function getMenuLinks() { global $CURRENT_USER, $APP; $menuLinks = ''; foreach (_getMenuList() as $row) { // set defaults if (!array_key_exists('menuType', $row)) { $row['menuType'] = ''; } if (!array_key_exists('tableName', $row)) { $row['tableName'] = ''; } if (!array_key_exists('linkTarget', $row)) { $row['linkTarget'] = ''; } // check menu access if (!$CURRENT_USER) { $hasMenuAccess = false; } elseif (!$row['tableName'] && $CURRENT_USER['isAdmin']) { $hasMenuAccess = true; } else { $hasMenuAccess = userSectionAccess($row['tableName']) >= 3; } // accessLevel: viewer or better if (!$hasMenuAccess) { continue; } // don't display if user doesn't have access $rowHtml = ''; // show menu groups if ($row['menuType'] == 'menugroup') { $rowHtml .= _openMenuGroupList($row['menuName'], $row['isSelected']); } else { $rowHtml .= _openMenuGroupList('', $row['isSelected'], true); $class = $row['isSelected'] ? 'current ' : ''; $style = ""; $menuName = htmlencode($row['menuName']); if (@$row['_indent']) { $class .= 'indented_menu'; } if (@$row['tableName'] == '_error_log' && @$row['recordCount'] > 0) { $style .= 'color: #F55;'; } // highlight errors $jsEscapedMessage = jsEncode(htmlencode(@$row['linkMessage'])); $onclick = @$row['linkMessage'] ? "onclick=\"alert('{$jsEscapedMessage}');\"" : ""; $target = $row['linkTarget']; $href = $row['link']; $rowHtml .= " <li><a class='{$class}' style='{$style}' href='{$href}' {$target} {$onclick}>{$menuName}</a></li>\n"; } $rowHtml = applyFilters('menulinks_rowHtml', $rowHtml, $row); $menuLinks .= $rowHtml; } // $menuLinks .= _closeMenuGroupList(); // return $menuLinks; }
require_once '../config.inc.php'; require_once '../funcs.inc.php'; //get comments from database $comments = $db->query("SELECT * FROM em_comments WHERE object_id = " . $db->quote($_REQUEST['object_id']) . " ORDER BY id")->fetchAll(); // -- form output ------------------------------------------------ $total = count($comments); $counter = 1; $html = '<div id="emContent">'; if ($total > $CCOUNT) { $html .= '<div class="emShowAllComments" id="emShowAllComments"><a href="javascript:viewAllComments();">' . $lang['view'] . ' <span id="total_em_comments">' . $total . '</span> ' . $lang['view2'] . '</a></div>'; } foreach ($comments as $comment) { if ($comment['sender_name']) { if ($comment['sender_mail']) { $comment['sender_name'] = jsEncode($comment['sender_mail'], $comment['sender_name']); } $sender = '<span class="emSenderName">' . $comment['sender_name'] . '</span>: '; } else { $sender = ''; } $html .= '<div class="emComment" id="comment_' . $comment['id'] . '" ' . ($counter < $total - ($CCOUNT - 1) ? 'style="display:none"' : '') . '> <div class="emCommentImage"> <img src="http://www.gravatar.com/avatar/' . gravatar($comment['sender_mail']) . '" width="32" height="32" alt="Gravatar" /> </div> <div class="emCommentText"> ' . $sender . stripslashes($comment['comment_text']) . ' </div> <div class="emCommentInto"> ' . strftime($DATEFORMAT, strtotime($comment['created'])) . ' </div>
function _getRecords_getListDetails($options, $rowCount, $totalRecords, $schema) { global $VIEWER_NAME; $details = array(); ### get list details $details = array(); $details['invalidPageNum'] = !$rowCount && $options['pageNum'] > 1; $details['noRecordsFound'] = !$rowCount && $options['pageNum'] == 1; $details['page'] = $options['pageNum']; $details['perPage'] = @$options['perPage']; $details['fromCache'] = 0; $details['totalPages'] = 1; if (@$options['perPage'] && $totalRecords > $options['perPage']) { $details['totalPages'] = ceil($totalRecords / $options['perPage']); } $details['totalRecords'] = $totalRecords; $details['pageResultsStart'] = min($totalRecords, $options['offset'] + 1); $details['pageResultsEnd'] = min($totalRecords, $options['offset'] + $options['limit']); # get page nums $_minOfPageNumAndTotalPages = min($options['pageNum'], $details['totalPages']); $details['prevPage'] = $_minOfPageNumAndTotalPages > 1 ? $_minOfPageNumAndTotalPages - 1 : ''; $details['nextPage'] = $_minOfPageNumAndTotalPages < $details['totalPages'] ? $_minOfPageNumAndTotalPages + 1 : ''; if ($details['invalidPageNum']) { $details['prevPage'] = $details['totalPages']; } // pass query arguments forward in page links - use http_build_query to support multi-value fields, like this: ?colors[]=red&colors[]=blue&etc... $filteredRequest = $_REQUEST; unset($filteredRequest['page']); $extraQueryArgs = http_build_query($filteredRequest, null, '&'); if ($extraQueryArgs) { $extraQueryArgs .= '&'; } $extraQueryArgs = preg_replace('/=&/i', '&', $extraQueryArgs); // v2.50 for query keys with no value remove trailing =, eg: ?record-title-123 instead of ?record-title-123= $extraQueryArgs = preg_replace('/(%5B|\\[)\\d+(\\]|%5D)/i', '[]', $extraQueryArgs); // square brackets get escaped as of PHP 5.1.3 - replace colors[0], colors[1] with colors[], see: http://php.net/manual/en/function.http-build-query.php#77377 $extraPathInfoArgs = str_replace(array('=', '&'), array('-', '/'), $extraQueryArgs); # get page links $listViewer = @$_SERVER['SCRIPT_NAME']; $listViewer = str_replace(' ', '%20', $listViewer); // v2.50 : url encoded spaces $details['prevPageLink'] = $listViewer; $details['nextPageLink'] = $listViewer; $details['firstPageLink'] = $listViewer; $details['lastPageLink'] = $listViewer; // use the same url for page 1 urls if possible, not viewer.php and viewer.php?page=1 // see: http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=66359 if (@$options['useSeoUrls']) { $details['firstPageLink'] .= $extraPathInfoArgs ? "/{$extraPathInfoArgs}page-1/" : ''; $details['prevPageLink'] .= $details['prevPage'] != 1 || $extraPathInfoArgs ? "/{$extraPathInfoArgs}page-{$details['prevPage']}/" : ''; $details['nextPageLink'] .= "/{$extraPathInfoArgs}page-{$details['nextPage']}/"; $details['lastPageLink'] .= $details['totalPages'] != 1 || $extraPathInfoArgs ? "/{$extraPathInfoArgs}page-{$details['totalPages']}/" : ''; } else { $details['firstPageLink'] .= $extraQueryArgs ? "?{$extraQueryArgs}page=1" : ''; $details['prevPageLink'] .= $details['prevPage'] != 1 || $extraQueryArgs ? "?{$extraQueryArgs}page={$details['prevPage']}" : ''; $details['nextPageLink'] .= "?{$extraQueryArgs}page={$details['nextPage']}"; $details['lastPageLink'] .= $details['totalPages'] != 1 || $extraQueryArgs ? "?{$extraQueryArgs}page=" . $details['totalPages'] : ''; } // $details['_detailPage'] = @$schema['_detailPage'] ? PREFIX_URL . $schema['_detailPage'] : ''; $details['_listPage'] = @$schema['_listPage'] ? PREFIX_URL . $schema['_listPage'] : "javascript:alert('Set List Page Url for this section in: Admin > Section Editors > " . jsEncode($schema['menuName']) . " > Viewer Urls')"; $details['_listPage'] = str_replace(' ', '%20', $details['_listPage']); // v2.60 : urlencode spaces so they validate return $details; }
function relatedRecordsButton($label, $url, $addReturnUrl = true) { // get menu type $isViewMenu = @$GLOBALS['action'] == 'view'; // view menus - we always have record number so just redirect // get target url $recordNumOrPlaceholder = $isViewMenu ? intval($_REQUEST['num']) : '###'; // ### gets replaced by saveRedirectAndReturn() in edit_functions.js if ($isViewMenu) { $url = str_replace('###', intval($_REQUEST['num']), $url); } // replace any occurances of ### in $url (in case it's used in multiple places) if ($addReturnUrl) { $url .= "&returnUrl=" . urlencode(thisPageUrl(array('num' => $recordNumOrPlaceholder), true)); } // get onclick if ($isViewMenu) { $onclick = htmlencode('window.location="' . jsEncode($url) . '"; return false;'); } else { $onclick = htmlencode('saveRedirectAndReturn("' . jsEncode($url) . '"); return false;'); } // call saveRedirectAndReturn() to save record, get record num, and replace ### with real record num in links // create button $button = "<a href='#' onclick='{$onclick}'><input class='button' type='button' name='_null_' value='" . htmlencode($label) . "' /></a>\n"; return $button; }
require_once '../config.inc.php'; require_once '../funcs.inc.php'; $_REQUEST['comment'] = cleanInput($_REQUEST['comment']); $_REQUEST['sender_name'] = cleanInput($_REQUEST['sender_name']); $_REQUEST['sender_mail'] = cleanInput($_REQUEST['sender_mail']); //error check extreme if ($_REQUEST['sender_name'] == $lang['enterName']) { unset($_REQUEST['sender_name']); } if ($_REQUEST['sender_mail'] == $lang['enterMail']) { unset($_REQUEST['sender_mail']); } //insert comment into database $db->exec('INSERT INTO em_comments SET object_id = ' . $db->quote($_REQUEST['object_id']) . ', created = NOW(), sender_name = ' . $db->quote($_REQUEST['sender_name']) . ', sender_mail = ' . $db->quote($_REQUEST['sender_mail']) . ', sender_ip = ' . (int) ip2long($_SERVER['REMOTE_ADDR']) . ', comment_text = ' . $db->quote($_REQUEST['comment'])); $total = $db->query("SELECT count(*) AS total FROM em_comments WHERE object_id = " . $db->quote($_REQUEST['object_id']))->fetch(); if ($_REQUEST['sender_name']) { if ($_REQUEST['sender_mail']) { $_REQUEST['sender_name'] = jsEncode($_REQUEST['sender_mail'], $_REQUEST['sender_name']); } $sender = '<span class="emSenderName">' . $_REQUEST['sender_name'] . '</span>: '; } else { $sender = ''; } header('Content-type: application/x-json'); echo json_encode(array('id' => $db->lastInsertId(), 'text' => stripslashes($sender . $_REQUEST['comment']), 'name' => stripslashes($_REQUEST['sender_name']), 'mail' => stripslashes($_REQUEST['sender_mail']), 'image' => '<img src="http://www.gravatar.com/avatar/' . gravatar($_REQUEST['sender_mail']) . '" />', 'date' => strftime($DATEFORMAT), 'total' => (int) $total['total']));
function _showPluginActions($pluginData) { global $APP; $hasRequiredCmsVersion = @$pluginData['requiresAtLeast'] <= $APP['version']; // system plugins if ($pluginData['isSystemPlugin']) { doAction('plugin_actions', $pluginData['filename']); if (!$hasRequiredCmsVersion) { print t('Requires') . "<br />" . $pluginData['requiresAtLeast']; } } // active plugins if ($pluginData['isActive'] && !$pluginData['isSystemPlugin']) { $onclick = "return redirectWithPost('?', {menu:'admin', action:'deactivatePlugin', file: '" . jsEncode($pluginData['filename']) . "', '_CSRFToken': \$('[name=_CSRFToken]').val()});"; print "<a href='#' onclick=\"{$onclick}\">" . t('Deactivate') . "</a><br/>\n"; doAction('plugin_actions', $pluginData['filename']); } // inactive plugins if (!$pluginData['isActive'] && !$pluginData['isSystemPlugin']) { $onclick = "return redirectWithPost('?', {menu:'admin', action:'activatePlugin', file: '" . jsEncode($pluginData['filename']) . "', '_CSRFToken': \$('[name=_CSRFToken]').val()});"; if ($hasRequiredCmsVersion) { print "<a href='#' onclick=\"{$onclick}\">" . t('Activate') . "</a>\n"; } else { print t('Requires') . "<br />" . $pluginData['requiresAtLeast']; } } }
if (advancedType == '') { description = '<?php echo jsEncode(t("select an advanced menu type to see the description.")); ?> '; } else if (advancedType == 'category') { description = '<?php echo jsEncode(t("category menus let you organize records in a tree structure and are for creating website menus and navigation.")); ?> '; } else if (advancedType == 'menugroup') { description = '<?php echo jsEncode(t("menu groups let you create menu headers to group related menu options under.")); ?> '; } else if (advancedType == 'textlink') { description = '<?php echo jsEncode(t("text links let you add an external link to your menu that looks the same as a regular menu item.")); ?> '; } else { description = "<?php echo jsEncode(t("Unknown advanced type")); ?> '" +advancedType+ "'"; } $('#advancedDescription').html( description ); } </script> </form> </body> </html>
function _showUpload($fieldSchema, $record) { global $preSaveTempId, $SETTINGS, $menu; $prefixText = @$fieldSchema['fieldPrefix']; $description = @$fieldSchema['description']; if ($prefixText) { $prefixText .= "<br/>"; } // create uploadList url $uploadList = "?" . "menu=" . urlencode($menu) . "&action=uploadList" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId); // create uploadLink url $uploadLink = "?menu=" . urlencode($menu) . "&action=uploadForm" . "&fieldName=" . urlencode($fieldSchema['name']) . "&num=" . urlencode(@$_REQUEST['num']) . "&preSaveTempId=" . urlencode($preSaveTempId) . "&TB_iframe=true&height=350&width=700&modal=true"; // error checking $errors = ''; list($uploadDir, $uploadUrl) = getUploadDirAndUrl($fieldSchema); if (!file_exists($uploadDir)) { mkdir_recursive($uploadDir, 0755); } // create upload dir (if not possible, dir not exists error will show below) if (!file_exists($uploadDir)) { $errors .= "Upload directory '" . htmlencode($uploadDir) . "' doesn't exist!.<br/>\n"; } elseif (!is_writable($uploadDir)) { $errors .= "Upload directory '" . htmlencode($uploadDir) . "' isn't writable!.<br/>\n"; } // display errors if ($errors) { print <<<__HTML__ <tr> <td valign="top"><br/>{$fieldSchema['label']}<br/></td> <td><div id='alert'><span>{$errors}</span></div></td> </tr> __HTML__; return; } // display field ?> <tr> <td style="vertical-align: top"><?php echo $fieldSchema['label']; ?> </td> <td> <?php echo $prefixText; ?> <iframe id="<?php echo $fieldSchema['name']; ?> _iframe" src="<?php echo $uploadList; ?> " height="100" width="100%" frameborder="0" class="uploadIframe"></iframe><br/> <?php $displayDefaultLink = applyFilters('edit_show_upload_link', true, $fieldSchema, $record); ?> <?php if ($displayDefaultLink) { ?> <div style="position: relative; height: 24px;"> <div style="position: absolute; top: 6px; width: 100%; text-align: center;"> <?php if (inDemoMode()) { ?> <a href="javascript:alert('<?php echo jsEncode(t('This feature is disabled in demo mode.')); ?> ')"><b><?php echo t('Add or Upload File(s)'); ?> </b></a> <?php } else { ?> <a href="<?php echo $uploadLink; ?> " class="thickbox"><b><?php echo t('Add or Upload File(s)'); ?> </b></a> <?php } ?> </div> <div style="position: absolute; z-index: 1; width: 100%; text-align: center;"> <div id="<?php echo $fieldSchema['name']; ?> _uploadButton"></div> </div> </div> <?php $useFlashUploader = !@$SETTINGS['advanced']['disableFlashUploader']; ?> <?php if ($useFlashUploader && !inDemoMode()) { ?> <?php $fileExtCSV = implode(',', preg_split("/\\s*\\,\\s*/", strtolower($fieldSchema['allowedExtensions']))); ?> <div id="<?php echo $fieldSchema['name']; ?> _uploadTips" style="display: none; text-align: center; font-size: xx-small; margin-top: 2px;"> <?php $isMac = preg_match('/macintosh|mac os x/i', @$_SERVER['HTTP_USER_AGENT']); $key = $isMac ? '<Command>' : '<Ctrl>'; if (@$fieldSchema['maxUploads'] != 1) { echo htmlencode(t("Tip: hold {$key} to select multiple files")); } ?> <br/> <?php echo $description; ?> </div> <div class="uploadifyQueue" id="<?php echo $fieldSchema['name']; ?> _uploadQueue"></div> <script type="text/javascript">// <![CDATA[ $(document).ready(function() { $('#<?php echo $fieldSchema['name']; ?> _uploadButton').uploadify(generateUploadifyOptions({ 'script' : <?php echo json_encode(basename(@$_SERVER['SCRIPT_NAME'])); ?> , 'modifyAfterSave' : <?php echo count(getUploadInfoFields($fieldSchema['name'])); ?> , 'menu' : <?php echo json_encode($menu); ?> , 'fieldName' : <?php echo json_encode($fieldSchema['name']); ?> , 'num' : <?php echo json_encode(@$_REQUEST['num'] ? $_REQUEST['num'] : ''); ?> , 'preSaveTempId' : <?php echo json_encode($preSaveTempId); ?> , 'buttonText' : <?php echo json_encode(t('Upload File(s)')); ?> , 'fileExtCSV' : <?php echo json_encode($fileExtCSV); ?> , 'maxUploadSizeKB' : <?php echo json_encode($fieldSchema['checkMaxUploadSize'] ? $fieldSchema['maxUploadSizeKB'] : 0); ?> , 'loginDataEncoded' : <?php echo json_encode(@$_COOKIE[loginCookie_name(true)]); ?> , 'queueID' : <?php echo json_encode($fieldSchema['name'] . "_uploadQueue"); ?> })); }); // ]]></script> <?php } ?> <?php } ?> </td> </tr> <?php }
function escapeJs($str) { return jsEncode($str); }