function _api_getHansard_search($array) { $search = isset($array['s']) ? trim($array['s']) : ''; $pid = trim($array['pid']); $type = isset($array['type']) ? $array['type'] : ''; $search = filter_user_input($search, 'strict'); if ($pid) { $search .= ($search ? ' ' : '') . 'speaker:' . $pid; } if ($type) { $search .= " section:" . $type; } $o = get_http_var('order'); if ($o == 'p') { $data = search_by_usage($search); $out = array(); foreach ($data['speakers'] as $pid => $s) { $out[$pid] = array('house' => $s['house'], 'name' => $s['name'], 'party' => $s['party'], 'count' => $s['count'], 'mindate' => substr($s['pmindate'], 0, 7), 'maxdate' => substr($s['pmaxdate'], 0, 7)); } api_output($out); return; } global $SEARCHENGINE; $SEARCHENGINE = new SEARCHENGINE($search); # $query_desc_short = $SEARCHENGINE->query_description_short(); $pagenum = get_http_var('page'); $args = array('s' => $search, 'p' => $pagenum, 'num' => get_http_var('num'), 'pop' => 1, 'o' => $o == 'd' || $o == 'r' ? $o : 'd'); $LIST = new HANSARDLIST(); $LIST->display('search', $args, 'api'); }
public function display() { $data = array(); $argparser = new Search\ParseArgs(); $this->searchstring = $argparser->construct_search_string(); $this->searchkeyword = $argparser->searchkeyword; if (!$this->searchstring) { $data = $this->get_form_params($data); $data['searchstring'] = ''; $data['template'] = 'search/results'; return $data; } $this->searchstring = filter_user_input($this->searchstring, 'strict'); $warnings = $this->validate_search_string(); if ($warnings) { $data['warnings'] = $warnings; $data['template'] = 'search/results'; $data['searchstring'] = $this->searchstring; $data = $this->get_form_params($data); return $data; } else { if (get_http_var('o') == 'p') { $search = new Search\ByUsage(); $data = $search->search($this->searchstring); $data['template'] = 'search/by-person'; } else { $search = new Search\Normal(); $data = $search->search($this->searchstring); $data['template'] = 'search/results'; } } if (isset($data['info']['spelling_correction'])) { $data['info']['spelling_correction_display'] = $this->prettifySearchString($data['info']['spelling_correction']); } $data['searchstring'] = $this->searchstring; $data['urls'] = $this->get_urls(); $data['this_url'] = $this->get_search_url(); $data['ungrouped_url'] = $this->get_search_url(false); $data = $this->get_form_params($data); $data = $this->set_wtt_options($data); $this->set_page_title($data); return $data; }
$_SERVER['DEVICE_TYPE'] = "mobile"; # vim:sw=4:ts=4:et:nowrap include_once "../../includes/easyparliament/init.php"; include_once INCLUDESPATH . "easyparliament/member.php"; include_once INCLUDESPATH . "easyparliament/glossary.php"; // From http://cvs.sourceforge.net/viewcvs.py/publicwhip/publicwhip/website/ include_once INCLUDESPATH . "postcode.inc"; if (get_http_var('s') != '' || get_http_var('pid') != '') { if (get_http_var('pid') == 16407) { header('Location: /search/?pid=10133'); exit; } // We're searching for something. $this_page = 'search'; $searchstring = trim(get_http_var('s')); $searchstring = filter_user_input($searchstring, 'strict'); $time = parse_date($searchstring); if ($time['iso']) { header('Location: /hansard/?d=' . $time['iso']); exit; } $searchspeaker = trim(get_http_var('pid')); if ($searchspeaker) { $searchstring .= ($searchstring ? ' ' : '') . 'speaker:' . $searchspeaker; } $searchmajor = trim(get_http_var('section')); if (!$searchmajor) { // Legacy URLs used maj $searchmajor = trim(get_http_var('maj')); } if ($searchmajor) {
/** * Update custom field */ function updateCustomField($field) { global $database; /* escape vars */ # set override if ($field['fieldType'] != "set") { $field = filter_user_input($field, true, true); } /* set db type values */ if ($field['fieldType'] == "bool" || $field['fieldType'] == "text" || $field['fieldType'] == "date" || $field['fieldType'] == "datetime") { $field['ftype'] = "{$field['fieldType']}"; } else { $field['ftype'] = "{$field['fieldType']}({$field['fieldSize']})"; } //default null if (strlen($field['fieldDefault']) == 0) { $field['fieldDefault'] = "NULL"; } else { $field['fieldDefault'] = "'{$field['fieldDefault']}'"; } //character? if ($field['fieldType'] == "varchar" || $field['fieldType'] == "text" || $field['fieldType'] == "set") { $charset = "CHARACTER SET utf8"; } else { $charset = ""; } /* update request */ if ($field['action'] == "delete") { $query = "ALTER TABLE `{$field['table']}` DROP `{$field['name']}`;"; } else { if ($field['action'] == "edit" && @$field['NULL'] == "NO") { $query = "ALTER TABLE `{$field['table']}` CHANGE COLUMN `{$field['oldname']}` `{$field['name']}` {$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NOT NULL COMMENT '{$field['Comment']}';"; } else { if ($field['action'] == "edit") { $query = "ALTER TABLE `{$field['table']}` CHANGE COLUMN `{$field['oldname']}` `{$field['name']}` {$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} COMMENT '{$field['Comment']}';"; } else { if ($field['action'] == "add" && @$field['NULL'] == "NO") { $query = "ALTER TABLE `{$field['table']}` ADD COLUMN \t`{$field['name']}` \t\t\t\t\t{$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NOT NULL COMMENT '{$field['Comment']}';"; } else { if ($field['action'] == "add") { $query = "ALTER TABLE `{$field['table']}` ADD COLUMN \t`{$field['name']}` \t\t\t\t\t{$field['ftype']} {$charset} DEFAULT {$field['fieldDefault']} NULL COMMENT '{$field['Comment']}';"; } else { return false; } } } } } /* prepare log */ $log = prepareLogFromArray($field); try { $database->executeQuery($query); } catch (Exception $e) { $error = $e->getMessage(); print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>"; updateLogTable('Custom Field ' . $field['action'] . ' failed (' . $field['name'] . ')', $log, 2); return false; } updateLogTable('Custom Field ' . $field['action'] . ' success (' . $field['name'] . ')', $log, 0); return true; }
if ($success) { // $success will be the editqueue_id(). print "<h4>All good so far...</h4><p>Your definition for <strong>"" . $data['title'] . ""</strong> now awaits moderator approval or somesuch thing...</p>"; $PAGE->glossary_links(); } else { $PAGE->error_message("Sorry, there was an error and we were unable to add your Glossary item."); } } elseif (get_http_var("previewterm") != '') { // We're previewing a Glossary definition. if (get_http_var('definition') != '') { // Mock up a "current term" to send to the display function $body = get_http_var('definition'); $title = get_http_var('g'); $GLOSSARY->current_term['body'] = filter_user_input($body, 'comment'); // In init.php $GLOSSARY->current_term['title'] = filter_user_input($title, 'comment'); // In init.php // Off it goes... print "<p>Your entry should look something like this:</p>"; print "<p>"; $PAGE->glossary_display_term($GLOSSARY); print "</p>"; // Then, in case they aren't happy with it, show them the form again $PAGE->glossary_add_definition_form($args); } } elseif ($GLOSSARY->query != '') { // Deal with all the various searching possiblities... if ($GLOSSARY->num_search_matches >= 1) { // Offer a list of matching terms $PAGE->glossary_display_match_list($GLOSSARY); } else {
<?php /* * Print truncate subnet *********************/ /* required functions */ require_once '../../functions/functions.php'; /* filter input */ $_POST = filter_user_input($_POST, true, true, false); $_POST['action'] = filter_user_input($_POST['action'], false, false, true); /* must be numeric */ if (!is_numeric($_POST['subnetId'])) { die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>'); } /* verify that user has write permissions for subnet */ $subnetPerm = checkSubnetPermission($_POST['subnetId']); if ($subnetPerm < 2) { die('<div class="alert alert-danger">' . _('You do not have permissions to truncate subnet') . '!</div>'); } /* verify post */ CheckReferrer(); # get subnet details $subnet = getSubnetDetailsById($_POST['subnetId']); # get all IP addresses $ip_addr = getIpAddressesBySubnetId($_POST['subnetId']); ?> <!-- header --> <div class="pHeader"><?php print _('Truncate subnet');
function create($COMMENT, $reportdata) { // For when a user posts a report on a comment. // $reportdata is an array like: // array ( // 'body' => 'some text', // 'firstname' => 'Billy', // 'lastname' => 'Nomates', // 'email' => '*****@*****.**' // ) // But if the report was made by a logged-in user, only the // 'body' element should really contain anything, because // we use $THEUSER's id to get the rest. // $COMMENT is an existing COMMENT object, needed for setting // its modflag and comment_id. global $THEUSER, $PAGE; if (!$THEUSER->is_able_to('reportcomment')) { $PAGE->error_message("Sorry, you are not allowed to post reports."); return false; } if (is_numeric($THEUSER->user_id()) && $THEUSER->user_id() > 0) { // Flood check - make sure the user hasn't just posted a report recently. // To help prevent accidental duplicates, among other nasty things. // (Non-logged in users are all id == 0.) $flood_time_limit = 20; // How many seconds until a user can post again? $q = $this->db->query("SELECT report_id\n\t\t\t\t\t\t\tFROM\tcommentreports\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\treported + 0 > NOW() - {$flood_time_limit}"); if ($q->rows() > 0) { $PAGE->error_message("Sorry, we limit people to posting one report per {$flood_time_limit} seconds to help prevent duplicate reports. Please go back and try again, thanks."); return false; } } // Tidy up body. $body = filter_user_input($reportdata['body'], 'comment'); // In utility.php $time = gmdate("Y-m-d H:i:s"); if ($THEUSER->isloggedin()) { $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, user_id)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($THEUSER->user_id()) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t"; } else { $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, firstname, lastname, email)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['firstname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['lastname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['email']) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t"; } $q = $this->db->query($sql); if ($q->success()) { // Inserted OK, so set up this object's variables. $this->report_id = $q->insert_id(); $this->comment_id = $COMMENT->comment_id(); $this->body = $body; $this->reported = $time; if ($THEUSER->isloggedin()) { $this->user_id = $THEUSER->user_id(); $this->firstname = $THEUSER->firstname(); $this->lastname = $THEUSER->lastname(); } else { $this->email = $reportdata['email']; $this->firstname = $reportdata['firstname']; $this->lastname = $reportdata['lastname']; } // Set the comment's modflag to on. $COMMENT->set_modflag('on'); // Notify those who need to know that there's a new report. $URL = new URL('admin_commentreport'); $URL->insert(array('rid' => $this->report_id, 'cid' => $this->comment_id)); $emailbody = "A new comment report has been filed by " . $this->user_name() . ".\n\n"; $emailbody .= "COMMENT:\n" . $COMMENT->body() . "\n\n"; $emailbody .= "REPORT:\n" . $this->body . "\n\n"; $emailbody .= "To manage this report follow this link: http://" . DOMAIN . $URL->generate('none') . "\n"; send_email(REPORTLIST, 'New comment report', $emailbody); // Send an email to the user to thank them. if ($THEUSER->isloggedin()) { $email = $THEUSER->email(); } else { $email = $this->email(); } $data = array('to' => $email, 'template' => 'report_acknowledge'); $merge = array('FIRSTNAME' => $this->firstname(), 'LASTNAME' => $this->lastname(), 'COMMENTURL' => "http://" . DOMAIN . $COMMENT->url(), 'REPORTBODY' => strip_tags($this->body())); // send_template_email in utility.php. send_template_email($data, $merge); return true; } else { return false; } }
<?php /* verify that user is authenticated! */ isUserAuthenticated(); /* get posted search term */ if ($_GET['ip']) { $searchTerm = $_GET['ip']; } else { $searchTerm = ""; } /* filter input */ $_GET['ip'] = filter_user_input($_GET['ip'], true, true); ?> <h4><?php print _('Search IP database'); ?> </h4> <hr> <!-- search form --> <form id="search" name="search" class='form-inline' role="form" style="margin-bottom:20px;"> <div class='input-group'> <div class='form-group'> <input class="search input-md form-control" name="ip" value="<?php print $searchTerm; ?> " placeholder="<?php print _('Search term'); ?> " type="text" autofocus="autofocus" style='width:250px;'>
function create($data) { // Inserts data for this comment into the database. // $data has 'epobject_id' and 'body' elements. // Returns the new comment_id if successful, false otherwise. global $THEUSER, $PAGE; if ($this->comments_enabled() == false) { $PAGE->error_message("Sorry, the posting of annotations has been temporarily disabled."); return; } if (!$THEUSER->is_able_to('addcomment')) { $message = array('title' => 'Sorry', 'text' => 'You are not allowed to post annotations.'); $PAGE->error_message($message); return false; } if (!is_numeric($data['epobject_id'])) { $message = array('title' => 'Sorry', 'text' => "We don't have an epobject id."); $PAGE->error_message($message); return false; } if ($data['body'] == '') { $message = array('title' => 'Whoops!', 'text' => "You haven't entered an annotation!"); $PAGE->error_message($message); return false; } /* if (is_numeric($THEUSER->user_id())) { // Flood check - make sure the user hasn't just posted a comment recently. // To help prevent accidental duplicates, among other nasty things. $flood_time_limit = 60; // How many seconds until a user can post again? $q = $this->db->query("SELECT comment_id FROM comments WHERE user_id = '" . $THEUSER->user_id() . "' AND posted + 0 > NOW() - $flood_time_limit"); if ($q->rows() > 0) { $message = array ( 'title' => 'Hold your horses!', 'text' => "We limit people to posting one comment per $flood_time_limit seconds to help prevent duplicate postings. Please go back and try again, thanks." ); $PAGE->error_message($message); return false; } } */ // OK, let's get on with it... // Tidy up the HTML tags // (but we don't make URLs into links; only when displaying the comment). $body = filter_user_input($data['body'], 'comment'); // In utility.php $posted = date('Y-m-d H:i:s', time()); $q_gid = $this->db->query("select gid from hansard where epobject_id = '" . addslashes($data['epobject_id']) . "'"); $data['gid'] = $q_gid->field(0, 'gid'); $q = $this->db->query("INSERT INTO comments\n\t\t\t\t\t\t(user_id, epobject_id, body, posted, visible, original_gid)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t(\n\t\t\t\t\t\t'" . addslashes($THEUSER->user_id()) . "',\n\t\t\t\t\t\t'" . addslashes($data['epobject_id']) . "',\n\t\t\t\t\t\t'" . addslashes($body) . "',\n\t\t\t\t\t\t'" . $posted . "',\n\t\t\t\t\t\t1,\n\t\t\t\t\t\t'" . addslashes($data['gid']) . "'\n\t\t\t\t\t\t)"); if ($q->success()) { // Set the object varibales up. $this->comment_id = $q->insert_id(); $this->user_id = $THEUSER->user_id(); $this->epobject_id = $data['epobject_id']; $this->body = $data['body']; $this->posted = $posted; $this->visible = 1; return $this->comment_id(); } else { return false; } }
<script type="text/javascript"> /* fix for ajax-loading tooltips */ $('body').tooltip({ selector: '[rel=tooltip]' }); </script> <?php /** * Script to display all slave IP addresses and subnets in content div of subnets table! ***************************************************************************************/ /* filter input */ $_GET = filter_user_input($_GET, true, true, false); /* must be numeric */ if (!is_numeric($_GET['subnetId'])) { die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>'); } if (!is_numeric($_GET['section'])) { die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>'); } /* get master subnet ID */ $subnetId = $_GET['subnetId']; /* get all slaves */ $slaves = getAllSlaveSubnetsBySubnetId($subnetId); /* get master details */ $master = getSubnetDetailsById($subnetId); /* get section details */ $section = getSectionDetailsById($master['sectionId']); /* divide subnets / folders */ foreach ($slaves as $s) { //folders if ($s['isFolder'] == "1") { $folders[] = $s; } else {
$sort['field'] = $tmp[0]; $sort['direction'] = $tmp[1]; if ($sort['direction'] == "asc") { $sort['directionNext'] = "desc"; } else { $sort['directionNext'] = "asc"; } /** * Parse IP addresses * * We provide subnet and mask, all other is calculated based on it (subnet, broadcast,...) */ $SubnetParsed = parseIpAddress(transform2long($SubnetDetails['subnet']), $SubnetDetails['mask']); } /* filter input */ $_REQUEST = filter_user_input($_REQUEST, true, true, false); /* must be numeric */ if (!is_numeric($_REQUEST['subnetId'])) { die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>'); } /* get posted subnet, die if it is not provided! */ if ($_REQUEST['subnetId']) { $subnetId = $_REQUEST['subnetId']; } /* verify that user is authenticated! */ isUserAuthenticated(); /* get all selected fields for IP print */ $setFields = getSelectedIPaddrFields(); /* format them to array! */ $setFields = explode(";", $setFields); /**
/** * Send IP address details mail * * type > IP, subnet, vlan, vrf * action * objectOld, objectNew > object details array */ function sendObjectUpdateMails($type, $action, $objectOld, $objectNew, $iprange = false) { # get settings global $settings; global $mailsettings; global $mail; global $pmail; # ip range? if ($iprange) { # subject $subject = "New IP range {$action} notification"; # set reference object $objectSelected = $objectNew; } elseif ($action == "add") { # subject $subject = "New {$type} notification"; # unset unneeded variables unset($objectOld); unset($objectNew['lastSeen'], $objectNew['editDate'], $objectNew['isFolder']); # set reference object $objectSelected = $objectNew; } elseif ($action == "edit") { # subject $subject = "{$type} modification notification"; # unset unneeded variables unset($objectNew['lastSeen'], $objectNew['editDate'], $objectNew['isFolder'], $objectNew['id']); unset($objectOld['lastSeen'], $objectOld['editDate'], $objectOld['isFolder'], $objectNew['id'], $objectOld['permissions']); # set reference object $objectSelected = $objectOld; } elseif ($action == "delete") { # subject $subject = "{$type} delete notification"; # unset unneeded variables unset($objectNew); # set reference object $objectSelected = $objectOld; } # sec default tdstyle $tdstyle = "padding:2px;padding-left:10px;margin:0px;border-top:1px solid #eeeeee;border-bottom:1px solid #eeeeee;padding-top:3px;padding-bottom:3px;"; $font = "Helvetica, Verdana, Arial, sans-serif"; # content $content = "<tr><td colspan='4' style='padding-top:30px;'></td></tr>\n"; $content .= "<tr><td style='{$tdstyle}'><strong>Field</strong></td><td style='{$tdstyle}'><strong>Old</strong></td><td style='{$tdstyle}'></td><td style='{$tdstyle}'><strong>New</strong></td></tr>\n"; $change = 0; foreach ($objectSelected as $k => $l) { $objectNew[$k] = filter_user_input($objectNew[$k], false, true, false); $objectOld[$k] = filter_user_input($objectOld[$k], false, true, false); // only mail if change if ($objectOld[$k] != $objectNew[$k]) { if (strlen($objectNew[$k]) == 0) { $objectNew[$k] = " /"; } if (strlen($objectOld[$k]) == 0) { $objectOld[$k] = " /"; } $content .= "<tr>"; $content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$k}</font></td>"; $content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$objectOld[$k]}</font></td>"; $content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'> => </font></td>"; $content .= "<td style='{$tdstyle}'><font face='{$font}' style='font-size:12px;'>{$objectNew[$k]}</font></td>"; $content .= "</tr>\n"; $change++; } } # set html content $mail['content'] = $mail['header']; $mail['content'] .= $content; $mail['content'] .= $mail['footer4']; # Alt content - no html $mail['contentAltt'] = str_replace("<br>", "\r\n", $content); $mail['contentAltt'] = str_replace("\t", " ", $mail['contentAltt']); $mail['contentAltt'] = strip_tags($mail['contentAltt']); $mail['contentAlt'] = $mail['headerAlt']; $mail['contentAlt'] .= "{$subject}" . "\r\n------------------------------\r\n\r\n"; $mail['contentAlt'] .= "{$mail['contentAltt']}"; $mail['contentAlt'] .= $mail['footerAlt']; # send only if change if ($change > 0) { # set mail parameters try { $pmail->SetFrom($mailsettings['mAdminMail'], $mailsettings['mAdminName']); // add admins $admins = getAllAdminUsers(); foreach ($admins as $admin) { if ($admin['mailChangelog'] == "Yes") { $pmail->AddAddress($admin['email']); } } $pmail->ClearReplyTos(); // content $pmail->Subject = $subject; $pmail->AltBody = $mail['contentAlt']; $pmail->MsgHTML($mail['content']); # pošlji $pmail->Send(); } catch (phpmailerException $e) { updateLogTable("Sending change notification mail failed!", $e->errorMessage(), 2); return false; } catch (Exception $e) { updateLogTable("Sending change notification mail failed!", $e->errorMessage(), 2); return false; } } return true; }
function create(&$data) { // Add a Glossary definition. // Sets visiblity to 0, and awaits moderator intervention. // For this we need to start up an epobject of type 2 and then an editqueue item // where editqueue.epobject_id_l = epobject.epobject_id $EDITQUEUE = new GLOSSEDITQUEUE(); // Assuming that everything is ok, we will need: // For epobject: // title VARCHAR(255), // body TEXT, // type INTEGER, // created DATETIME, // modified DATETIME, // and for editqueue: // edit_id INTEGER PRIMARY KEY NOT NULL, // user_id INTEGER, // edit_type INTEGER, // epobject_id_l INTEGER, // title VARCHAR(255), // body TEXT, // submitted DATETIME, // editor_id INTEGER, // approved BOOLEAN, // decided DATETIME global $THEUSER; if (!$THEUSER->is_able_to('addterm')) { error("Sorry, you are not allowed to add Glossary terms."); return false; } if ($data['title'] == '') { error("Sorry, you can't define a term without a title"); return false; } if ($data['body'] == '') { error("You haven't entered a definition!"); return false; } if (is_numeric($THEUSER->user_id())) { // Flood check - make sure the user hasn't just posted a term recently. // To help prevent accidental duplicates, among other nasty things. $flood_time_limit = 20; // How many seconds until a user can post again? $q = $this->db->query("SELECT glossary_id\n\t\t\t\t\t\t\tFROM\teditqueue\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\tsubmitted + 0 > NOW() - {$flood_time_limit}"); if ($q->rows() > 0) { error("Sorry, we limit people to posting one term per {$flood_time_limit} seconds to help prevent duplicate postings. Please go back and try again, thanks."); return false; } } // OK, let's get on with it... // Tidy up the HTML tags // (but we don't make URLs into links; only when displaying the comment). // We can display Glossary terms the same as the comments $data['title'] = filter_user_input($data['title'], 'comment_title'); // In utility.php $data['body'] = filter_user_input($data['body'], 'comment'); // In utility.php // Add the time and the edit type for the editqueue $data['posted'] = date('Y-m-d H:i:s', time()); $data['edit_type'] = 2; // Add the item to the edit queue $success = $EDITQUEUE->add($data); if ($success) { return $success; } else { return false; } }
// is required. $URL->insert(array('id' => get_http_var('gid'), 'c' => $success)); header("Location: http://" . DOMAIN . $URL->generate('none') . "#c" . $success); exit; } else { // Else, $COMMENT will have printed an error message. $PAGE->page_end(); } } else { // We're previewing a comment. $PAGE->page_start(); $PAGE->stripe_start(); if (is_numeric(get_http_var('epobject_id'))) { //remove any unwanted tags $body = get_http_var('body'); $body = filter_user_input($body, 'comment'); // In init.php // Preview the comment. // Mock up a data array for the comment listing template. $data['comments'][0] = array('body' => $body, 'firstname' => $THEUSER->firstname(), 'lastname' => $THEUSER->lastname(), 'user_id' => $THEUSER->user_id(), 'posted' => date('Y-m-d H:i:s', time()), 'modflagged' => NULL, 'visible' => 1, 'preview' => true); $COMMENTLIST = new COMMENTLIST(); $COMMENTLIST->render($data, 'html'); // Show the populated comment form. $commendata = array('epobject_id' => get_http_var('epobject_id'), 'gid' => get_http_var('gid'), 'body' => get_http_var('body'), 'return_page' => get_http_var('return_page')); $PAGE->comment_form($commendata); // Show all comments for this epobject. $args = array('epobject_id' => get_http_var('epobject_id')); $COMMENTLIST->display('ep', $args); } $PAGE->stripe_end(); $PAGE->page_end();
/** * Get full field data, including comments */ function getFullFieldData($table, $field) { global $database; /* escape vars to prevent SQL injection */ $table = filter_user_input($table, true, true); $field = filter_user_input($field, true, true); /* set query, open db connection and fetch results */ $query = "show full columns from `{$table}` where `Field` = '{$field}';"; /* execute */ try { $details = $database->getArray($query); } catch (Exception $e) { $error = $e->getMessage(); //print ("<div class='alert alert-danger'>"._('Error').": $error</div>"); return false; } /* return results */ return $details[0]; }
<?php /* * Discover new hosts with ping *******************************/ /* required functions */ require_once '../../../functions/functions.php'; /* verify that user is logged in */ isUserAuthenticated(true); /* filter input */ $_POST = filter_user_input($_POST, true, true, false); /* subnet Id must be a integer */ if (!is_numeric($_POST['subnetId']) || $_POST['subnetId'] == 0) { die("<div class='alert alert-danger'>Invalid subnetId!</div>"); } /* verify that user has write permissions for subnet */ $subnetPerm = checkSubnetPermission($_POST['subnetId']); if ($subnetPerm < 2) { die('<div class="alert alert-danger">' . _('You do not have permissions to modify hosts in this subnet') . '!</div>'); } # verify post CheckReferrer(); # ok, lets get results form post array! foreach ($_POST as $key => $line) { // IP address if (substr($key, 0, 2) == "ip") { $res[substr($key, 2)]['ip_addr'] = $line; } // description if (substr($key, 0, 11) == "description") { $res[substr($key, 11)]['description'] = $line;
<?php if ($term) { $this_page = 'glossary_item'; } else { $this_page = "glossary"; } include_once '../../includes/easyparliament/init.php'; include_once INCLUDESPATH . "easyparliament/glossary.php"; $args = array('sort' => "regexp_replace", 'glossary_id' => ""); if (get_http_var('gl')) { // We've already got something, so display it. $this_page = 'glossary'; if (is_numeric(get_http_var('gl'))) { $args['glossary_id'] = filter_user_input(get_http_var('gl'), 'strict'); } } // Stop the title generator making nasty glossary titles. //$DATA->set_page_metadata ('help_us_out', 'title', ''); $GLOSSARY = new GLOSSARY($args); $term = $GLOSSARY->current_term; // Check if we're on a letter index page if (get_http_var('az') != '' && is_string(get_http_var('az'))) { // we have a letter! // make sure it's only one and uppercase $az = strtoupper(substr(get_http_var('az'), 0, 1)); } // Now check it's in the populated glossary alphabet if (isset($az) && array_key_exists($az, $GLOSSARY->alphabet)) { $GLOSSARY->current_letter = $az; // Otherwise make it the first letter of the current term
public function testHTMLCleaningOfAngleBrackets() { $text = 'Is 2 < 3?'; $this->assertEquals('Is 2 < 3?', filter_user_input($text, 'comment')); }
echo "\tif (el) el.innerHTML = txt;"; echo "}"; for ($i = 1; $i <= $maxid; $i++) { $query_ref = "SELECT text FROM entries WHERE var_id=" . $i; $query_ref .= " AND language_id=" . $_SESSION['ref']; $result_ref = mysql_db_query($db, $query_ref, $dblink); $row = mysql_fetch_row($result_ref); $ref_text = restore_user_input($row[0], true, false); echo "\treplaceRef('" . $i . "', '" . $ref_text . "');"; } echo "</SCRIPT>"; mysql_close($dblink); } if (isset($_POST['language'])) { $_SESSION['edit_orig'] = $_SESSION['edit']; $_SESSION['edit'] = filter_user_input($_POST['language']); } if (!isset($_SESSION['edit'])) { $dblink = @mysql_connect("dbnfs", "gast", ""); $query = "SELECT edit FROM users WHERE uname='" . $_SESSION['uname'] . "'"; $result = mysql_db_query("skm_localisation", $query, $dblink); $data = mysql_fetch_row($result); if ($data[0] == "all") { $_SESSION['edit'] = "3"; } else { $_SESSION['edit'] = $data[0]; } mysql_close($dblink); } ?>