function myOwnStripInput($searchString) { if ($searchString !== '') { // Remove escape characters $searchString = stripslashes($searchString); // Remove modx sensitive tags $searchString = stripTags($searchString); // Remove +something+ substring too $searchString = stripOtherTags($searchString); // Strip HTML tags $searchString = stripHtml($searchString); } return $searchString; }
public function showdetail() { global $G, $lang; $tid = intval($_GET['tid']); $task = $this->t('task')->where(array('tid' => $tid))->selectOne(); if ($task) { $task['pic'] = image($task['pic']); $task['distance'] = getDistance($this->longitude, $this->latitude, $task['longitude'], $task['latitude']); if ($_GET['datatype'] == 'json') { $task['content'] = stripHtml($task['content']); $this->showAppData($task); } else { include template('task_detail', 'app'); } } }
public function showlist() { global $G; $pagesize = isset($_GET['pagesize']) ? intval($_GET['pagesize']) : 20; $shoplist = $this->t('shop')->field('*,dsx_distance(' . $this->longitude . ',' . $this->latitude . ',longitude,latitude) as distance')->page($G['page'], $pagesize)->order('distance ASC,shopid ASC')->select(); if ($shoplist) { $newlist = array(); foreach ($shoplist as $list) { $list['pic'] = image($list['pic']); $list['distance'] = distance($list['distance']); $list['description'] = stripHtml($list['description']); $newlist[] = $list; } $shoplist = $newlist; } else { $shoplist = array(); } $this->showAppData($shoplist); }
/** * 更新文章 */ public function update() { global $G; if ('POST' != $_SERVER['REQUEST_METHOD']) { header('Allow: POST'); header('HTTP/1.1 405 Method Not Allowed'); header('Content-Type: text/plain'); exit; } if (!isset($_GET['formsubmit']) || $_GET['formsubmit'] != 'yes') { $this->showError('undefined_action'); } $id = intval($_GET['id']); $newpost = $_GET['newpost']; $content = $_GET['content']; if (is_array($newpost)) { $newpost['uid'] = $this->uid; $newpost['username'] = $this->username; if (empty($newpost['title']) || !isset($newpost['title'])) { $this->showError('title_empty'); } if (!$newpost['catid']) { $this->showError('category_empty'); } $where['id'] = $id; if (!$this->account['adminid']) { $where['uid'] = $this->uid; } $newpost['modified'] = TIMESTAMP; $newpost['author'] = isset($newpost['author']) && !empty($newpost['author']) ? $newpost['author'] : $this->username; $newpost['from'] = isset($newpost['from']) ? $newpost['from'] : ''; $newpost['fromurl'] = isset($newpost['fromurl']) ? $newpost['fromurl'] : ''; $newpost['tags'] = $newpost['tags'] ? serialize($newpost['tags']) : ''; $newpost['allowcomment'] = isset($newpost['allowcomment']) ? trim($newpost['allowcomment']) : 1; $newpost['summary'] = $newpost['summary'] ? $newpost['summary'] : ''; $newpost['summary'] = $newpost['summary'] ? $newpost['summary'] : cutstr(stripHtml($content), 400); $newpost['summary'] = str_replace('&', '&', $newpost['summary']); $newpost['summary'] = str_replace(' ', '', $newpost['summary']); $newpost['summary'] = preg_replace('/\\s| /', '', $newpost['summary']); $this->t('post_title')->where($where)->update($newpost); $this->t('post_content')->where(array('aid' => $id))->delete(); if (!in_array($newpost['type'], array('image', 'video', 'music', 'goods', 'active'))) { $newpost['type'] = 'article'; } if ($newpost['type'] == 'article') { $content = $content ? $content : $_GET['content']; $contentlist = preg_split('/###Pagebreak###/', $content); if (count($contentlist) == 1) { $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } else { foreach ($contentlist as $key => $value) { $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $value, 'pageorder' => $key + 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } } } if ($newpost['type'] == 'image') { $piclist = isset($_GET['piclist']) ? $_GET['piclist'] : array(); if (!empty($piclist)) { $content = serialize($piclist); $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } } if ($newpost['type'] == 'video') { $videourl = trim($_GET['videourl']); if ($videourl) { $videodata = \Core\ParseVideoUrl::ParseUrl($videourl); $videodata['content'] = $content ? $content : trim($_GET['content']); $content = serialize($videodata); $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); if (empty($newpost['pic'])) { $this->t('post_title')->where(array('id' => $id))->update(array('pic' => $videodata['img'])); } } } if ($newpost['type'] == 'music') { $musicarray['songs'] = trim($_GET['songs']); $musicarray['content'] = $content ? $content : $_GET['content']; $content = serialize($musicarray); $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } if ($newpost['type'] == 'goods') { $attributelist = isset($_GET['attribute']) ? $_GET['attribute'] : array(); foreach ($attributelist as $attribute) { $attribute['aid'] = $id; $this->t('post_goods_attribute')->insert($attribute); } $content = $content ? $content : $_GET['content']; $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } if ($newpost['type'] == 'active') { $active = isset($_GET['active']) ? $_GET['active'] : array('begin' => time(), 'end' => ''); $active['aid'] = $id; $active['begin'] = strtotime($active['begin']); $active['end'] = strtotime($active['end']); $this->t('post_active')->insert($active); $content = $content ? $content : $_GET['content']; $contentarray = array('aid' => $id, 'catid' => $newpost['catid'], 'content' => $content, 'pageorder' => 1, 'dateline' => time()); $this->t('post_content')->insert($contentarray); } $links = array(array('text' => 'reedit', 'url' => '/?m=home&c=post&a=edit&id=' . $id), array('text' => 'view', 'url' => '/?m=post&c=detail&id=' . $id, 'target' => '_blank')); $this->showSuccess('modi_succeed', '', $links, '', true); } else { $this->showError('undefined_error'); } }
function get_config($posted_value) { $d = stripHtml($this->_get_description()); global $SEPARATOR; return "\n" . $SEPARATOR . str_replace("\n", "\n; ", $d) . "\n" . $this->default_value; }
/** * Save comment in database * @param $moduleId Module id to add comment to. * @param $moduleContentTypeId Identifier of content type. * @param $moduleContentId Identifier of content. * @return List of errors if any. */ function saveComment($moduleId, $moduleContentTypeId, $moduleContentId) { global $dbi, $errors, $login, $referer, $settings, $spamFilter; global $lComment, $lEditComment; // Check if data is submitted from the form checkSubmitter(); // Get user ip $ip = getenv("REMOTE_ADDR"); // Get values $this->moduleId = $moduleId; $this->moduleContentTypeId = $moduleContentTypeId; $this->moduleContentId = $moduleContentId; $this->name = parseString(stripHtml(getValue("name"))); $this->mail = parseString(stripHtml(getValue("mail"))); $this->link = parseString(stripHtml(getValue("link"))); $this->subject = parseString(stripHtml(getValue("subject"))); $this->message = parseString(stripHtml(getValue("message"))); $this->spam = getValue("spam"); $this->userId = getValue("userId"); // Get default name $defaultName = parseString(getPostValue("defaultName")); // Validate comment data if (empty($this->id)) { if (!$this->hasCommentPermission()) { $errors->addError("permissions", $lEditComment["InsufficientPermissions"]); } if (!$login->isLoggedIn()) { if ($settings->commentsRequireValidation) { if (!audit()) { $errors->addError("validation", $lComment["WrongValidation"]); } } if (empty($this->name) || $this->name == $defaultName) { $errors->addError("name", $lEditComment["MissingName"]); } } } else { if (!$this->hasEditPermission()) { $errors->addError("permissions", $lEditComment["InsufficientPermissions"]); } else { if (empty($this->name) && empty($this->userId)) { $errors->addError("name", $lEditComment["MissingName"]); } } } if (empty($this->subject)) { $errors->addError("subject", $lEditComment["MissingSubject"]); } if (empty($this->message)) { $errors->addError("message", $lEditComment["MissingText"]); } // Check if message could be classified as spam $spam = $spamFilter->isSpam($this->name, $this->mail, $this->subject, $this->message); // Check if this ip has been spam before if (!$spam) { $result = $dbi->query("SELECT COUNT(*) FROM " . commentTableName . " WHERE spam=1 AND ip=" . $dbi->quote($ip)); if ($result->rows()) { list($count) = $result->fetchrow_array(); if ($count != 0) { $spam = true; } } } // If there were no errors insert or update comment if (!$errors->hasErrors()) { if (empty($this->id)) { // Insert into comment database $dbi->query("INSERT INTO " . commentTableName . "(moduleId,moduleContentTypeId,moduleContentId,userId,name,mail,link,subject,message,ip,posted,spam,trash) VALUES(" . $dbi->quote($moduleId) . "," . $dbi->quote($moduleContentTypeId) . "," . $dbi->quote($moduleContentId) . "," . ($login->isLoggedIn() ? $login->id : 0) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->mail) . "," . $dbi->quote($this->link) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->message) . "," . $dbi->quote($ip) . ",NOW()," . $dbi->quote($spam) . ",0)"); // Get new comment id $this->id = $dbi->getInsertId(); } else { // Update values in database $dbi->query("UPDATE " . commentTableName . " SET name=" . $dbi->quote($this->name) . ",mail=" . $dbi->quote($this->mail) . ",link=" . $dbi->quote($this->link) . ",subject=" . $dbi->quote($this->subject) . ",message=" . $dbi->quote($this->message) . ",posted=posted,spam=" . $dbi->quote($spam) . " WHERE (id=" . $dbi->quote($this->id) . ")"); } // Remember poster $remember = getValue("remember"); if (!empty($remember)) { $poster["name"] = stripslashes($this->name); $poster["mail"] = stripslashes($this->mail); $poster["link"] = stripslashes($this->link); $poster["remember"] = stripslashes($remember); setcookie("commentPoster", addslashes(serialize($poster)), time() + 31536000); } } // Return errors if any return $errors; }
function setMetaKeywords($metaKeywords) { $metaKeywords = stripHtml(validateTextLength(parseString($metaKeywords), 300)); $this->metaKeywords = $metaKeywords; }
// Include common functions and declarations require_once "../../include/common.php"; require_once "../include/config.php"; // Create blog object $blog = new Blog(!empty($_GET["blogId"]) ? $_GET["blogId"] : 0); if (!empty($blog->id)) { // Include language include scriptPath . "/" . folderBlog . "/include/language/" . $blog->language . "/general.php"; // Protect page if (!empty($blog->userlevel)) { protectPage($blog->userlevel); } // Get the post list $items = array(); $result = $dbi->query("SELECT id FROM " . blogPostTableName . " WHERE blogId=" . $blog->id . " AND draft=0 ORDER BY posted DESC LIMIT 15"); for ($i = 0; list($id) = $result->fetchrow_array(); $i++) { $post = new Post($id); // Get categories $categories = array(); for ($i = 0; $i < sizeof($post->categories); $i++) { $categories[] = $post->categories[$i][1]; } // Create new item $item = new RSSItem($post->id, $post->user->name, $categories, $post->getPostLink() . "#comments", scriptUrl . "/" . folderBlog . "/" . fileBlogCommentRSS . "?postId=" . $post->id, $post->getPostLink(), stripHtml(!empty($post->text) ? $post->text : $post->summary), $post->printRSSPostSummary(), $post->posted, $post->subject); $items[] = $item; } // Print feed $rss = new RSS($blog->title, $blog->description, $blog->getBlogLink(), scriptUrl . "/" . folderBlog . "/" . fileBlogPostRSS . "?blogId=" . $blog->id, $items); $rss->printRSSFeed(); }
/** * Default user StripInput function * * @param string $searchString term searched */ function defaultStripInput($searchString, $pgCharset = 'UTF-8') { if ($searchString !== '') { // Remove escape characters $searchString = stripslashes($searchString); // Remove js tags $searchString = stripJscripts($searchString); // Remove modx sensitive tags $searchString = stripTags($searchString); // Strip HTML tags $searchString = stripHtml($searchString); // and finally prevent JS XSS // The double_encode parameter was added with version 5.2.3 if (version_compare(PHP_VERSION, '5.2.3', '>=')) { $searchString = htmlspecialchars($searchString, ENT_COMPAT, $pgCharset, False); } else { $searchString = $this->php_compat_htmlspecialchars($searchString, ENT_COMPAT, $pgCharset, False); } } return $searchString; }