本文整理汇总了PHP中COM_applyBasicFilter函数的典型用法代码示例。如果您正苦于以下问题:PHP COM_applyBasicFilter函数的具体用法?PHP COM_applyBasicFilter怎么用?PHP COM_applyBasicFilter使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了COM_applyBasicFilter函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: applyFilter
/**
* Apply a basic filter
*
* @param string|array $var
* @param bool $isNumeric
* @return string|array
*/
public static function applyFilter($var, $isNumeric = false)
{
if (is_array($var)) {
return array_map(__METHOD__, $var);
}
if (is_callable('COM_applyBasicFilter')) {
$var = COM_applyBasicFilter($var);
} else {
// Simulate COM_applyBasicFilter
$var = \GLText::remove4byteUtf8Chars($var);
$var = strip_tags($var);
if (is_callable('COM_killJS')) {
$var = COM_killJS($var);
// doesn't help a lot right now, but still ...
} else {
$var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
}
if ($isNumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
$var = 0;
}
} else {
$var = preg_replace('/\\/\\*.*/', '', $var);
$var = explode("'", $var);
$var = explode('"', $var[0]);
$var = explode('`', $var[0]);
$var = explode(';', $var[0]);
$var = explode(',', $var[0]);
$var = explode('\\', $var[0]);
$var = $var[0];
}
}
return $var;
}
示例2: filter
/**
* Apply basic filter if necessary
*
* @param string|array $value
* @return string|array
*/
private function filter($value)
{
if ($this->applyFilter) {
if (is_array($value)) {
$value = array_map(array($this, 'filter'), $value);
} else {
$value = COM_applyBasicFilter($value);
}
}
return $value;
}
示例3: service_get_staticpages
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($mode !== 'autotag') {
$_CONF['pagetitle'] = $output['sp_title'];
}
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter();
}
} else {
if ($mode !== 'autotag') {
COM_404();
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
$output['updated'] = date('c', strtotime($output['sp_date']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
//.........这里部分代码省略.........
示例4: service_get_staticpages
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($output['template_id'] != '') {
$retval = '';
$mode = '';
$xmlObject = simplexml_load_string($output['sp_content']);
// create array of XML data
$tag = array();
foreach ($xmlObject->variable as $variable) {
$key = $variable["name"] . '';
$value = $variable->data;
$tag[$key] = $value;
}
// Loop through variables to replace any autotags first
foreach ($tag as &$value) {
$value = PLG_replaceTags($value);
}
$args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
$svc_msg = array();
if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
$retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
$output['sp_content'] = $retval['sp_content'];
}
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
//.........这里部分代码省略.........
示例5: service_get_story
/**
* Get an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_get_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
$output = array();
$retval = '';
if (!isset($_CONF['atom_max_stories'])) {
$_CONF['atom_max_stories'] = 10;
// set a resonable default
}
$svc_msg['output_fields'] = array('draft_flag', 'hits', 'numemails', 'comments', 'trackbacks', 'featured', 'commentcode', 'statuscode', 'expire_date', 'postmode', 'advanced_editor_mode', 'frontpage', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon');
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['sid'])) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
if (empty($args['sid'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (empty($args['mode'])) {
$args['mode'] = 'view';
}
if (!$svc_msg['gl_feed']) {
$sid = $args['sid'];
$mode = $args['mode'];
$story = new Story();
$retval = $story->loadFromDatabase($sid, $mode);
if ($retval != STORY_LOADED_OK) {
$output = $retval;
return PLG_RET_ERROR;
}
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output[$fieldname] = $story->{$varname};
}
$output['username'] = $story->_username;
$output['fullname'] = $story->_fullname;
if ($args['gl_svc']) {
if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['expire_date'] = date('c', $output['expire']);
}
$output['id'] = $output['sid'];
$output['category'] = array($output['tid']);
$output['published'] = date('c', $output['date']);
$output['updated'] = date('c', $output['date']);
if (empty($output['bodytext'])) {
$output['content'] = $output['introtext'];
} else {
$output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
}
$output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $sid;
}
} else {
$output = array();
$mode = $args['mode'];
$sql = array();
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
} else {
$offset = 0;
}
$max_items = $_CONF['atom_max_stories'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
$order = " ORDER BY unixdate DESC";
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
$result = DB_query($sql);
$count = 0;
while (($story_array = DB_fetchArray($result, false)) !== false) {
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
break;
}
$story = new Story();
$story->loadFromArray($story_array);
// This access check is not strictly necessary
//.........这里部分代码省略.........
示例6: WS_authenticate
/**
* Authenticates the user if authentication headers are present
*
* Our handling of the speedlimit here requires some explanation ...
* Atompub clients will usually try to do everything without logging in first.
* Since that would mean that we can't provide feeds for drafts, items with
* special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
* That, however, means that every request from an Atompub client will count
* as one failed login attempt. So doing a couple of requests in quick
* succession will surely get the client blocked. Therefore
* - a request without any login credentials counts as one failed login attempt
* - a request with wrong login credentials counts as two failed login attempts
* - if, after a successful login, we have only one failed attempt on record,
* we reset the speedlimit
* This still ensures that
* - repeated failed logins (without or with invalid credentials) will cause the
* client to be blocked eventually
* - this can not be used for dictionary attacks
*
*/
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}'");
}
/** this does not work! *******************************************************
} elseif (!empty($_SERVER['HTTP_X_WSSE']) &&
(strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) {
// this is loosely based on a code snippet taken from Elgg (elgg.org)
$wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']);
$wsse = explode(',', $wsse);
$username = '';
$pwdigest = '';
$created = '';
$nonce = '';
foreach ($wsse as $element) {
$element = explode('=', $element);
$key = array_shift($element);
if (count($element) == 1) {
$val = $element[0];
} else {
$val = implode('=', $element);
}
$key = trim($key);
$val = trim($val, "\x22\x27");
if ($key == 'Username') {
$username = COM_applyBasicFilter($val);
} elseif ($key == 'PasswordDigest') {
$pwdigest = $val;
} elseif ($key == 'Created') {
$created = $val;
} elseif ($key == 'Nonce') {
$nonce = $val;
}
}
if (!empty($username) && !empty($pwdigest) && !empty($created) &&
!empty($nonce)) {
$uname = DB_escapeString($username);
$pwd = DB_getItem($_TABLES['users'], 'passwd',
"username = '$uname'");
// ... and here we would need the _unencrypted_ password
if (!empty($pwd)) {
$mydigest = pack('H*', sha1($nonce . $created . $pwd));
$mydigest = base64_encode($mydigest);
if ($pwdigest == $mydigest) {
$password = $pwd;
}
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
}
******************************************************************************/
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header as
* explained at
* http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
//.........这里部分代码省略.........
示例7: COM_applyFilter
/**
* Filter parameters passed per GET (URL) or POST.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
* @see COM_applyBasicFilter
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
$p = COM_stripslashes($parameter);
return COM_applyBasicFilter($p, $isnumeric);
}
示例8: COM_applyfilter
$fid = COM_applyfilter($_GET['fid'], true);
$op = COM_applyfilter($_GET['op']);
COM_errorLog("Download.php - op:{$op}, uid:{$_USER['uid']}, fid:{$fid}");
if ($op == 'incoming') {
if (!DB_count($_TABLES['nxfile_import_queue'], 'id', $fid)) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
}
if ($op == 'download') {
if (!DB_count($_TABLES['nxfile_files'], 'fid', $fid)) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
include_once $_CONF['path_system'] . 'classes/downloader.class.php';
$version = COM_applyBasicFilter($_GET['version'], true);
if ($version > 0) {
$query = DB_query("SELECT fname,ftype FROM {$_TABLES['nxfile_fileversions']} WHERE fid={$fid} AND version={$version}");
list($fname, $ftype) = DB_fetchARRAY($query);
$cid = DB_getItem($_TABLES['nxfile_files'], "cid", "fid={$fid}");
} else {
$query = DB_query("SELECT cid,fname,ftype,mimetype FROM {$_TABLES['nxfile_files']} WHERE fid={$fid}");
list($cid, $fname, $ftype, $mimetype) = DB_fetchARRAY($query);
}
// Make sure user has access
if (!fm_getPermission($cid, 'view')) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
if ($ftype == "file") {
$directory = $_FMCONF['storage_path'] . $cid . '/';
示例9: PLG_replaceTags
//.........这里部分代码省略.........
USES_lib_story();
if (isset($_USER['uid']) && $_USER['uid'] > 1) {
$result = DB_query("SELECT maxstories,tids,aids FROM {$_TABLES['userindex']} WHERE uid = {$_USER['uid']}");
$U = DB_fetchArray($result);
} else {
$U['maxstories'] = 0;
$U['aids'] = '';
$U['tids'] = '';
}
$sql = " (date <= NOW()) AND (draft_flag = 0)";
if (empty($topic)) {
$sql .= COM_getLangSQL('tid', 'AND', 's');
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
if (!empty($U['aids'])) {
$sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
}
if (!empty($U['tids'])) {
$sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
}
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
$userfields = 'u.uid, u.username, u.fullname';
$msql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE s.sid = '" . $autotag['parm1'] . "' AND (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql;
$result = DB_query($msql);
$nrows = DB_numRows($result);
if ($A = DB_fetchArray($result)) {
$story = new Story();
$story->loadFromArray($A);
$linktext = STORY_renderArticle($story, 'y');
}
$content = str_replace($autotag['tagstr'], $linktext, $content);
}
if ($autotag['tag'] == 'showblock') {
$blockName = COM_applyBasicFilter($autotag['parm1']);
$result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE name = '" . DB_escapeString($blockName) . "'" . COM_getPermSQL('AND'));
if (DB_numRows($result) > 0) {
$skip = 0;
$B = DB_fetchArray($result);
$template = '';
$side = '';
$px = explode(' ', trim($autotag['parm2']));
if (is_array($px)) {
foreach ($px as $part) {
if (substr($part, 0, 9) == 'template:') {
$a = explode(':', $part);
$template = $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'side:') {
$a = explode(':', $part);
$side = $a[1];
$skip++;
break;
}
}
if ($skip != 0) {
if (count($px) > $skip) {
for ($i = 0; $i < $skip; $i++) {
array_shift($px);
}
$caption = trim(implode(' ', $px));
} else {
$caption = '';
}
}
}
if ($template != '') {
示例10: fncSave
function fncSave($edt_flg, $navbarMenu, $menuno)
{
$pi_name = "userbox";
global $_CONF;
global $_TABLES;
global $_USER;
global $_USERBOX_CONF;
global $LANG_USERBOX_ADMIN;
global $_FILES;
$addition_def = DATABOX_getadditiondef($pi_name);
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
//@@@@@ username fullname
$username = COM_applyFilter($_POST['username']);
$username = addslashes(COM_checkHTML(COM_checkWords($username)));
$fullname = COM_applyFilter($_POST['fullname']);
$fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
$defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
$draft_flag = COM_applyFilter($_POST['draft_flag'], true);
// $hits =0;
// $comments=0;
$comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
if ($comment_expire_flag) {
$comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
$comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
$comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
$comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
$comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
if ($comment_expire_ampm == 'pm') {
if ($comment_expire_hour < 12) {
$comment_expire_hour = $comment_expire_hour + 12;
}
}
if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
$comment_expire_hour = '00';
}
} else {
$comment_expire_month = 0;
$comment_expire_day = 0;
$comment_expire_year = 0;
$comment_expire_hour = 0;
$comment_expire_minute = 0;
}
$commentcode = COM_applyFilter($_POST['commentcode'], true);
$trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
$cache_time = COM_applyFilter($_POST['cache_time'], true);
$meta_description = $_POST['meta_description'];
$meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
$meta_keywords = $_POST['meta_keywords'];
$meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
//
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
//
$array['perm_owner'] = $_POST['perm_owner'];
$array['perm_group'] = $_POST['perm_group'];
$array['perm_members'] = $_POST['perm_members'];
$array['perm_anon'] = $_POST['perm_anon'];
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
$perm_group = COM_applyBasicFilter($array['perm_group'], true);
$perm_members = COM_applyBasicFilter($array['perm_members'], true);
$perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
}
//編集日付
$modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
if ($modified_autoupdate == 1) {
//$udate = date('Ymd');
$modified_month = date('m');
$modified_day = date('d');
$modified_year = date('Y');
$modified_hour = date('H');
$modified_minute = date('i');
} else {
$modified_month = COM_applyFilter($_POST['modified_month'], true);
$modified_day = COM_applyFilter($_POST['modified_day'], true);
$modified_year = COM_applyFilter($_POST['modified_year'], true);
$modified_hour = COM_applyFilter($_POST['modified_hour'], true);
$modified_minute = COM_applyFilter($_POST['modified_minute'], true);
//.........这里部分代码省略.........
示例11: service_get_staticpages
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
// Topic Permissions
$topic_perms = COM_getTopicSQL('', 0, 'ta');
if ($topic_perms != "") {
$topic_perms = " AND (" . $topic_perms . "";
if (COM_onFrontpage()) {
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
} else {
// $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
}
}
$topic_perms .= " GROUP BY sp_id";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
$page = $output['sp_id'];
// reset page id so case mimics id perfectly since this affects the cache file and canonical link
// WE ASSUME $output doesn't have any confidential fields
// Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
if (!isset($args['template'])) {
$output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
//.........这里部分代码省略.........
示例12: dispatch
/**
* Dispatch the client based on $_SERVER['PATH_INFO']
*
* @return bool when not dispatched
*/
public static function dispatch()
{
global $_CONF, $_TABLES, $LANG_ROUTER;
// URL rewrite is disabled
if (!$_CONF['url_rewrite']) {
return false;
}
// URL routing is not supported
if (!isset($_CONF['url_routing'])) {
return false;
}
$routingType = intval($_CONF['url_routing'], 10);
// URL routing is disabled
if ($routingType === self::ROUTING_DISABLED) {
return false;
}
// $_SERVER['PATH_INFO'] is unavailable
if (!isset($_SERVER['PATH_INFO']) || empty($_SERVER['PATH_INFO'])) {
return false;
}
$pathInfo = COM_applyBasicFilter($_SERVER['PATH_INFO']);
if (self::$debug) {
COM_errorLog(__METHOD__ . ': PATH_INFO = ' . $pathInfo);
}
// Get request type
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
$method = self::HTTP_REQUEST_GET;
break;
case 'POST':
$method = self::HTTP_REQUEST_POST;
break;
case 'PUT':
$method = self::HTTP_REQUEST_PUT;
break;
case 'DELETE':
$method = self::HTTP_REQUEST_DELETE;
break;
case 'HEAD':
$method = self::HTTP_REQUEST_HEAD;
break;
default:
// Unsupported method
COM_errorLog(__METHOD__ . ': unknown HTTP request method "' . $_SERVER['REQUEST_METHOD'] . '" was supplied');
return false;
}
// Get routing rules and routes from database
$sql = "SELECT * FROM {$_TABLES['routes']} WHERE method = " . DB_escapeString($method) . " ORDER BY priority ";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog(__METHOD__ . ': ' . DB_error());
return false;
}
while (($A = DB_fetchArray($result, false)) !== false) {
$rule = $A['rule'];
$route = $A['route'];
// Try simple comparison without placeholders
if (strcasecmp($rule, $pathInfo) === 0) {
$route = $_CONF['site_url'] . $route;
if (self::$debug) {
COM_errorLog(__METHOD__ . ': "' . $pathInfo . '"matched with simple comparison rule "' . $A['rule'] . '", converted into "' . $route . '"');
}
header('Location: ' . $route);
COM_errorLog(__METHOD__ . ': somehow could not redirect');
return false;
}
// Try comparison with placeholders
if (preg_match_all(self::PLACEHOLDER_MATCH, $rule, $matches, PREG_SET_ORDER)) {
// Escape a period and a question mark so that they can safely be used in a regular expression
$rule = str_replace(array('.', '?'), array('\\.', '\\?'), $rule);
$placeHolders = array();
// Replace placeholders in a rule with ones for regular expressions
foreach ($matches as $match) {
$placeHolders[] = $match[1];
$rule = str_replace($match[1], self::PLACEHOLDER_REPLACE, $rule);
}
$rule = '|\\A' . $rule . '\\z|i';
if (!preg_match($rule, $pathInfo, $values)) {
continue;
}
array_shift($values);
foreach ($values as $value) {
if (preg_match(self::VALUE_MATCH, $value)) {
$value = urlencode($value);
}
$placeHolder = array_shift($placeHolders);
$route = str_replace($placeHolder, $value, $route);
}
if (strpos($route, '@') !== false && self::$debug) {
COM_errorLog(sprintf('%s: %s. Rule (rid = %d) = %s, Route = %s', __METHOD__, @$LANG_ROUTER[15], $A['rid'], $A['rule'], $A['route']));
continue;
}
$route = $_CONF['site_url'] . $route;
if (self::$debug) {
COM_errorLog(__METHOD__ . ': "' . $pathInfo . '" matched with regular expression rule "' . $A['rule'] . '", converted into "' . $route . '"');
//.........这里部分代码省略.........
示例13: COM_applyFilter
/**
* Filter parameters passed per GET (URL) or POST.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
$p = $parameter;
return COM_applyBasicFilter($p, $isnumeric);
}
示例14: filter
/**
* Apply basic filter if necessary
*
* @param $value
* @return string
*/
private function filter($value)
{
return $this->applyFilter ? COM_applyBasicFilter($value) : $value;
}
示例15: service_get_staticpages
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,commentcode,owner_id,group_id," . "perm_owner,perm_group,perm_members,perm_anon,sp_tid," . "sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$output .= $login->finish($login->get_var('output'));
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
} else {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['deny_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
//.........这里部分代码省略.........