... tag12=0/1 ... tag1-tag2 OR=0, AND=1 Manage terms ***************************************************************/ require_once 'settings.inc.php'; require_once 'connect.inc.php'; require_once 'dbutils.inc.php'; require_once 'utilities.inc.php'; require_once 'simterms.inc.php'; $currentlang = validateLang(processDBParam("filterlang", 'currentlanguage', '', 0)); $currentsort = processDBParam("sort", 'currentwordsort', '1', 1); $currentpage = processSessParam("page", "currentwordpage", '1', 1); $currentquery = processSessParam("query", "currentwordquery", '', 0); $currentstatus = processSessParam("status", "currentwordstatus", '', 0); $currenttext = validateText(processSessParam("text", "currentwordtext", '', 0)); $currenttag1 = validateTag(processSessParam("tag1", "currentwordtag1", '', 0), $currentlang); $currenttag2 = validateTag(processSessParam("tag2", "currentwordtag2", '', 0), $currentlang); $currenttag12 = processSessParam("tag12", "currentwordtag12", '', 0); $wh_lang = $currentlang != '' ? ' and WoLgID=' . $currentlang : ''; $wh_stat = $currentstatus != '' ? ' and ' . makeStatusCondition('WoStatus', $currentstatus) : ''; $wh_query = convert_string_to_sqlsyntax(str_replace("*", "%", mb_strtolower($currentquery, 'UTF-8'))); $wh_query = $currentquery != '' ? ' and (WoText like ' . $wh_query . ' or WoRomanization like ' . $wh_query . ' or WoTranslation like ' . $wh_query . ')' : ''; if ($currenttag1 == '' && $currenttag2 == '') { $wh_tag = ''; } else { if ($currenttag1 != '') { if ($currenttag1 == -1) { $wh_tag1 = "group_concat(WtTgID) IS NULL"; } else { $wh_tag1 = "concat('/',group_concat(WtTgID separator '/'),'/') like '%/" . $currenttag1 . "/%'"; } }
<?php $validTags = ["!DOCTYPE", "a", "abbr", "acronym", "address", "applet", "area", "article", "aside", "audio", "b", "base", "basefont", "bdi", "bdo", "big", "blockquote", "body", "br", "button", "canvas", "caption", "center", "cite", "code", "col", "colgroup", "datalist", "dd", "del", "details", "dfn", "dialog", "dir", "div", "dl", "dt", "em", "embed", "fieldset", "figcaption", "figure", "font", "footer", "form", "frame", "frameset", "h1", "h2", "h3", "h4", "h5", "h6", "head", "header", "hgroup", "hr", "html", "i", "iframe", "img", "input", "ins", "kbd", "keygen", "label", "legend", "li", "link", "main", "map", "mark", "menu", "menuitem", "meta", "meter", "nav", "noframes", "noscript", "object", "ol", "optgroup", "option", "output", "p", "param", "pre", "progress", "q", "rp", "rt", "ruby", "s", "samp", "script", "section", "select", "small", "source", "span", "strike", "strong", "style", "sub", "summary", "sup", "table", "tbody", "td", "textarea", "tfoot", "th", "thead", "time", "title", "tr", "track", "tt", "u", "ul", "var", "video", "wbr"]; session_start(); $_SESSION['score']; $result; function validateTag($tag) { global $validTags, $result; if (array_search($tag, $validTags) === false) { $result = "Invalid HTML Tag!"; $_SESSION['score']--; } else { $result = "Valid HTML Tag!"; $_SESSION['score']++; } } if (isset($_POST['submit'])) { validateTag($_POST['input']); }