function _HCM_mailform($adresa = "", $priloha = false, $predmet = null) { // priprava $result = ""; $_SESSION[_sessionprefix . 'hcm_' . SL::$hcmUid . '_mail_receiver'] = @implode(",", _arrayRemoveValue(@explode(";", trim($adresa)), "")); if (_boolean($priloha)) { $rfile = array($GLOBALS['_lang']['hcm.mailform.att'], "<input type='file' name='att' />"); $att = true; } else { $rfile = array(''); $att = false; } if (isset($predmet)) { $rsubject = " value='" . _htmlStr($predmet) . "'"; } else { $rsubject = ""; } $rcaptcha = _captchaInit(); // zprava $msg = ''; if (isset($_GET['hcm_mr_' . SL::$hcmUid])) { switch ($_GET['hcm_mr_' . SL::$hcmUid]) { case 1: $msg = _formMessage(1, $GLOBALS['_lang']['hcm.mailform.msg.done']); break; case 2: $msg = _formMessage(2, $GLOBALS['_lang']['hcm.mailform.msg.failure']); break; case 3: $msg = _formMessage(3, $GLOBALS['_lang']['hcm.mailform.msg.failure2']); break; case 4: $msg = _formMessage(3, $GLOBALS['_lang']['xsrf.msg']); break; } } // predvyplneni odesilatele if (_loginindicator) { $sender = _loginemail; } else { $sender = "@"; } $result .= "<div class='anchor'><a name='hcm_mform_" . SL::$hcmUid . "'></a></div>\n" . $msg . _formOutput("mform" . SL::$hcmUid, _indexroot . "remote/hcm/mform.php?_return=" . urlencode(_indexOutput_url) . ($att ? "' enctype='multipart/form-data" : ''), array(array($GLOBALS['_lang']['hcm.mailform.sender'], "<input type='text' class='inputsmall' name='sender' value='" . $sender . "' /><input type='hidden' name='fid' value='" . SL::$hcmUid . "' />"), array($GLOBALS['_lang']['posts.subject'], "<input type='text' class='inputsmall' name='subject'" . $rsubject . " />"), $rcaptcha, array($GLOBALS['_lang']['hcm.mailform.text'], "<textarea class='areasmall' name='text' rows='9' cols='33'></textarea>", true), $rfile), array("text", "sender"), $GLOBALS['_lang']['hcm.mailform.send']); return $result; }
$submitcaption = $_lang['global.create']; $continue = true; } /* --- ulozeni / vytvoreni --- */ if (isset($_POST['question'])) { // nacteni promennych $question = _htmlStr(trim($_POST['question'])); $query['question'] = $question; $question = DB::esc($question); // odpovedi $answers = @explode("\n", $_POST['answers']); $answers_new = array(); foreach ($answers as $answer) { $answers_new[] = _htmlStr(trim($answer)); } $answers = _arrayRemoveValue($answers_new, ""); $answers_count = count($answers); $answers = @implode("\n", $answers); $query['answers'] = $answers; if (_loginright_adminpollall) { $author = intval($_POST['author']); } else { $author = _loginid; } $locked = _checkboxLoad("locked"); $reset = _checkboxLoad("reset"); // kontrola promennych $errors = array(); if ($question == "") { $errors[] = $_lang['admin.content.polls.edit.error1']; }
/** * Vyhodnoceni relativnich casti cesty * @param string $path cesta * @return string */ function _parsePath($path) { $path = _arrayRemoveValue(explode("/", trim($path, "/")), "."); $loop = true; while ($loop) { $moverindex = -1; for ($i = count($path) - 1; $i >= 0; --$i) { if ($path[$i] == "..") { $moverindex = $i; break; } } if ($moverindex != -1) { $collision = -1; for ($i = $moverindex - 1; $i >= 0; --$i) { if ($path[$i] != "..") { $collision = $i; break; } } if ($collision != -1) { unset($path[$moverindex], $path[$collision]); $path = array_values($path); } else { $loop = false; } } else { $loop = false; } } $output = implode("/", $path) . "/"; if ($output == "/") { $output = "./"; } return $output; }
/** * Sestaveni casti SQL dotazu po WHERE pro vyhledani clanku v urcitych kategoriich. * @param string|null $ids seznam ID kategorii oddelenych pomlckami nebo null * @return string */ function _sqlArticleWhereCategories($ids) { if ($ids != null) { $ids = _arrayRemoveValue(@explode("-", $ids), ""); $sql_code = "("; $sql_count = count($ids); $counter = 1; foreach ($ids as $rcat) { $rcat = intval($rcat); $sql_code .= "(home1=" . $rcat . " OR home2=" . $rcat . " OR home3=" . $rcat . ")"; if ($counter != $sql_count) { $sql_code .= " OR "; } ++$counter; } $sql_code .= ")"; return $sql_code; } return ""; }
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- priprava, ulozeni --- */ $message = ""; if (isset($_POST['banned'])) { $banned = explode("\n", $_POST['banned']); $banned = _arrayRemoveValue($banned, ""); $new_banned = array(); foreach ($banned as $item) { $item = explode(".", $item); $item = _arrayRemoveValue($item, ""); foreach ($item as $index => $isub) { $isub = intval(trim($isub)); if ($isub < 0) { $isub = 0; } if ($isub > 255) { $isub = 255; } $item[$index] = $isub; } $new_banned[] = implode(".", $item); } $new_banned = trim(implode("\n", array_unique($new_banned))); DB::query("UPDATE `" . _mysql_prefix . "-settings` SET val='" . DB::esc($new_banned) . "' WHERE var='banned'"); $message = _formMessage(1, $_lang['global.saved']); $data = $new_banned;
} if ($i == 0) { $info['rateform'] .= "<td rowspan='2'><img src='" . _templateImage("icons/rate-bad.png") . "' alt='bad' class='icon' /></td>\n"; } $info['rateform'] .= "</tr>\n"; } $info['rateform'] .= "\n<tr><td colspan='7'><input type='submit' value='" . $_lang['article.rate.submit'] . " >' /></td></tr>\n</table>\n"; } $info['rateform'] .= _xsrfProtect() . "</form>\n"; } // infobox if ($query['infobox'] != "") { $info['infobox'] = _parseHCM($query['infobox']); } // sestaveni kodu if (count(_arrayRemoveValue($info, null)) != 0) { // zacatek tabulky $content .= "\n<div class='anchor'><a name='ainfo'></a></div>\n<table class='article-info'>\n<tr class='valign-top'>\n"; // prvni bunka if ($info['basicinfo'] != null or $info['idlink'] != null or $info['rateresults'] != null or $info['infobox'] != null and $info['rateform'] != null) { $content .= "<td>" . $info['basicinfo'] . $info['idlink'] . $info['rateresults']; // vlozeni formulare pro hodnoceni, pokud je infobox obsazen if ($info['rateform'] != null and ($info['infobox'] != null or $info['basicinfo'] == null)) { $content .= ($info['basicinfo'] != null ? "<br />" : '') . "<br />" . $info['rateform']; $rateform_used = true; } $content .= "\n</td>\n"; } // druha bunka if ($info['infobox'] != null or $rateform_used == false and $info['rateform'] != null) { $content .= "<td>";
$file = @fopen($dir . $name, "w"); if ($file) { @fwrite($file, $content); fclose($file); $message = _formMessage(1, $_lang['admin.fman.msg.edit.done'] . " <small>(" . _formatTime(time()) . ")</small>"); } else { $message = _formMessage(2, $_lang['admin.fman.msg.edit.failure']); } } else { $message = _formMessage(2, $_lang['admin.fman.msg.disallowedextension']); } break; // presun // presun case "move": $newdir = _arrayRemoveValue(explode("/", $_POST['param']), ""); $newdir = implode("/", $newdir); if (mb_substr($newdir, -1, 1) != "/") { $newdir .= "/"; } $newdir = _parsePath($dir . $newdir); if (_loginright_adminfmanplus or mb_substr($newdir, 0, mb_strlen($defdir)) == $defdir) { $done = 0; $total = 0; foreach ($_POST as $var => $val) { if ($var == "action" or $var == "param") { continue; } $val = _admin_cparam($val); if (@file_exists($dir . $val) and !@file_exists($newdir . $val) and !@is_dir($dir . $val) and _admin_issafefile($val)) { if (@rename($dir . $val, $newdir . $val)) {