public function create_post($student_id, $group_id, $public, $post, $type = 1, $img_path = NULL)
{
if ($this->validate_post($post) === FALSE) {
return "Empty post. Posting aborted.";
}
$safe_post = $this->make_post_safe($post);
$validation_result = $this->validate_variables($student_id, $group_id, $public);
if ($validation_result === FALSE) {
return "Group Permission Error. Posting aborted.";
} elseif ($validation_result === 0) {
$public = $validation_result;
}
//Check if type is accepted
if (is_int($type) && ($type === 1 || $type === 2)) {
//Type is either 1 or 2 (Regular post or Image post)
} else {
$type = 1;
//Set type as 1!
}
$safe_image_path = NULL;
if (!empty($img_path)) {
if ($type !== 2) {
$type = 2;
}
if (filter_var($img_path, FILTER_VALIDATE_URL)) {
$safe_image_path = sanitize_url($img_path);
} else {
return "There was an error with the uploaded image";
}
}
return $this->save_post($student_id, $group_id, $public, $safe_post, $type, $safe_image_path);
}
function form_html()
{
$form = '<div class="wpcf7" id="' . $this->unit_tag . '">';
$url = wpcf7_get_request_uri();
if ($frag = strstr($uri, '#')) {
$uri = substr($uri, 0, -strlen($frag));
}
$url .= '#' . $this->unit_tag;
$url = apply_filters('wpcf7_form_action_url', $url);
$url = sanitize_url($url);
$enctype = apply_filters('wpcf7_form_enctype', '');
$form .= '<form action="' . $url . '" method="post" class="wpcf7-form"' . $enctype . '>' . "\n";
$form .= '<div style="display: none;">' . "\n";
$form .= '<input type="hidden" name="_wpcf7" value="' . esc_attr($this->id) . '" />' . "\n";
$form .= '<input type="hidden" name="_wpcf7_version" value="' . esc_attr(WPCF7_VERSION) . '" />' . "\n";
$form .= '<input type="hidden" name="_wpcf7_unit_tag" value="' . esc_attr($this->unit_tag) . '" />' . "\n";
$form .= '</div>' . "\n";
$form .= $this->form_elements();
if (!$this->responses_count) {
$form .= $this->form_response_output();
}
$form .= '</form>';
$form .= '</div>';
return $form;
}
/**
* Save the meta box's post metadata.
*
* @param integer $post_id
* @param array $post
*
* @return integer
*/
function mob_boxes_meta_save_url($post_id, $post)
{
// Verify the nonce before proceeding.
if (!isset($_POST['mob_boxes_url_nonce']) || !wp_verify_nonce($_POST['mob_boxes_url_nonce'], basename(__FILE__))) {
return $post_id;
}
// Get the post type object.
$post_type = get_post_type_object($post->post_type);
// Check if the current user has permission to edit the post.
if (!current_user_can($post_type->cap->edit_post, $post_id)) {
return $post_id;
}
// Get the posted data and sanitize it for use as an HTML class.
$new_meta_value = isset($_POST['mob_boxes_url']) ? sanitize_url($_POST['mob_boxes_url']) : '';
// Get the meta key.
$meta_key = 'mob_boxes_url';
// Get the meta value of the custom field key.
$meta_value = get_post_meta($post_id, $meta_key, true);
// If a new meta value was added and there was no previous value, add it.
if ($new_meta_value && '' == $meta_value) {
add_post_meta($post_id, $meta_key, $new_meta_value, true);
} elseif ($new_meta_value && $new_meta_value != $meta_value) {
update_post_meta($post_id, $meta_key, $new_meta_value);
} elseif ('' == $new_meta_value && $meta_value) {
delete_post_meta($post_id, $meta_key, $meta_value);
}
}
public static function get_link(BlockInstance $instance)
{
$configdata = $instance->get('configdata');
if (!empty($configdata['artefactid'])) {
$data = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $configdata['artefactid'] . '&view=' . $instance->get('view');
return sanitize_url($data);
}
}
function force_download($a)
{
if (empty($a)) {
die('Error: File not specified.');
return;
}
$a = sanitize_url($a);
if (!file_exists2($a)) {
die('Error: File not found. $file=' . $a);
return;
}
if (headers_sent()) {
die('Error: Headers already sent.');
return;
}
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);
$b = strtolower(pathinfo($a, PATHINFO_EXTENSION));
switch ($b) {
case 'jpg':
case 'jpe':
case 'jpeg':
$c = 'image/jpeg';
break;
case 'gif':
$c = 'image/gif';
break;
case 'png':
$c = 'image/png';
break;
case 'bmp':
$c = 'image/bmp';
break;
case 'tif':
case 'tiff':
$c = 'image/tiff';
break;
case 'webp':
$c = 'image/webp';
break;
default:
die('Error: Unsupported file type. $ext=' . $b);
return;
}
header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
header('Content-Type: ' . $c);
header('Content-Disposition: attachment; filename="' . unsanitized_basename($a) . '"');
header('Content-Length: ' . filesize2($a));
ob_clean();
flush();
readfile($a);
}
public static function get_link(BlockInstance $instance)
{
safe_require('module', 'multirecipientnotification');
if (PluginModuleMultirecipientnotification::is_active()) {
$data = get_config('wwwroot') . 'module/multirecipientnotification/inbox.php';
} else {
$data = get_config('wwwroot') . 'account/activity/index.php';
}
return sanitize_url($data);
}
function column_link($atts, $content = null)
{
$args = shortcode_atts(array('link' => '#'), $atts);
$link = sanitize_url($args["link"]);
$out = '';
$out .= "<a href=\"{$link}\" class=\"column-link \">";
$out .= do_shortcode($content);
$out .= "</a>";
return $out;
}
function wpcf7_admin_url($file, $query = array())
{
$file = trim($file, ' /');
if ('admin/' != substr($file, 0, 6)) {
$file = 'admin/' . $file;
}
$path = 'admin.php';
$path .= '?page=' . WPCF7_PLUGIN_NAME . '/' . $file;
if ($query = build_query($query)) {
$path .= '&' . $query;
}
$url = admin_url($path);
return sanitize_url($url);
}
function upload($file, $path = 'uploads/', $all = false)
{
$uniq_id = substr(strrev(uniqid()), 0, 4);
$parts = explode('.', $file->getClientOriginalName());
$ext = array_pop($parts);
$file_name = $uniq_id . '_' . sanitize_url(implode('.', $parts)) . '.' . $ext;
if (file_exists($path . $file_name)) {
$parts = explode('.', $file_name);
$ext = array_pop($parts);
$parts[count($parts) - 1] .= rand(0, 99);
$parts[] = $ext;
$file_name = implode('.', $parts);
}
if ($all == false) {
return $file->move($path, $file_name)->getFileName();
} else {
return $file->move($path, $file_name);
}
}
public static function get_link(BlockInstance $instance)
{
$data = get_config('wwwroot') . 'blocktype/wall/wall.php?id=' . $instance->get('id');
return sanitize_url($data);
}
/**
* Returns the HTML for the feed icon (not the little RSS one, but the
* actual logo associated with the feed)
*/
private static function make_feed_image_tag($image)
{
// Depending on whether they're using RSS or ATOM, the image may
// be an array of properties about the feed image, or it may be
// just the URL of the image.
if (is_array($image)) {
if (isset($image['url'])) {
$imageurl = $image['url'];
} else {
$imageurl = '';
}
} else {
$imageurl = $image;
$image = array('url' => $imageurl);
}
// Make sure it's a valid URL.
$imageurl = sanitize_url($imageurl);
if (!$imageurl) {
return '';
}
// If we're in HTTPS, make sure the image URL is not HTTP
if (is_https()) {
$imageurl = preg_replace('#^http://#', 'https://', $imageurl);
}
$result = "<img src=\"{$imageurl}\"";
// The specification says there should be a title, but it's not always present.
if (!empty($image['title'])) {
$result .= ' alt="' . htmlentities($image['title']) . '"';
}
// There may be height & weight attributes
foreach (array('height', 'width') as $attribute) {
if (isset($image[$attribute]) && (int) $image[$attribute]) {
$result .= " {$attribute}=\"" . (int) $image[$attribute] . '"';
}
}
$result .= " />";
// A "link" tag indicates that the image should be a clickable link to another URL
if (!empty($image['link'])) {
$link = sanitize_url($image['link']);
if ($link) {
$result = "<a href=\"{$link}\" target=\"_blank\">{$result}</a>";
}
}
return $result;
}
if (preg_match('~(\\d+)(.*)~', $height, $match)) {
$height = $match[1];
$height_unit = $match[2];
}
$skins = $c->getSkins($c->getSkinPath());
$current_skin = $c->getSkin($config);
$settings = $c->getAdditionalSettings();
$plugins = $c->getAdditionalPlugins();
$filemanager = $c->getFilemanager();
$toolbars = $c->getToolbars();
$preview = NULL;
$plugins_checked = array();
$filemanager_checked = array();
$enable_htmlpurifier = isset($config['enable_htmlpurifier']) ? $config['enable_htmlpurifier'] : false;
if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/images/' . $current_skin . '.png'))) {
$preview = '<img src="' . sanitize_url(CAT_URL . '/modules/' . WYSIWYG_EDITOR . '/images/' . $current_skin . '.png') . '" alt="' . $current_skin . '" title="' . $current_skin . '" />';
}
// something to save?
$job = $val->sanitizePost('job');
if ($job && $job == "save") {
$new_width = $new_height = $new_skin = $new_toolbar = $new_plugins = $new_fm = NULL;
// validate width and height
foreach (array('width', 'height') as $key) {
if ($val->sanitizePost($key)) {
if (!is_numeric($val->sanitizePost($key))) {
$errors[$key] = $backend->lang()->translate('Not numeric!');
continue;
}
if ($val->sanitizePost($key . '_unit') && in_array($val->sanitizePost($key . '_unit'), array('em', 'px', '%'))) {
if ($val->sanitizePost($key . '_unit') == '%' && $val->sanitizePost($key) > 100) {
$errors[$key] = $backend->lang()->translate('Invalid ' . $key . ': {{width}}% > 100%!', array('width' => $val->sanitizePost($key)));
public function meditor_sanitize_related($val)
{
if (is_numeric($val) && get_permalink(absint($val))) {
return absint($val);
}
if ($url = sanitize_url($val)) {
if ($post_id = url_to_postid($url)) {
return $post_id;
} else {
return $url;
}
}
return FALSE;
}
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 2.0
*
* @param int $user_id Optional. User ID.
* @return int user id of the updated user
*/
function edit_user($user_id = 0)
{
global $current_user, $wp_roles, $wpdb;
if ($user_id != 0) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $wpdb->escape($userdata->user_login);
} else {
$update = false;
$user = '';
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
if ($user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!$editable_roles[$new_role]) {
wp_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field($_POST['email']);
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = sanitize_url($_POST['url']);
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (_wp_get_user_contactmethods() as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new WP_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(stripslashes($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && !validate_username($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && $owner_id != $user->ID) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
// Allow plugins to return their own errors.
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = wp_update_user(get_object_vars($user));
} else {
$user_id = wp_insert_user(get_object_vars($user));
wp_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : '');
}
return $user_id;
}
/**
* Site-level sidebar menu (list of links)
* There is no admin files table yet so just get the urls.
* @return $menu a data structure containing the site menu
*/
function site_menu()
{
global $USER;
$menu = array();
if ($menuitems = get_records_array('site_menu', 'public', (int) (!$USER->is_logged_in()), 'displayorder')) {
foreach ($menuitems as $i) {
if ($i->url) {
$safeurl = sanitize_url($i->url);
if ($safeurl != '') {
$menu[] = array('name' => $i->title, 'link' => $safeurl);
}
} else {
if ($i->file) {
$menu[] = array('name' => $i->title, 'link' => get_config('wwwroot') . 'artefact/file/download.php?file=' . $i->file);
}
}
}
}
return $menu;
}
if ($_FILES['cat_adimg_1']['tmp_name'] != '' && $_FILES['cat_adimg_1']['tmp_name'] != 'none') {
$cat['cat_adimg_1'] = $catimg_dir . '/' . basename($image->upload_image($_FILES['cat_adimg_1'], $catimg_dir));
/* 删除旧图片 */
if (!empty($cat_imgs['cat_adimg_1'])) {
@unlink(ROOT_PATH . DATA_DIR . '/' . $catimg_dir . '/' . $cat_imgs['cat_adimg_1']);
}
}
if ($_FILES['cat_adimg_2']['tmp_name'] != '' && $_FILES['cat_adimg_2']['tmp_name'] != 'none') {
$cat['cat_adimg_2'] = $catimg_dir . '/' . basename($image->upload_image($_FILES['cat_adimg_2'], $catimg_dir));
/* 删除旧图片 */
if (!empty($cat_imgs['cat_adimg_2'])) {
@unlink(ROOT_PATH . DATA_DIR . '/' . $catimg_dir . '/' . $cat_imgs['cat_adimg_2']);
}
}
$cat['cat_adurl_1'] = !empty($_POST['cat_adurl_1']) ? sanitize_url(trim($_POST['cat_adurl_1'])) : '';
$cat['cat_adurl_2'] = !empty($_POST['cat_adurl_2']) ? sanitize_url(trim($_POST['cat_adurl_2'])) : '';
$cat['category_index'] = !empty($_POST['category_index']) ? $_POST['category_index'] : '0';
$cat['show_in_index'] = !empty($_POST['show_in_index']) ? $_POST['show_in_index'] : '0';
/* 代码增加_end Byjdy */
/* 判断分类名是否重复 */
if ($cat['cat_name'] != $old_cat_name) {
if (cat_exists($cat['cat_name'], $cat['parent_id'], $cat_id)) {
$link[] = array('text' => $_LANG['go_back'], 'href' => 'javascript:history.back(-1)');
sys_msg($_LANG['catname_exist'], 0, $link);
}
}
/* 判断上级目录是否合法 */
$children = array_keys(cat_list($cat_id, 0, false));
// 获得当前分类的所有下级分类
if (in_array($cat['parent_id'], $children)) {
/* 选定的父类是当前分类或当前分类的下级分类 */
function kpg_permalink_fixer()
{
$options = kpg_pf_get_options();
extract($options);
// fix request_uri on IIS
if (!array_key_exists('REQUEST_URI', $_SERVER)) {
$_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1);
if (isset($_SERVER['QUERY_STRING'])) {
$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
}
$plink = $_SERVER['REQUEST_URI'];
$pulink = $plink;
// keeping the query - there is a chance that there is a query variable that needs to be preserved.
// possibly a search or an update has been bookmarked.
if (strpos($plink, '/feed/') !== false) {
return;
}
$query = '';
if (strpos($plink, '?') !== false) {
$query = substr($plink, strpos($plink, '?'));
$plink = substr($plink, 0, strpos($plink, '?'));
}
// do not redirect search queries
if (strpos('?' . $query, '?s=') !== false) {
return;
}
if (strpos($query, '&s=') !== false) {
return;
}
if (strpos($plink, '#') !== false) {
$plink = substr($plink, 0, strpos($plink, '#'));
}
$plink = trim($plink, '/');
$flink = $plink;
// flink has the page that was 404'd - not the basename
//$plink=basename($plink); // plink now is the permalink part of the request.
// often I found this is wrong, I want to use the wholw taxonomy in the search
$plink = kpg_pf_more_clean($plink);
$plink = str_replace('index.html', '', $plink);
$plink = str_replace('index.shtml', '', $plink);
$plink = str_replace('index.htm', '', $plink);
$plink = str_replace('index.asp', '', $plink);
$plink = str_replace('.html', '', $plink);
$plink = str_replace('.shtml', '', $plink);
$plink = str_replace('.htm', '', $plink);
$plink = str_replace('.asp', '', $plink);
$plink = str_replace('.aspx', '', $plink);
// set up stats
// now get rid of the slashes
$reason = $plink;
$plink = trim($plink);
$plink = trim($plink, '/');
$plink = str_replace('--', '-', $plink);
// had a problem with double dashes
$plink = str_replace('/', '-', $plink);
// this way the taxonomy becomes part of the search
$plink = str_replace('%20', '-', $plink);
// spaces are wrong
$ref = '';
if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$ref = $_SERVER['HTTP_REFERER'];
}
$ref = esc_url_raw($ref);
$ref = strip_tags($ref);
$ref = remove_accents($ref);
$ref = kpg_pf_really_clean($ref);
$agent = '';
if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
$agent = $_SERVER["HTTP_USER_AGENT"];
}
$agent = strip_tags($agent);
$agent = remove_accents($agent);
$agent = kpg_pf_really_clean($agent);
$agent = htmlentities($agent);
$request = $flink;
$request = esc_url_raw($request);
$request = strip_tags($request);
$request = remove_accents($request);
$request = kpg_pf_really_clean($request);
$request = str_replace('http://', '', $request);
// set up stats
$r404 = array();
$r404[0] = date('m/d/Y H:i:s', time() + get_option('gmt_offset') * 3600);
$r404[1] = $pulink;
$r404[2] = $ref;
$r404[3] = $agent;
$r404[4] = $_SERVER['REMOTE_ADDR'];
$r404[6] = '';
// testing an ignore for the category
if (strpos($plink, "/category/") !== false) {
$cnt404++;
$options['cnt404'] = $cnt404;
$r404[6] = '/category/ is not redirected.';
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
return;
}
// do not mess with robots trying to find wp-login.php and wp-signup.php
if (strpos($plink . "\t", "/wp-login.php\t") !== false || strpos($plink . "\t", "/wp-signup.php\t") !== false || strpos($plink . "\t", "/feed\t") !== false) {
$cnt404++;
$options['cnt404'] = $cnt404;
$r404[6] = '$plink is probably a robot looking for exploits.';
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
return;
}
// check for bypassed or generated files
if ($chkrobots == 'Y' && strpos(strtolower($plink) . "\t", "robots.txt\t") !== false) {
// looking for a robots.txt
// header out the .txt file
$cnt404++;
$options['cnt404'] = $cnt404;
$r404[6] = 'display tobots.txt';
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: text/plain');
echo $robots;
exit;
}
if ($chkcrossdomain == 'Y' && strpos(strtolower($plink) . "\t", "crossdomain.xml\t") !== false) {
// looking for a robots.txt
// header out the .txt file
$cnt404++;
$options['cnt404'] = $cnt404;
$r404[6] = 'display crossdomain.xml';
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: application/xml');
echo '<' . '?xml version="1.0"?' . ">\r\n";
// because of ? and stuff need to echo this separate
?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="<?php
echo $_SERVER["HTTP_HOST"];
?>
" />
</cross-domain-policy>
<?php
exit;
}
if ($chkicon == 'Y' && strpos(strtolower($plink) . "\t", "favicon.ico\t") !== false) {
// this only works if the favicon.ico is being redirected to wordpress on a 404
$f = dirname(__FILE__) . "/includes/favicon.ico";
if (!file_exists($f)) {
// can't find the icon file - what's up with this???
$r404[6] = 'did not find favicon.ico';
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
exit;
}
if (file_exists($f)) {
//if (function_exists('header_remove')) header_remove();
ini_set('zlib.output_compression', 'Off');
header('HTTP/1.1 200 OK');
$r404[6] = 'display favicon.ico';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('Content-Type: image/vnd.microsoft.icon');
header('Content-Disposition: attachment; filename="favicon.ico"');
header('Content-Length: ' . filesize($f));
readfile($f);
exit;
}
}
/*
apple-touch-icon-57x57-precomposed.png
apple-touch-icon-57x57.png
apple-touch-icon-precomposed.png
apple-touch-icon.png
*/
if ($chkicon == 'Y' && (strpos(strtolower($plink) . "\t", "apple-touch-icon.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon-57x57.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon-precomposed.png\t") !== false || strpos(strtolower($plink) . "\t", "apple-touch-icon.png\t") !== false)) {
// this only works if the favicon.ico is being redirected to wordpress on a 404
$f = dirname(__FILE__) . "/includes/apple-touch-icon.png";
if (file_exists($f)) {
if (function_exists('header_remove')) {
header_remove();
}
ini_set('zlib.output_compression', 'Off');
$r404[6] = 'display apple-touch-icon.png';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: image/png');
readfile($f);
exit;
}
}
// if anyone is asking for a feed that does not exist, send them the sitemap
if (strpos(strtolower($plink) . "\t", "feed\t") !== false) {
// if there is no sitemap, return the last 20 entries made
$r404[6] = 'feed send sitemap.xml';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: application/xml');
$sitemap = kpg_pf_sitemap();
exit;
}
if ($chksitemap == 'Y' && strpos(strtolower($plink) . "\t", "sitemap.xml\t") !== false) {
// if there is no sitemap, return the last 20 entries made
$r404[6] = 'display sitemap.xml';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: application/xml');
$sitemap = kpg_pf_sitemap();
exit;
}
if ($chkdublin == 'Y' && strpos(strtolower($plink) . "\t", "dublin.rdf\t") !== false) {
// dublin.rdf is a little used method for robots to get more info about your site
$r404[6] = 'display dublin.rdf';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: application/xml');
echo '<' . '?xml version="1.0"?' . '>';
// because of ? and stuff need to echo this separate
?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc= "http://purl.org/dc/elements/1.1/">
<rdf:Description rdf:about="<?php
echo get_home_url();
?>
">
<dc:contributor><?php
echo get_bloginfo('name');
?>
</dc:contributor>
<dc:date><?php
echo date('Y-m-d', time() + get_option('gmt_offset') * 3600);
?>
</dc:date>
<dc:description><?php
echo get_bloginfo('description');
?>
</dc:description>
<dc:language><?php
echo get_bloginfo('language');
?>
</dc:language>
<dc:publisher></dc:publisher>
<dc:source><?php
echo get_home_url();
?>
</dc:source>
</rdf:Description>
</rdf:RDF>
<?php
exit;
}
if ($chkopensearch == 'Y' && (strpos(strtolower($plink) . "\t", "opensearch.xml\t") !== false || strpos(strtolower($plink) . "\t", "search.xml\t") !== false)) {
// search.xml may hel people search your site.
$r404[6] = 'display opensearch.xml';
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
header('HTTP/1.1 200 OK');
header('Content-Type: application/xml');
echo '<' . '?xml version="1.0"?' . ">\r\n";
// because of ? and stuff need to echo this separate
?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName><?php
echo get_bloginfo('name');
?>
</ShortName>
<Description>Search this site</Description>
<Image>favicon.ico</Image>
<Url type="text/html" template="<?php
echo get_home_url();
?>
/seach"/>
</OpenSearchDescription>
<?php
exit;
}
// some file types should not be included. these files are true 404s and Wordpress can't fix that.
$ignoreTypes = array('jpg', 'gif', 'png', 'pdf', 'txt', 'asp', 'php', 'cfm', 'js', 'xml', 'php', 'mp3', 'wmv', 'css');
foreach ($ignoreTypes as $it) {
if (strpos(strtolower($plink) . "\t", '.' . $it . "\t") !== false) {
$r404[6] = "request for non WP file:.{$it}";
$cnt404++;
$options['cnt404'] = $cnt404;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
return;
}
}
// santize to get rid of all odd characters, including cross browser scripts.
$plink = strtolower($plink);
// make it case insensitive
// do some more cleanup
$plink = urldecode($plink);
$plink = strip_tags($plink);
$plink = remove_accents($plink);
$plink = kpg_pf_really_clean($plink);
$plink = str_replace('_', '-', $plink);
$plink = str_replace(' ', '-', $plink);
$plink = str_replace('%20', '-', $plink);
$plink = str_replace('%22', '-', $plink);
$plink = str_replace('/archive/', '-', $plink);
$plink = sanitize_title_with_dashes($plink);
// gets rid of some words that wordpress things are unimportant
// check if the incoming line needs a blogger fix
// for looking for recursive redirects
$old_link = $_SERVER['REQUEST_URI'];
if (empty($plink)) {
// redirect back to siteurl
$flink = home_url();
// recursion check
if ($flink == $old_link || $flink == $old_link . $query) {
$r404[5] = $flink;
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
$r404[6] = "Recursive redirect on home url, returning to wordpress ";
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
return;
}
$r404[5] = $flink;
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
$r404[6] = "empty search, send to home";
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
wp_redirect($flink . $query, (int) $kpg_pf_301);
// let wp do it - more compatable.
exit;
}
if ($labels == 'Y') {
if (strpos($flink, '/labels/') > 0) {
if ($flink == $old_link || $flink == $old_link . $query) {
$r404[5] = $flink;
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
$r404[6] = "Recursive redirect on label url, returning to wordpress ";
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
return;
}
$flink = str_replace('/labels/', '/category/', $flink);
$flink = str_replace('.html', '', $flink);
// get dir of html and shtml at the end - don't need to search for these
$flink = str_replace('.shtml', '', $flink);
$flink = str_replace('.htm', '', $flink);
$flink = str_replace('_', '-', $flink);
// underscores should be dashes
$flink = str_replace('.', '-', $flink);
// periods should be dashes
$flink = str_replace(' ', '-', $flink);
// spaces are wrong
$flink = str_replace('%20', '-', $flink);
// spaces are wrong
$flink = str_replace('%22', '-', $flink);
// spaces are wrong
$flink = str_replace('"', '-', $flink);
// spaces are wrong
$r404[5] = $flink;
$r404[6] = "Redirect /label/ to /category/";
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
wp_redirect($flink . $query, (int) $kpg_pf_301);
// let wp do it - more compatable.
exit;
}
}
// check to see if the user is coming in on a base default
// now figure if we need to fix a permalink
//echo "\r\n\r\n<!-- step 2 $find -->\r\n\r\n";
if ($find > 0) {
$plink = str_replace('.html', '', $plink);
// get dir of html and shtml at the end - don't need to search for these
$plink = str_replace('.shtml', '', $plink);
$plink = str_replace('.htm', '', $plink);
$plink = str_replace('.asp', '', $plink);
// first check for the original slug - use the wordpress slug fixer on it.
if (strpos(strtolower($flink) . "\t", "/index.html\t") !== false) {
$flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.html\t"));
}
if (strpos(strtolower($flink) . "\t", "/index.htm\t") !== false) {
$flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.htm\t"));
}
if (strpos(strtolower($flink) . "\t", "/index.shtml\t") !== false) {
$flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/index.shtml\t"));
}
if (strpos(strtolower($flink) . "\t", "/default.asp\t") !== false) {
$flink = substr($flink . "\t", 0, strpos(strtolower($flink) . "\t", "/default.asp\t"));
}
$flink = basename($flink);
$flink = str_replace('.html', '', $flink);
// get dir of html and shtml at the end - don't need to search for these
$flink = str_replace('.shtml', '', $flink);
$flink = str_replace('.htm', '', $flink);
$flink = str_replace('_', '-', $flink);
// underscores should be dashes
$flink = str_replace('.', '-', $flink);
// periods should be dashes
$flink = str_replace(' ', '-', $flink);
// spaces are wrong
$flink = str_replace('%20', '-', $flink);
// spaces are wrong
$flink = str_replace('http://', '', $flink);
$flink = str_replace('https://', '', $flink);
$flink = sanitize_url($flink);
$flink = str_replace('http://', '', $flink);
$flink = str_replace('https://', '', $flink);
$flink = str_replace('%22', '-', $flink);
// spaces are wrong
$flink = str_replace('"', '-', $flink);
// spaces are wrong
// check for matches to slugs
// start with a check to category
$ID = false;
$cnt = 0;
$reason = "working...";
$cat = '';
if ($chkcat == 'Y') {
$cat = get_category_by_slug($flink);
// if exact match on the category slug we can do a redirect right now.
if (!empty($cat)) {
// need to redirect to the category
//echo "\r\n\r\n\r\n";
//print_r($cat);
$ID = $cat->cat_ID;
//echo "\r\n\r\n\r\n";
//exit();
} else {
$ID = false;
}
}
if (empty($ID)) {
$ID = false;
}
if ($ID === false) {
$ID = kpg_find_permalink_post_direct($flink);
}
if (empty($ID)) {
$ID = false;
}
if ($ID !== false) {
// redirect directly to the link now
$cnt = 1;
$reason = "(1) exact match to slug {$plink} {$flink}";
if (!empty($cat)) {
$reason = "exact match to Category slug {$flink}";
}
}
// check - exact matches on flink
if ($ID === false) {
$ansa = kpg_find_permalink_post_exact($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
$reason = "Found {$cnt} exact word matches to slug {$plink} {$flink}";
if (empty($ID)) {
$ID = false;
}
}
if ($ID === false && $chkloose == 'Y') {
$ansa = kpg_find_permalink_post_loose($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
$reason = "Found {$cnt} loose word matches to {$flink}";
if (empty($ID)) {
$ID = false;
}
}
if ($ID === false && $chkfullurl == 'Y') {
$ansa = kpg_find_permalink_post_exact($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
$reason = "Found {$cnt} exact word matches to {$plink}";
if (empty($ID)) {
$ID = false;
}
}
if ($ID === false && $chkloose == 'Y' && $chkfullurl == 'Y') {
$ansa = kpg_find_permalink_post_loose($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
$reason = "Found {$cnt} loose word matches to {$plink}";
if (empty($ID)) {
$ID = false;
}
}
if ($ID === false && $chkmetaphone == 'Y') {
// missed on regular words - try a metaphone search?? Only do it on original slug
$ansa = kpg_find_permalink_post_metaphone($flink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
if ($ID !== false) {
$reason = "Found {$cnt} metaphone 'sounds-like' word matches to {$flink}";
} else {
$reason = "failed all searches";
}
if (empty($ID)) {
$ID = false;
}
}
if ($ID === false && $chkmetaphone == 'Y' && $chkfullurl == 'Y') {
// missed on regular words - try a metaphone search?? Only do it on original slug
$ansa = kpg_find_permalink_post_metaphone($plink, $find, $kpg_pf_numbs, $kpg_pf_common, $kpg_pf_short);
$ID = $ansa[0];
$cnt = $ansa[1];
if ($ID !== false) {
$reason = "Found {$cnt} metaphone 'sounds-like' word matches to {$plink}";
} else {
$reason = "failed all searches";
}
if (empty($ID)) {
$ID = false;
}
}
if ($ID !== false) {
// got the page
if (!empty($cat)) {
$link = get_category_link($ID);
} else {
$link = get_permalink($ID);
}
if ($do200 == 'Y') {
// here we display the page
$r404[5] = $link;
$r404[6] = $reason . " -page loaded direct '{$ID}'";
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
header("HTTP/1.1 200 Ok");
if (kpg_pf_load_page($ID)) {
exit;
}
$r404[5] = $link;
$r404[6] = $reason . " page not found '{$ID}'";
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
}
if (!empty($link)) {
if ($link == $old_link || $link == $old_link . $query) {
$r404[5] = $flink;
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
$r404[6] = "Recursive redirect on url, returning to wordpress ";
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
return;
}
$r404[5] = $_SERVER['REQUEST_URI'] . '/' . $link;
$r404[6] = $reason;
$cntredir++;
$options['cntredir'] = $cntredir;
$totredir++;
$options['totredir'] = $totredir;
kpg_find_permalink_fixed_log($options, $f404, $r404, $stats);
wp_redirect($link . $query, (int) $kpg_pf_301);
// let wp do it - more compatable.
exit;
}
}
}
// still here, it must be a real 404, we should log it
$reason = "Not found - slug:{$flink}, loose url:{$plink}";
//echo "\r\n\r\n<!-- step 5 -->\r\n\r\n";
$cnt404++;
$options['cnt404'] = $cnt404;
$r404[6] = $reason;
kpg_find_permalink_error_log($options, $e404, $r404, $stats);
return;
// end of permalink fixer
}
private function discover_mobile($url)
{
$parsed = parse_url($url);
if (!isset($parsed['host'])) {
return false;
}
$response = wp_remote_head($url, array('timeout' => self::REMOTE_GET_TIMEOUT, 'httpversion' => '1.0'));
if (is_wp_error($response)) {
return false;
}
if (isset($response['headers']['content-type']) && preg_match(self::IGNORE_CONTENT_REGEX, implode(' ', (array) $response['headers']['content-type']))) {
return false;
}
$response = wp_remote_get($url, array('timeout' => self::REMOTE_GET_TIMEOUT, 'httpversion' => '1.0'));
if (is_wp_error($response)) {
return false;
}
$contents = $response['body'];
if (!preg_match_all('#<link([^>]*?)media=([\'"])handheld\\2([^>]*)/?>#is', $contents, $links, PREG_SET_ORDER)) {
return false;
}
$mobile_url = false;
foreach ($links as $l) {
$attr = $l[1] . $l[3];
if (!preg_match('/rel=([\'"])alternate\\1/i', $attr) || !preg_match('/href=([\'"])(.*?)\\1/is', $attr, $href)) {
continue;
}
if (!preg_match('!^(https?:/)?/!', $href[2])) {
// relarive URL
$href[2] = $url . $href[2];
}
$mobile_url = sanitize_url($href[2]);
// available after WP 2.3
if ($mobile_url) {
break;
}
}
return $mobile_url;
}
function register_form_check($user_id)
{
$_POST['reg_home_page'] = sanitize_url(trim($_POST['reg_home_page']));
$_POST['reg_user_image'] = !empty($_POST['reg_user_image']) ? sanitize_url(trim($_POST['reg_user_image'])) : '';
if (!empty($_POST['reg_icq']) && !(int) $_POST['reg_icq']) {
/* ICQ # can only be an integer */
$_POST['reg_icq'] = '';
}
/* Image count check */
if ($GLOBALS['FORUM_IMG_CNT_SIG'] && $GLOBALS['FORUM_IMG_CNT_SIG'] < substr_count(strtolower($_POST['reg_sig']), '[img]')) {
set_err('reg_sig', 'You are trying to use more then the allowed ' . $GLOBALS['FORUM_IMG_CNT_SIG'] . ' images in your signature.');
}
/* Url Avatar check */
if (!empty($_POST['reg_avatar_loc']) && !($GLOBALS['reg_avatar_loc_file'] = fetch_img($_POST['reg_avatar_loc'], $user_id))) {
set_err('avatar', 'The specified url does not contain a valid image');
}
/* Alias Check */
if ($GLOBALS['FUD_OPT_2'] & 128 && isset($_POST['reg_alias'])) {
if ($_POST['reg_alias'] = trim(sanitize_login($_POST['reg_alias']))) {
if (strlen($_POST['reg_alias']) > $GLOBALS['MAX_LOGIN_SHOW']) {
$_POST['reg_alias'] = substr($_POST['reg_alias'], 0, $GLOBALS['MAX_LOGIN_SHOW']);
}
if (q_singleval("SELECT id FROM phpgw_fud_users WHERE alias='" . addslashes(htmlspecialchars($_POST['reg_alias'])) . "' AND id!=" . $user_id)) {
set_err('reg_alias', 'The alias you are trying to use is already in use by another forum member, please choose another.');
}
}
}
if ($GLOBALS['FORUM_SIG_ML'] && strlen($_POST['reg_sig']) > $GLOBALS['FORUM_SIG_ML']) {
set_err('reg_sig', 'Your signature exceeds the maximum allowed length of ' . $GLOBALS['FORUM_SIG_ML'] . ' characters characters.');
}
return $GLOBALS['error'];
}
$smarty->display('category_flashimg_info.htm');
}
/*------------------------------------------------------ */
//-- 商品分类轮播图片添加时的处理
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'insert') {
/* 权限检查 */
admin_priv('cat_manage');
/* 初始化变量 */
$flashimg['cat_id'] = !empty($_POST['cat_id']) ? intval($_POST['cat_id']) : 0;
$flashimg['sort_order'] = !empty($_POST['sort_order']) ? intval($_POST['sort_order']) : 0;
$flashimg['href_url'] = !empty($_POST['href_url']) ? trim($_POST['href_url']) : '';
/*处理图片*/
$flashimg['img_url'] = basename($image->upload_image($_FILES['img_url'], 'catflashimg'));
/*处理URL*/
$flashimg['href_url'] = sanitize_url($flashimg['href_url']);
$flashimg['img_title'] = !empty($_POST['img_title']) ? trim($_POST['img_title']) : '';
$flashimg['img_desc'] = !empty($_POST['img_desc']) ? trim($_POST['img_desc']) : '';
/* 入库的操作 */
if ($db->autoExecute($ecs->table('cat_flashimg'), $flashimg) !== false) {
clear_cache_files();
// 清除缓存
/*添加链接*/
$link[0]['text'] = "继续添加";
$link[0]['href'] = 'category_flashimg.php?act=add&cat_id=' . $cat_id;
$link[1]['text'] = "返回轮播图片列表";
$link[1]['href'] = 'category_flashimg.php?act=list&cat_id=' . $cat_id;
sys_msg("添加成功", 0, $link);
}
}
/*------------------------------------------------------ */
/**
* Download an image from a URL, attach Getty MetaData which will also act
* as a flag that the image came from GettyImages
*
* @action wp_ajax_getty_images_download
*/
function ajax_download()
{
$this->ajax_check();
if (!current_user_can($this::capability)) {
$this->ajax_error(__("User can not download images", 'getty-images'));
}
// Sanity check inputs
if (!isset($_POST['url'])) {
$this->ajax_error(__("Missing image URL", 'getty-images'));
}
$url = sanitize_url($_POST['url']);
if (empty($url)) {
$this->ajax_error(__("Invalid image URL", 'getty-images'));
}
if (!isset($_POST['meta'])) {
$this->ajax_error(__("Missing image meta", 'getty-images'));
}
$meta = $_POST['meta'];
if (!is_array($_POST['meta']) || !isset($_POST['meta']['ImageId'])) {
$this->ajax_error(__("Invalid image meta", 'getty-images'));
}
// Download the image, but don't necessarily attach it to this post.
$tmp = download_url($url);
// Wah wah
if (is_wp_error($tmp)) {
$this->ajax_error(__("Failed to download image", 'getty-images'));
}
// Getty Images delivery URLs have the pattern:
//
// http://delivery.gettyimages.com/../<filename>.<ext>?TONSOFAUTHORIZATIONDATA
//
// Check that the URL component is correct:
if (strpos($url, 'http://delivery.gettyimages.com/') !== 0) {
$this->ajax_error("Invalid URL");
}
// Figure out filename to use. by using the basename of the first image extension
// matched component
preg_match('/[^?]+\\.(jpe?g|jpe|gif|png)\\b/i', $url, $matches);
if (empty($matches)) {
$this->ajax_error(__("Invalid filename", 'getty-images'));
}
$file_array['name'] = basename($matches[0]);
$file_array['tmp_name'] = $tmp;
$attachment_id = media_handle_sideload($file_array, 0);
if (is_wp_error($attachment_id)) {
$this->ajax_error(__("Failed to sideload image", 'getty-images'));
}
// Set the post_content to post_excerpt for this new attachment, since
// the field put in post_content is meant to be used as a caption for Getty
// Images.
//
// We would normally use a filter like wp_insert_post_data to do this,
// preventing an extra query, but unfortunately media_handle_sideload()
// uses wp_insert_attachment() to insert the attachment data, and there is
// no way to filter the data going in via that function.
$attachment = get_post($attachment_id);
if (!$attachment) {
$this->ajax_error(__("Attachment not found", 'getty-images'));
}
$post_parent = isset($_POST['post_id']) ? (int) $_POST['post_id'] : 0;
wp_update_post(array('ID' => $attachment->ID, 'post_content' => '', 'post_excerpt' => $attachment->post_content, 'post_parent' => $post_parent));
// Trash any existing attachment for this Getty Images image. Don't force
// delete since posts may be using the image. Let the user force file delete explicitly.
$getty_id = sanitize_text_field($_POST['meta']['ImageId']);
$existing_image_ids = get_posts(array('post_type' => 'attachment', 'post_status' => 'any', 'meta_key' => $this::getty_details_meta_key, 'meta_value' => $getty_id, 'fields' => 'ids'));
foreach ($existing_image_ids as $existing_image_id) {
wp_delete_post($existing_image_id);
}
// Save the getty image details in post meta, but only sanitized top-level
// string values
update_post_meta($attachment->ID, $this::getty_details_meta_key, array_map('sanitize_text_field', array_filter($_POST['meta'], 'is_string')));
// Save the image ID in a separate meta key for serchability
update_post_meta($attachment->ID, $this::getty_imageid_meta_key, sanitize_text_field($_POST['meta']['ImageId']));
// Success! Forward new attachment_id back
$this->ajax_success(__("Image downloaded", 'getty-images'), wp_prepare_attachment_for_js($attachment_id));
}
function register_form_check($user_id)
{
$_POST['reg_home_page'] = sanitize_url(trim($_POST['reg_home_page']));
$_POST['reg_user_image'] = !empty($_POST['reg_user_image']) ? sanitize_url(trim($_POST['reg_user_image'])) : '';
if (!empty($_POST['reg_icq']) && !(int) $_POST['reg_icq']) {
/* ICQ # can only be an integer */
$_POST['reg_icq'] = '';
}
/* Image count check */
if ($GLOBALS['FORUM_IMG_CNT_SIG'] && $GLOBALS['FORUM_IMG_CNT_SIG'] < substr_count(strtolower($_POST['reg_sig']), '[img]')) {
set_err('reg_sig', 'Stai cercando di utilizzare nella tua signature più immagini delle ' . $GLOBALS['FORUM_IMG_CNT_SIG'] . ' consentite.');
}
/* Url Avatar check */
if (!empty($_POST['reg_avatar_loc']) && !($GLOBALS['reg_avatar_loc_file'] = fetch_img($_POST['reg_avatar_loc'], $user_id))) {
set_err('avatar', 'L'URL che hai inserito non contiene un'immagine valida');
}
/* Alias Check */
if ($GLOBALS['FUD_OPT_2'] & 128 && isset($_POST['reg_alias'])) {
if ($_POST['reg_alias'] = trim(sanitize_login($_POST['reg_alias']))) {
if (strlen($_POST['reg_alias']) > $GLOBALS['MAX_LOGIN_SHOW']) {
$_POST['reg_alias'] = substr($_POST['reg_alias'], 0, $GLOBALS['MAX_LOGIN_SHOW']);
}
if (q_singleval("SELECT id FROM phpgw_fud_users WHERE alias='" . addslashes(htmlspecialchars($_POST['reg_alias'])) . "' AND id!=" . $user_id)) {
set_err('reg_alias', 'Username già utilizzato');
}
}
}
if ($GLOBALS['FORUM_SIG_ML'] && strlen($_POST['reg_sig']) > $GLOBALS['FORUM_SIG_ML']) {
set_err('reg_sig', 'Your signature exceeds the maximum allowed length of ' . $GLOBALS['FORUM_SIG_ML'] . ' characters characters.');
}
return $GLOBALS['error'];
}
/**
* Process RSS feed widget data and optionally retrieve feed items.
*
* The feed widget can not have more than 20 items or it will reset back to the
* default, which is 10.
*
* The resulting array has the feed title, feed url, feed link (from channel),
* feed items, error (if any), and whether to show summary, author, and date.
* All respectively in the order of the array elements.
*
* @since 2.5.0
*
* @param array $widget_rss RSS widget feed data. Expects unescaped data.
* @param bool $check_feed Optional, default is true. Whether to check feed for errors.
* @return array
*/
function wp_widget_rss_process($widget_rss, $check_feed = true)
{
$items = (int) $widget_rss['items'];
if ($items < 1 || 20 < $items) {
$items = 10;
}
$url = sanitize_url(strip_tags($widget_rss['url']));
$title = trim(strip_tags($widget_rss['title']));
$show_summary = (int) $widget_rss['show_summary'];
$show_author = (int) $widget_rss['show_author'];
$show_date = (int) $widget_rss['show_date'];
if ($check_feed) {
require_once ABSPATH . WPINC . '/rss.php';
$rss = fetch_rss($url);
$error = false;
$link = '';
if (!is_object($rss)) {
$url = wp_specialchars(__('Error: could not find an RSS or ATOM feed at that URL.'), 1);
$error = sprintf(__('Error in RSS %1$d'), $widget_number);
} else {
$link = clean_url(strip_tags($rss->channel['link']));
while (strstr($link, 'http') != $link) {
$link = substr($link, 1);
}
}
}
return compact('title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date');
}
/**
* Process RSS feed widget data and optionally retrieve feed items.
*
* The feed widget can not have more than 20 items or it will reset back to the
* default, which is 10.
*
* The resulting array has the feed title, feed url, feed link (from channel),
* feed items, error (if any), and whether to show summary, author, and date.
* All respectively in the order of the array elements.
*
* @since 2.5.0
*
* @param array $widget_rss RSS widget feed data. Expects unescaped data.
* @param bool $check_feed Optional, default is true. Whether to check feed for errors.
* @return array
*/
function wp_widget_rss_process($widget_rss, $check_feed = true)
{
$items = (int) $widget_rss['items'];
if ($items < 1 || 20 < $items) {
$items = 10;
}
$url = sanitize_url(strip_tags($widget_rss['url']));
$title = trim(strip_tags($widget_rss['title']));
$show_summary = (int) $widget_rss['show_summary'];
$show_author = (int) $widget_rss['show_author'];
$show_date = (int) $widget_rss['show_date'];
if ($check_feed) {
$rss = fetch_feed($url);
$error = false;
$link = '';
if (is_wp_error($rss)) {
$error = $rss->get_error_message();
} else {
$link = clean_url(strip_tags($rss->get_permalink()));
while (stristr($link, 'http') != $link) {
$link = substr($link, 1);
}
}
}
return compact('title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date');
}
/**
* Sanitizes a comment.
*/
private function sanitize()
{
global $is_index, $index, $content;
// Sanitize user input
$this->message = sanitize_html($_POST['comment-message']);
$this->name = sanitize_string($_POST['comment-name']);
$this->email = $_POST['comment-email'];
$this->website = sanitize_url($_POST['comment-website']);
// Get date, time
$this->date = current_date();
$this->time = current_time();
}
// external list or admin file
$name = param_variable('name');
$linkedto = param_variable('linkedto');
$itemid = param_variable('itemid');
$public = (int) param_boolean('public');
$data = new StdClass();
if ($type == 'sitefile') {
// Get file id.
$data->file = $linkedto;
$data->url = null;
} else {
if ($type == 'externallink') {
$data->url = $linkedto;
$data->file = null;
} else {
if (sanitize_url($linkedto) == '') {
json_reply('local', get_string('badurl', 'admin'));
} else {
// Bad menu item type
json_reply('local', get_string('badmenuitemtype', 'admin'));
}
}
}
$data->title = $name;
if ($itemid == 'new') {
$data->public = $public;
// set displayorder to be after all the existing menu items
try {
$displayorders = get_records_array('site_menu', 'public', $data->public, '', 'displayorder');
$max = 0;
if ($displayorders) {
generate_feed(error_feed(), error_post(get_string('artefactnotinview', 'error', $artefactid, $viewid)));
} elseif (!$artefact->in_view_list()) {
generate_feed(error_feed(), error_post(get_string('artefactonlyviewableinview', 'error')));
} elseif ($artefact->get('artefacttype') != 'blog') {
generate_feed(error_feed(), error_post(get_string('feedsnotavailable', 'artefact.blog')));
} else {
$owner = get_records_sql_array("\n SELECT a.mtime, u.id, u.firstname, u.lastname, u.profileicon\n FROM {usr} u, {artefact} a\n WHERE a.id = ?\n AND a.owner = u.id\n LIMIT 1;", array($artefactid));
if ($owner[0]->profileicon) {
$image = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&maxsize=100&id=' . $owner[0]->profileicon;
} else {
// use the Mahara logo
$image = $THEME->get_image_url('site-logo');
}
// if the owner has a personal website set, use it as the author URI
$personal_site = get_field('artefact', 'title', 'artefacttype', 'personalwebsite', 'owner', $owner[0]->id);
$author = array('name' => implode(' ', array($owner[0]->firstname, $owner[0]->lastname)), 'uri' => sanitize_url($personal_site));
$link = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $artefactid . '&view=' . $viewid;
$selflink = get_config('wwwroot') . 'artefact/blog/atom.php?artefact=' . $artefactid . '&view=' . $viewid;
$postids = get_records_sql_array("\n SELECT a.id, a.title, a.description, a.mtime\n FROM {artefact} a, {artefact_blog_blogpost} bp\n WHERE a.id = bp.blogpost\n AND a.parent = ?\n AND bp.published = 1\n ORDER BY a.ctime DESC\n LIMIT ?;", array($artefactid, POSTCOUNT));
if ($postids) {
$updated = $postids[0]->mtime;
} else {
$updated = $owner[0]->mtime;
}
$generator = array('uri' => 'https://mahara.org', 'version' => get_config('series'), 'text' => 'Mahara');
$rights = get_string('feedrights', 'artefact.blog', substr($updated, 0, 4) . ' ' . $author['name']);
// is there a Creative Commons block in this view?
// if so, set the feed rights accordingly
$ccblock = get_records_sql_array("\n SELECT b.id\n FROM {block_instance} b\n WHERE b.view = ?\n AND b.blocktype = 'creativecommons'\n LIMIT 1;", array($viewid));
if ($ccblock) {
require_once get_config('docroot') . 'blocktype/lib.php';
/**
* Sanitizes a comment.
*/
private function sanitize()
{
// Sanitize user input
$this->message = sanitize_html($_POST['cf-message']);
$this->name = sanitize_string($_POST['cf-name']);
$this->email = $_POST['cf-email'];
$this->website = sanitize_url($_POST['cf-website']);
}
} elseif ($_REQUEST['act'] == 'updata') {
admin_priv('brand_manage');
if ($_POST['brand_name'] != $_POST['old_brandname']) {
/*检查品牌名是否相同*/
$is_only = $exc->is_only('brand_name', $_POST['brand_name'], $_POST['id']);
if (!$is_only) {
sys_msg(sprintf($_LANG['brandname_exist'], stripslashes($_POST['brand_name'])), 1);
}
}
/*对描述处理*/
if (!empty($_POST['brand_desc'])) {
$_POST['brand_desc'] = $_POST['brand_desc'];
}
$is_show = isset($_REQUEST['is_show']) ? intval($_REQUEST['is_show']) : 0;
/*处理URL*/
$site_url = sanitize_url($_POST['site_url']);
/* 处理图片 */
$img_name = basename($image->upload_image($_FILES['brand_logo'], 'brandlogo'));
$param = "brand_name = '{$_POST['brand_name']}', site_url='{$site_url}', brand_desc='{$_POST['brand_desc']}', is_show='{$is_show}', sort_order='{$_POST['sort_order']}' ";
if (!empty($img_name)) {
//有图片上传
$param .= " ,brand_logo = '{$img_name}' ";
}
if ($exc->edit($param, $_POST['id'])) {
/* 清除缓存 */
clear_cache_files();
admin_log($_POST['brand_name'], 'edit', 'brand');
$link[0]['text'] = $_LANG['back_list'];
$link[0]['href'] = 'brand.php?act=list&' . list_link_postfix();
$note = vsprintf($_LANG['brandedit_succed'], $_POST['brand_name']);
sys_msg($note, 0, $link);
//$menuitems = get_records_array('site_menu','public',$public,'displayorder');
$menuitems = get_records_sql_array('
SELECT
s.*, a.title AS filename
FROM {site_menu} s
LEFT OUTER JOIN {artefact} a ON s.file = a.id
WHERE
s.public = ?
ORDER BY s.displayorder', array($public));
$rows = array();
if ($menuitems) {
foreach ($menuitems as $i) {
$r = array();
$r['id'] = $i->id;
$r['name'] = $i->title;
$safeurl = sanitize_url($i->url);
if (empty($i->url) && !empty($i->file)) {
$r['type'] = 'sitefile';
$r['linkedto'] = get_config('wwwroot') . 'artefact/file/download.php?file=' . $i->file;
$r['linktext'] = $i->filename;
$r['file'] = $i->file;
} else {
if ($safeurl == '') {
$r['type'] = 'externallink';
$r['linkedto'] = '';
$r['linktext'] = strtoupper(get_string('badurl', 'admin')) . ': ' . $i->url;
} else {
if (!empty($i->url) && empty($i->file)) {
$r['type'] = 'externallink';
$r['linkedto'] = $safeurl;
$r['linktext'] = $safeurl;
