private function get_message()
{
$msg = $this->error_message;
if ($this->input != null) {
$msg .= "\n" . 'line ' . $this->tpl_line . ' offset ' . $this->offset . ' near';
$msg .= ' "...' . TextHelper::htmlentities($this->input->to_string(-100, 200)) . '..."';
}
return $msg;
}
protected function create_form()
{
$form = new HTMLForm('comments', TextHelper::htmlentities($this->comments_topic->get_url()) . '#comments-list');
$fieldset = new FormFieldsetHTML('add_comment', $this->comments_lang['comment.add']);
$form->add_fieldset($fieldset);
if (!$this->user->check_level(User::MEMBER_LEVEL)) {
$fieldset->add_field(new FormFieldTextEditor('name', $this->common_lang['form.name'], LangLoader::get_message('visitor', 'user-common'), array('maxlength' => 25)));
}
$fieldset->add_field(new FormFieldRichTextEditor('message', $this->lang['message'], '', array('formatter' => $this->get_formatter(), 'rows' => 10, 'cols' => 47, 'required' => $this->lang['require_text']), array(new FormFieldConstraintMaxLinks($this->comments_configuration->get_max_links_comment(), true), new FormFieldConstraintAntiFlood(CommentsManager::get_last_comment_added($this->user->get_id())))));
$form->add_button($submit_button = new FormButtonDefaultSubmit());
$form->add_button(new FormButtonReset());
$this->set_form($form);
$this->set_submit_button($submit_button);
return $form;
}
function get_feed_data_struct($idcat = 0, $name = '')
{
if (GalleryService::get_categories_manager()->get_categories_cache()->category_exists($idcat)) {
$category = GalleryService::get_categories_manager()->get_categories_cache()->get_category($idcat);
$config = GalleryConfig::load();
$site_name = GeneralConfig::load()->get_site_name();
$site_name = $idcat != Category::ROOT_CATEGORY ? $site_name . ' : ' . $category->get_name() : $site_name;
$feed_module_name = LangLoader::get_message('module_title', 'common', 'gallery');
$data = new FeedData();
$data->set_title($feed_module_name . ' - ' . $site_name);
$data->set_date(new Date());
$data->set_link(SyndicationUrlBuilder::rss('gallery', $idcat));
$data->set_host(HOST);
$data->set_desc($feed_module_name . ' - ' . $site_name);
$data->set_lang(LangLoader::get_message('xml_lang', 'main'));
$data->set_auth_bit(Category::READ_AUTHORIZATIONS);
$categories = GalleryService::get_categories_manager()->get_childrens($idcat, new SearchCategoryChildrensOptions(), true);
$ids_categories = array_keys($categories);
$results = PersistenceContext::get_querier()->select('SELECT *
FROM ' . GallerySetup::$gallery_table . '
WHERE idcat IN :ids_categories
ORDER BY timestamp DESC
LIMIT :pics_number_per_page', array('ids_categories' => $ids_categories, 'pics_number_per_page' => $config->get_pics_number_per_page()));
foreach ($results as $row) {
$link = TextHelper::htmlentities(GalleryUrlBuilder::get_link_item($row['idcat'], $row['id']));
$item = new FeedItem();
$item->set_title($row['name']);
$item->set_link($link);
$item->set_guid($link);
$item->set_date(new Date($row['timestamp'], Timezone::SERVER_TIMEZONE));
$item->set_image_url(Url::to_rel('/gallery/pics/' . $row['path']));
$item->set_auth(GalleryService::get_categories_manager()->get_heritated_authorizations($row['idcat'], Category::READ_AUTHORIZATIONS, Authorizations::AUTH_PARENT_PRIORITY));
$data->add_item($item);
}
$results->dispose();
return $data;
}
}
public function execute(HTTPRequestCustom $request)
{
if ($this->check_authorizations()) {
$pseudo = TextHelper::strprotect(utf8_decode($request->get_string('pseudo', '')));
$contents = TextHelper::htmlentities($request->get_string('contents', ''), ENT_COMPAT, 'UTF-8');
$contents = TextHelper::htmlspecialchars_decode(TextHelper::html_entity_decode($contents, ENT_COMPAT, 'windows-1252'));
if ($pseudo && $contents) {
//Mod anti-flood, autorisé aux membres qui bénificie de l'autorisation de flooder.
$check_time = AppContext::get_current_user()->get_id() !== -1 && ContentManagementConfig::load()->is_anti_flood_enabled() ? PersistenceContext::get_querier()->get_column_value(PREFIX . "shoutbox", 'MAX(timestamp)', 'WHERE user_id = :id', array('id' => AppContext::get_current_user()->get_id())) : '';
if (!empty($check_time) && !AppContext::get_current_user()->check_max_value(AUTH_FLOOD)) {
if ($check_time >= time() - ContentManagementConfig::load()->get_anti_flood_duration()) {
$code = -1;
}
}
//Vérifie que le message ne contient pas du flood de lien.
$config_shoutbox = ShoutboxConfig::load();
$contents = FormatingHelper::strparse($contents, $config_shoutbox->get_forbidden_formatting_tags());
if (!TextHelper::check_nbr_links($contents, $config_shoutbox->get_max_links_number_per_message(), true)) {
//Nombre de liens max dans le message.
$code = -2;
}
$shoutbox_message = new ShoutboxMessage();
$shoutbox_message->init_default_properties();
$shoutbox_message->set_login($pseudo);
$shoutbox_message->set_user_id(AppContext::get_current_user()->get_id());
$shoutbox_message->set_contents($contents);
$shoutbox_message->set_creation_date(new Date());
$code = ShoutboxService::add($shoutbox_message);
} else {
$code = -3;
}
} else {
$code = -4;
}
return new JSONResponse(array('code' => $code));
}
private function clean_html($contents)
{
$contents = TextHelper::htmlentities($contents, ENT_NOQUOTES);
$contents = str_replace(array('&', '<', '>'), array('&', '<', '>'), $contents);
return $contents;
}
$selected = explode('/', $input_date);
$selected_day = NumberHelper::numeric($selected[0]);
$selected_month = NumberHelper::numeric($selected[1]);
$selected_year = NumberHelper::numeric($selected[2]);
if (!checkdate($month, $day, $year)) {
list($year, $month, $day) = array(date('Y'), date('n'), date('j'));
}
$bissextile = date("L", mktime(0, 0, 0, 1, 1, $year)) == 1 ? 29 : 28;
$array_month = array(31, $bissextile, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$array_l_month = array($date_lang['january'], $date_lang['february'], $date_lang['march'], $date_lang['april'], $date_lang['may'], $date_lang['june'], $date_lang['july'], $date_lang['august'], $date_lang['september'], $date_lang['october'], $date_lang['november'], $date_lang['december']);
$month_day = $array_month[$month - 1];
$tpl->put_all(array('FIELD' => $field, 'INPUT_FIELD' => $input_field, 'CALENDAR_NUMBER' => $calendar_number, 'MONTH' => $month, 'YEAR' => $year, 'PREVIOUS_YEAR' => $month == 1 ? $year - 1 : $year, 'PREVIOUS_MONTH' => $month == 1 ? 12 : $month - 1, 'NEXT_YEAR' => $month == 12 ? $year + 1 : $year, 'NEXT_MONTH' => $month == 12 ? 1 : $month + 1));
//Génération des select.
for ($i = 1; $i <= 12; $i++) {
$selected = $month == $i ? 'selected="selected"' : '';
$tpl->assign_block_vars('month', array('MONTH' => '<option value="' . $i . '" ' . $selected . '>' . TextHelper::htmlentities($array_l_month[$i - 1]) . '</option>'));
}
for ($i = 1900; $i <= 2037; $i++) {
$selected = $year == $i ? 'selected="selected"' : '';
$tpl->assign_block_vars('year', array('YEAR' => '<option value="' . $i . '" ' . $selected . '>' . $i . '</option>'));
}
//Premier jour du mois.
$first_day = date('w', @mktime(1, 0, 0, $month, 1, $year));
if ($first_day == 0) {
$first_day = 7;
}
//Génération du calendrier.
$month = $month < 10 && substr($month, 0, 1) != 0 ? '0' . $month : $month;
$j = 1;
$last_day = $month_day + $first_day;
for ($i = 1; $i <= 42; $i++) {
width:150px;
}
td.options-set {
/*width:100%;*/
}
td.run-options-set {
width:125px;
}
input.run-button {
width:125px;
}
</style>
</head>
<body>
<?php
$params = TextHelper::htmlentities(!empty($_REQUEST['params']) ? $_REQUEST['params'] : '');
?>
<form name="phpunit_launcher">
<table class="run-options">
<tr>
<td class="options-set-name"><span>command line</span></td>
<td class="options-set">
<input type="text" name="params" id="params" value="<?php
echo $params;
?>
" style="width: 75%;">
<span>html output:</span>
<input type="checkbox" name="is_html" id="is_html">
</td>
<td class="run-options-set">
<input type="button" name="run" value="run command" class="run-button"
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
###################################################*/
define('PATH_TO_ROOT', '../../..');
include_once PATH_TO_ROOT . '/kernel/begin.php';
AppContext::get_session()->no_session_location();
//Permet de ne pas mettre jour la page dans la session.
include_once PATH_TO_ROOT . '/kernel/header_no_display.php';
$page_path_to_root = retrieve(REQUEST, 'path_to_root', '');
$page_path = retrieve(REQUEST, 'page_path', '');
//Quel éditeur utiliser ? Si ce n'est pas précisé on prend celui par défaut de l'utilisateur
$editor = retrieve(REQUEST, 'editor', ContentFormattingConfig::load()->get_default_editor());
$contents = TextHelper::htmlentities(retrieve(POST, 'contents', ''), ENT_COMPAT, 'UTF-8');
$contents = TextHelper::htmlspecialchars_decode(stripslashes(TextHelper::html_entity_decode($contents)));
$ftags = retrieve(POST, 'ftags', TSTRING_UNCHANGE);
$forbidden_tags = explode(',', $ftags);
$formatting_factory = AppContext::get_content_formatting_service()->create_factory($editor);
//On prend le bon parseur avec la bonne configuration
$parser = $formatting_factory->get_parser();
$parser->set_content($contents);
$parser->set_path_to_root($page_path_to_root);
$parser->set_page_path($page_path);
if (!empty($forbidden_tags)) {
$parser->set_forbidden_tags($forbidden_tags);
}
$parser->parse();
//On parse la deuxième couche (code, math etc) pour afficher
$second_parser = $formatting_factory->get_second_parser();
break;
//Sons
//Sons
case 'mp3':
$bbcode = '[sound]/upload/' . $row['path'] . '[/sound]';
$tinymce = '<a href="' . PATH_TO_ROOT . '/upload/' . $row['path'] . '">' . $row['name'] . '</a>';
$link = '/upload/' . $row['path'];
break;
default:
$bbcode = '[url=/upload/' . $row['path'] . ']' . $row['name'] . '[/url]';
$tinymce = '<a href="' . PATH_TO_ROOT . '/upload/' . $row['path'] . '">' . $row['name'] . '</a>';
$link = '/upload/' . $row['path'];
}
$is_bbcode_editor = $editor == 'BBCode';
$displayed_code = $is_bbcode_editor ? $bbcode : '/upload/' . $row['path'];
$inserted_code = !empty($parse) ? !empty($no_path) ? $link : PATH_TO_ROOT . $link : ($is_bbcode_editor ? addslashes($bbcode) : TextHelper::htmlentities($tinymce));
$tpl->assign_block_vars('files', array('C_RECENT_FILE' => $row['timestamp'] > $now->get_timestamp() - 15 * 60, 'ID' => $row['id'], 'IMG' => $get_img_mimetype['img'], 'URL' => PATH_TO_ROOT . $link, 'TITLE' => str_replace('"', '\\"', $row['name']), 'NAME' => $name_cut, 'RENAME_FILE' => '<span id="fihref' . $row['id'] . '"><a href="javascript:display_rename_file(\'' . $row['id'] . '\', \'' . addslashes($row['name']) . '\', \'' . addslashes($name_cut) . '\');" title="' . LangLoader::get_message('edit', 'common') . '" class="fa fa-edit"></a></span>', 'FILETYPE' => $get_img_mimetype['filetype'] . $size_img, 'BBCODE' => '<input type="text" readonly="readonly" onclick="select_div(\'text_' . $row['id'] . '\');" id="text_' . $row['id'] . '" class="upload-input-bbcode" value="' . $displayed_code . '">', 'SIZE' => $row['size'] > 1024 ? NumberHelper::round($row['size'] / 1024, 2) . ' ' . LangLoader::get_message('unit.megabytes', 'common') : NumberHelper::round($row['size'], 0) . ' ' . LangLoader::get_message('unit.kilobytes', 'common'), 'INSERT' => !empty($popup) ? '<a href="javascript:insert_popup(\'' . $inserted_code . '\')" title="' . $LANG['popup_insert'] . '" class="fa fa-clipboard"></a>' : '', 'LIGHTBOX' => !empty($size_img) ? ' data-lightbox="1"' : '', 'U_MOVE' => url('.php?movefi=' . $row['id'] . '&f=' . $folder . $popup)));
$total_folder_size += $row['size'];
$total_files++;
}
$result->dispose();
//Autorisation d'uploader sans limite aux groupes.
$group_limit = AppContext::get_current_user()->check_max_value(DATA_GROUP_LIMIT, $files_upload_config->get_maximum_size_upload());
$unlimited_data = $group_limit === -1 || AppContext::get_current_user()->check_level(User::ADMIN_LEVEL);
$total_size = !empty($folder) ? Uploads::Member_memory_used(AppContext::get_current_user()->get_id()) : PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD, 'SUM(size)', 'WHERE user_id = :id', array('id' => AppContext::get_current_user()->get_id()));
$tpl->put_all(array('PERCENT' => !$unlimited_data ? '(' . NumberHelper::round($total_size / $group_limit, 3) * 100 . '%)' : '', 'SIZE_LIMIT' => !$unlimited_data ? $group_limit > 1024 ? NumberHelper::round($group_limit / 1024, 2) . ' ' . LangLoader::get_message('unit.megabytes', 'common') : NumberHelper::round($group_limit, 0) . ' ' . LangLoader::get_message('unit.kilobytes', 'common') : $LANG['illimited'], 'TOTAL_SIZE' => $total_size > 1024 ? NumberHelper::round($total_size / 1024, 2) . ' ' . LangLoader::get_message('unit.megabytes', 'common') : NumberHelper::round($total_size, 0) . ' ' . LangLoader::get_message('unit.kilobytes', 'common'), 'TOTAL_FOLDER_SIZE' => $total_folder_size > 1024 ? NumberHelper::round($total_folder_size / 1024, 2) . ' ' . LangLoader::get_message('unit.megabytes', 'common') : NumberHelper::round($total_folder_size, 0) . ' ' . LangLoader::get_message('unit.kilobytes', 'common'), 'TOTAL_FOLDERS' => $total_directories, 'TOTAL_FILES' => $total_files));
if ($total_directories == 0 && $total_files == 0) {
$tpl->put_all(array('C_EMPTY_FOLDER' => true, 'L_EMPTY_FOLDER' => LangLoader::get_message('no_item_now', 'common')));
}
$tpl->display();
}
if ($i >= $pos_pics - $start_thumbnails && $i <= $pos_pics + $end_thumbnails) {
$tpl->assign_block_vars('pics.pics_max.list_preview_pics', array('PICS' => $pics));
}
$i++;
}
}
} else {
$j = 0;
$result = PersistenceContext::get_querier()->select("SELECT g.id, g.idcat, g.name, g.path, g.timestamp, g.aprob, g.width, g.height, m.display_name, m.user_id, m.level, m.groups\n\t\t\tFROM " . GallerySetup::$gallery_table . " g\n\t\t\tLEFT JOIN " . DB_TABLE_MEMBER . " m ON m.user_id = g.user_id\n\t\t\tWHERE g.idcat = :idcat\n\t\t\tORDER BY g.timestamp\n\t\t\tLIMIT :number_items_per_page OFFSET :display_from", array('idcat' => $id_category, 'number_items_per_page' => $pagination->get_number_items_per_page(), 'display_from' => $pagination->get_display_from()));
while ($row = $result->fetch()) {
//Si la miniature n'existe pas (cache vidé) on regénère la miniature à partir de l'image en taille réelle.
if (!file_exists('pics/thumbnails/' . $row['path'])) {
$Gallery->Resize_pics('pics/' . $row['path']);
}
//Redimensionnement + création miniature
$name_cut = strlen(TextHelper::html_entity_decode($row['name'])) > 22 ? TextHelper::htmlentities(substr(TextHelper::html_entity_decode($row['name']), 0, 22)) . '...' : $row['name'];
//On reccourci le nom s'il est trop long pour éviter de déformer l'administration.
$name = TextHelper::html_entity_decode($row['name']);
$name = strlen($name) > 20 ? substr($name, 0, 20) . '...' : $name;
//On genère le tableau pour x colonnes
$tr_start = is_int($j / $nbr_column_pics) ? '<tr>' : '';
$j++;
$tr_end = is_int($j / $nbr_column_pics) ? '</tr>' : '';
//Affichage de l'image en grand.
if ($config->get_pics_enlargement_mode() == GalleryConfig::FULL_SCREEN) {
//Ouverture en popup plein écran.
$display_link = HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&cat=' . $row['idcat']);
} elseif ($config->get_pics_enlargement_mode() == GalleryConfig::POPUP) {
//Ouverture en popup simple.
$display_link = 'javascript:display_pics_popup(\'' . HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&cat=' . $row['idcat']) . '\', \'' . $row['width'] . '\', \'' . $row['height'] . '\')';
} elseif ($config->get_pics_enlargement_mode() == GalleryConfig::RESIZE) {
/**
* @desc Handler which clears the HTML code which is in the code and HTML tags
* @param string $var variable to clear
* @return the clean content
*/
private static function clear_html_and_code_tag($var)
{
$var = str_replace("\n", '<br />', $var);
return TextHelper::htmlentities($var, ENT_NOQUOTES);
}
public static function Rename_file($id_file, $name, $previous_name, $user_id, $admin = false)
{
$info_cat = array('idcat' => '', 'user_id' => '');
try {
$info_cat = self::$db_querier->select_single_row(PREFIX . "upload", array("idcat", "user_id"), 'WHERE id=:id', array('id' => $id_file));
} catch (RowNotFoundException $e) {
}
//Vérification de l'unicité du nom du fichier.
$check_file = self::$db_querier->count(DB_TABLE_UPLOAD, 'WHERE idcat = :idcat AND name = :name AND id <> :id AND user_id = :user_id', array('idcat' => $info_cat['idcat'], 'name' => $name, 'id' => $id_file, 'user_id' => $user_id));
if ($check_file > 0 || preg_match('`/|\\\\|"|<|>|\\||\\?`', stripslashes($name))) {
return '/';
}
if ($admin) {
self::$db_querier->update(DB_TABLE_UPLOAD, array('name' => $name), 'WHERE id = :id', array('id' => $id_file));
return stripslashes(strlen(TextHelper::html_entity_decode($name)) > 22 ? TextHelper::htmlentities(substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
} else {
if ($user_id == $info_cat['user_id']) {
self::$db_querier->update(DB_TABLE_UPLOAD, array('name' => $name), 'WHERE id = :id', array('id' => $id_file));
return stripslashes(strlen(TextHelper::html_entity_decode($name)) > 22 ? TextHelper::htmlentities(substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
}
}
return stripslashes(strlen(TextHelper::html_entity_decode($previous_name)) > 22 ? TextHelper::htmlentities(substr(TextHelper::html_entity_decode($previous_name), 0, 22)) . '...' : $previous_name);
}
public function Rename_pics($id_pics, $name, $previous_name)
{
PersistenceContext::get_querier()->update(GallerySetup::$gallery_table, array('name' => $name), 'WHERE id = :id', array('id' => $id_pics));
return stripslashes(strlen(TextHelper::html_entity_decode($name)) > 22 ? TextHelper::htmlentities(substr(TextHelper::html_entity_decode($name), 0, 22)) . PATH_TO_ROOT . '.' : $name);
}
