<?php
// Display the biography specified by bio_id-argument
$relPath = '../../pinc/';
include_once $relPath . 'base.inc';
include_once $relPath . 'theme.inc';
include_once $relPath . 'misc.inc';
// html_safe()
include_once 'authors.inc';
include_once 'menu.inc';
require_login();
$bio_id = get_integer_param($_GET, 'bio_id', null, 0, null, true);
$message = @$_GET['message'];
// argument provided?
if (isset($bio_id)) {
$id = $bio_id;
} else {
output_header(_('No biography-id specified'));
echo _('An error occurred.') . ' ' . _('No biography-id was specified.') . ' ';
echo sprintf(_('You may return to the <a href="%1$s">authors-listing</a>.'), 'listing.php');
exit;
}
// try to get bio
$result = mysql_query("SELECT author_id, bio FROM biographies WHERE bio_id={$id};");
if (!$result || mysql_num_rows($result) == 0) {
output_header(_('Invalid biography-id specified'));
echo _('An error occurred.') . ' ' . _('The specified biography-id was invalid.') . ' ';
echo sprintf(_('You may return to the <a href="%1$s">authors-listing</a>.'), 'listing.php');
exit;
}
$author_id = mysql_result($result, 0, 'author_id');
<?php
$relPath = "./pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'theme.inc';
include_once $relPath . 'project_states.inc';
include_once $relPath . 'list_projects.inc';
include_once $relPath . 'misc.inc';
// undo_all_magic_quotes()
undo_all_magic_quotes();
$x = get_enumerated_param($_GET, 'x', 'g', array('g', 's', 'b'));
$sort = get_integer_param($_GET, 'sort', 0, 0, 5);
$per_page = get_integer_param($_GET, 'per_page', 20, 1, NULL);
$offset = get_integer_param($_GET, 'offset', 0, 0, NULL);
$boilerplate = _("These e-texts are the product of hundreds of hours of labor donated by all of our volunteers. The list is sorted with the most recently submitted e-texts at the top. You can sort them based upon your own preferences by clicking below. Enjoy!!");
if ($x == "g") {
$type = "Gold";
$title = _("Completed Gold E-Texts");
$state = SQL_CONDITION_GOLD;
$info = _("Below is the list of Gold e-texts that have been produced on this site. Gold e-texts are books that have passed through all phases of proofreading, formatting, and post-processing. They have been submitted to Project Gutenberg and are now available for your enjoyment and download.");
} elseif ($x == "s") {
$type = "Silver";
$title = _("In Progress Silver E-Texts");
$state = SQL_CONDITION_SILVER;
$info = _("Below is the list of Silver e-texts that have almost completed processing on our site. Silver e-texts are books that have passed through all phases of proofreading and formatting and are now in the post-processing phase. Post-processing is the final assembly stage in which one volunteer performs a series of checks for consistency and correctness before the e-book is submitted to Project Gutenberg for your enjoyment and download.");
} elseif ($x == "b") {
$type = "Bronze";
$title = _("Now Proofreading Bronze E-Texts");
$state = SQL_CONDITION_BRONZE;
$info = _("Below is the list of Bronze e-texts that are currently available for proofreading on this site. Bronze e-texts are what our newest volunteers see and what you can work on now by logging in. These e-texts are in the initial stages of proofreading where everyone has a chance to correct any OCR errors which may be found. After going through a number of other phases, the e-text then goes to an experienced volunteer for final assembly (post-processing), after which the e-text is submitted to Project Gutenberg for your enjoyment and download.");
} else {
<?php
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'metarefresh.inc';
include_once '../includes/team.inc';
require_login();
$tid = get_integer_param($_GET, 'tid', null, 0, null);
if ($userP['team_1'] == $tid || $userP['team_2'] == $tid || $userP['team_3'] == $tid) {
$quitQuery = "UPDATE users SET ";
if ($userP['team_1'] == $tid) {
$quitQuery .= "team_1 = '0'";
}
if ($userP['team_2'] == $tid) {
$quitQuery .= "team_2 = '0'";
}
if ($userP['team_3'] == $tid) {
$quitQuery .= "team_3 = '0'";
}
$quitQuery .= " WHERE username='******' AND u_id='" . $userP['u_id'] . "'";
$teamResult = mysql_query($quitQuery);
mysql_query("UPDATE user_teams SET active_members = active_members-1 WHERE id='" . $tid . "'");
dpsession_set_preferences_from_db();
$title = _("Quit the Team");
$desc = _("Quitting the team....");
metarefresh(0, "../teams/tdetail.php?tid=" . $tid . "", $title, $desc);
} else {
$title = _("Not a member");
$desc = _("Unable to quit team....");
metarefresh(3, "../teams/tdetail.php?tid=" . $tid . "", $title, $desc);
}
include_once $relPath . 'misc.inc';
// xmlencode()
include_once $relPath . 'page_tally.inc';
include_once $relPath . 'forum_interface.inc';
// get_url_to_view_topic
include_once '../includes/team.inc';
include_once '../includes/member.inc';
if (empty($_GET["id"])) {
include_once $relPath . 'theme.inc';
output_header(_("Error!"));
echo "<br><center>";
echo sprintf(_("A team id must specified in the following format: %s"), "{$code_url}/stats/teams/teams_xml.php?id=*****");
echo "</center>";
exit;
}
$req_team_id = get_integer_param($_GET, 'id', null, 0, null);
//Try our best to make sure no browser caches the page
header("Content-Type: text/xml");
header("Expires: Sat, 1 Jan 2000 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
$result = select_from_teams("id = {$req_team_id}");
$curTeam = mysql_fetch_assoc($result);
$team_id = $curTeam['id'];
//Team info portion of $data
$result = mysql_query("SELECT COUNT(id) AS totalTeams FROM user_teams");
$totalTeams = mysql_result($result, 0, "totalTeams");
$data = "<teaminfo id='{$team_id}'>\n <teamname>" . xmlencode($curTeam['teamname']) . "</teamname>\n <datecreated>" . date("m/d/Y", $curTeam['created']) . "</datecreated>\n <createdby>" . xmlencode($curTeam['createdby']) . "</createdby>\n <leader>" . xmlencode(get_username_for_uid($curTeam['owner'])) . "</leader>\n <description>" . xmlencode($curTeam['team_info']) . "</description>\n <website>" . xmlencode($curTeam['webpage']) . "</website>\n <forums>" . xmlencode(get_url_to_view_topic($curTeam['topic_id'])) . "</forums>\n <totalmembers>" . $curTeam['member_count'] . "</totalmembers>\n <currentmembers>" . $curTeam['active_members'] . "</currentmembers>\n <retiredmembers>" . ($curTeam['member_count'] - $curTeam['active_members']) . "</retiredmembers>";
foreach ($page_tally_names as $tally_name => $tally_title) {
$teams_tallyboard = new TallyBoard($tally_name, 'T');
function _create_mysql_update_string($source_array, $string_fields = array(), $numeric_fields = array())
{
$fields = array_merge($string_fields, $numeric_fields);
$update_fields = array();
foreach ($fields as $field) {
if (in_array($field, $string_fields)) {
$value = "'" . mysql_real_escape_string(array_get($source_array, $field, "")) . "'";
} else {
$value = get_integer_param($source_array, $field, 0, NULL, NULL);
}
array_push($update_fields, "{$field} = {$value}");
}
return implode(", ", $update_fields);
}
<?php $relPath = '../../pinc/'; include_once $relPath . 'base.inc'; include_once $relPath . 'misc.inc'; // get_enumerated_param include_once $relPath . 'quizzes.inc'; // get_quiz_page_id_param include_once '../small_theme.inc'; // output_small_header $quiz_page_id = get_quiz_page_id_param($_REQUEST, 'quiz_page_id'); $error = get_param_matching_regex($_REQUEST, 'error', NULL, '/^\\w+$/'); $number = get_integer_param($_REQUEST, 'number', NULL, 0, NULL); include "./quiz_page.inc"; // qp_echo_hint_html $quiz = get_Quiz_containing_page($quiz_page_id); output_small_header($quiz); // A margin echo "<div style='margin: .5em;'>"; qp_echo_hint_html($error, $number); echo " </div>\n"; // vim: sw=4 ts=4 expandtab
<?php
// DP includes
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'project_states.inc';
include_once $relPath . 'forum_interface.inc';
// topic_create & get_url_to_view_topic
require_login();
// Which team?
$team_id = get_integer_param($_GET, 'team', null, 0, null);
// Get info about team
$team_result = mysql_query("SELECT teamname,team_info, webpage, createdby, owner, topic_id FROM user_teams WHERE id={$team_id}");
$row = mysql_fetch_array($team_result);
$topic_id = $row['topic_id'];
//Determine if there is an existing topic or not; if not, create one
if ($topic_id == "" || $topic_id == 0) {
$tname = $row['teamname'];
$towner_name = $row['createdby'];
$towner_id = $row['owner'];
$tinfo = $row['team_info'];
$message = "\nTeam Name: {$tname}\nCreated By: {$towner_name}\nInfo: {$tinfo}\nTeam Page: [url]" . $code_url . "/stats/teams/tdetail.php?tid=" . $team_id . "[/url]\nUse this area to have a discussion with your fellow teammates! :-D\n\n";
// appropriate forum to create thread in
$forum_id = $teams_forum_idx;
$post_subject = $tname;
$topic_id = topic_create($forum_id, $post_subject, $message, $towner_name, TRUE, FALSE);
//Update user_teams with topic_id so it won't be created again
$update_team = mysql_query("UPDATE user_teams SET topic_id={$topic_id} WHERE id={$team_id}");
}
// By here, either we had a topic or we've just created one, so redirect to it
$redirect_url = get_url_to_view_topic($topic_id);
<?php
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
include_once $relPath . 'privacy.inc';
include_once $relPath . 'theme.inc';
include_once $relPath . 'metarefresh.inc';
include_once $relPath . 'forum_interface.inc';
include_once '../includes/team.inc';
include_once '../includes/member.inc';
$order = get_enumerated_param($_GET, 'order', 'u_id', array('u_id', 'username', 'date_created'));
$direction = get_enumerated_param($_GET, 'direction', 'asc', array('asc', 'desc'));
$mstart = get_integer_param($_GET, 'mstart', 0, 0, null);
$uname = @$_REQUEST['uname'];
$uexact = @$_REQUEST['uexact'];
if (!empty($uname)) {
if ($uexact == 'yes') {
$where_clause = "WHERE username='******'";
} else {
$where_clause = "WHERE username LIKE '%" . addcslashes($uname, "%_") . "%'";
}
$mResult = mysql_query("\n SELECT u_id, username, date_created, u_privacy\n FROM users\n {$where_clause}\n ORDER BY {$order} {$direction}\n LIMIT {$mstart},20\n ");
$mRows = mysql_num_rows($mResult);
if ($mRows == 1) {
metarefresh(0, "mdetail.php?id=" . mysql_result($mResult, 0, "u_id") . "", '', '');
exit;
}
$uname = "uname=" . $uname . "&";
} else {
$mResult = mysql_query("\n SELECT u_id, username, date_created, u_privacy\n FROM users\n ORDER BY {$order} {$direction}\n LIMIT {$mstart},20\n ");
/**
* @expectedException InvalidArgumentException
*/
public function testIntegerMoreThanMax()
{
$default = NULL;
$min = 0;
$max = 9;
$result = get_integer_param($this->GET, 'i10', $default, $min, $max);
}
function set_from_post()
{
if (get_magic_quotes_gpc()) {
// Values in $_POST come with backslashes added.
// We want the fields of $this to be unescaped strings,
// so we strip the slashes.
$_POST = array_map('stripslashes', $_POST);
}
if (isset($_POST['projectid'])) {
$this->projectid = validate_projectID('projectid', @$_POST['projectid']);
$ucep_result = user_can_edit_project($this->projectid);
if ($ucep_result == PROJECT_DOES_NOT_EXIST) {
return array(_("parameter 'projectid' is invalid: no such project") . ": '{$this->projectid}'");
} else {
if ($ucep_result == USER_CANNOT_EDIT_PROJECT) {
return array(_("You are not authorized to manage this project.") . ": '{$this->projectid}'");
} else {
if ($ucep_result == USER_CAN_EDIT_PROJECT) {
// fine
} else {
return array(_("unexpected return value from user_can_edit_project") . ": '{$ucep_result}'");
}
}
}
}
$this->projectid = validate_projectID('projectid', @$_POST['projectid']);
$this->good_words = @$_POST['good_words'];
$this->bad_words = @$_POST['bad_words'];
$this->gwl_timestamp = get_integer_param($_POST, 'gwl_timestamp', null, null, null);
$this->bwl_timestamp = get_integer_param($_POST, 'bwl_timestamp', null, null, null);
return array();
}
<?php
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
include_once $relPath . 'page_tally.inc';
// $page_tally_names get_pages_per_day_for_past_n_days
include_once 'common.inc';
$valid_tally_names = array_keys($page_tally_names);
$tally_name = get_enumerated_param($_GET, 'tally_name', null, $valid_tally_names);
$holder_type = get_enumerated_param($_GET, 'holder_type', null, array('U', 'T'));
$holder_id = get_integer_param($_GET, 'holder_id', null, 0, null);
if (@$_GET['days_back'] == 'all') {
$days_back = 'all';
} else {
$days_back = get_integer_param($_GET, 'days_back', 30, 1, null);
}
// Initialize the graph before anything else.
// This makes use of the jpgraph cache if enabled.
// Last argument to init_simple_bar_graph is the cache timeout in minutes.
$graph = init_simple_bar_graph(600, 300, 60);
$pages_per_day = get_pages_per_day_for_past_n_days($tally_name, $holder_type, $holder_id, $days_back);
$datax = array_keys($pages_per_day);
$datay = array_values($pages_per_day);
$x_text_tick_interval = calculate_text_tick_interval('daily', count($datax));
if (empty($datax) || empty($datay)) {
$specimen = $holder_type == 'U' ? 'user' : 'team';
dpgraph_error("This {$specimen} has not completed any pages in this round.", 600, 300);
die;
}
draw_simple_bar_graph($graph, $datax, $datay, $x_text_tick_interval, _('Pages Completed per Day'), _('Pages'));
<?php
$relPath = '../../pinc/';
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
include_once $relPath . 'slim_header.inc';
include_once $relPath . 'Project.inc';
require_login();
$default_percent = array_get(@$_SESSION["displayimage"], 'percent', 100);
// get variables passed into page
$projectid = validate_projectID('project', @$_GET['project']);
$imagefile = validate_page_image_filename('imagefile', @$_GET['imagefile'], true);
$percent = get_integer_param($_GET, 'percent', $default_percent, 1, 999);
$showreturnlink = get_integer_param($_GET, 'showreturnlink', 1, 0, 1);
$preload = get_enumerated_param($_GET, 'preload', '', array('', 'prev', 'next'));
$width = 10 * $percent;
$_SESSION["displayimage"]["percent"] = $percent;
// Get a list of images in the project so we can populate the prev and
// next <link rel=... href=...> tags in <head> if needed.
// NB The query results are used later to populate a popup menu too.
$res = mysql_query("SELECT image FROM {$projectid} ORDER BY image ASC") or die(mysql_error());
$num_rows = mysql_num_rows($res);
$prev_image = "";
$next_image = "";
for ($row = 0; $row < $num_rows; $row++) {
$this_val = mysql_result($res, $row, "image");
if ($this_val == $imagefile) {
if ($row != 0) {
$prev_image = mysql_result($res, $row - 1, "image");
}
if ($row != $num_rows - 1) {
require_login();
define("LAYOUT_HORIZ", 1);
define("LAYOUT_VERT", 2);
set_time_limit(0);
// no time limit
$projectid = validate_projectID('projectid', @$_GET['projectid']);
$encWord = @$_GET["word"];
$word = rtrim(decode_word($encWord));
enforce_edit_authorization($projectid);
// get the right layout
$layout = array_get($_GET, "layout", @$_SESSION["show_word_context"]["layout"]);
if (empty($layout)) {
$layout = LAYOUT_HORIZ;
}
$_SESSION["show_word_context"]["layout"] = $layout;
$wordInstances = get_integer_param($_GET, 'wordInstances', 20, 0, null);
// $frame determines which frame we're operating from
// 'master' - we're the master frame
// 'left' - we're the left frame with the text
// 'right' - we're the right frame for the image
$frame = get_enumerated_param($_GET, 'frame', 'master', array('master', 'left', 'right'));
if ($frame == "master") {
slim_header_frameset(_("Word Context"));
if ($layout == LAYOUT_HORIZ) {
$frameSpec = 'rows="30%,70%"';
} else {
$frameSpec = 'cols="30%,70%"';
}
?>
<frameset <?php
echo $frameSpec;
<?php
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'stages.inc';
include_once $relPath . 'theme.inc';
include_once $relPath . 'Project.inc';
include_once $relPath . 'links.inc';
include_once $relPath . "DifferenceEngineWrapper.inc";
require_login();
$projectid = validate_projectID('project', @$_GET['project']);
$image = validate_page_image_filename('image', @$_GET['image'], true);
$L_round_num = get_integer_param($_GET, 'L_round_num', null, 0, MAX_NUM_PAGE_EDITING_ROUNDS);
$R_round_num = get_integer_param($_GET, 'R_round_num', null, 0, MAX_NUM_PAGE_EDITING_ROUNDS);
$project = new Project($projectid);
$state = $project->state;
$project_title = $project->nameofwork;
$navigation_text = "";
if (!$project->pages_table_exists) {
// This shouldn't normally happen --
// if the page table doesn't exist, a "diff" link shouldn't be shown.
// But a user might have a bookmarked or otherwise saved a 'diff' URL.
echo "<p>", _("Page details are not available for this project."), "</p>\n";
echo "<p>", _("Project ID"), ": {$projectid}</p>\n";
echo "<p>", _("Title"), ":{$project_title}</p>\n";
exit;
}
// --------------------------------------------------------------
// get information about this diff
if ($L_round_num == 0) {
$L_text_column_name = 'master_text';
$projectid_[$which] = validate_projectID("projectid_[{$which}]", $projectid);
}
}
$from_image_ = array_get($_POST, 'from_image_', NULL);
if (is_array($from_image_)) {
foreach ($from_image_ as $which => $filename) {
if ($filename) {
validate_page_image_filename("from_image_[{$which}]", $filename);
}
}
}
$action = get_enumerated_param($_POST, 'action', 'showform', array('showform', 'showagain', 'check', 'docopy'));
$page_name_handling = get_enumerated_param($_POST, 'page_name_handling', null, array('PRESERVE_PAGE_NAMES', 'RENUMBER_PAGES'), true);
$transfer_notifications = get_integer_param($_POST, 'transfer_notifications', 0, 0, 1);
$add_deletion_reason = get_integer_param($_POST, 'add_deletion_reason', 0, 0, 1);
$merge_wordcheck_files = get_integer_param($_POST, 'merge_wordcheck_files', 0, 0, 1);
$repeat_project = get_enumerated_param($_POST, 'repeat_project', null, array('TO', 'FROM', 'NONE'), true);
switch ($action) {
case 'showform':
display_form($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, $repeat_project, FALSE);
break;
case 'showagain':
display_form($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, $repeat_project, TRUE);
break;
case 'check':
do_stuff($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files, TRUE);
echo "<form method='post' action='" . attr_safe($copy_pages_url) . "'>\n";
display_hiddens($projectid_, $from_image_, $page_name_handling, $transfer_notifications, $add_deletion_reason, $merge_wordcheck_files);
echo "\n<input type='hidden' name='action' value='docopy'>";
echo "\n<input type='submit' name='submit_button' value='" . attr_safe(_("Do it")) . "'>";
echo "\n</form>";
echo ">{$round}</option>\n";
}
echo "</select>";
if (!$project) {
echo " " . _("(optional)");
}
echo " <input type='submit' value='" . attr_safe(_("View")) . "'>";
if ($project) {
echo " <input type='submit' name='reset' value='" . attr_safe(_("Reset")) . "'>";
}
echo "</form>";
exit;
} elseif ($frame == "image") {
slim_header(_("Image Frame"));
if (!count($error_messages)) {
$percent = get_integer_param($_GET, 'percent', 100, 1, 999);
$width = 10 * $percent;
?>
<form method="get" action="view_page_text_image.php">
<input type="hidden" name="projectid" value="<?php
echo $projectid;
?>
">
<input type="hidden" name="page" value="<?php
echo $page;
?>
">
<input type="text" maxlength="3" name="percent" size="3" value="<?php
echo $percent;
?>
">%
function handle_action_on_a_specified_task()
{
global $pguser, $requester_u_id;
global $now_sse, $date_str, $time_of_day_str;
global $action;
// Default 'action' when a task is specified:
if (is_null($action)) {
$action = 'show';
}
$task_id = get_integer_param($_REQUEST, 'task_id', null, 1, null);
// Fetch the state of the specified task
// before any requested changes.
$result = mysql_query("SELECT * FROM tasks WHERE task_id = {$task_id}");
if (mysql_num_rows($result) == 0) {
TaskHeader("Task #{$task_id} does not exist");
ShowNotification("Task #{$task_id} was not found!");
return;
}
$pre_task = mysql_fetch_object($result);
// Note that currently task_summary and task_details are stored HTML escaped and slashed
// in the database. This needs to be undone to produce the 'raw' string.
$pre_task->task_summary = htmlspecialchars_decode(stripslashes($pre_task->task_summary));
$pre_task->task_details = htmlspecialchars_decode(stripslashes($pre_task->task_details), ENT_QUOTES);
TaskHeader(title_string_for_task($pre_task));
if ($action == 'show') {
TaskDetails($task_id);
} elseif ($action == 'show_editing_form') {
if (user_is_a_sitemanager() || user_is_taskcenter_mgr() || $pre_task->opened_by == $requester_u_id && empty($pre_task->closed_reason)) {
// The user wants to edit an existing task.
// Initialize the form with the current values of the task's properties.
TaskForm($pre_task);
} else {
ShowNotification("The user {$pguser} does not have permission to edit this task.");
TaskDetails($task_id);
}
} elseif ($action == 'reopen') {
NotificationMail($task_id, "This task was reopened by {$pguser} on {$date_str} at {$time_of_day_str}.\n");
wrapped_mysql_query("\n UPDATE tasks\n SET\n task_status = 15,\n edited_by = {$requester_u_id},\n date_edited = {$now_sse},\n date_closed = 0,\n closed_by = 0,\n closed_reason = 0\n WHERE task_id = {$task_id}\n ");
TaskDetails($task_id);
} elseif ($action == 'edit') {
// The user is supplying values for the properties of a pre-existing task.
if (empty($_POST['task_summary']) || empty($_POST['task_details'])) {
ShowNotification("You must supply a Task Summary and Task Details.", true);
} else {
// Update a pre-existing task.
NotificationMail($task_id, "There has been an edit made to this task by {$pguser} on {$date_str} at {$time_of_day_str}.\n");
global $tasks_array;
global $categories_array;
global $tasks_status_array;
global $task_assignees_array;
global $severity_array;
global $priority_array;
global $os_array;
global $browser_array;
global $versions_array;
global $percent_complete_array;
$edit_type = (int) get_enumerated_param($_POST, 'task_type', null, array_keys($tasks_array));
$edit_category = (int) get_enumerated_param($_POST, 'task_category', null, array_keys($categories_array));
$edit_status = (int) get_enumerated_param($_POST, 'task_status', null, array_keys($tasks_status_array));
$edit_assignee = (int) get_enumerated_param($_POST, 'task_assignee', null, array_keys($task_assignees_array));
$edit_severity = (int) get_enumerated_param($_POST, 'task_severity', null, array_keys($severity_array));
$edit_priority = (int) get_enumerated_param($_POST, 'task_priority', null, array_keys($priority_array));
$edit_os = (int) get_enumerated_param($_POST, 'task_os', null, array_keys($os_array));
$edit_browser = (int) get_enumerated_param($_POST, 'task_browser', null, array_keys($browser_array));
$edit_version = (int) get_enumerated_param($_POST, 'task_version', null, array_keys($versions_array));
$edit_percent = (int) get_enumerated_param($_POST, 'percent_complete', null, array_keys($percent_complete_array));
$sql_query = "\n UPDATE tasks\n SET\n task_summary = '" . addslashes(htmlspecialchars($_POST['task_summary'])) . "',\n task_type = {$edit_type},\n task_category = {$edit_category},\n task_status = {$edit_status},\n task_assignee = {$edit_assignee},\n task_severity = {$edit_severity},\n task_priority = {$edit_priority},\n task_os = {$edit_os},\n task_browser = {$edit_browser},\n task_version = {$edit_version},\n task_details = '" . addslashes(htmlspecialchars($_POST['task_details'], ENT_QUOTES)) . "',\n date_edited = {$now_sse},\n edited_by = {$requester_u_id},\n percent_complete = {$edit_percent}\n WHERE task_id = {$task_id}\n ";
wrapped_mysql_query($sql_query);
set_window_title("All Open Tasks");
list_all_open_tasks();
}
} elseif ($action == 'close') {
global $tasks_close_array;
if (user_is_a_sitemanager() || user_is_taskcenter_mgr()) {
$tc_reason = (int) get_enumerated_param($_POST, 'closed_reason', null, array_keys($tasks_close_array));
NotificationMail($task_id, "This task was closed by {$pguser} on {$date_str} at {$time_of_day_str}.\n\nThe reason for closing was: " . $tasks_close_array[$tc_reason] . ".\n");
wrapped_mysql_query("\n UPDATE tasks\n SET\n percent_complete = 100,\n task_status = 14,\n date_closed = {$now_sse},\n closed_by = {$requester_u_id},\n closed_reason = {$tc_reason},\n date_edited = {$now_sse},\n edited_by = {$requester_u_id}\n WHERE task_id = {$task_id}\n ");
set_window_title("All Open Tasks");
list_all_open_tasks();
} else {
ShowNotification("The user {$pguser} does not have permission to close tasks.");
}
} elseif ($action == 'add_comment') {
if (!empty($_POST['task_comment'])) {
NotificationMail($task_id, "There has been a comment added to this task by {$pguser} on {$date_str} at {$time_of_day_str}.\n");
wrapped_mysql_query("\n INSERT INTO tasks_comments (task_id, u_id, comment_date, comment)\n VALUES ({$task_id}, {$requester_u_id}, {$now_sse}, '" . addslashes(htmlspecialchars($_POST['task_comment'], ENT_QUOTES)) . "')\n ");
wrapped_mysql_query("\n UPDATE tasks\n SET date_edited = {$now_sse}, edited_by = {$requester_u_id}\n WHERE task_id = {$task_id}\n ");
TaskDetails($task_id);
} else {
ShowNotification("You must supply a comment before clicking Add Comment.");
TaskDetails($task_id);
}
} elseif ($action == 'add_related_task') {
process_related_task($pre_task, 'add', @$_POST['related_task']);
} elseif ($action == 'remove_related_task') {
process_related_task($pre_task, 'remove', @$_POST['related_task']);
} elseif ($action == 'add_related_topic') {
process_related_topic($pre_task, 'add', @$_POST['related_posting']);
} elseif ($action == 'remove_related_topic') {
process_related_topic($pre_task, 'remove', @$_POST['related_posting']);
} elseif ($action == 'add_metoo') {
global $os_array, $browser_array;
$sameOS = get_integer_param($_REQUEST, 'sameOS', null, 0, 1);
$sameBrowser = get_integer_param($_REQUEST, 'sameBrowser', null, 0, 1);
$os_param_name = $sameOS ? 'task_os' : 'metoo_os';
$browser_param_name = $sameBrowser ? 'task_browser' : 'metoo_browser';
$vote_os = (int) get_enumerated_param($_POST, $os_param_name, null, array_keys($os_array));
$vote_browser = (int) get_enumerated_param($_POST, $browser_param_name, null, array_keys($browser_array));
// Do not insert twice the same vote if the user refreshes the browser
$meTooCheck = mysql_query("\n SELECT 1 FROM tasks_votes WHERE task_id = {$task_id} and u_id = {$requester_u_id} LIMIT 1\n ");
if (mysql_num_rows($meTooCheck) == 0) {
wrapped_mysql_query("\n INSERT INTO tasks_votes \n (task_id, u_id, vote_os, vote_browser) \n VALUES ({$task_id}, {$requester_u_id}, {$vote_os}, {$vote_browser})\n ");
}
mysql_free_result($meTooCheck);
// No need to display a different error message if the user was refreshing
ShowNotification("Thank you for your report! It has been recorded below.", false, "info");
TaskDetails($task_id);
} elseif ($action == 'notify_me') {
$userSettings =& Settings::get_Settings($pguser);
$userSettings->add_value('taskctr_notice', $task_id);
TaskDetails($task_id);
} elseif ($action == 'unnotify_me') {
$userSettings =& Settings::get_Settings($pguser);
$userSettings->remove_value('taskctr_notice', $task_id);
TaskDetails($task_id);
} else {
die("shouldn't be able to reach here");
}
}
<?php
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
include_once $relPath . 'theme.inc';
include_once $relPath . 'Project.inc';
include_once 'page_table.inc';
require_login();
$projectid = validate_projectID('project', @$_GET['project']);
$show_image_size = get_integer_param($_GET, 'show_image_size', 0, 0, 1);
$project = new Project($projectid);
if (isset($_GET['select_by_user'])) {
$sbu = $_GET['select_by_user'];
if (empty($sbu)) {
// Show just the current user's pages.
$username_for_page_selection = $pguser;
} else {
// Explicitly specify a particular user.
// This is only available to PFs & SAs.
// (Yes, even though it merely filters
// information that is available to all.)
if (user_is_a_sitemanager() || user_is_proj_facilitator()) {
$username_for_page_selection = $sbu;
} else {
// Just show the current user's pages.
$username_for_page_selection = $pguser;
}
}
} else {
// No 'select_by_user' parameter, so show all pages.
function show_item_editor($news_page_id)
{
if (isset($_GET['action']) && $_GET['action'] == "edit") {
$item_id = get_integer_param($_GET, 'item_id', null, null, null);
$result = mysql_query("SELECT * FROM news_items WHERE id={$item_id}");
$initial_content = mysql_result($result, 0, "content");
$action_to_request = "edit_update";
$submit_button_label = _("Edit News Item");
} else {
$item_id = "";
$initial_content = "";
$action_to_request = "add";
$submit_button_label = _("Add News Item");
}
echo "<form action='sitenews.php?news_page_id={$news_page_id}&action={$action_to_request}' method='post'>";
echo "<center>";
echo "<textarea name='content' cols='80' rows='8'>" . html_safe($initial_content) . "</textarea>";
echo "<br>\n";
echo "<input type='submit' value='{$submit_button_label}' name='submit'>";
echo "</center>";
echo "<br>\n";
echo "<br>\n";
echo "<input type='hidden' name='item_id' value='{$item_id}'>";
echo "</form>";
}
<?php
$relPath = '../../pinc/';
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
// html_safe()
require_login();
// Create xml data for all authors unless either
// an author_id is supplied (only that author)
// or
// a timestamp is supplied (only authors edited after that time)
$author_id = get_integer_param($_GET, 'author_id', null, 0, null, true);
$modified_since = get_integer_param($_GET, 'modified_since', null, 0, null, true);
if (isset($author_id)) {
$clause = "WHERE author_id = {$author_id}";
$wrap_in_big_tag = false;
} else {
if (isset($modified_since)) {
// Pad timestamp with zeroes.
// This means a date, e.g. 20040810, will be sent to
// the parser as a timestamp, e.g. 20040810000000
$last_modified = str_pad($_GET['modified_since'], 14, '0');
$clause = "WHERE last_modified >= {$last_modified}";
$wrap_in_big_tag = true;
} else {
$clause = '';
$wrap_in_big_tag = true;
}
}
header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"{$charset}\" ?>\n";
// TRANSLATORS: This is a strftime-formatted string for the date and time
$date_format = _("%A, %B %e, %Y");
// TRANSLATORS: This is a strftime-formatted string for the time
$time_format = _("%X");
error_reporting(E_ALL);
// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
// Usually, the user arrives here by clicking on the title of a project
// in a list of projects.
// But there are lots of other less-used pages that link here.
$MIN_DETAIL_LEVEL = 1;
$MAX_DETAIL_LEVEL = 4;
$DEFAULT_DETAIL_LEVEL = 3;
// Validate all the input
$projectid = validate_projectID('id', @$_GET['id']);
$expected_state = get_enumerated_param($_GET, 'expected_state', null, $PROJECT_STATES_IN_ORDER, true);
$detail_level = get_integer_param($_GET, 'detail_level', $DEFAULT_DETAIL_LEVEL, $MIN_DETAIL_LEVEL, $MAX_DETAIL_LEVEL);
// -----------------------------------------------------------------------------
$project = new Project($projectid);
// TRANSLATORS: this is the project page title.
// In a tabbed browser, the page-title passed to output_header() will appear
// in the tab, which tends to be small, as soon as you have a few of them.
// So, put the distinctive part of the page-title (i.e. the name of the
// project) first.
$title_for_theme = sprintf(_('"%s" project page'), $project->nameofwork);
$title = sprintf(_("Project Page for '%s'"), $project->nameofwork);
// -----------------------------------------------------------------------------
if (!$user_is_logged_in) {
// Guests see a reduced version of the project page.
output_header($title_for_theme, NO_STATSBAR);
echo "<h1>{$title}</h1>\n";
list($top_blurb, $bottom_blurb) = decide_blurbs();
enforce_edit_authorization($projectid);
// get the correct layout
$default_layout = @$_SESSION["show_good_word_suggestions_detail"]["layout"];
if (is_null($default_layout)) {
// The normal case for the session's first visit.
$default_layout = LAYOUT_HORIZ;
} else {
if ($default_layout === LAYOUT_HORIZ || $default_layout === LAYOUT_VERT) {
// The normal case for the session's subsequent visits.
} else {
// I don't know how this could happen.
$default_layout = LAYOUT_HORIZ;
// Alternatively, we could raise an error or warning.
}
}
$layout = get_integer_param($_GET, 'layout', $default_layout, LAYOUT_HORIZ, LAYOUT_VERT);
$_SESSION["show_good_word_suggestions_detail"]["layout"] = $layout;
// $frame determines which frame we're operating from
// 'master' - we're the master frame
// 'left' - we're the left frame with the text
// 'right' - we're the right frame for the image
$frame = get_enumerated_param($_GET, 'frame', 'master', array('master', 'left', 'right'));
if ($frame == "master") {
slim_header_frameset(_("Suggestion Detail"));
if ($layout == LAYOUT_HORIZ) {
$frameSpec = 'rows="30%,70%"';
} else {
$frameSpec = 'cols="30%,70%"';
}
?>
<frameset <?php
if (isset($NEWS_PAGES[$news_page_id])) {
$news_subject = get_news_subject($news_page_id);
output_header(sprintf(_("Recent Site News Items for %s"), $news_subject));
echo "<br>";
} else {
echo _("Error") . ": <b>" . $news_page_id . "</b> " . _("Unknown news_page_id specified, exiting.");
exit;
}
} else {
echo _("No news_page_id specified, exiting.");
exit;
}
// echo "<center>Feeds: <a href='$code_url/feeds/backend.php?content=news'><img src='$code_url/graphics/xml.gif'></a>";
// echo "<a href='$code_url/feeds/backend.php?content=news&type=rss'><img src='$code_url/graphics/rss.gif'></a>";
// echo "</center>";
$num = get_integer_param($_GET, 'num', 0, 0, NULL);
if ($num == 0) {
// Invoking this script with num=0 (or without
// the 'num' parameter) means "no limit".
$limit_clause = "";
} else {
$limit_clause = "LIMIT {$num}";
echo "<a href='pastnews.php?news_page_id={$news_page_id}'>" . sprintf(_("Show All %s News"), $news_subject) . "</a>";
}
$result = mysql_query(sprintf("\n SELECT * FROM news_items \n WHERE news_page_id = '%s' AND \n status = 'recent'\n ORDER BY id DESC\n {$limit_clause}\n", mysql_real_escape_string($news_page_id)));
if (mysql_numrows($result) == 0) {
echo "<br><br>" . sprintf(_("No recent news items for %s"), $news_subject);
} else {
while ($news_item = mysql_fetch_array($result)) {
$date_posted = strftime(_("%A, %B %e, %Y"), $news_item['date_posted']);
echo "<br><a name='" . $news_item['id'] . "'><b>{$date_posted}</b><br>" . $news_item['content'] . "<br><hr align='center' width='75%'><br>";
$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'wordcheck_engine.inc';
include_once $relPath . 'Project.inc';
include_once $relPath . 'theme.inc';
include_once './post_files.inc';
include_once "./word_freq_table.inc";
require_login();
$datetime_format = "%A, %B %e, %Y %X";
set_time_limit(0);
// no time limit
$projectid = validate_projectID('projectid', @$_REQUEST['projectid']);
$fileObject = get_project_word_file($projectid, "good");
$timeCutoff = get_integer_param($_REQUEST, 'timeCutoff', $fileObject->mod_time, 0, null);
$freqCutoff = get_integer_param($_REQUEST, 'freqCutoff', 5, 0, null);
enforce_edit_authorization($projectid);
if ($timeCutoff == 0) {
$time_cutoff_text = _("<b>All proofreader suggestions</b> are included in the results.");
} else {
$time_cutoff_text = sprintf(_("Only proofreader suggestions made <b>after %s</b> are included in the results."), strftime($datetime_format, $timeCutoff));
}
// $format determines what is presented from this page:
// 'html' - page is rendered with frequencies included
// 'file' - all words and frequencies are presented as a
// downloaded file
// 'update' - update the list
$format = get_enumerated_param($_REQUEST, 'format', 'html', array('html', 'file', 'update'));
if ($format == "update") {
$postedWords = parse_posted_words($_POST);
$words = load_project_good_words($projectid);
include_once $relPath . 'base.inc';
include_once $relPath . 'wordcheck_engine.inc';
include_once $relPath . 'slim_header.inc';
include_once $relPath . 'misc.inc';
// attr_safe()
include_once $relPath . 'Stopwatch.inc';
include_once './post_files.inc';
include_once "./word_freq_table.inc";
require_login();
$datetime_format = _("%A, %B %e, %Y at %X");
$watch = new Stopwatch();
$watch->start();
set_time_limit(0);
// no time limit
$freqCutoff = get_integer_param($_REQUEST, 'freqCutoff', 5, 0, null);
$timeCutoff = get_integer_param($_REQUEST, 'timeCutoff', -1, -1, null);
// load the PM
$pm = array_get($_REQUEST, "pm", $pguser);
if (!user_is_a_sitemanager() && !user_is_proj_facilitator()) {
$pm = $pguser;
}
// $frame determines which frame we're operating from
// none - we're the master frame
// 'left' - we're the left frame with the text
// 'right' - we're the right frame for the context info
// 'update' - not a frame at all - process the incoming data
$frame = get_enumerated_param($_REQUEST, 'frame', 'master', array('master', 'left', 'right', 'update'));
if ($frame == "update") {
$newProjectWords = array();
foreach ($_POST as $key => $val) {
if (preg_match("/cb_(projectID[0-9a-f]{13})_(\\d+)/", $key, $matches)) {
include_once $relPath . 'project_states.inc';
include_once $relPath . 'stages.inc';
include_once $relPath . 'Project.inc';
include_once './post_files.inc';
require_login();
$valid_round_ids = array_keys($Round_for_round_id_);
array_unshift($valid_round_ids, '[OCR]');
if (@$_REQUEST['projectid'] == 'many') {
$projectid = 'many';
} else {
$projectid = validate_projectID('projectid', @$_REQUEST['projectid']);
}
$round_id = get_enumerated_param($_REQUEST, 'round_id', null, $valid_round_ids);
$which_text = get_enumerated_param($_REQUEST, 'which_text', null, array('EQ', 'LE'));
$include_proofers = get_integer_param($_REQUEST, 'include_proofers', 0, 0, 1);
$save_files = get_integer_param($_REQUEST, 'save_files', 0, 0, 1);
// only sitemanagers are allowed to save files
if ($save_files && !user_is_a_sitemanager()) {
echo _('You are not authorized to invoke this script.');
exit;
}
// only people who can see names on the page details page
// can see names here.
$project = new Project($projectid);
if ($include_proofers && !$project->names_can_be_seen_by_current_user) {
echo _('You are not authorized to invoke this script.');
exit;
}
// if we are not saving files, then we are just downloading the zip.
// don't send anything out other than the headers and zip file contents.
if ($save_files) {
} else {
$byear = get_integer_param($_POST, 'byear', null, 0, null);
}
$bmonth = get_integer_param($_POST, 'bmonth', null, 0, 12);
$bday = get_integer_param($_POST, 'bday', null, 0, 31);
$bcomments = @$_POST['bcomments'];
$byearRadio = get_integer_param($_POST, 'byearRadio', null, 0, 1);
if (@$_POST['dyear'] == '') {
$dyear = null;
} else {
$dyear = get_integer_param($_POST, 'dyear', null, 0, null);
}
$dmonth = get_integer_param($_POST, 'dmonth', null, 0, 12);
$dday = get_integer_param($_POST, 'dday', null, 0, 31);
$dcomments = @$_POST['dcomments'];
$dyearRadio = get_integer_param($_POST, 'dyearRadio', null, 0, 1);
// years are specified using radio-buttons and text-fields.
// a little logic to get the right data
// also, years might be negated by checking 'B. C.'
if ($byearRadio == '0') {
$byear = 0;
} elseif (isset($_POST['bbc'])) {
$bbc = TRUE;
$byear = -$byear;
}
if ($dyearRadio == '0') {
$dyear = 0;
} elseif (isset($_POST['dbc'])) {
$dbc = TRUE;
$dyear = -$dyear;
}
