if ($filter == 'all') { $htotal = $oPluginAdmin->plugin->spambayes->nbs->countlogtable('ham', $filtertype, $keyword); $stotal = $oPluginAdmin->plugin->spambayes->nbs->countlogtable('spam', $filtertype, $keyword); echo '<h2>Spam Bayesian: Log [total events: ' . $total . ' (ham: ' . $htotal . ' spam: ' . $stotal . ') ]</h2>'; } else { echo '<h2>Spam Bayesian: Log [total ' . $filter . ' events: ' . $total . ']</h2>'; } $res = $oPluginAdmin->plugin->spambayes->nbs->getlogtable($startpos, $filter, $filtertype, $keyword, $ipp); $pager = buildpager($startpos, $total, $filter, $filtertype, $filterform, 'log', $keyword, $ipp); if ($total % $ipp == 0) { $ap = intval(floor($total / $ipp)); } else { $ap = intval(floor($total / $ipp)) + 1; } $cp = intval($startpos + $ipp) / $ipp; echo '<table>'; echo '<tr><th colspan="2">Page ' . $cp . ' of ' . $ap . '</th><td colspan="2">Browse: <form style="display:inline"><input type="text" size="3" name="ipp" value="' . $ipp . '" /> items per page. <input type="submit" value="Go" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="hidden" name="page" value="log" /></form>'; echo '<span style="text-align:right" class="batchoperations">'; if ($filter != 'all') { echo ' type: <b>' . $filter . '</b>'; } if ($filtertype != 'all') { echo ' event: <b>' . $filtertype . '</b>'; } if ($keyword > '') { echo ' keyword: <b>' . $keyword . '</b>'; } echo '</span></td></tr>'; echo $pager; $extraaction = '&filter=' . $filter . '&filtertype=' . urlencode($filtertype) . '&startpos=' . $startpos . '&keyword=' . $keyword . '&ipp=' . $ipp; echo '<tr><th>Date</th><th>event</th><th>content</th><th>action</th></tr><form>'; $i = 0; while ($arr = mysql_fetch_array($res)) { echo '<tr onmouseover="focusRow(this);" onmouseout="blurRow(this);"><td>' . $arr['logtime'] . '<br /><b>' . $arr['catcode'] . '</b></td><td>' . $arr['log'] . '</td><td><input id="batch' . $i . '" name="batch[' . $i . ']" value="' . $arr['id'] . '" type="checkbox"><label for="batch' . $i . '">' . htmlentities(str_replace('^^', ' ', $arr['content'])) . '</label></td>'; echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?page=trainlog&catcode=ham&id=' . $arr['id'] . $extraaction . '"><nobr>train ham</nobr></a>'; echo ' <a href="' . $_SERVER['PHP_SELF'] . '?page=trainlog&catcode=spam&id=' . $arr['id'] . $extraaction . '"><nobr>train spam</nobr></a>'; echo '<br /><a href="' . $_SERVER['PHP_SELF'] . '?page=explain&id=' . $arr['id'] . $extraaction . '"><nobr>explain</nobr></a>'; if (strstr($arr['log'], 'itemid:')) { echo '<br /><br /><a style="color:red" href="' . $_SERVER['PHP_SELF'] . '?page=promote&id=' . $arr['id'] . $extraaction . '"><nobr>publish</nobr></a>'; } echo '</td>'; echo '</tr>'; $i++; } if (mysql_num_rows($res) == 0) { echo '<tr><td colspan="4"><b>Eventlog is empty</b></td></tr>'; } echo '<tr><td colspan="4"><div class="batchoperations">with selected:<select name="batchaction">'; echo '<option value="tspam">Train spam</option>'; echo '<option value="tham">Train ham</option>'; echo '<option value="delete">Delete</option></select><input name="page" value="batch" type="hidden">'; echo '<input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" />'; echo '<input value="Submit" type="submit">( <a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(1); ">select all</a> - <a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(0); ">deselect all</a> ) </div></td></tr></form>'; echo '<tr><td colspan="4"><div class="batchoperations"><form action="" method="get" style="display:inline"><input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="page" value="clearlog" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="submit" value="Clear first ' . $ipp . '" /></form> <form action="" method="get" style="display:inline"><input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="page" value="clearlog" /><input type="hidden" name="amount" value="cf" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="submit" value="Clear current filtered logs" /></form> <form action="" method="get" style="display:inline"><input type="hidden" name="page" value="clearlog" /><input type="submit" value="Clear complete log" /></form></div></td></tr>'; echo '<tr><th colspan="2">Page ' . $cp . ' of ' . $ap . '</th><td colspan="2">Browse: <form style="display:inline"><input type="text" size="3" name="ipp" value="' . $ipp . '" /> items per page. <input type="submit" value="Go" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="hidden" name="page" value="log" /></form></td></tr>'; echo $pager; echo '</table>'; }
echo buildSelect($selectName, $filterNames); ?> <label for="<?php echo $newSelectName; ?> "><?php echo translate('OrEnterNewName'); ?> </label><input type="text" size="32" id="<?php echo $newSelectName; ?> " name="<?php echo $newSelectName; ?> " value="<?php echo requestVar('filterName'); ?> "/> </p> <?php } else { ?> <p> <label for="<?php echo $newSelectName; ?> "><?php echo translate('EnterNewFilterName'); ?> </label><input type="text" size="32" id="<?php echo $newSelectName;
} global $CONF, $manager; // $manager->checkTicket(); $action_url = $CONF['ActionURL']; $thispage = $CONF['PluginURL'] . "badbehavior/index.php"; $adminpage = $CONF['AdminURL']; $thisquerystring = serverVar('QUERY_STRING'); $toplink = '<p class="center"><a href="' . $thispage . '?' . $thisquerystring . '#sitop" alt="Return to Top of Page">-top-</a></p>' . "\n"; $showlist = strtolower(trim(requestVar('showlist'))); if (!in_array($showlist, array('stats', 'admin', 'logs'))) { $showlist = 'stats'; } $tname = stringStripTags(trim(requestVar('tname'))); $fname = stringStripTags(trim(requestVar('fname'))); $oname = stringStripTags(trim(requestVar('oname'))); $iname = stringStripTags(trim(requestVar('iname'))); $iname = preg_replace('|[^a-z0-9.,_/-]|i', '_', $iname); // make sure bad behavior is loaded if (!defined('BB2_CORE')) { //echo "loading necessary bad behavior libraries..."; global $DIR_PLUGINS; $homepath = $DIR_PLUGINS . '/badbehavior/'; require_once $homepath . '/bad-behavior-nucleuscms.php'; //echo " OK. Completed <br />\n"; } $plugin =& $oPluginAdmin->plugin; $sipid = $plugin->getID(); $admin = $plugin->siRights(); $minaccess = intval($plugin->minRights); if (!$minaccess || $minaccess == 0) { $minaccess = 8;
function convertLocalTrackbackURL($data) { global $manager, $CONF; $ping_urls_count = 0; $ping_urls = array(); $localflag = array(); $ping_url = requestVar('trackback_ping_url'); if (trim($ping_url)) { $ping_urlsTemp = array(); $ping_urlsTemp = preg_split("/[\\s,]+/", trim($ping_url)); for ($i = 0; $i < count($ping_urlsTemp); $i++) { $ping_urls[] = trim($ping_urlsTemp[$i]); $ping_urls_count++; } } $tb_url_amount = intRequestVar('tb_url_amount'); for ($i = 0; $i < $tb_url_amount; $i++) { $tb_temp_url = requestVar('tb_url_' . $i); if ($tb_temp_url) { $ping_urls[$ping_urls_count] = $tb_temp_url; $localflag[$ping_urls_count] = requestVar('tb_url_' . $i . '_local') == 'on' ? 1 : 0; $ping_urls_count++; } } if ($ping_urls_count <= 0) { return; } $blog_id = getBlogidFromItemID(intval($data['itemid'])); for ($i = 0; $i < count($ping_urls); $i++) { if ($localflag[$i]) { $tmp_url = parse_url($ping_urls[$i]); $tmp_url['path'] = trim($tmp_url['path'], '/'); $path_arr = explode("/", $tmp_url['path']); $tail = end($path_arr); $linkObj = array('linkparam' => 'item', 'bid' => $blog_id); if (substr($tail, -10) == '.trackback') { $pathName = substr($tail, 0, -10); if (substr($pathName, -5) == '.html') { $linkObj['name'] = $pathName; } else { $linkObj['name'] = $pathName . '.html'; } } else { $linkObj['name'] = $tail; } $item_id = $this->getRequestPathInfo($linkObj); if ($item_id) { $ping_urls[$i] = $CONF['ActionURL'] . '?action=plugin&name=TrackBack&tb_id=' . $item_id; } } } $_REQUEST['trackback_ping_url'] = implode("\n", $ping_urls); }
/** * @todo document this */ function action_banlistnew($blogid = '') { global $member, $manager; if ($blogid == '') { $blogid = intRequestVar('blogid'); } $ip = requestVar('ip'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $this->pagehead(); ?> <h2><?php echo _BAN_ADD_TITLE; ?> </h2> <form method="post" action="index.php"> <h3><?php echo _BAN_IPRANGE; ?> </h3> <p><?php echo _BAN_IPRANGE_TEXT; ?> </p> <div class="note"> <strong><?php echo _BAN_EXAMPLE_TITLE; ?> </strong> <?php echo _BAN_EXAMPLE_TEXT; ?> </div> <div> <?php if ($ip) { $iprangeVal = htmlspecialchars($ip, ENT_QUOTES); ?> <input name="iprange" type="radio" value="<?php echo $iprangeVal; ?> " checked="checked" id="ip_fixed" /> <label for="ip_fixed"><?php echo $iprangeVal; ?> </label> <br /> <input name="iprange" type="radio" value="custom" id="ip_custom" /> <label for="ip_custom"><?php echo _BAN_IP_CUSTOM; ?> </label> <input name='customiprange' value='<?php echo $iprangeVal; ?> ' maxlength='15' size='15' /> <?php } else { echo "<input name='iprange' value='custom' type='hidden' />"; echo "<input name='customiprange' value='' maxlength='15' size='15' />"; } ?> </div> <h3><?php echo _BAN_BLOGS; ?> </h3> <p><?php echo _BAN_BLOGS_TEXT; ?> </p> <div> <input type="hidden" name="blogid" value="<?php echo $blogid; ?> " /> <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName()); ?> '</label> <br /> <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS; ?> </label> </div> <h3><?php echo _BAN_REASON_TITLE; ?> </h3> <p><?php echo _BAN_REASON_TEXT; ?> </p> <div><textarea name="reason" cols="40" rows="5"></textarea></div> <h3><?php echo _BAN_ADD_TITLE; ?> </h3> <div> <input name="action" type="hidden" value="banlistadd" /> <?php $manager->addTicketHidden(); ?> <input type="submit" value="<?php echo _BAN_ADD_BTN; ?> " /> </div> </form> <?php $this->pagefoot(); }
/** * Parse skinvar imagetext */ function parse_imagetext() { echo htmlspecialchars(requestVar('imagetext'), ENT_QUOTES); }
function media_loginAndPassThrough() { media_head(); ?> <h1><?php echo _LOGIN_PLEASE; ?> </h1> <form method="post" action="media.php"> <div> <input name="action" value="login" type="hidden" /> <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection')); ?> " type="hidden" /> <?php echo _LOGINFORM_NAME; ?> : <input name="login" /> <br /><?php echo _LOGINFORM_PWD; ?> : <input name="password" type="password" /> <br /><input type="submit" value="<?php echo _LOGIN; ?> " /> </div> </form> <p><a href="media.php" onclick="tinyMCEPopup.close();"><?php echo _POPUP_CLOSE; ?> </a></p> <?php media_foot(); exit; }
function listplug_table_itemlist($template, $type) { $cssclass = null; switch ($type) { case 'HEAD': echo "<th>" . _LIST_ITEM_INFO . "</th><th>" . _LIST_ITEM_CONTENT . "</th><th style=\"white-space:nowrap\" colspan='1'>" . _LISTS_ACTIONS . "</th>"; break; case 'BODY': $current = $template['current']; $current->itime = strtotime($current->itime); // string -> unix timestamp if ($current->idraft == 1) { $cssclass = "class='draft'"; } // (can't use offset time since offsets might vary between blogs) if ($current->itime > $template['now']) { $cssclass = "class='future'"; } $action = requestVar('action'); echo '<td ' . $cssclass . ' style="white-space:nowrap;">'; if ($action !== 'itemlist') { echo _LIST_ITEM_BLOG . ' ', htmlspecialchars($current->bshortname) . ' <br />'; } echo _LIST_ITEM_CAT, ' ', htmlspecialchars($current->cname) . ' <br />'; if ($action !== 'browseownitems') { echo _LIST_ITEM_AUTHOR, ' ', htmlspecialchars($current->mname) . ' <br />'; } echo date("Y-m-d", $current->itime), " " . date("H:i", $current->itime); echo "</td>"; echo "<td {$cssclass}>"; $id = listplug_nextBatchId(); echo '<input type="checkbox" id="batch', $id, '" name="batch[', $id, ']" value="', $current->inumber, '" />'; echo '<label for="batch', $id, '">'; echo "<b>" . htmlspecialchars(strip_tags($current->ititle)) . "</b>"; echo '</label>'; echo "<br />"; $current->ibody = strip_tags($current->ibody); $current->ibody = htmlspecialchars(shorten($current->ibody, 200, '...')); $COMMENTS = new COMMENTS($current->inumber); echo "{$current->ibody}</td>"; echo "<td style=\"white-space:nowrap\" {$cssclass}>"; echo "<a href='index.php?action=itemedit&itemid={$current->inumber}'>" . _LISTS_EDIT . "</a>"; echo " / <a href='index.php?action=itemmove&itemid={$current->inumber}'>" . _LISTS_MOVE . "</a>"; echo " / <a href='index.php?action=itemdelete&itemid={$current->inumber}'>" . _LISTS_DELETE . "</a><br />"; // evaluate amount of comments for the item $camount = $COMMENTS->amountComments(); if ($camount > 0) { echo "<a href='index.php?action=itemcommentlist&itemid={$current->inumber}'>"; echo "( " . sprintf(_LIST_ITEM_COMMENTS, $COMMENTS->amountComments()) . " )</a>"; } else { echo _LIST_ITEM_NOCONTENT; } echo "</td>"; break; } }
function event_PostAuthentication($data) { global $CONF; if ($this->isMobile() && !$CONF['UsingAdminArea']) { if (requestVar('action') == 'addcomment' || strlen(getVar('query'))) { // check if valid SJIS if (!encoding_check(false, false, 'Shift_JIS')) { foreach (array($_REQUEST, $_SERVER) as $input) { array_walk($input, 'encoding_check'); } } // user/body/query won't be checked anymore. encoding_check(false, false, false, array('user', 'body', 'query')); } } }
function _skinfiles_uploadfile() { global $pluginUrl, $manager, $CONF; $directory = trim(requestVar('dir')); $directory = sfExpandDirectory($directory); if (sfValidPath($directory) && is_dir($directory) && is_writable($directory)) { $file = postFileInfo('name'); if ($file['size'] > $CONF['MaxUploadSize']) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_FILE_TOO_BIG . "<br />"; echo _SKINFILES_ERR_UPLOAD_FILE3 . $CONF['MaxUploadSize'] . " / "; echo $file['size'] . " bytes</p>"; sfShowDirectory($directory); return; } if (!is_uploaded_file($file['tmp_name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_BADREQUEST . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>"; sfShowDirectory($directory); return; } if (sfIllegalFilename($file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE5 . "«" . htmlspecialchars($file['name']) . "» "; echo _SKINFILES_ERR_UPLOAD_FILE6 . "</p>"; sfShowDirectory($directory); return; } if (file_exists($directory . $file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADDUPLICATE . "</p>"; sfShowDirectory($directory); return; } if (!@move_uploaded_file($file['tmp_name'], $directory . $file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADMOVEP . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>"; sfShowDirectory($directory); } $mask = @umask(00); @chmod($directory . $file['name'], 0755); @umask($mask); echo "<p class='message'>" . _SKINFILES_ERR_UPLOAD_FILE7 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE8 . "</p>"; sfShowDirectory($directory); } else { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE9 . "«" . htmlspecialchars(_skinfiles_basename($directory)) . "» " . _SKINFILES_ERR_UPLOAD_FILE10; echo _SKINFILES_ERR_UPLOAD_FILE11 . "</p>"; } }
/** * Calls a plugin action */ function callPlugin() { global $manager; $pluginName = 'NP_' . requestVar('name'); $actionType = requestVar('type'); // 1: check if plugin is installed if (!$manager->pluginInstalled($pluginName)) { doError(_ERROR_NOSUCHPLUGIN); } // 2: call plugin $pluginObject =& $manager->getPlugin($pluginName); if ($pluginObject) { $error = $pluginObject->doAction($actionType); } else { $error = 'Could not load plugin (see actionlog)'; } // doAction returns error when: // - an error occurred (duh) // - no actions are allowed (doAction is not implemented) if ($error) { doError($error); } exit; }
function bm_doShowForm() { global $member; $blogid = intRequestVar('blogid'); $log_text = trim(requestVar('logtext')); $log_link = requestVar('loglink'); $log_linktitle = requestVar('loglinktitle'); $log_text = uniDecode($log_text, _CHARSET); $log_linktitle = uniDecode($log_linktitle, _CHARSET); if (!BLOG::existsID($blogid)) { bm_doError(_ERROR_NOSUCHBLOG); } if (!$member->isTeamMember($blogid)) { bm_doError(_ERROR_NOTONTEAM); } $logje = ''; if ($log_text) { $logje .= '<blockquote><div>"' . htmlspecialchars($log_text) . '"</div></blockquote>' . "\n"; } if (!$log_linktitle) { $log_linktitle = $log_link; } if ($log_link) { $logje .= '<a href="' . htmlspecialchars($log_link) . '">' . htmlspecialchars($log_linktitle) . '</a>'; } $item['body'] = $logje; $item['title'] = htmlspecialchars($log_linktitle); $factory = new PAGEFACTORY($blogid); $factory->createAddForm('bookmarklet', $item); }
function event_PreUpdateItem($data) { // Add tags when it add for Item $itags = trim(requestVar('itags')); $inum = intval($data['itemid']); $query = 'SELECT itags as result FROM %s WHERE inum = %d'; $oldTags = quickQuery(sprintf($query, _TAGEX_TABLE, $inum)); if ($itags == $oldTags) { return false; } $query = 'DELETE FROM %s WHERE inum = %d'; sql_query(sprintf($query, _TAGEX_TABLE, $inum)); if (!empty($itags)) { $query = 'INSERT INTO %s (inum, itags) VALUES (%d, %s)'; $query = sprintf($query, _TAGEX_TABLE, $inum, $this->quote_smart($itags)); sql_query($query); } $old_tags_array = $this->getTags($oldTags); if (!is_array($old_tags_array)) { $old_tags_array = array($old_tags_array); } $new_tags_array = $this->getTags($itags); $deleteTags = $this->array_minus_array($old_tags_array, $new_tags_array); for ($i = 0; $i < count($deleteTags); $i++) { $this->deleteTags($deleteTags[$i], $inum); } $addTags = $this->array_minus_array($new_tags_array, $old_tags_array); for ($i = 0; $i < count($addTags); $i++) { $this->mergeTags($addTags[$i], $inum); } }
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }
function passRequestVars() { global $HTTP_POST_VARS, $HTTP_GET_VARS; foreach ($HTTP_POST_VARS as $key => $value) { if ($key == 'action' && $value != requestVar('nextaction')) { $key = 'nextaction'; } // a nextaction of 'showlogin' makes no sense if ($key == 'nextaction' && $value == 'showlogin') { continue; } if ($key != 'login' && $key != 'password') { passVar($key, $value); } } foreach ($HTTP_GET_VARS as $key => $value) { if ($key == 'action' && $value != requestVar('nextaction')) { $key = 'nextaction'; } // a nextaction of 'showlogin' makes no sense if ($key == 'nextaction' && $value == 'showlogin') { continue; } if ($key != 'login' && $key != 'password') { passVar($key, $value); } } }
function selector() { global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults; global $archive, $skinid, $blog, $memberinfo, $CONF, $member; global $imagepopup, $catid, $special; global $manager; $actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin'); $action = requestVar('action'); if (in_array($action, $actionNames)) { global $DIR_LIBS, $errormessage; include_once $DIR_LIBS . 'ACTION.php'; $a = new ACTION(); $errorInfo = $a->doAction($action); if ($errorInfo) { $errormessage = $errorInfo['message']; } } // show error when headers already sent out if (headers_sent() && $CONF['alertOnHeadersSent']) { // try to get line number/filename (extra headers_sent params only exists in PHP 4.3+) if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=')) { headers_sent($hsFile, $hsLine); $extraInfo = sprintf(_GFUNCTIONS_HEADERSALREADYSENT_FILE, $hsFile, $hsLine); } else { $extraInfo = ''; } startUpError(sprintf(_GFUNCTIONS_HEADERSALREADYSENT_TXT, $extraInfo), _GFUNCTIONS_HEADERSALREADYSENT_TITLE); exit; } // make is so ?archivelist without blogname or blogid shows the archivelist // for the default weblog if (serverVar('QUERY_STRING') == 'archivelist') { $archivelist = $CONF['DefaultBlog']; } // now decide which type of skin we need if ($itemid) { // itemid given -> only show that item $type = 'item'; if (!$manager->existsItem($itemid, intval($CONF['allowFuture']), intval($CONF['allowDrafts']))) { doError(_ERROR_NOSUCHITEM); } global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev; // 1. get timestamp, blogid and catid for item $query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid); $res = sql_query($query); $obj = sql_fetch_object($res); // if a different blog id has been set through the request or selectBlog(), // deny access if ($blogid && intval($blogid) != $obj->iblog) { if (!headers_sent()) { $b =& $manager->getBlog($obj->iblog); $CONF['ItemURL'] = $b->getURL(); if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'], -1) == '/') { $CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1); } $correctURL = createItemLink($itemid, ''); redirect($correctURL); exit; } else { doError(_ERROR_NOSUCHITEM); } } // if a category has been selected which doesn't match the item, ignore the // category. #85 if ($catid != 0 && $catid != $obj->icat) { $catid = 0; } $blogid = $obj->iblog; $timestamp = strtotime($obj->itime); $b =& $manager->getBlog($blogid); if ($b->isValidCategory($catid)) { $catextra = ' and icat=' . $catid; } else { $catextra = ''; } // get previous itemid and title $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1'; $res = sql_query($query); $obj = sql_fetch_object($res); if ($obj) { $itemidprev = $obj->inumber; $itemtitleprev = $obj->ititle; } // get next itemid and title $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1'; $res = sql_query($query); $obj = sql_fetch_object($res); if ($obj) { $itemidnext = $obj->inumber; $itemtitlenext = $obj->ititle; } } elseif ($archive) { // show archive $type = 'archive'; // get next and prev month links ... global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists; // sql queries for the timestamp of the first and the last published item $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime ASC"; $first_timestamp = quickQuery($query); $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime DESC"; $last_timestamp = quickQuery($query); sscanf($archive, '%d-%d-%d', $y, $m, $d); if ($d != 0) { $archivetype = _ARCHIVETYPE_DAY; $t = mktime(0, 0, 0, $m, $d, $y); // one day has 24 * 60 * 60 = 86400 seconds $archiveprev = strftime('%Y-%m-%d', $t - 86400); // check for published items if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // one day later $t += 86400; $archivenext = strftime('%Y-%m-%d', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } elseif ($m == 0) { $archivetype = _ARCHIVETYPE_YEAR; $t = mktime(0, 0, 0, 12, 31, $y - 1); // one day before is in the previous year $archiveprev = strftime('%Y', $t); if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // timestamp for the next year $t = mktime(0, 0, 0, 1, 1, $y + 1); $archivenext = strftime('%Y', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } else { $archivetype = _ARCHIVETYPE_MONTH; $t = mktime(0, 0, 0, $m, 1, $y); // one day before is in the previous month $archiveprev = strftime('%Y-%m', $t - 86400); if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // timestamp for the next month $t = mktime(0, 0, 0, $m + 1, 1, $y); $archivenext = strftime('%Y-%m', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } } elseif ($archivelist) { $type = 'archivelist'; if (is_numeric($archivelist)) { $blogid = intVal($archivelist); } else { $blogid = getBlogIDFromName($archivelist); } if (!$blogid) { doError(_ERROR_NOSUCHBLOG); } } elseif ($query) { global $startpos; $type = 'search'; $query = stripslashes($query); if (preg_match("/^(¡{2}|ã€{2}| )+\$/", $query)) { $type = 'index'; } // $order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,'; // $query = mb_convert_encoding($query, _CHARSET, $order . ' JIS, SJIS, ASCII'); switch (strtolower(_CHARSET)) { case 'utf-8': $order = 'ASCII, UTF-8, EUC-JP, JIS, SJIS, EUC-CN, ISO-8859-1'; break; case 'gb2312': $order = 'ASCII, EUC-CN, EUC-JP, UTF-8, JIS, SJIS, ISO-8859-1'; break; case 'shift_jis': // Note that shift_jis is only supported for output. // Using shift_jis in DB is prohibited. $order = 'ASCII, SJIS, EUC-JP, UTF-8, JIS, EUC-CN, ISO-8859-1'; break; default: // euc-jp,iso-8859-x,windows-125x $order = 'ASCII, EUC-JP, UTF-8, JIS, SJIS, EUC-CN, ISO-8859-1'; break; } $query = mb_convert_encoding($query, _CHARSET, $order); if (is_numeric($blogid)) { $blogid = intVal($blogid); } else { $blogid = getBlogIDFromName($blogid); } if (!$blogid) { doError(_ERROR_NOSUCHBLOG); } } elseif ($memberid) { $type = 'member'; if (!MEMBER::existsID($memberid)) { doError(_ERROR_NOSUCHMEMBER); } $memberinfo = $manager->getMember($memberid); } elseif ($imagepopup) { // media object (images etc.) $type = 'imagepopup'; // TODO: check if media-object exists // TODO: set some vars? } else { // show regular index page global $startpos; $type = 'index'; } // any type of skin with catid if ($catid && !$blogid) { $blogid = getBlogIDFromCatID($catid); } // decide which blog should be displayed if (!$blogid) { $blogid = $CONF['DefaultBlog']; } $b =& $manager->getBlog($blogid); $blog = $b; // references can't be placed in global variables? if (!$blog->isValid) { doError(_ERROR_NOSUCHBLOG); } // set catid if necessary if ($catid) { // check if the category is valid if (!$blog->isValidCategory($catid)) { doError(_ERROR_NOSUCHCATEGORY); } else { $blog->setSelectedCategory($catid); } } // decide which skin should be used if ($skinid != '' && $skinid == 0) { selectSkin($skinid); } if (!$skinid) { $skinid = $blog->getDefaultSkin(); } //$special = requestVar('special'); //get at top of file as global if (!empty($special) && isValidShortName($special)) { $type = strtolower($special); } $skin = new SKIN($skinid); if (!$skin->isValid) { doError(_ERROR_NOSUCHSKIN); } // set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude global $skinpart; $skinpart = $type; // parse the skin $skin->parse($type); // check to see we should throw JustPosted event $blog->checkJustPosted(); }
function varRequest($str, $default_value = "") { return requestVar($str, $default_value); }
/** * There seems to be no PostUpdateItem event so here we go */ function event_PreUpdateItem($data) { $mode = 'insert'; $itemid = $data['itemid']; $tags = requestVar('plugin_technoratitags_field'); if ($tags != '') { $tag_arr = array(); $tag_arr = explode(" ", $tags); $tag_arr = array_unique($tag_arr); $tags = implode(" ", $tag_arr); } /* First check if there is already a row for this post */ $result = sql_query("SELECT * FROM " . $this->tablename . " WHERE itemid=" . $data['itemid']); if (sql_num_rows($result) > 0) { $mode = 'update'; } sql_free_result($result); if ($mode == 'insert') { $query = "INSERT INTO " . $this->tablename . " (itemid,tags) VALUES (" . $itemid . ",'" . $tags . "')"; } else { $query = "UPDATE " . $this->tablename . " SET tags = '" . $tags . "' WHERE itemid = " . $itemid; } // update sql_query($query); if ($this->getOption('DelIcioUs') == "yes") { global $manager; $url = createItemLink($itemid); // get item info $item =& $manager->getItem($itemid, 0, 0); $title = $data['title'] != '' ? $data['title'] : $item['title']; $authorid = $item['authorid']; $user = $this->getMemberOption($authorid, 'DeliciousUser'); $password = $this->getMemberOption($authorid, 'DeliciousPassword'); if ($user != '' && $password != '') { $oPhpDelicious = new PhpDelicious($user, $password); if (isset($tag_arr)) { $oPhpDelicious->AddPost($url, $title, '', $tag_arr); } else { // remove the link is no tag for this post, link with no tag is just useless $oPhpDelicious->DeletePost($url); } } } }
function action_pathupdate() { global $oPluginAdmin; $o_oid = intRequestVar('oid'); $o_bid = intRequestVar('obd'); $o_param = requestVar('opr'); $o_name = requestVar('name'); $newPath = requestVar('path'); $action = requestVar('ret'); $msg = $this->plugin->RegistPath($o_oid, $newPath, $o_bid, $o_param, $o_name); if ($msg) { $this->error($msg); if ($msg[0] != 0) { return; exit; } } $mesage = _UPDATE_SUCCESS; switch ($action) { case 'catoverview': if ($o_param == 'subcategory') { $bid = getBlogIDFromCatID($o_bid); } else { $bid = $o_bid; } $this->action_categoryview($bid, _UPDATE_SUCCESS); break; case 'memberview': $this->action_memberview(_UPDATE_SUCCESS); break; case 'blogview': $this->action_blogview(_UPDATE_SUCCESS); break; case 'itemview': $this->action_itemview($o_bid, _UPDATE_SUCCESS); break; default: echo _UPDATE_SUCCESS; break; } return; }
function passRequestVars() { foreach ($_REQUEST as $key => $value) { if ($key == 'action' && $value != requestVar('nextaction')) { $key = 'nextaction'; } // a nextaction of 'showlogin' makes no sense if ($key == 'nextaction' && $value == 'showlogin') { continue; } if ($key != 'login' && $key != 'password') { passVar($key, $value); } } }
?> </a> </div> <h2><?php echo translate('EventFilter'); ?> </h2> </div> <div id="content"> <form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <input type="hidden" name="view" value="filter"/> <input type="hidden" name="page" value="<?php echo requestVar('page'); ?> "/> <input type="hidden" name="reload" value="0"/> <input type="hidden" name="execute" value="0"/> <input type="hidden" name="action" value=""/> <input type="hidden" name="subaction" value=""/> <input type="hidden" name="line" value=""/> <input type="hidden" name="fid" value=""/> <hr/> <div id="filterSelector"><label for="<?php echo $selectName; ?> "><?php echo translate('UseFilter'); ?>
function doAction($actionType) { global $CONF, $member; if (!($member->isLoggedIn() && $member->isAdmin())) { return 'Sorry. not allowed'; } if ($actionType == 'resetview') { sql_query(sprintf('UPDATE %s SET views=0 WHERE id=%s', sql_table('plugin_views'), requestVar('id'))); } elseif ($actionType == 'resetallview') { sql_query(sprintf('UPDATE %s SET views=0', sql_table('plugin_views'))); } $url = $CONF['PluginURL'] . sprintf('views/index.php?sort=%s&order=%s', requestVar('sort'), requestVar('order')); header('Location: ' . $url); }
<?php /* * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) * Copyright (C) 2002-2011 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * (see nucleus/documentation/index.html#license for more info) */ /** * File containing actions that can be performed by visitors of the site, * like adding comments, etc... * @license http://nucleuscms.org/license.txt GNU General Public License * @copyright Copyright (C) 2002-2011 The Nucleus Group * @version $Id: action.php 1131 2011-02-01 06:19:31Z sakamocchi $ * $NucleusJP: action.php,v 1.8.2.1 2007/09/05 05:50:12 kimitake Exp $ */ $CONF = array(); require './config.php'; // common functions //include_once($DIR_LIBS . 'ACTION.php'); include_libs('ACTION.php', true, false); $action = requestVar('action'); $a =& new ACTION(); $errorInfo = $a->doAction($action); if ($errorInfo) { doError($errorInfo['message'], new SKIN($errorInfo['skinid'])); }
/** * Checks the ticket that was passed along with the current request */ function checkTicket() { global $member; // get ticket from request $ticket = requestVar('ticket'); // no ticket -> don't allow if ($ticket == '') { return false; } // remove expired tickets first $this->_cleanUpExpiredTickets(); // get member id if (!$member->isLoggedIn()) { $memberId = -1; } else { $memberId = $member->getID(); } // check if ticket is a valid one $query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId) . ' and ticket=\'' . sql_real_escape_string($ticket) . '\''; if (quickQuery($query) == 1) { // [in the original implementation, the checked ticket was deleted. This would lead to invalid // tickets when using the browsers back button and clicking another link/form // leaving the keys in the database is not a real problem, since they're member-specific and // only valid for a period of one hour // ] // sql_query('DELETE FROM '.sql_table('tickets').' WHERE member=' . intval($memberId). ' and ticket=\''.addslashes($ticket).'\''); return true; } else { // not a valid ticket return false; } }