public static function GetSafe($name) { if (isset($_REQUEST[$name])) { return String::HtmlSpecialChars($_REQUEST[$name]); } return null; }
<div class="centerer"> <span class="centerer" style="width: 90%;"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <div class="header">Select Template</div> </td> <td style="padding-left: 10px;"> <div class="header" id="code-header" style="display: none;">Template Code For <span id="loaded-template"></span></div> </td> </tr> <tr> <td valign="top" style="width: 20em; min-width: 20em;"> <?php $templates = String::HtmlSpecialChars(Dir::ReadFiles(TEMPLATES_DIR, '~^email~')); asort($templates); ?> <div class="explorer"> <?php foreach ($templates as $template) { ?> <div class="explorer-template"><span><?php echo $template; ?> </span></div> <?php } ?> </div> </td>
Allow embedding </div> </span> </div> </div> <?php if (isset($editing)) { ?> <div class="fieldset"> <div class="legend">Clips</div> <?php foreach ($clips as $clip) { String::HtmlSpecialChars($clip); ?> <?php if ($clip['type'] == 'Embed') { ?> <div class="field"> <label>Embed Code:</label> <span class="field-container"> <textarea name="clips[<?php echo $clip['clip_id']; ?> ][clip]" rows="6" style="width: 600px;" wrap="off"><?php echo $clip['clip']; ?> </textarea> </span>
} ?> </div> </div> <div id="tabs-2"> <div> <?php $DB = GetDB(); $result = $DB->Query('SELECT * FROM `tbx_user` ORDER BY `date_created` DESC LIMIT 5'); if ($DB->NumRows($result) < 1) { ?> <div class="message-warning text-center">No users have signed up yet!</div> <?php } while ($user = $DB->NextRow($result)) { $user = String::HtmlSpecialChars($user); $user['date_created'] = date(DATETIME_FRIENDLY, strtotime($user['date_created'])); $stats = $DB->Row('SELECT * FROM `tbx_user_stat` WHERE `username`=?', array($user['username'])); $avatar_src = '../images/avatar-150x120.png'; if (!empty($user['avatar_id'])) { $avatar = $DB->Row('SELECT * FROM `tbx_upload` WHERE `upload_id`=?', array($user['avatar_id'])); $avatar_src = $avatar['uri']; } ?> <div style="margin: 8px 0;"> <span class="index-avatar-container"> <img src="<?php echo $avatar_src; ?> " /> </span>
function SearchItemHtml($type, $original) { $DB = GetDB(); $schema = GetDBSchema(); $xtable = $schema->el('//table[naming/type="' . $type . '"]'); $primary_key = $xtable->columns->primaryKey->val(); $global_item_include_file = File::Sanitize('cp-' . $type . '-search-item-global.php', 'php'); $item_include_file = File::Sanitize('cp-' . $type . '-search-item.php', 'php'); // Get custom and merge tables $custom_table = $xtable->custom->val(); $merge_tables = empty($custom_table) ? array() : array($custom_table); foreach ($xtable->xpath('./merge') as $xmerge) { $merge_tables[] = $xmerge->val(); } foreach ($merge_tables as $merge_table) { $row = $DB->Row('SELECT * FROM # WHERE #=?', array($merge_table, $primary_key, $original[$primary_key])); if (is_array($row)) { $original = array_merge($row, $original); } } ob_start(); if (is_file("includes/{$global_item_include_file}")) { include $global_item_include_file; } $item = String::HtmlSpecialChars($original); include $item_include_file; return ob_get_clean(); }
" /></span> </div> <?php if (isset($editing) && Request::Get('image_id')) { $image = $DB->Row('SELECT * FROM `tbx_upload` WHERE `upload_id`=?', array(Request::Get('image_id'))); ?> <div class="field"> <label>Existing Image:</label> <span class="field-container"> <div class="checkbox" style="display: block; margin-bottom: 5px;"> <input type="hidden" name="remove_image" value="0" /> Remove Image </div> <img src="<?php echo String::HtmlSpecialChars($image['uri']); ?> " class="avatar" /> </span> </div> <?php } ?> <div class="field"> <label>Upload Image:</label> <span class="field-container"> <input type="file" size="50" name="image_file" /><br /> <span class="small">JPG, GIF, or PNG image</span> </span> </div>
<div class="centerer"> <span class="centerer" style="width: 90%;"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <div class="header">Select Template</div> </td> <td style="padding-left: 10px;"> <div class="header" id="code-header" style="display: none;">Template Code For <span id="loaded-template"></span></div> </td> </tr> <tr> <td valign="top" style="width: 20em;"> <?php $templates = String::HtmlSpecialChars(Dir::ReadFiles(TEMPLATES_DIR, '~^(?!email).*?(\\.tpl$|\\.css$)~')); asort($templates); ?> <div class="explorer"> <?php foreach ($templates as $template) { ?> <div class="explorer-template"><span><?php echo $template; ?> </span></div> <?php } ?> </div> </td>
</span> </div> <?php if (isset($editing) && Request::Get('avatar_id')) { $avatar = $DB->Row('SELECT * FROM `tbx_upload` WHERE `upload_id`=?', array(Request::Get('avatar_id'))); ?> <div class="field"> <label>Existing Avatar:</label> <span class="field-container"> <div class="checkbox" style="display: block; margin-bottom: 5px;"> <input type="hidden" name="remove_avatar" value="0" /> Remove Avatar </div> <img src="<?php echo String::HtmlSpecialChars($avatar['uri']); ?> " class="avatar" /> </span> </div> <?php } ?> <div class="field"> <label>Upload Avatar:</label> <span class="field-container"> <input type="file" size="50" name="avatar_file" /><br /> <span class="small">JPG, GIF, or PNG image</span> </span> </div>
<?php $item['date_commented'] = date(DATETIME_FRIENDLY, strtotime($item['date_commented'])); $video = $DB->Row('SELECT * FROM `tbx_video` WHERE `video_id`=?', array($item['video_id'])); $video = String::HtmlSpecialChars($video); ?> <tr class="search-hilite search-result" id="<?php echo $item['comment_id']; ?> "> <td class="selectable" style="width: 40px;" title="Select"> </td> <td valign="top"> <div style="margin-bottom: 5px;"> <b style="display: inline-block; width: 6em; text-align: right;">Username:</b> <a href="index.php?r=tbxGenericShowSearch(user)&pds=user&username=<?php echo urlencode($original['username']); ?> "><?php echo $item['username']; ?> </a> </div> <div style="margin-bottom: 5px;"> <b style="display: inline-block; width: 6em; text-align: right;">Date:</b> <?php echo $item['date_commented']; ?> </div> <div style="margin-bottom: 5px;"> <b style="display: inline-block; width: 6em; text-align: right;">Status:</b> <?php