/** * Get the tempcode for a bank of tick boxes. * * @param array A list of tuples: (prettyname, name, value, description, [disabled]) * @param mixed A description for this input field * @param ?integer The tab index of the field (NULL: not specified) * @param mixed A human intelligible name for this input field (blank: use default) * @param boolean Whether to place each tick on a new line * @return tempcode The input field */ function form_input_various_ticks($options, $description, $_tabindex = NULL, $_pretty_name = '', $simple_style = false) { if (count($options) == 0) { return new ocp_tempcode(); } $options = array_values($options); if (is_null($_tabindex)) { $tabindex = get_form_field_tabindex(NULL); } else { $_tabindex++; $tabindex = $_tabindex; } if (is_string($_pretty_name) && $_pretty_name == '') { $_pretty_name = do_lang_tempcode('OPTIONS'); } $input = new ocp_tempcode(); if (count($options[0]) != 3) { $options = array(array($options, NULL, new ocp_tempcode())); } foreach ($options as $_option) { $out = array(); foreach ($_option[0] as $option) { // $disabled has been added to the API, so we must emulate the // previous behaviour if it isn't supplied (ie. $disabled='0') if (count($option) == 4) { list($pretty_name, $name, $value, $_description) = $option; $disabled = '0'; } elseif (count($option) == 5) { list($pretty_name, $name, $value, $_description, $_disabled) = $option; $disabled = $_disabled ? '1' : '0'; } $value = filter_form_field_default($name, $value ? '1' : '0') == '1'; $out[] = array('CHECKED' => $value, 'TABINDEX' => strval($tabindex), 'NAME' => $name, 'PRETTY_NAME' => $pretty_name, 'DESCRIPTION' => $_description, 'DISABLED' => $disabled); } $input->attach(do_template('FORM_SCREEN_INPUT_VARIOUS_TICKS', array('_GUID' => 'a6212f61304a101fb2754e334a8b4212', 'SECTION_TITLE' => $_option[2], 'EXPANDED' => $_option[1], 'SIMPLE_STYLE' => $simple_style, 'BRETHREN_COUNT' => strval(count($out)), 'OUT' => $out))); } return _form_input('', $_pretty_name, $description, $input, false, false, $tabindex); }
/** * Check a posted field isn't 'evil'. * * @param string The name of the parameter * @param string The value retrieved * @return string The filtered value */ function check_posted_field($name, &$val) { if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') { $true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://'; $canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER'))))); $canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url())))); if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) { if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) { $allowed_partners = explode(chr(10), get_option('allowed_post_submitters')); $allowed_partners[] = 'paypal.com'; $allowed_partners[] = 'www.paypal.com'; $found = false; foreach ($allowed_partners as $partner) { if (trim($partner) == '') { continue; } if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) { $found = true; break; } } if (!$found) { $_POST = array(); // To stop loops log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER')); } } } } // Custom fields.xml filter system $val = filter_form_field_default($name, $val); }
/** * Get form inputter. * * @param string The field name * @param string The field description * @param array The field details * @param ?string The actual current value of the field (NULL: none) * @param boolean Whether this is for a new entry * @param boolean Whether this is the last field in the catalogue * @return ?tempcode The Tempcode for the input field (NULL: skip the field - it's not input) */ function get_field_inputter($_cf_name, $_cf_description, $field, $actual_value, $new, $last = true) { if (is_null($actual_value)) { $actual_value = ''; } // Plug anomaly due to unusual corruption require_lang('javascript'); require_javascript('javascript_posting'); require_javascript('javascript_editing'); require_javascript('javascript_ajax'); require_javascript('javascript_swfupload'); require_css('swfupload'); require_lang('comcode'); $tabindex = get_form_field_tabindex(); $actual_value = filter_form_field_default($_cf_name, $actual_value); list($attachments, $attach_size_field) = get_attachments('field_' . strval($field['id'])); $hidden_fields = new ocp_tempcode(); $hidden_fields->attach($attach_size_field); $comcode_help = build_url(array('page' => 'userguide_comcode'), get_comcode_zone('userguide_comcode', false)); $emoticon_chooser = $GLOBALS['FORUM_DRIVER']->get_emoticon_chooser('field_' . strval($field['id'])); $comcode_editor = get_comcode_editor('field_' . strval($field['id'])); $comcode_editor_small = get_comcode_editor('field_' . strval($field['id']), true); $w = has_js() && (browser_matches('wysiwyg') && strpos($actual_value, '{$,page hint: no_wysiwyg}') === false); $class = ''; global $JAVASCRIPT, $WYSIWYG_ATTACHED; if (!$WYSIWYG_ATTACHED) { $JAVASCRIPT->attach(do_template('HTML_EDIT')); } $WYSIWYG_ATTACHED = true; @header('Content-type: text/html; charset=' . get_charset()); if ($w) { $class .= ' wysiwyg'; } global $LAX_COMCODE; $temp = $LAX_COMCODE; $LAX_COMCODE = true; $GLOBALS['COMCODE_PARSE_URLS_CHECKED'] = 100; // Little hack to stop it checking any URLs /*if (is_null($default_parsed)) */ $default_parsed = comcode_to_tempcode($actual_value, NULL, false, 60, NULL, NULL, true); $LAX_COMCODE = $temp; $attachments_done = true; $ret = do_template('POSTING_FIELD', array('REQUIRED' => $field['cf_required'] == 1, 'DESCRIPTION' => $_cf_description, 'HIDDEN_FIELDS' => $hidden_fields, 'PRETTY_NAME' => $_cf_name, 'NAME' => 'field_' . strval($field['id']), 'TABINDEX_PF' => strval($tabindex), 'COMCODE_EDITOR' => $comcode_editor, 'COMCODE_EDITOR_SMALL' => $comcode_editor_small, 'CLASS' => $class, 'COMCODE_URL' => build_url(array('page' => 'userguide_comcode'), get_comcode_zone('userguide_comcode', false)), 'EMOTICON_CHOOSER' => $emoticon_chooser, 'COMCODE_HELP' => $comcode_help, 'POST' => $actual_value, 'DEFAULT_PARSED' => $default_parsed, 'ATTACHMENTS' => $attachments)); if (!$last) { $ret->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ADDITIONAL_INFO')))); } return $ret; }
/** * Get the tempcode for a list entry. (You would gather together the outputs of several of these functions, then put them in as the $content in a form_input_list function call). * * @param string The value for this entry * @param boolean Whether this entry is selected by default or not * @param mixed The text associated with this choice (blank: just use name for text) * @param boolean Whether this entry will be put as red (marking it as important somehow) * @param boolean Whether this list entry is disabled (like a header in a list) * @return tempcode The input field */ function form_input_list_entry($value, $selected = false, $text = '', $red = false, $disabled = false) { if (!is_object($text) && $text == '') { $text = $value; } if (function_exists('filter_form_field_default')) { // Don't include just for this (may not be used on a full input form), preserve memory $selected = filter_form_field_default($value, $selected ? '1' : '') == '1'; } return do_template('FORM_SCREEN_INPUT_LIST_ENTRY', array('_GUID' => 'dd76a2685d0fba5f819ef160b0816d03', 'SELECTED' => $selected, 'DISABLED' => $disabled, 'CLASS' => $red ? 'criticalfield' : '', 'NAME' => is_integer($value) ? strval($value) : $value, 'TEXT' => $text)); }
/** * Get the tempcode for a radio input. (You would gather together the outputs of several of these functions, then put them in as the $content in a form_input_radio function call). * * @param string The name of the radio button group this will be put in (i.e. the name the value presented here will be possibly matched against) * @param string The value for this entry * @param boolean Whether this entry is selected by default or not * @param mixed The text associated with this choice (blank: just use value for text) * @param ?integer The tab index of the field (NULL: not specified) * @param string An additional long description (blank: no description) * @return tempcode The input field */ function form_input_radio_entry($name, $value, $selected = false, $text = '', $tabindex = NULL, $description = '') { $tabindex = get_form_field_tabindex($tabindex); if (is_string($text) && $text == '') { $text = $value; } $selected = filter_form_field_default($name, $selected ? '1' : '') == '1'; return do_template('FORM_SCREEN_INPUT_RADIO_LIST_ENTRY', array('_GUID' => 'e2fe4ba6e8b3f705651dba13ea27f61d', 'DESCRIPTION' => $description, 'CHECKED' => $selected, 'TABINDEX' => strval($tabindex), 'NAME' => $name, 'VALUE' => $value, 'TEXT' => $text)); }