本文整理汇总了PHP中COM_stripslashes函数的典型用法代码示例。如果您正苦于以下问题:PHP COM_stripslashes函数的具体用法?PHP COM_stripslashes怎么用?PHP COM_stripslashes使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了COM_stripslashes函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: MG_showTree
function MG_showTree($aid, $depth)
{
global $_CONF, $MG_albums, $level, $counter;
$z = 1;
$retval = '';
$px = ($level - 1) * 15;
if ($aid != 0 && $MG_albums[$aid]->access > 0) {
if ($level == 1 && $depth != 1) {
// our first one...
$retval .= '<p>';
}
if ($depth == 0) {
$retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<input type="checkbox" name="album[]" id="album[]" value="' . $MG_albums[$aid]->id . '" ' . $block . ' /> ' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</div>' . LB;
} else {
if ($level <= $depth) {
$retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<a href="' . $_MG_CONF['site_url'] . '/album.php?aid=' . $MG_albums[$aid]->id . '&page=1">' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</a></div>';
}
}
} else {
if ($MG_albums[$aid]->id == 0) {
$retval .= '<br />';
}
}
$counter++;
if (!empty($MG_albums[$aid]->children)) {
$children = $MG_albums[$aid]->getChildren();
foreach ($children as $child) {
$level++;
$retval .= MG_showTree($MG_albums[$child]->id, $depth);
$level--;
}
}
return $retval;
}示例2: Search
/**
* Constructor
*
* Sets up private search variables
*
* @author Tony Bibbs, tony AT geeklog DOT net
* @access public
*
*/
function Search()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$this->_query = strip_tags(COM_stripslashes($_GET['query']));
}
if (isset($_GET['topic'])) {
$this->_topic = COM_applyFilter($_GET['topic']);
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . addslashes($this->_author) . '\'');
}
if ($this->_author < 1) {
$this->_author = '';
}
}
$this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
$this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
$this->_titlesOnly = isset($_GET['title']) ? true : false;
}示例3: getEntry
/**
* Returns the entry the user posted
*
* @return string
*/
protected function getEntry()
{
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
return $entry;
}示例4: display
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}示例5: __construct
/**
* Constructor
* Sets up private search variables
*
* @author Tony Bibbs, tony AT geeklog DOT net
*/
public function __construct()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$query = COM_stripslashes($_GET['query']);
$query = GLText::remove4byteUtf8Chars($query);
$this->_query = strip_tags($query);
}
if (isset($_GET['topic'])) {
// see if topic exists
$tid = COM_applyFilter($_GET['topic']);
// If it exists and user has access to it, it will return itself else an empty string
$tid = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'" . COM_getPermSQL('AND', 0, 2));
$this->_topic = $tid;
} else {
if ($_CONF['search_use_topic']) {
$last_topic = SESS_getVariable('topic');
if ($last_topic != '') {
$this->_topic = $last_topic;
}
}
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . DB_escapeString($this->_author) . '\'');
}
if ($this->_author < 1) {
$this->_author = '';
}
}
$this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
$this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
$this->_titlesOnly = isset($_GET['title']) ? true : false;
}示例6: ppApplyFilter
function ppApplyFilter($parameter, $isnumeric = false, $returnzero = true)
{
$p = COM_stripslashes($parameter);
$p = strip_tags($p);
$p = COM_killJS($p);
if ($isnumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
// Strip out any common number formatting characters
$p = preg_replace('/[\\s-\\(\\)]+/', '', $p);
if (!is_numeric($p) || preg_match('/^([0-9]+)$/', $p) == 0) {
if ($returnzero) {
$p = 0;
} else {
$p = '';
}
}
} else {
$pa = explode("'", $p);
$pa = explode('"', $pa['0']);
$pa = explode('`', $pa['0']);
$p = $pa['0'];
}
return $p;
}示例7: TRB_filterExcerpt
/**
* Filter the excerpt of a trackback comment we've received
*
* Note: Does not truncate the excerpt.
*
* @param string $excerpt excerpt of the trackback comment
* @return string filtered excerpt
*
*/
function TRB_filterExcerpt($excerpt)
{
return COM_checkWords(strip_tags(COM_stripslashes($excerpt)));
}示例8: saveuser
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
//.........这里部分代码省略.........
示例9: MG_continueSession
/**
* Continues a session - handles timeout, looping, etc.
*
* @parm char session id to continue
* @parm int number of items to process per run
* 0 indicates initial run
* @return char HTML of status screen
*/
function MG_continueSession($session_id, $item_limit, $refresh_rate)
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $LANG_MG02;
$retval = '';
$cycle_start_time = time();
$temp_time = array();
$timer_expired = false;
$num_rows = 0;
$session_id = COM_applyFilter($session_id);
// Pull the session status info
$sql = "SELECT * FROM {$_TABLES['mg_sessions']} " . "WHERE session_id='" . addslashes($session_id) . "'";
$result = DB_query($sql, 1);
if (DB_error()) {
COM_errorLog("MediaGallery: Error - Unable to retrieve batch session data");
return '';
}
$nRows = DB_numRows($result);
if ($nRows > 0) {
$session = DB_fetchArray($result);
} else {
COM_errorLog("MediaGallery: Error - Unable to find batch session id");
return '';
// no session found
}
// security check - make sure we are continuing a session that we own...
if ($session['session_uid'] != $_USER['uid'] && !SEC_hasRights('mediagallery.admin')) {
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Setup timer information
$time_limit = $_MG_CONF['def_time_limit'];
@set_time_limit($time_limit + 20);
// get execution time
$max_execution_time = ini_get('max_execution_time');
if ($time_limit > $max_execution_time) {
$time_limit = $max_execution_time;
}
$label = COM_stripslashes($session['session_description']);
// Pull the detail data from the sessions_items table...
$sql = "SELECT * FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' " . "AND status=0 LIMIT " . $item_limit;
$result = DB_query($sql);
while (($row = DB_fetchArray($result)) && $timer_expired == false) {
// used for calculating loop duration and changing the timer condition
$start_temp_time = time();
$function = 'mg_batch_session_' . $session['session_action'];
if (function_exists($function)) {
$function($row);
DB_change($_TABLES['mg_session_items'], 'status', 1, 'id', $row['id']);
}
// calculate time for each loop iteration
$temp_time[$num_rows] = time() - $start_temp_time;
// get the max
$timer_time = max($temp_time);
$num_rows++;
// check if timer is about to expire
if (time() - $cycle_start_time >= $time_limit - $timer_time) {
$timer_expired_secs = time() - $cycle_start_time;
$timer_expired = true;
}
}
// end the timer
$cycle_end_time = time();
// find how much time the last cycle took
$last_cycle_time = $cycle_end_time - $cycle_start_time;
$T = COM_newTemplate(MG_getTemplatePath(0));
$T->set_file('batch', 'batch_progress.thtml');
$processing_messages = '';
if ($timer_expired) {
$processing_messages = '<p>' . sprintf($LANG_MG01['timer_expired'], $timer_expired_secs) . '</p>';
}
$sql = "SELECT COUNT(*) AS processed " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' AND status=1";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$session_items_processed = $row['processed'];
$sql = "SELECT COUNT(*) AS processing " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$session_items_processing = $row['processing'];
$items_remaining = $session_items_processing - $session_items_processed;
if ($items_remaining > 0) {
if ($item_limit == 0) {
$processing_messages .= '<p>' . $LANG_MG01['begin_processing'] . '</p>';
$item_limit = $_MG_CONF['def_item_limit'];
} else {
$processing_messages .= '<p>' . sprintf($LANG_MG01['processing_next_items'], $item_limit) . '</p>';
}
$form_action = $_MG_CONF['site_url'] . '/batch.php?mode=continue&sid=' . $session_id . '&refresh=' . $refresh_rate . '&limit=' . $item_limit;
$next_button = $LANG_MG01['next'];
// create the meta tag for refresh
$T->set_var("META", '<meta http-equiv="refresh" content="' . $refresh_rate . ';url=' . $form_action . '"' . XHTML . '>');
} else {
if ($item_limit == 0) {
echo COM_refresh($session['session_origin']);
//.........这里部分代码省略.........
示例10: MG_saveUserUpload
/**
* Save browser upload(s)
*
* @param int album_id album_id save uploaded media
* @return string HTML
*
*/
function MG_saveUserUpload($album_id)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG02, $LANG_MG03;
$retval = '';
$retval .= COM_startBlock($LANG_MG03['upload_results'], '', COM_getBlockTemplate('_admin_block', 'header'));
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file('mupload', 'useruploadstatus.thtml');
$statusMsg = '';
$file = array();
$file = $_FILES['newmedia'];
$thumbs = $_FILES['thumbnail'];
$album = new mgAlbum($album_id);
$successfull_upload = 0;
$br = '<br' . XHTML . '>';
foreach ($file['name'] as $key => $name) {
$filename = $file['name'][$key];
$filetype = $file['type'][$key];
$filesize = $file['size'][$key];
$filetmp = $file['tmp_name'][$key];
$error = $file['error'][$key];
$caption = COM_stripslashes($_POST['caption'][$key]);
$description = COM_stripslashes($_POST['description'][$key]);
$keywords = COM_stripslashes($_POST['keywords'][$key]);
$category = COM_applyFilter($_POST['cat_id'][$key], true);
$attachtn = isset($_POST['attachtn'][$key]) ? $_POST['attachtn'][$key] : '';
$thumbnail = isset($thumbs['tmp_name'][$key]) ? $thumbs['tmp_name'][$key] : '';
if (isset($_POST['dnc'][$key]) && $_POST['dnc'][$key] == 'on') {
$dnc = 1;
} else {
$dnc = 0;
}
if ($filename == '') {
continue;
}
if ($album->max_filesize != 0 && $filesize > $album->max_filesize) {
COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
$statusMsg .= $tmpmsg . $br;
continue;
}
if ($attachtn == "on") {
$attach_tn = 1;
} else {
$attach_tn = 0;
}
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case 1:
$tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 2:
$tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 3:
$tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 4:
break;
case 6:
$statusMsg .= $LANG_MG02['missing_tmp'] . $br;
break;
case 7:
$statusMsg .= $LANG_MG02['disk_fail'] . $br;
break;
default:
$statusMsg .= $LANG_MG02['unknown_err'] . $br;
break;
}
continue;
}
// check user quota -- do we have one????
$user_quota = DB_getItem($_TABLES['mg_userprefs'], 'quota', "uid=" . intval($_USER['uid']));
if ($user_quota > 0) {
$disk_used = MG_quotaUsage($_USER['uid']);
if ($disk_used + $filesize > $user_quota) {
COM_errorLog("MG Upload: File " . $filename . " would exceeds the users quota");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_quota'], $filename);
$statusMsg .= $tmpmsg . $br;
continue;
}
}
// process the uploaded files
$opt = array('caption' => $caption, 'description' => $description, 'filetype' => $filetype, 'atttn' => $attach_tn, 'thumbnail' => $thumbnail, 'keywords' => $keywords, 'category' => $category, 'dnc' => $dnc);
list($rc, $msg) = MG_getFile($filetmp, $filename, $album_id, $opt);
$statusMsg .= $filename . " " . $msg . $br;
if ($rc == true) {
$successfull_upload++;
//.........这里部分代码省略.........
示例11: MG_saveMediaEdit
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
$replacefile = 0;
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
$opt = array('replace' => $media_id);
list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
$attachtn = $att == 1 ? 1 : 0;
$table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media'];
$old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"');
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
$remove_old_tn = 0;
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
}
$remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"');
$remote_url = addslashes(COM_stripslashes($_POST['remoteurl']));
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords(COM_stripslashes($_POST['media_title']));
$media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc']));
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title']))));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc']))));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename']));
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = COM_stripslashes($_POST['media_keywords']);
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist'])));
$musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum'])));
$genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre'])));
$media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1);
$owner_sql = '';
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
}
$sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$opt['autostart'] = COM_applyFilter($_POST['autostart'], true);
$opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true);
$opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0;
$opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$opt['uimode'] = COM_applyFilter($_POST['uimode']);
$opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($opt['playcount'] < 1) {
$opt['playcount'] = 1;
}
MG_savePBOption($media_id, 'autostart', $opt['autostart'], true);
MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true);
if ($opt['stretchtofit'] != '') {
MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true);
}
MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true);
MG_savePBOption($media_id, 'uimode', $opt['uimode']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
MG_savePBOption($media_id, 'playcount', $opt['playcount'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
//.........这里部分代码省略.........
示例12: links_save_category
$msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display .= COM_siteFooter();
// edit category
} else {
if ($mode == 'edit') {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
$pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
$cid = strip_tags(COM_stripslashes($_GET['cid']));
}
$display .= links_edit_category($cid, $pid);
$display .= COM_siteFooter();
// nothing, so list categories
} else {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
$display .= links_list_categories($root);
$display .= COM_siteFooter();
}示例13: savepoll
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
//.........这里部分代码省略.........
示例14: Edit
//.........这里部分代码省略.........
}
if (!empty($this->rec_data['skip'])) {
$T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED);
}
if (!empty($this->rec_data['freq'])) {
$freq = (int) $this->rec_data['freq'];
if ($freq < 1) {
$freq = 1;
}
} else {
$freq = 1;
}
$T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq));
foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) {
$T->set_var('dom_int_txt_' . $key, $str);
if (is_array($this->rec_data['interval'])) {
if (in_array($key, $this->rec_data['interval'])) {
$T->set_var('dom_int_chk_' . $key, EVCHECKED);
}
}
}
// Set up the recurring options needed for the current event
switch ($option) {
case 0:
break;
case EV_RECUR_MONTHLY:
if (is_array($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $mday) {
$T->set_var('mdchk' . $mday, EVCHECKED);
}
}
break;
case EV_RECUR_WEEKLY:
$T->set_var('listdays_val', COM_stripslashes($rec_data[0]));
if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $day) {
$day = (int) $day;
if ($day > 0 && $day < 8) {
$T->set_var('daychk' . $day, EVCHECKED);
}
}
}
break;
case EV_RECUR_DOM:
$recweekday = $this->rec_data['weekday'];
break;
case EV_RECUR_DATES:
$T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom'])));
break;
}
$start1 = EVLIST_TimeSelect('start1', $this->time_start1);
$start2 = EVLIST_TimeSelect('start2', $this->time_start2);
$end1 = EVLIST_TimeSelect('end1', $this->time_end1);
$end2 = EVLIST_TimeSelect('end2', $this->time_end2);
$cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2));
USES_class_navbar();
$navbar = new navbar();
$cnt = 0;
foreach ($tabs as $id) {
$navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true);
$cnt++;
}
$navbar->set_selected($LANG_EVLIST['ev_info']);
if ($this->AdminMode) {
$action_url .= '?admin=true';
}示例15: _validate_input
/**
* Input validation
*
* @param mixed
* @return mixed
*/
function _validate_input($config, $group, &$input_val)
{
if (is_array($input_val)) {
$r = array();
$is_num = true;
$max_key = -1;
foreach ($input_val as $key => $val) {
if ($key !== 'placeholder') {
$r[$key] = $this->_validate_input($config, $group, $val);
if (is_numeric($key)) {
if ($key > $max_key) {
$max_key = $key;
}
} else {
$is_num = false;
}
}
}
if ($is_num && $max_key >= 0 && $max_key + 1 != count($r)) {
// re-number keys
$r2 = array();
foreach ($r as $val) {
$r2[] = $val;
}
$r = $r2;
}
} else {
$r = COM_stripslashes($input_val);
if ($r == 'b:0' or $r == 'b:1') {
$r = $r == 'b:1';
}
//if (is_numeric($r)) {
if (is_numeric($r) && $this->_validate_numeric($config, $group)) {
$r = $r + 0;
}
}
return $r;
}