当前位置: 首页>>代码示例>>PHP>>正文


PHP COM_sanitizeID函数代码示例

本文整理汇总了PHP中COM_sanitizeID函数的典型用法代码示例。如果您正苦于以下问题:PHP COM_sanitizeID函数的具体用法?PHP COM_sanitizeID怎么用?PHP COM_sanitizeID使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了COM_sanitizeID函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: __set

 /**
  *   Set a property's value.
  *
  *   @param  string  $var    Name of property to set.
  *   @param  mixed   $value  New value for property.
  */
 public function __set($var, $value = '')
 {
     switch ($var) {
         case 'det_id':
             $this->properties[$var] = (int) $value;
             break;
         case 'ev_id':
             $this->properties[$var] = COM_sanitizeID($value, false);
             break;
         case 'title':
         case 'summary':
         case 'full_description':
         case 'url':
         case 'location':
         case 'street':
         case 'city':
         case 'province':
         case 'country':
         case 'postal':
         case 'contact':
         case 'email':
         case 'phone':
             // String values
             $this->properties[$var] = trim(COM_checkHTML($value));
             break;
         case 'lat':
         case 'lng':
             $this->properties[$var] = (double) $value;
             break;
         default:
             // Undefined values (do nothing)
             break;
     }
 }
开发者ID:matrox66,项目名称:evlist,代码行数:40,代码来源:evDetail.class.php

示例2: savepoll

/**
 * Saves a poll
 * Saves a poll topic and potential answers to the database
 *
 * @param    string $pid          Poll topic ID
 * @param    string $old_pid      Previous poll topic ID
 * @param    array  $Q            Array of poll questions
 * @param    string $mainPage     Checkbox: poll appears on homepage
 * @param    string $topic        The text for the topic
 * @param    string $meta_description
 * @param    string $meta_keywords
 * @param    int    $statusCode   (unused)
 * @param    string $open         Checkbox: poll open for voting
 * @param    string $hideResults  Checkbox: hide results until closed
 * @param    int    $commentCode  Indicates if users can comment on poll
 * @param    array  $A            Array of possible answers
 * @param    array  $V            Array of vote per each answer
 * @param    array  $R            Array of remark per each answer
 * @param    int    $owner_id     ID of poll owner
 * @param    int    $group_id     ID of group poll belongs to
 * @param    int    $perm_owner   Permissions the owner has on poll
 * @param    int    $perm_group   Permissions the group has on poll
 * @param    int    $perm_members Permissions logged in members have on poll
 * @param    int    $perm_anon    Permissions anonymous users have on poll
 * @param    bool   $allow_multipleanswers
 * @param    string $topic_description
 * @param    string $description
 * @return   string|void
 */
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $topic = COM_checkHTML($topic);
    $topic_description = strip_tags(COM_stripslashes($topic_description));
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
        $retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    // Retrieve Created Date before delete
    $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
//.........这里部分代码省略.........
开发者ID:mystralkk,项目名称:geeklog,代码行数:101,代码来源:index.php

示例3: service_submit_staticpages

/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    if (defined('DEMO_MODE')) {
        $output = COM_siteHeader('menu');
        $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
        $output .= COM_siteFooter();
        return PLG_REG_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_uid'])) {
        $args['sp_uid'] = $_USER['uid'];
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if ($args['sp_status'] != 1) {
        $args['sp_status'] = 0;
    }
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
//.........这里部分代码省略.........
开发者ID:JohnToro,项目名称:glfusion,代码行数:101,代码来源:services.inc.php

示例4: service_submit_staticpages

/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $output .= $LANG_STATIC['access_denied_msg'];
        $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
//.........这里部分代码省略.........
开发者ID:alxstuart,项目名称:ajfs.me,代码行数:101,代码来源:services.inc.php

示例5: array

}
// MAIN ========================================================================
$action = '';
$expected = array('update', 'delete', 'cancel', 'remove');
foreach ($expected as $provided) {
    if (isset($_POST[$provided])) {
        $action = $provided;
    } elseif (isset($_GET[$provided])) {
        $action = $provided;
    }
}
$pi_name = '';
if (isset($_POST['pi_name'])) {
    $pi_name = COM_sanitizeID(COM_applyFilter($_POST['pi_name']));
} elseif (isset($_GET['pi_name'])) {
    $pi_name = COM_sanitizeID(COM_applyFilter($_GET['pi_name']));
}
if (isset($_POST['pluginenabler']) && SEC_checkToken()) {
    $enabledplugins = array();
    if (isset($_POST['enabledplugins'])) {
        $enabledplugins = $_POST['enabledplugins'];
    }
    $pluginarray = array();
    if (isset($_POST['pluginarray'])) {
        $pluginarray = $_POST['pluginarray'];
    }
    PLUGINS_toggleStatus($enabledplugins, $pluginarray);
    // force a refresh so that the information of the plugin that was just
    // enabled / disabled (menu entries, etc.) is displayed properly
    header('Location: ' . $_CONF['site_admin_url'] . '/plugins.php');
    exit;
开发者ID:NewRoute,项目名称:glfusion,代码行数:31,代码来源:plugins.php

示例6: savetopic

/**
* Save topic to the database
*
* @param    string  $tid            Topic ID
* @param    string  $topic          Name of topic (what the user sees)
* @param    string  $imageurl       (partial) URL to topic image
* @param    string  $meta_description    Topic meta description
* @param    string  $meta_keywords       Topic meta keywords
* @param    int     $sortnum        number for sort order in "Topics" block
* @param    int     $limitnews      number of stories per page for this topic
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group topic belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_member    Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @param    string  $is_default     'on' if this is the default topic
* @param    string  $is_archive     'on' if this is the archive topic
* @return   string                  HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
    global $_CONF, $_TABLES, $LANG27, $MESSAGE;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    $access = 0;
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } elseif (!empty($tid) && !empty($topic)) {
        if ($imageurl == '/images/topics/') {
            $imageurl = '';
        }
        $topic = addslashes($topic);
        $meta_description = addslashes(strip_tags($meta_description));
        $meta_keywords = addslashes(strip_tags($meta_keywords));
        if ($is_default == 'on') {
            $is_default = 1;
            DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
        } else {
            $is_default = 0;
        }
        $is_archive = $is_archive == 'on' ? 1 : 0;
        $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if ($is_archive) {
            // $tid is the archive topic
            // - if it wasn't already, mark all its stories "archived" now
            if ($archivetid != $tid) {
                DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
                DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
            }
        } else {
            // $tid is not the archive topic
            // - if it was until now, reset the "archived" status of its stories
            if ($archivetid == $tid) {
                DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
                DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
            }
        }
        DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $tid);
        COM_olderStuff();
        $retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
    } else {
        $retval .= COM_siteHeader('menu', $LANG27[1]);
        $retval .= COM_errorLog($LANG27[7], 2);
        $retval .= COM_siteFooter();
    }
    return $retval;
}
开发者ID:hostellerie,项目名称:nexpro,代码行数:80,代码来源:topic.php

示例7: MG_staticSortMedia

         $retval .= MG_staticSortMedia($album_id, $_MG_CONF['site_url'] . '/admin.php');
     } else {
         $retval .= MG_invalidRequest();
     }
     $display = MG_siteHeader();
     $display .= $retval;
     $display .= MG_siteFooter();
     echo $display;
     exit;
 } else {
     if ($mode == 'rotate') {
         $retval = '';
         if (isset($_GET['album_id']) && isset($_GET['media_id']) && isset($_GET['action'])) {
             require_once $_CONF['path'] . 'plugins/mediagallery/include/rotate.php';
             $album_id = COM_applyFilter($_GET['album_id'], true);
             $media_id = COM_sanitizeID(COM_applyFilter($_GET['media_id']));
             $direction = COM_applyFilter($_GET['action']);
             $queue = COM_applyFilter($_GET['queue'], true);
             $srcFrom = isset($_GET['s']) ? COM_applyFilter($_GET['s'], true) : 0;
             $srcURL = '';
             if ($srcFrom) {
                 $srcURL = '&amp;s=1';
             }
             $eMode = $queue == 0 ? 'mediaedit' : 'mediaeditq';
             $actionURL = $_MG_CONF['site_url'] . '/admin.php?mode=' . $eMode . $srcURL . '&mid=' . $media_id . '&album_id=' . $album_id;
             MG_rotateMedia($album_id, $media_id, $direction, $actionURL);
         } else {
             $display = MG_siteHeader();
             $display .= MG_invalidRequest();
         }
         $display .= MG_siteFooter();
开发者ID:NewRoute,项目名称:glfusion,代码行数:31,代码来源:admin.php

示例8: adDetail

/**
 *  Display an ad's detail
 *  @param  string  $ad_id  ID of ad to display
 */
function adDetail($ad_id = '')
{
    global $_USER, $_TABLES, $_CONF, $LANG_ADVT, $_CONF_ADVT;
    USES_lib_comments();
    // Determind if this is an administrator
    $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
    $ad_id = COM_sanitizeID($ad_id);
    if ($ad_id == '') {
        // An ad id is required for this function
        return CLASSIFIEDS_errorMsg($LANG_ADVT['missing_id'], 'alert');
    }
    $srchval = isset($_GET['query']) ? trim($_GET['query']) : '';
    // We use this in a few places here, so might as well just
    // figure it out once and save it.
    $perm_sql = COM_getPermSQL('AND', 0, 2, 'ad') . ' ' . COM_getPermSQL('AND', 0, 2, 'cat');
    // get the ad information.
    $sql = "SELECT ad.*\n            FROM {$_TABLES['ad_ads']} ad\n            LEFT JOIN {$_TABLES['ad_category']} cat\n                ON ad.cat_id = cat.cat_id\n            WHERE ad_id='{$ad_id}'";
    if (!$admin) {
        $sql .= $perm_sql;
    }
    $result = DB_query($sql);
    if (!$result || DB_numRows($result) < 1) {
        return CLASSIFIEDS_errorMsg($LANG_ADVT['no_ad_found'], 'note', 'Oops...');
    }
    $ad = DB_fetchArray($result, false);
    // Check access to the ad.  If granted, check that access isn't
    // blocked by any category.
    $my_access = CLASSIFIEDS_checkAccess($ad['ad_id'], $ad);
    if ($my_access >= 2) {
        $my_cat_access = CLASSIFIEDS_checkCatAccess($ad['cat_id'], false);
        if ($my_cat_access < $my_access) {
            $my_access = $my_cat_access;
        }
    }
    if ($my_access < 2) {
        return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']);
    }
    $cat = (int) $ad['cat_id'];
    // Increment the views counter
    $sql = "UPDATE {$_TABLES['ad_ads']} \n            SET views = views + 1 \n            WHERE ad_id='{$ad_id}'";
    DB_query($sql);
    // Get the previous and next ads
    $condition = " AND ad.cat_id={$cat}";
    if (!$admin) {
        $condition .= $perm_sql;
    }
    $sql = "SELECT ad_id\n            FROM {$_TABLES['ad_ads']} ad\n            LEFT JOIN {$_TABLES['ad_category']} cat\n                ON ad.cat_id = cat.cat_id\n            WHERE ad_id < '{$ad_id}' \n            {$condition}\n            ORDER BY ad_id DESC\n            LIMIT 1";
    $r = DB_query($sql);
    list($preAd_id) = DB_fetchArray($r, false);
    $sql = "SELECT ad_id\n            FROM {$_TABLES['ad_ads']} ad\n            LEFT JOIN {$_TABLES['ad_category']} cat\n                ON ad.cat_id = cat.cat_id\n            WHERE ad_id > '{$ad_id}' \n            {$condition}\n            ORDER BY ad_id ASC\n            LIMIT 1";
    $r = DB_query($sql);
    list($nextAd_id) = DB_fetchArray($r, false);
    // Get the user contact info. If none, just show the email link
    $sql = "SELECT * \n            FROM {$_TABLES['ad_uinfo']} \n            WHERE uid='{$ad['uid']}'";
    //echo $sql;
    $result = DB_query($sql);
    $uinfo = array();
    if ($result && DB_numRows($result) > 0) {
        $uinfo = DB_fetchArray($result);
    } else {
        $uinfo['uid'] = '';
        $uinfo['address'] = '';
        $uinfo['city'] = '';
        $uinfo['state'] = '';
        $uinfo['postal'] = '';
        $uinfo['tel'] = '';
        $uinfo['fax'] = '';
    }
    // Get the hot results (most viewed ads)
    $time = time();
    $sql = "SELECT ad.ad_id, ad.cat_id, ad.subject,\n                    cat.cat_id, cat.fgcolor, cat.bgcolor\n        FROM {$_TABLES['ad_ads']} ad\n        LEFT JOIN {$_TABLES['ad_category']} cat\n            ON ad.cat_id = cat.cat_id\n        WHERE ad.exp_date > {$time} \n            {$perm_sql}\n        ORDER BY views DESC \n        LIMIT 4";
    //echo $sql;die;
    $hotresult = DB_query($sql);
    // convert line breaks & others to html
    $patterns = array('/\\n/');
    $replacements = array('<br />');
    $ad['descript'] = PLG_replaceTags(COM_checkHTML($ad['descript']));
    $ad['descript'] = preg_replace($patterns, $replacements, $ad['descript']);
    $ad['subject'] = strip_tags($ad['subject']);
    $ad['price'] = strip_tags($ad['price']);
    $ad['url'] = COM_sanitizeUrl($ad['url']);
    $ad['keywords'] = strip_tags($ad['keywords']);
    // Highlight search terms, if any
    if ($srchval != '') {
        $ad['subject'] = COM_highlightQuery($ad['subject'], $srchval);
        $ad['descript'] = COM_highlightQuery($ad['descript'], $srchval);
    }
    $detail = new Template(CLASSIFIEDS_PI_PATH . '/templates');
    $detail->set_file('detail', 'detail.thtml');
    if ($admin) {
        $base_url = CLASSIFIEDS_ADMIN_URL . '/index.php';
        $del_link = $base_url . '?delete=ad&ad_id=' . $ad_id;
        $edit_link = $base_url . '?edit=ad&ad_id=' . $ad_id;
    } else {
        $base_url = CLASSIFIEDS_URL . '/index.php';
        $del_link = $base_url . '?mode=Delete&id=' . $ad_id;
//.........这里部分代码省略.........
开发者ID:NewRoute,项目名称:classifieds,代码行数:101,代码来源:detail.php

示例9: COM_sanitizeID

$reply = '';
if (isset($_POST['mode'])) {
    $sid = COM_sanitizeID(COM_applyFilter($_POST['story']));
    $mode = COM_applyFilter($_POST['mode']);
    if (isset($_POST['order'])) {
        $order = COM_applyFilter($_POST['order']);
    }
    if (isset($_POST['query'])) {
        $query = COM_applyFilter($_POST['query']);
    }
    if (isset($_POST['reply'])) {
        $reply = COM_applyFilter($_POST['reply']);
    }
} else {
    COM_setArgNames(array('story', 'mode'));
    $sid = COM_sanitizeID(COM_applyFilter(COM_getArgument('story')));
    $mode = COM_applyFilter(COM_getArgument('mode'));
    if (isset($_GET['order'])) {
        $order = COM_applyFilter($_GET['order']);
    }
    if (isset($_GET['query'])) {
        $query = COM_applyFilter($_GET['query']);
    }
    if (isset($_GET['reply'])) {
        $reply = COM_applyFilter($_GET['reply']);
    }
}
if (empty($sid)) {
    COM_404();
}
if (strcasecmp($order, 'ASC') != 0 && strcasecmp($order, 'DESC') != 0) {
开发者ID:NewRoute,项目名称:glfusion,代码行数:31,代码来源:article.php

示例10: _loadBasics

 /**
  * Loads the basic details of an article into the internal
  * variables, cleaning them up nicely.
  * @access Private
  * @param $array Array of POST/GET data (by ref).
  * @return Nothing.
  */
 function _loadBasics(&$array)
 {
     /* For the really, really basic stuff, we can very easily load them
      * based on an array that defines how to COM_applyFilter them.
      */
     foreach ($this->_postFields as $key => $value) {
         $vartype = $value[0];
         $varname = $value[1];
         // If we have a value
         if (array_key_exists($key, $array)) {
             // And it's alphanumeric or numeric, filter it and use it.
             if ($vartype == STORY_AL_ALPHANUM || $vartype == STORY_AL_NUMERIC) {
                 $this->{$varname} = COM_applyFilter($array[$key], $vartype);
             } elseif ($vartype == STORY_AL_ANYTHING) {
                 $this->{$varname} = $array[$key];
             } elseif ($array[$key] === 'on' || $array[$key] === 1) {
                 // If it's a checkbox that is on
                 $this->{$varname} = 1;
             } else {
                 // Otherwise, it must be a checkbox that is off:
                 $this->{$varname} = 0;
             }
         } elseif ($vartype == STORY_AL_NUMERIC || $vartype == STORY_AL_CHECKBOX) {
             // If we don't have a value, and have a numeric or text box, default to 0
             $this->{$varname} = 0;
         }
     }
     // SID's are a special case:
     $sid = COM_sanitizeID($array['sid']);
     if (isset($array['old_sid'])) {
         $oldsid = COM_sanitizeID($array['old_sid'], false);
     } else {
         $oldsid = '';
     }
     if (empty($sid)) {
         $sid = $oldsid;
     }
     if (empty($sid)) {
         $sid = COM_makeSid();
     }
     $this->_sid = $sid;
     $this->_originalSid = $oldsid;
     /* Need to deal with the postdate and expiry date stuff */
     $publish_ampm = '';
     if (isset($array['publish_ampm'])) {
         $publish_ampm = COM_applyFilter($array['publish_ampm']);
     }
     $publish_hour = 0;
     if (isset($array['publish_hour'])) {
         $publish_hour = COM_applyFilter($array['publish_hour'], true);
     }
     $publish_minute = 0;
     if (isset($array['publish_minute'])) {
         $publish_minute = COM_applyFilter($array['publish_minute'], true);
     }
     $publish_second = 0;
     if (isset($array['publish_second'])) {
         $publish_second = COM_applyFilter($array['publish_second'], true);
     }
     if ($publish_ampm == 'pm') {
         if ($publish_hour < 12) {
             $publish_hour = $publish_hour + 12;
         }
     }
     if ($publish_ampm == 'am' and $publish_hour == 12) {
         $publish_hour = '00';
     }
     $publish_year = 0;
     if (isset($array['publish_year'])) {
         $publish_year = COM_applyFilter($array['publish_year'], true);
     }
     $publish_month = 0;
     if (isset($array['publish_month'])) {
         $publish_month = COM_applyFilter($array['publish_month'], true);
     }
     $publish_day = 0;
     if (isset($array['publish_day'])) {
         $publish_day = COM_applyFilter($array['publish_day'], true);
     }
     $this->_date = strtotime("{$publish_month}/{$publish_day}/{$publish_year} {$publish_hour}:{$publish_minute}:{$publish_second}");
     $archiveflag = 0;
     if (isset($array['archiveflag'])) {
         $archiveflag = COM_applyFilter($array['archiveflag'], true);
     }
     /* Override status code if no archive flag is set: */
     if ($archiveflag != 1) {
         $this->_statuscode = 0;
     }
     if (array_key_exists('expire_ampm', $array)) {
         $expire_ampm = COM_applyFilter($array['expire_ampm']);
         $expire_hour = COM_applyFilter($array['expire_hour'], true);
         $expire_minute = COM_applyFilter($array['expire_minute'], true);
         $expire_second = COM_applyFilter($array['expire_second'], true);
//.........这里部分代码省略.........
开发者ID:hostellerie,项目名称:nexpro,代码行数:101,代码来源:story.class.php

示例11: COM_sanitizeID

$aid = 0;
if (isset($_REQUEST['pid'])) {
    $pid = COM_sanitizeID(COM_applyFilter($_REQUEST['pid']));
    if (isset($_GET['aid'])) {
        $aid = -1;
        // only for showing results instead of questions
    } else {
        if (isset($_POST['aid'])) {
            $aid = COM_applyFilter($_POST['aid'], true);
        }
    }
} elseif (isset($_POST['id'])) {
    // Refresh from comment tool bar
    $pid = COM_sanitizeID(COM_applyFilter($_POST['id']));
} elseif (isset($_GET['id'])) {
    $pid = COM_sanitizeID(COM_applyFilter($_GET['id']));
}
$order = '';
if (isset($_REQUEST['order'])) {
    $order = COM_applyFilter($_REQUEST['order']);
}
$mode = '';
if (isset($_REQUEST['mode'])) {
    $mode = COM_applyFilter($_REQUEST['mode']);
}
$msg = 0;
if (isset($_REQUEST['msg'])) {
    $msg = COM_applyFilter($_REQUEST['msg'], true);
}
if (isset($pid)) {
    $questions_sql = "SELECT question,qid FROM {$_TABLES['pollquestions']} " . "WHERE pid='" . DB_escapeString($pid) . "' ORDER BY qid";
开发者ID:NewRoute,项目名称:glfusion,代码行数:31,代码来源:index.php

示例12: USES_evlist_class_ticket

        // Print all tickets for an event, for all users
        if ($_EV_CONF['enable_rsvp']) {
            USES_evlist_class_ticket();
            $eid = COM_sanitizeID($_GET['eid'], false);
            $doc = evTicket::PrintTickets($eid);
            echo $doc;
            exit;
        } else {
            $content .= 'Function not available';
        }
        break;
    case 'exporttickets':
        // Print all tickets for an event, for all users
        if ($_EV_CONF['enable_rsvp']) {
            USES_evlist_class_ticket();
            $eid = COM_sanitizeID($_GET['eid'], false);
            $doc = evTicket::ExportTickets($eid);
            header('Content-type: text/csv');
            header('Content-Disposition: attachment; filename="event-' . $ev_id . '.csv');
            echo $doc;
            exit;
        } else {
            $content .= 'Function not available';
        }
        break;
    default:
        $view = $action;
        break;
}
$page = $view;
// Default for menu creation
开发者ID:matrox66,项目名称:evlist,代码行数:31,代码来源:index.php

示例13: COM_refresh

            // to ensure compatibility with old plugins.  the preferred
            // edit (or create new) parameter format  is now edit=x
            echo COM_refresh($_CONF['site_admin_url'] . "/plugins/{$type}/index.php?mode=edit&amp;edit=x");
            exit;
        }
    } elseif (SEC_hasRights('story.edit')) {
        $topic = '';
        if (isset($_REQUEST['topic'])) {
            $topic = '&topic=' . urlencode(COM_sanitizeID(COM_applyFilter($_REQUEST['topic'])));
        }
        echo COM_refresh($_CONF['site_admin_url'] . '/story.php?edit=x' . $topic);
        exit;
    }
    $topic = '';
    if (isset($_REQUEST['topic'])) {
        $topic = COM_sanitizeID(COM_applyFilter($_REQUEST['topic']));
    }
    switch ($type) {
        case 'story':
            $pagetitle = $LANG12[6];
            break;
        default:
            $pagetitle = '';
            break;
    }
    $subForm = submissionform($type, $mode, $topic);
    $display .= COM_siteHeader('menu', $pagetitle);
    $display .= $subForm;
    $display .= COM_siteFooter();
}
echo $display;
开发者ID:spacequad,项目名称:glfusion,代码行数:31,代码来源:submit.php

示例14: handleEditSubmit

/**
 * Handles a comment edit submission
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd <wenerd87 AT gmail DOT com>
 * @return string HTML (possibly a refresh)
 */
function handleEditSubmit()
{
    global $_CONF, $_TABLES, $_USER, $LANG03, $_PLUGINS;
    $type = COM_applyFilter($_POST['type']);
    $sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
    $cid = COM_applyFilter($_POST['cid'], true);
    $postmode = COM_applyFilter($_POST['postmode']);
    if ($type != 'article') {
        if (!in_array($type, $_PLUGINS)) {
            $type = '';
        }
    }
    $commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = " . (int) $cid);
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    $comment = $_POST['comment_text'];
    //check for bad input
    if (empty($sid) || empty($_POST['title']) || empty($comment) || !is_numeric($cid) || $cid < 1) {
        COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing values.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    } elseif ($uid != $commentuid && !SEC_inGroup('Root')) {
        //check permissions
        COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment without proper permission.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $comment = CMT_prepareText($comment, $postmode, true, $cid);
    $title = COM_checkWords(strip_tags($_POST['title']));
    if (!empty($title) && !empty($comment)) {
        COM_updateSpeedlimit('comment');
        $title = DB_escapeString($title);
        $comment = DB_escapeString($comment);
        // save the comment into the comment table
        DB_query("UPDATE {$_TABLES['comments']} SET comment = '{$comment}', title = '{$title}'" . " WHERE cid=" . (int) $cid . " AND sid='" . DB_escapeString($sid) . "'");
        if (DB_error()) {
            //saving to non-existent comment or comment in wrong article
            COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit to a non-existent comment or the cid/sid did not match');
            return COM_refresh($_CONF['site_url'] . '/index.php');
        }
        $safecid = (int) $cid;
        $safeuid = (int) $uid;
        DB_save($_TABLES['commentedits'], 'cid,uid,time', "{$safecid},{$safeuid},NOW()");
    } else {
        COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    PLG_commentEditSave($type, $cid, $sid);
    $urlArray = PLG_getCommentUrlId($type);
    if (is_array($urlArray)) {
        $url = $urlArray[0] . '?' . $urlArray[1] . '=' . $sid;
        echo COM_refresh($url);
        exit;
    }
    return COM_refresh($_CONF['site_url'] . '/index.php');
}
开发者ID:spacequad,项目名称:glfusion,代码行数:64,代码来源:comment.php

示例15: TOPIC_save

/**
* Save topic to the database
*
* @param    string  $tid            Topic ID
* @param    string  $topic          Name of topic (what the user sees)
* @param    string  $imageurl       (partial) URL to topic image
* @param    int     $sortnum        number for sort order in "Topics" block
* @param    int     $limitnews      number of stories per page for this topic
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group topic belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members    Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @param    string  $is_default     'on' if this is the default topic
* @param    string  $archive_flag     'on' if this is the archive topic
* @return   string                  HTML redirect or error message
*/
function TOPIC_save($T)
{
    global $_CONF, $_TABLES, $LANG27, $MESSAGE;
    $retval = '';
    $tid = isset($T['tid']) ? $T['tid'] : '';
    $topic = $T['topic'];
    $imageurl = $T['imageurl'];
    $sortnum = $T['sortnum'];
    $sort_by = $T['sort_by'];
    $limitnews = $T['limitnews'];
    $sort_dir = $T['sort_dir'];
    $owner_id = $T['owner_id'];
    $group_id = $T['group_id'];
    $perm_owner = $T['perm_owner'];
    $perm_group = $T['perm_group'];
    $perm_members = $T['perm_members'];
    $perm_anon = $T['perm_anon'];
    $is_default = $T['is_default'];
    $archive_flag = $T['archive_flag'];
    // error checks...
    if (empty($tid)) {
        $msg = $LANG27[7];
        $retval .= COM_siteHeader();
        $retval .= TOPIC_edit('', $T, $msg);
        $retval .= COM_siteFooter();
        return $retval;
    }
    if (empty($topic)) {
        $msg = $LANG27[7];
        $retval .= COM_siteHeader();
        $retval .= TOPIC_edit('', $T, $msg);
        $retval .= COM_siteFooter();
        return $retval;
    }
    if (strstr($tid, ' ')) {
        $msg = $LANG27[42];
        $retval .= COM_siteHeader();
        $retval .= TOPIC_edit('', $T, $msg);
        $retval .= COM_siteFooter();
        return $retval;
    }
    if ($sortnum != '') {
        $tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
        $newSortNum = $tidSortNumber + 1;
    } else {
        $newSortNum = 0;
    }
    $T['sortnum'] = $newSortNum;
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    $access = 0;
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        if (SEC_inGroup('Topic Admin')) {
            $access = 3;
        } else {
            $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        }
    } else {
        if (SEC_inGroup('Topic Admin')) {
            $access = 3;
        } else {
            $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
        }
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_siteHeader('menu', $MESSAGE[30]);
        $retval .= COM_showMessageText($MESSAGE[32], $MESSAGE[30], true);
        $retval .= COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } elseif (!empty($tid) && !empty($topic)) {
        if ($imageurl == '/images/topics/') {
            $imageurl = '';
        }
        $topic = DB_escapeString(strip_tags($topic));
        if ($is_default == 'on') {
            $is_default = 1;
            DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
        } else {
            $is_default = 0;
        }
//.........这里部分代码省略.........
开发者ID:NewRoute,项目名称:glfusion,代码行数:101,代码来源:topic.php


注:本文中的COM_sanitizeID函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。