PHP COM_checkWords函数代码示例

 function loadTextFromArgs($arg, $postmode = '')
 {
     if (!empty($postmode)) {
         $this->setPostmode($postmode);
     }
     if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') {
         $this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit');
     } else {
         $this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg)));
     }
     return $this->_text;
 }

function phpblock_whos_new()
{
    global $_CONF, $_TABLES, $_IMAGE_TYPE;
    // Set the number of new members to show
    $numToShow = 5;
    $result = DB_query("SELECT uid,username,photo FROM {$_TABLES['users']} WHERE status = " . USER_ACCOUNT_ACTIVE . " ORDER BY regdate DESC LIMIT {$numToShow}");
    $nrows = DB_numRows($result);
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        $retval .= '<a href="' . $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $A['uid'] . '" rel="nofollow">' . COM_checkWords($A['username']) . '</a>';
        if (!empty($A['photo']) and $_CONF['allow_user_photo'] == 1) {
            $retval .= ' <a href="' . $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $A['uid'] . '" rel="nofollow"><img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" border="0" alt=""></a>';
        }
        $retval .= '<br>';
    }
    return $retval;
}

function _mg_user_create($uid, $force = 0)
{
    global $_TABLES, $_MG_CONF, $LANG_MG01;
    $sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . (int) $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",0)";
    DB_query($sql, 1);
    $retval = -1;
    if ($force == 1 || $_MG_CONF['member_albums'] == 1 && $_MG_CONF['member_auto_create'] == 1) {
        $username = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $uid);
        $fullname = DB_getItem($_TABLES['users'], 'fullname', 'uid=' . (int) $uid);
        $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="mediagallery Admin"');
        if ($grp_id == NULL || $grp_id == '' || $grp_id < 2) {
            $grp_id = 2;
        }
        $album = new mgAlbum();
        //$_MG_CONF['member_use_fullname'] does not seem to be set..
        $title = $username . $LANG_MG01['member_album_postfix'];
        if (!empty($fullname) && (isset($_MG_CONF['member_use_fullname']) && $_MG_CONF['member_use_fullname'] == 1)) {
            $title = $fullname . $LANG_MG01['member_album_postfix'];
        }
        $album->title = htmlspecialchars(strip_tags(COM_checkWords($title)));
        $album->parent = $_MG_CONF['member_album_root'];
        $album->group_id = $grp_id;
        $album->mod_group_id = $grp_id;
        $album->owner_id = $uid;
        $album->moderate = $_MG_CONF['member_moderate'];
        $album->email_mod = $_MG_CONF['member_email_mod'];
        $album->perm_owner = $_MG_CONF['member_perm_owner'];
        $album->perm_group = $_MG_CONF['member_perm_group'];
        $album->perm_members = $_MG_CONF['member_perm_members'];
        $album->perm_anon = $_MG_CONF['member_perm_anon'];
        $album->id = $album->createAlbumID();
        $retval = $album->id;
        $album->saveAlbum();
        $result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1 WHERE uid=" . (int) $uid, 1);
    }
    return $retval;
}

    echo COM_siteHeader();
    echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']);
    echo COM_siteFooter();
    exit;
}
if (!_ff_canUserViewRating($forum)) {
    echo COM_siteHeader();
    echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']);
    echo COM_siteFooter();
    exit;
}
$result = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (id=" . (int) $id . ")");
$A = DB_fetchArray($result);
if ($_FF_CONF['allow_smilies']) {
    $search = array(":D", ":)", ":(", "8O", ":?", "B)", ":lol:", ":x", ":P", ":oops:", ":o", ":cry:", ":evil:", ":twisted:", ":roll:", ";)", ":!:", ":question:", ":idea:", ":arrow:", ":|", ":mrgreen:", ":mrt:", ":love:", ":cat:");
    $replace = array("<img style=\"vertical-align:middle;\" src='images/smilies/biggrin.gif' alt='Big Grin'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/smile.gif' alt='Smile'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/frown.gif' alt='Frown'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/eek.gif' alt='Eek!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/confused.gif' alt='Confused'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cool.gif' alt='Cool'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/lol.gif' alt='Laughing Out Loud'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mad.gif' alt='Angry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/razz.gif' alt='Razz'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/redface.gif' alt='Oops!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/surprised.gif' alt='Surprised!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cry.gif' alt='Cry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/evil.gif' alt='Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/twisted.gif' alt='Twisted Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/rolleyes.gif' alt='Rolling Eyes'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/wink.gif' alt='Wink'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/exclaim.gif' alt='Exclaimation'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/question.gif' alt='Question'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/idea.gif' alt='Idea'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/arrow.gif' alt='Arrow'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/neutral.gif' alt='Neutral'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrgreen.gif' alt='Mr. Green'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrt.gif' alt='Mr. T'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/heart.gif' alt='Love'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cat.gif' alt='Kitten'/>");
}
$A["name"] = COM_checkWords($A["name"]);
$A["name"] = @htmlspecialchars($A["name"], ENT_QUOTES, COM_getEncodingt());
$A["subject"] = COM_checkWords($A["subject"]);
$A["subject"] = stripslashes(@htmlspecialchars($A["subject"], ENT_QUOTES, COM_getEncodingt()));
$A['comment'] = ff_FormatForPrint($A['comment'], $A['postmode'], '', $A['status']);
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
$date = strftime('%B %d %Y @ %I:%M %p', $A['date']);
echo "\n    <html>\n    <head>\n        <title>{$_CONF['site_name']} - " . $LANG_GF02['msg147'] . " {$A['id']}]</title>\n        <link rel=\"stylesheet\" type=\"text/css\" href=\"{$style_cache_url}\">\n    </head>\n    <body onload=\"window.print();\">\n      <div style=\"box-sizing: border-box;max-width:980px;padding:0px 25px;\">\n        <font face=\"verdana\" size=\"2\">\n                <h3>{$LANG_GF01['SUBJECT']}: {$A['subject']}</h3>\n                <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n            <br>\n                <b>{$LANG_GF01['BY']}</b> {$A['name']}\n            <br>\n            <br>\n            <b>{$LANG_GF01['CONTENT']}:</b>\n            <p>{$A['comment']}</p>\n            <hr width=\"25%\" align=\"left\">\n\n        <br>\n        <b>{$LANG_GF01['REPLIES']}:</b>\n        <hr width=\"50%\" align=\"left\">\n        <br>\n";
$result2 = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (pid=" . (int) $id . ")");
while ($B = DB_fetchArray($result2)) {
    $date = strftime('%B %d %Y @ %I:%M %p', $B['date']);
    echo "\n\n                <h4>{$B['subject']}</h4>\n                <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n            <br>\n                <b>{$LANG_GF01['BY']}</b> {$B['name']}\n            <br>\n            <br>\n            <b>{$LANG_GF01['CONTENT']}:</b>\n            <p>" . ff_FormatForPrint($B['comment'], $B['postmode']) . "</p>\n            <hr width=\"25%\" align=\"left\">\n\n";
}
echo "\n\n            <p>{$_CONF['site_name']} - {$LANG_GF01['FORUM']}<br/>\n                    <a href=\"{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}\">{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}</a>\n            </p>\n\n        </font>\n      </div>\n    </body>\n    </html>\n";

/**
 * Create "What's Related" links for a story
 * Creates an HTML-formatted list of links to be used for the What's Related
 * block next to a story (in article view).
 *
 * @param        string $related contents of gl_stories 'related' field
 * @param        int    $uid     user id of the author
 * @param        int    $sid     story id
 * @return       string      HTML-formatted list of links
 */
function STORY_whatsRelated($related, $uid, $sid)
{
    global $_CONF, $_TABLES, $LANG24;
    // Is it enabled?
    // Disabled' => 0, 'Enabled' => 1, 'Enabled (No Links)' => 2, 'Enabled (No Outbound Links)' => 3
    if ($_CONF['whats_related']) {
        // get the links from the story text
        if ($_CONF['whats_related'] != 2) {
            if (!empty($related)) {
                $rel = explode("\n", $related);
            } else {
                $rel = array();
            }
            // Used to hunt out duplicates. Stores urls that have already passed filters
            $urls = array();
            foreach ($rel as $key => &$value) {
                if (preg_match("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\\/a>/i", $value, $matches) === 1) {
                    // Go through array and remove links with no link text except link. Since a max of only 23 characters of link text showen then compare only this
                    if (substr($matches[1], 0, 23) != substr($matches[2], 0, 23)) {
                        // Check if outbound links (if needed)
                        $passd_check = false;
                        if ($_CONF['whats_related'] == 3) {
                            // no outbound links
                            if ($_CONF['site_url'] == substr($matches[1], 0, strlen($_CONF['site_url']))) {
                                $passd_check = true;
                            }
                        } else {
                            $passd_check = true;
                        }
                        if ($passd_check) {
                            // Go through array and remove any duplicates of this link
                            if (in_array($matches[1], $urls)) {
                                // remove it from the array
                                unset($rel[$key]);
                            } else {
                                $urls[] = $matches[1];
                                // Now Check Words
                                $value = '<a href="' . $matches[1] . '">' . COM_checkWords($matches[2], 'story') . '</a>';
                            }
                        } else {
                            // remove it from the array
                            unset($rel[$key]);
                        }
                    } else {
                        // remove it from the array
                        unset($rel[$key]);
                    }
                } else {
                    $value = COM_checkWords($value, 'story');
                }
            }
        }
        $topics = array();
        if (!COM_isAnonUser() || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) {
            // add a link to "search by author"
            if ($_CONF['contributedbyline'] == 1) {
                $author = $LANG24[37] . ' ' . COM_getDisplayName($uid);
                if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($author) > $_CONF['whats_related_trim']) {
                    $author = substr($author, 0, $_CONF['whats_related_trim'] - 3) . '...';
                }
                $topics[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&amp;type=stories&amp;author={$uid}\">{$author}</a>";
            }
            // Retrieve topics
            $tids = TOPIC_getTopicIdsForObject('article', $sid, 0);
            foreach ($tids as $tid) {
                // add a link to "search by topic"
                $topic = $LANG24[38] . ' ' . stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'"));
                // trim topics if needed
                if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($topic) > $_CONF['whats_related_trim']) {
                    $topic = substr($topic, 0, $_CONF['whats_related_trim'] - 3) . '...';
                }
                $topics[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&amp;type=stories&amp;topic=' . $tid . '">' . $topic . '</a>';
            }
        }
        // If line limit then split between related links and topics
        if ($_CONF['whats_related_max'] > 0) {
            if ($_CONF['whats_related_max'] < 3) {
                $rel = array();
                // Reset related links so at least user search and default topic search is displayed
                $topics = array_slice($topics, 0, 2);
            } else {
                $rel_max_num_items = intval($_CONF['whats_related_max'] / 2);
                $topic_max_num_items = $rel_max_num_items;
                if ($rel_max_num_items + $topic_max_num_items != $_CONF['whats_related_max']) {
                    $topic_max_num_items = $topic_max_num_items + 1;
                }
                // Now check if we have enough topics to display else give it to links
                $topic_num_items = count($topics);
                $rel_num_items = count($rel);
                $added_flag = false;
//.........这里部分代码省略.........

function FF_lastx()
{
    global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92;
    $retval = '';
    $pageTitle = $LANG_GF01['LASTX'];
    USES_lib_admin();
    USES_lib_html2text();
    $T = new Template($_CONF['path'] . 'plugins/forum/templates/');
    $T->set_file('list', 'lists.thtml');
    $dt = new Date('now', $_USER['tzid']);
    $header_arr = array(array('text' => $LANG_GF01['FORUM'], 'field' => 'forum'), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject'), array('text' => $LANG_GF92['sb_latestposts'], 'field' => 'date', 'nowrap' => true));
    $data_arr = array();
    $text_arr = array();
    if ($_FF_CONF['usermenu'] == 'navbar') {
        $T->set_var('navbar', FF_NavbarMenu($LANG_GF01['LASTX']));
    }
    $T->set_var('block_start', COM_startBlock($LANG_GF01['LASTX'], '', COM_getBlockTemplate('_admin_block', 'header')));
    $groups = array();
    $usergroups = SEC_getUserGroups();
    foreach ($usergroups as $group) {
        $groups[] = $group;
    }
    $grouplist = implode(',', $groups);
    if (!COM_isAnonUser() && $_FF_CONF['enable_user_rating_system']) {
        $grade = (int) _ff_getUserRating((int) $_USER['uid']);
        $ratingSQL = ' AND b.rating_view <= ' . $grade . ' ';
    } else {
        $ratingSQL = '';
    }
    $sql = "SELECT * ";
    $sql .= "FROM {$_TABLES['ff_topic']} a ";
    $sql .= "LEFT JOIN {$_TABLES['ff_forums']} b ON a.forum=b.forum_id ";
    $sql .= "WHERE pid=0 AND b.grp_id IN ({$grouplist}) AND b.no_newposts = 0 " . $ratingSQL;
    $sql .= "ORDER BY lastupdated DESC LIMIT {$_FF_CONF['show_last_post_count']}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    $displayrecs = 0;
    for ($i = 1; $i <= $nrows; $i++) {
        $P = DB_fetchArray($result);
        if ($_FF_CONF['use_censor']) {
            $P['subject'] = COM_checkWords($P['subject']);
            $P['comment'] = COM_checkWords($P['comment']);
        }
        $topic_id = $P['id'];
        $displayrecs++;
        $dt->setTimestamp($P['date']);
        $firstdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        $dt->setTimestamp($P['lastupdated']);
        $lastdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        if ($P['uid'] > 1) {
            $topicinfo = "{$LANG_GF01['STARTEDBY']} " . COM_getDisplayName($P['uid']) . ', ';
        } else {
            $topicinfo = "{$LANG_GF01['STARTEDBY']} {$P['name']},";
        }
        $topicinfo .= "{$firstdate}<br/>{$LANG_GF01['VIEWS']}:{$P['views']}, {$LANG_GF01['REPLIES']}:{$P['replies']}<br/>";
        if (empty($P['last_reply_rec']) || $P['last_reply_rec'] < 1) {
            $lastid = $P['id'];
            $testText = FF_formatTextBlock($P['comment'], 'text', 'text', $P['status']);
            $testText = strip_tags($testText);
            $html2txt = new html2text($testText, false);
            $testText = trim($html2txt->get_text());
            $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
        } else {
            $qlreply = DB_query("SELECT id,uid,name,comment,date,status FROM {$_TABLES['ff_topic']} WHERE id={$P['last_reply_rec']}");
            $B = DB_fetchArray($qlreply);
            $lastid = $B['id'];
            $lastcomment = $B['comment'];
            $P['date'] = $B['date'];
            if ($B['uid'] > 1) {
                $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], COM_getDisplayName($B['uid']));
            } else {
                $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], $B['name']);
            }
            $testText = FF_formatTextBlock($B['comment'], 'text', 'text', $B['status']);
            $testText = strip_tags($testText);
            $html2txt = new html2text($testText, false);
            $testText = trim($html2txt->get_text());
            $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
        }
        $link = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none; white-space:nowrap;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '&amp;lastpost=true#' . $lastid . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $lastpostinfogll . '" rel="nofollow">';
        $topiclink = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $topicinfo . '">' . $P['subject'] . '</a>';
        $dt->setTimestamp($P['date']);
        $tdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        $data_arr[] = array('forum' => $P['forum_name'], 'subject' => $topiclink, 'date' => $link . $tdate . '</a>');
        if ($displayrecs >= $_FF_CONF['show_last_post_count']) {
            break;
        }
    }
    $T->set_var('list_data', ADMIN_simpleList("", $header_arr, $text_arr, $data_arr));
    $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $T->parse('output', 'list');
    $retval = $T->finish($T->get_var('output'));
    return array($pageTitle, $retval);
}

 /**
  * Returns text ready for display.
  *
  * @param   string  $text         Text to prepare for display
  * @param   string  $postmode     Indicates if text is html, adveditor, wikitext or plaintext
  * @param   int     $version      version of GLText engine
  * @return  string  Escaped String
  * @access  public
  *
  */
 public static function getDisplayText($text, $postmode, $version)
 {
     if ($version == GLTEXT_FIRST_VERSION) {
         // first version
         if ($postmode == 'plaintext') {
             $text = COM_nl2br($text);
         }
         if ($postmode == 'wikitext') {
             $text = self::_editUnescape($text, $postmode);
             $text = self::renderWikiText($text);
         }
     } else {
         // latest version
         if ($postmode == 'html' || $postmode == 'adveditor') {
             // Get rid of any newline characters
             $text = str_replace("\n", '', $text);
             $text = self::_handleSpecialTag_callback($text, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars');
             $text = self::_handleSpecialTag_callback($text, array('[raw]', '[/raw]', '<!--raw--><span class="raw">', '</span><!--/raw-->'), '_escapeSPChars');
         }
         if ($postmode == 'plaintext') {
             $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt());
             $text = COM_makeClickableLinks($text);
             $text = COM_nl2br($text);
         }
         if ($postmode == 'wikitext') {
             $text = self::_editUnescape($text, $postmode);
             $text = self::renderWikiText($text);
             //              $text = self::_htmLawed($text, 'story.edit');
         }
         $text = COM_checkWords($text);
     }
     $text = PLG_replaceTags(self::_displayEscape($text));
     return $text;
 }

function MG_sendPostCard()
{
    global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
    global $LANG_DIRECTION, $LANG_CHARSET;
    $mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
    $toname = COM_applyFilter($_POST['toname']);
    $toemail = COM_applyFilter($_POST['toemail']);
    $fromname = COM_applyFilter($_POST['fromname']);
    $fromemail = COM_applyFilter($_POST['fromemail']);
    $subject = strip_tags(COM_checkWords($_POST['subject']));
    $message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
    $ccself = isset($_POST['ccself']) ? 1 : 0;
    $errCount = 0;
    $msg = '';
    if (!COM_isEmail($toemail)) {
        $errCount++;
    }
    if (!COM_isEmail($fromemail)) {
        $errCount++;
    }
    if (empty($subject)) {
        $errCount++;
    }
    if (empty($message)) {
        $errCount++;
    }
    $captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
    $msg = PLG_itemPreSave('mediagallery', $captchaString);
    if ($msg != '') {
        $errCount++;
    }
    if ($errCount > 0) {
        return MG_editPostCard('edit', $mid, $msg);
    }
    $retval = '';
    $aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
    if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
        $retval = MG_siteHeader();
        $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
        $retval .= MG_siteFooter();
        echo $retval;
        exit;
    }
    $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows < 1) {
        $retval = MG_siteHeader();
        $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
        $retval .= MG_siteFooter();
        echo $retval;
        exit;
    }
    $M = DB_fetchArray($result);
    // trim the database
    $purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
    DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
    // save this one in the database
    $newsubject = DB_escapeString($subject);
    $newmessage = DB_escapeString($message);
    $pcId = COM_makesid();
    $pc_time = time();
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = (int) $_USER['uid'];
    }
    $sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
    $result = DB_query($sql);
    if (DB_error()) {
        COM_errorLog("Media Gallery: Error saving postcard");
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
    $last = COM_checkSpeedlimit('mgpostcard');
    if ($last > 0) {
        $msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
        return MG_errorHandler($msg);
    }
    $alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
    // build the template...
    $T = new Template(MG_getTemplatePath($aid));
    $T->set_file('postcard', 'postcard.thtml');
    $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
    if (empty($LANG_DIRECTION)) {
        // default to left-to-right
        $direction = 'ltr';
    } else {
        $direction = $LANG_DIRECTION;
    }
    if (empty($LANG_CHARSET)) {
        $charset = $_CONF['default_charset'];
        if (empty($charset)) {
            $charset = 'iso-8859-1';
        }
    } else {
        $charset = $LANG_CHARSET;
    }
    $T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
    $T->parse('output', 'postcard');
    $retval .= $T->finish($T->get_var('output'));
//.........这里部分代码省略.........

//.........这里部分代码省略.........
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $sp_content = addslashes($sp_content);
        $sp_title = addslashes($sp_title);
        $sp_page_title = addslashes($sp_page_title);
        $sp_label = addslashes($sp_label);
        $meta_description = addslashes($meta_description);
        $meta_keywords = addslashes($meta_keywords);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";

//.........这里部分代码省略.........
    if ($_MG_CONF['discard_original'] == 1) {
        $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
    }
    DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
    if ($errors) {
        @unlink($tmpPath);
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
        // Now we need to process an uploaded thumbnail
        if ($gotTN == 1) {
            $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
            $fn = fopen($mp3TNFilename, "w");
            fwrite($fn, $mp3AttachdedThumbnail);
            fclose($fn);
            $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
            MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
            @unlink($mp3TNFilename);
            $atttn = 1;
        } else {
            if ($atttn == 1) {
                $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
                MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
            }
        }
        if ($video_attached_thumbnail) {
            $atttn = 1;
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Building SQL and preparing to enter database");
        }
        if ($_MG_CONF['htmlallowed'] != 1) {
            $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
            $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
            $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
        } else {
            $media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
            $media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
            $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
        }
        // Check and see if moderation is on.  If yes, place in mediasubmission
        if ($album->moderate == 1 && !$root_album->owner_id) {
            $tableMedia = $_TABLES['mg_mediaqueue'];
            $tableMediaAlbum = $_TABLES['mg_media_album_queue'];
            $queue = 1;
        } else {
            $tableMedia = $_TABLES['mg_media'];
            $tableMediaAlbum = $_TABLES['mg_media_albums'];
            $queue = 0;
        }
        $original_filename = addslashes($file);
        if ($album->filename_title) {
            if ($media_caption == '') {
                $pos = strrpos($original_filename, '.');
                if ($pos === false) {
                    $media_caption = $original_filename;
                } else {
                    $media_caption = substr($original_filename, 0, $pos);
                }
            }
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Inserting media record into mg_media");
        }
        $resolution_x = 0;

 public function testCheckWordsWithReplaceWordFragment()
 {
     // Line 2823
     $message = COM_checkWords('Peacocks');
     $this->assertEquals('Pea*censored*s', $message);
 }

/**
 * Filters comment text and appends necessary tags (sig and/or edit)
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd, wenerd87 AT gmail DOT com
 * @param string  $comment  comment text
 * @param string  $postmode ('html', 'plaintext', ...)
 * @param string  $type     Type of item (article, poll, etc.)
 * @param bool    $edit     if true append edit tag
 * @param int     $cid      commentid if editing comment (for proper sig)
 * @return string of comment text
 */
function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null)
{
    global $_USER, $_TABLES, $LANG03, $_CONF;
    if ($postmode == 'html') {
        $html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit";
        $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm));
    } else {
        // plaintext
        $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment)));
        $newcomment = COM_makeClickableLinks($comment);
        if (strcmp($comment, $newcomment) != 0) {
            $comment = nl2br($newcomment);
        }
    }
    if ($edit) {
        $comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->';
        $text = $comment;
    }
    if (empty($_USER['uid'])) {
        $uid = 1;
    } elseif ($edit && is_numeric($cid)) {
        //if comment moderator
        $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'");
    } else {
        $uid = $_USER['uid'];
    }
    $sig = '';
    if ($uid > 1) {
        $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'");
        if (!empty($sig)) {
            $comment .= '<!-- COMMENTSIG --><div class="comment-sig">';
            if ($postmode == 'html') {
                $comment .= '---<br' . XHTML . '>' . nl2br($sig);
            } else {
                $comment .= '---' . LB . $sig;
            }
            $comment .= '</div><!-- /COMMENTSIG -->';
        }
    }
    return $comment;
}

/**
* Create "What's Related" links for a story
*
* Creates an HTML-formatted list of links to be used for the What's Related
* block next to a story (in article view).
*
* @param        string      $related    contents of gl_stories 'related' field
* @param        int         $uid        user id of the author
* @param        int         $tid        topic id
* @return       string      HTML-formatted list of links
*/
function STORY_whatsRelated($related, $uid, $tid)
{
    global $_CONF, $_TABLES, $_USER, $LANG24;
    // get the links from the story text
    if (!empty($related)) {
        $rel = explode("\n", $related);
    } else {
        $rel = array();
    }
    if (!empty($_USER['username']) || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) {
        // add a link to "search by author"
        if ($_CONF['contributedbyline'] == 1) {
            $author = COM_getDisplayName($uid);
            $rel[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&amp;type=stories&amp;author={$uid}\">{$LANG24[37]} {$author}</a>";
        }
        // add a link to "search by topic"
        $topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'");
        $rel[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&amp;type=stories&amp;topic=' . $tid . '">' . $LANG24[38] . ' ' . stripslashes($topic) . '</a>';
    }
    $related = '';
    if (count($rel) > 0) {
        $related = COM_checkWords(COM_makeList($rel, 'list-whats-related'));
    }
    return $related;
}

/**
* Saves link to the database
*
* @param    string  $lid            ID for link
* @param    string  $old_lid        old ID for link
* @param    string  $cid            cid of category link belongs to
* @param    string  $categorydd     Category links belong to
* @param    string  $url            URL of link to save
* @param    string  $description    Description of link
* @param    string  $title          Title of link
* @param    int     $hits           Number of hits for link
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group link belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
            $cid = DB_escapeString($categorydd);
        } else {
            if ($categorydd != $LANG_LINKS_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
            }
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
//.........这里部分代码省略.........

function fncSave($edt_flg, $navbarMenu, $menuno)
{
    $pi_name = "userbox";
    global $_CONF;
    global $_TABLES;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG_USERBOX_ADMIN;
    global $_FILES;
    $addition_def = DATABOX_getadditiondef($pi_name);
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    //@@@@@ username fullname
    $username = COM_applyFilter($_POST['username']);
    $username = addslashes(COM_checkHTML(COM_checkWords($username)));
    $fullname = COM_applyFilter($_POST['fullname']);
    $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
    $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
    $draft_flag = COM_applyFilter($_POST['draft_flag'], true);
    //            $hits =0;
    //            $comments=0;
    $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
    if ($comment_expire_flag) {
        $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
        $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
        $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
        $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
        $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
        if ($comment_expire_ampm == 'pm') {
            if ($comment_expire_hour < 12) {
                $comment_expire_hour = $comment_expire_hour + 12;
            }
        }
        if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
            $comment_expire_hour = '00';
        }
    } else {
        $comment_expire_month = 0;
        $comment_expire_day = 0;
        $comment_expire_year = 0;
        $comment_expire_hour = 0;
        $comment_expire_minute = 0;
    }
    $commentcode = COM_applyFilter($_POST['commentcode'], true);
    $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
    $cache_time = COM_applyFilter($_POST['cache_time'], true);
    $meta_description = $_POST['meta_description'];
    $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
    $meta_keywords = $_POST['meta_keywords'];
    $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //
    $owner_id = COM_applyFilter($_POST['owner_id'], true);
    $group_id = COM_applyFilter($_POST['group_id'], true);
    //
    $array['perm_owner'] = $_POST['perm_owner'];
    $array['perm_group'] = $_POST['perm_group'];
    $array['perm_members'] = $_POST['perm_members'];
    $array['perm_anon'] = $_POST['perm_anon'];
    if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
    } else {
        $perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
        $perm_group = COM_applyBasicFilter($array['perm_group'], true);
        $perm_members = COM_applyBasicFilter($array['perm_members'], true);
        $perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
    }
    //編集日付
    $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
    if ($modified_autoupdate == 1) {
        //$udate = date('Ymd');
        $modified_month = date('m');
        $modified_day = date('d');
        $modified_year = date('Y');
        $modified_hour = date('H');
        $modified_minute = date('i');
    } else {
        $modified_month = COM_applyFilter($_POST['modified_month'], true);
        $modified_day = COM_applyFilter($_POST['modified_day'], true);
        $modified_year = COM_applyFilter($_POST['modified_year'], true);
        $modified_hour = COM_applyFilter($_POST['modified_hour'], true);
        $modified_minute = COM_applyFilter($_POST['modified_minute'], true);
//.........这里部分代码省略.........