本文整理汇总了PHP中COM_checkHTML函数的典型用法代码示例。如果您正苦于以下问题:PHP COM_checkHTML函数的具体用法?PHP COM_checkHTML怎么用?PHP COM_checkHTML使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了COM_checkHTML函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __set
/**
* Set a property's value.
*
* @param string $var Name of property to set.
* @param mixed $value New value for property.
*/
public function __set($var, $value = '')
{
switch ($var) {
case 'ev_id':
$this->properties[$var] = COM_sanitizeId($value, false);
break;
case 'rp_id':
case 'det_id':
case 'uid':
$this->properties[$var] = (int) $value;
break;
case 'date_start':
case 'date_end':
// String values
$this->properties[$var] = trim(COM_checkHTML($value));
break;
case 'time_start1':
case 'time_end1':
case 'time_start2':
case 'time_end2':
$this->properties[$var] = empty($value) ? '00:00:00' : trim($value);
break;
default:
// Undefined values (do nothing)
break;
}
}示例2: ppPrepareForDB
function ppPrepareForDB($var)
{
// Need to call addslashes again as COM_checkHTML stips it out
$var = COM_checkHTML($var);
$var = addslashes($var);
return $var;
}示例3: loadTextFromArgs
function loadTextFromArgs($arg, $postmode = '')
{
if (!empty($postmode)) {
$this->setPostmode($postmode);
}
if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') {
$this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit');
} else {
$this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg)));
}
return $this->_text;
}示例4: __set
/**
* Set a property's value.
* Emulates the __set() magic function in PHP 5.
*
* @param string $var Name of property to set.
* @param mixed $value New value for property.
*/
public function __set($var, $value = '')
{
switch ($var) {
case 'id':
$this->properties[$var] = COM_SanitizeID($value, false);
break;
case 'hits':
case 'owner_id':
case 'group_id':
case 'perm_owner':
case 'perm_group':
case 'perm_members':
case 'perm_anon':
case 'startyear1':
case 'startyear2':
case 'startmonth1':
case 'startmonth2':
case 'startday1':
case 'startday2':
case 'endyear1':
case 'endyear2':
case 'endmonth1':
case 'endmonth2':
case 'endday1':
case 'endday2':
case 'cal_id':
// Integer values
if ($value == '') {
$value = 0;
}
$this->properties[$var] = (int) $value;
break;
case 'date_start1':
case 'date_end1':
case 'postmode':
// String values
$this->properties[$var] = trim(COM_checkHTML($value));
break;
case 'time_start1':
case 'time_start2':
case 'time_end1':
case 'time_end2':
$this->properties[$var] = empty($value) ? '00:00:00' : trim($value);
break;
case 'status':
case 'recurring':
case 'allday':
case 'split':
case 'enable_reminders':
case 'show_upcoming':
// Boolean values
$this->properties[$var] = $value == 1 ? 1 : 0;
break;
case 'categories':
if (is_array($value)) {
$this->{$var} = $value;
} else {
$this->{$var} = explode(',', $value);
}
break;
default:
// Undefined values (do nothing)
break;
}
}示例5: testCheckHTMLMissingLastRawTagCONFSkip_html_filter_for_rootEquals0
public function testCheckHTMLMissingLastRawTagCONFSkip_html_filter_for_rootEquals0()
{
// Line 2923
global $_CONF, $_GROUPS;
$_CONF['skip_html_filter_for_root'] = 1;
$_GROUPS['Root'] = 'Root';
$this->assertEquals('<!-- string -->[raw2]<!-- string -->&#36;var&#092;n&#092;[/raw2]', COM_checkHTML('<!-- string -->[RAw]<!-- string -->$var\\\\n\\\\'));
}示例6: CALENDAR_save
//.........这里部分代码省略.........
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description));
} else {
$postmode = 'plaintext';
$description = @htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(COM_checkHTML(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location)));
$address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1)));
$address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2)));
$city = DB_escapeString(COM_checkHTML(COM_checkWords($city)));
$state = DB_escapeString(COM_checkHTML(COM_checkWords($state)));
$zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
if ($start_ampm == 'pm' and $start_hour != 12) {
$start_hour = $start_hour + 12;
}
// If 12AM set hour to 00
if ($start_ampm == 'am' and $start_hour == 12) {
$start_hour = '00';
}
// Add 12 to make time on 24 hour clock if needed
if ($end_ampm == 'pm' and $end_hour != 12) {
$end_hour = $end_hour + 12;
}
// If 12AM set hour to 00
if ($end_ampm == 'am' and $end_hour == 12) {
$end_hour = '00';
}
$timestart = $start_hour . ':' . $start_minute . ':00';
$timeend = $end_hour . ':' . $end_minute . ':00';
}
if (!empty($eid) and !empty($description) and !empty($title)) {
DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
$numrows = DB_numRows($result);
for ($i = 1; $i <= $numrows; $i++) {
$P = DB_fetchArray($result);
DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
}
}
PLG_itemSaved($eid, 'calendar');
COM_rdfUpToDateCheck('calendar', $event_type, $eid);
// if we just saved a submission, then return to the submissions page
if ($type == 'submission') {
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
}
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
}示例7: prepareStringForDB
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE)
{
global $_FF_CONF;
if ($censor) {
$message = COM_checkWords($message);
}
if ($postmode == 'html') {
if ($htmlfilter) {
// Need to call addslahes again as COM_checkHTML stips it out
$message = DB_escapeString(COM_checkHTML($message));
} else {
$message = DB_escapeString($message);
}
} else {
$message = DB_escapeString(@htmlspecialchars($message, ENT_QUOTES, COM_getEncodingt()));
}
return $message;
}示例8: PAGE_edit
/**
* Displays the Static Page Editor
*
* @sp_id string ID of static page to edit
* @action string action (edit, clone or null)
* @editor string editor to use
*
*/
function PAGE_edit($sp_id, $action = '', $editor = '')
{
global $_CONF, $_SP_CONF, $_TABLES, $_USER, $LANG_STATIC;
if (!empty($sp_id) && $action == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
// // sp_old_id is not null, this is an existing page
} elseif ($action == 'edit') {
// we're creating a new staticpage, set default values
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$A['sp_status'] = $_SP_CONF['status_flag'];
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_help'] = '';
// no help URL
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
$A['commentcode'] = $_SP_CONF['comment_code'];
$A['sp_where'] = 1;
// top of page
$A['sp_search'] = $_SP_CONF['include_search'];
} elseif (!empty($sp_id) && $action == 'clone') {
// we're creating a new staticpage based upon an old one. get the page to be cloned
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 2));
$A = DB_fetchArray($result);
// override old page values with values unique to this page
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$sp_id = $A['sp_id'];
// to ensure value displayed in field reflects updated value
$sp_title = $A['sp_title'] . ' (' . $LANG_STATIC['copy'] . ')';
$A['sp_title'] = $sp_title;
// indicate in title that this is a cloned page
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_hits'] = 0;
// reset page hits
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
// update date and time
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']));
}
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
$A['editor'] = $editor;
return PAGE_form($A);
}示例9: staticpageeditor
/**
* Displays the Static Page Editor
*
* @param string $sp_id ID of static page to edit
* @param string $mode Mode
* @param string $editor Editor mode? (unused?)
* @return string HTML for static pages editor
*
*/
function staticpageeditor($sp_id, $mode = '', $editor = '')
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC;
$retval = '';
if (!empty($sp_id) && $mode == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
}
} elseif ($mode == 'edit') {
$A['sp_id'] = COM_makesid();
$A['sp_uid'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_help'] = '';
$A['sp_old_id'] = '';
$A['commentcode'] = $_CONF['comment_code'];
$A['sp_where'] = 1;
// default new pages to "top of page"
} elseif (!empty($sp_id) && $mode == 'clone') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_id'] = COM_makesid();
$A['sp_uid'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_hits'] = 0;
$A['sp_old_id'] = '';
$A['commentcode'] = $_CONF['comment_code'];
}
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit');
}
if (isset($A)) {
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
if (isset($A['meta_description'])) {
$A['meta_description'] = strip_tags($A['meta_description']);
}
if (isset($A['meta_keywords'])) {
$A['meta_keywords'] = strip_tags($A['meta_keywords']);
}
$A['editor'] = $editor;
$retval = staticpageeditor_form($A);
} else {
$retval = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_STATIC['deny_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
return $retval;
}示例10: _filterText
private function _filterText($var)
{
// Need to call addslashes again as COM_checkHTML strips it out
if ($this->_checkhtml) {
$var = COM_checkHTML($var);
}
if ($this->_checkwords) {
$var = COM_checkWords($var);
}
$var = COM_killJS($var);
if ($this->_maxlength > 0) {
$var = substr($var, 0, $this->_maxlength);
}
if ($this->_prepfordb) {
$var = addslashes($var);
} elseif ($this->_prepforweb) {
$var = stripslashes($var);
}
return $var;
}示例11: MG_getRemote
//.........这里部分代码省略.........
}
// Now we need to process an uploaded thumbnail
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
}
if ($attachedThumbnail == 1 && $thumbnail != '') {
// see if it is remote, if yes go get it...
if (preg_match("/http/i", $thumbnail)) {
$tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
$rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
$tmp_image_size = @getimagesize($tmp_thumbnail);
if ($tmp_image_size != false) {
$resolution_x = $tmp_image_size[0];
$resolution_y = $tmp_image_size[1];
}
$thumbnail = $tmp_thumbnail;
} else {
$rc = true;
}
if ($rc == true) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
// && !SEC_hasRights('mediagallery.create')) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$pathParts = array();
$pathParts = explode('/', $urlArray['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($i = 1; $i < $ppCount - 1; $i++) {
$pPath .= '/' . $pathParts[$i];
}
$videoFile = $pathParts[$ppCount - 1];
if ($mediaType != 5) {
$original_filename = $videoFile;
} else {
$original_filename = '';
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
$resolution_x = 320;示例12: _htmlLoadStory
/**
* This is the importantest bit. This function must load the title, intro
* and body of the article from the post array, providing all appropriate
* conversions of HTML mode content into the nice safe form that geeklog
* can then (simply) spit back out into the page on render. After doing a
* magic tags replacement.
*
* This DOES NOT ADDSLASHES! We do that on DB store, because we want to
* keep our internal variables in "display mode", not in db mode or anything.
*
* @param $title string posttitle, only had stripslashes if necessary
* @param $intro string introtext, only had stripslashes if necessary
* @param $body string bodytext, only had stripslashes if necessary
* @return nothing
* @access private
*/
function _htmlLoadStory($title, $intro, $body)
{
global $_CONF;
// fix for bug in advanced editor
if ($_CONF['advanced_editor'] && $body == '<br' . XHTML . '>') {
$body = '';
}
$this->_title = htmlspecialchars(strip_tags(COM_checkWords($title)));
$this->_introtext = COM_checkHTML(COM_checkWords($intro), 'story.edit');
$this->_bodytext = COM_checkHTML(COM_checkWords($body), 'story.edit');
}示例13: savepoll
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
//.........这里部分代码省略.........
示例14: CALENDAR_saveEvent
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return string HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
if ($hour_mode == 24) {
// to avoid having to mess with the tried and tested code below, map
// the 24-hour values onto their 12-hour counterparts and use those
if ($start_hour >= 12) {
$start_ampm = 'pm';
$start_hour = $start_hour - 12;
} else {
$start_ampm = 'am';
$start_hour = $start_hour;
}
if ($start_hour == 0) {
$start_hour = 12;
}
if ($end_hour >= 12) {
$end_ampm = 'pm';
$end_hour = $end_hour - 12;
} else {
$end_ampm = 'am';
$end_hour = $end_hour;
}
if ($end_hour == 0) {
$end_hour = 12;
}
}
if ($allday == 'on') {
$allday = 1;
} else {
$allday = 0;
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
} else {
$postmode = 'plaintext';
$description = htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
$address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
$address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
$city = DB_escapeString(strip_tags(COM_checkWords($city)));
//.........这里部分代码省略.........
示例15: MG_saveAlbum
/**
* saves the specified album information
*
* @param int album_id album_id to edit
* @return string HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
if (isset($_POST['album_id'])) {
$aid = COM_applyFilter($_POST['album_id'], true);
} else {
$aid = 0;
}
if (isset($_POST['force_child_update'])) {
$forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
} else {
$forceChildPermUpdate = 0;
}
$thumb = $_FILES['thumbnail'];
$thumbnail = $thumb['tmp_name'];
if (isset($_POST['attach_tn'])) {
$att = COM_applyFilter($_POST['attach_tn']);
} else {
$att = 0;
}
if ($aid > 0) {
// should be 0 or negative 1 for create
$album = $MG_albums[$aid];
$oldparent = $album->parent;
$old_tn_attached = $album->tn_attached;
$old_featured = $album->featured;
$update = 1;
} else {
$album = new mgAlbum();
$album->id = $aid;
$update = 0;
$old_tn_attached = 0;
}
if ($_MG_CONF['htmlallowed'] == 1) {
$album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
$album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
} else {
$album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
$album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
}
if ($album->title == "") {
return MG_errorHandler("You must enter an Album Name");
}
$album->parent = COM_applyFilter($_POST['parentaid'], true);
// we should not need this
if (isset($_POST['hidden'])) {
$album->hidden = COM_applyFilter($_POST['hidden'], true);
} else {
$album->hidden = 0;
}
$album->cover = COM_applyFilter($_POST['cover']);
$album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
if (isset($_POST['enable_album_views'])) {
$album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
} else {
$album->enable_album_views = 0;
}
$album->image_skin = COM_applyFilter($_POST['skin']);
$album->album_skin = COM_applyFilter($_POST['askin']);
$album->display_skin = COM_applyFilter($_POST['dskin']);
if (isset($_POST['display_album_desc'])) {
$album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
} else {
$album->display_album_desc = 0;
}
if (isset($_POST['enable_comments'])) {
$album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
} else {
$album->enable_comments = 0;
}
$album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
if (isset($_POST['enable_rating'])) {
$album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
} else {
$album->enable_rating = 0;
}
$album->playback_type = COM_applyFilter($_POST['playback_type'], true);
$album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
$album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
if (isset($_POST['enable_random'])) {
$album->enable_random = COM_applyFilter($_POST['enable_random'], true);
} else {
$album->enable_random = 0;
}
if (isset($_POST['enable_shutterfly'])) {
$album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
} else {
$album->enable_shutterfly = 0;
}
if (isset($_POST['enable_views'])) {
$album->enable_views = COM_applyFilter($_POST['enable_views'], true);
} else {
//.........这里部分代码省略.........