PHP getvalescaped函数代码示例

function save_themename()
	{
		global $baseurl, $link, $themename, $collection_column;
		$sql="update collection set	" . $collection_column . "='" . getvalescaped("rename","") . "' where " . $collection_column . "='" . escape_check($themename)."'";
		sql_query($sql);
		header("location:".$baseurl. "/pages/" . $link);
	}

function tile_select($tile_type, $tile_style, $tile, $tile_id, $tile_width, $tile_height)
{
    /*
     * Preconfigured and the legacy tiles controlled by config.
     */
    if ($tile_type == "conf") {
        switch ($tile_style) {
            case "thmsl":
                global $usertile;
                tile_config_themeselector($tile, $tile_id, $usertile, $tile_width, $tile_height);
                exit;
            case "theme":
                tile_config_theme($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "mycol":
                tile_config_mycollection($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "advsr":
                tile_config_advancedsearch($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "mycnt":
                tile_config_mycontributions($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "hlpad":
                tile_config_helpandadvice($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "custm":
                tile_config_custom($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "pend":
                tile_config_pending($tile, $tile_id, $tile_width, $tile_height);
                exit;
        }
    }
    /*
     * Free Text Tile
     */
    if ($tile_type == "ftxt") {
        tile_freetext($tile, $tile_id, $tile_width, $tile_height);
        exit;
    }
    /*
     * Search Type tiles
     */
    if ($tile_type == "srch") {
        switch ($tile_style) {
            case "thmbs":
                $promoted_image = getvalescaped("promimg", false);
                tile_search_thumbs($tile, $tile_id, $tile_width, $tile_height, $promoted_image);
                exit;
            case "multi":
                tile_search_multi($tile, $tile_id, $tile_width, $tile_height);
                exit;
            case "blank":
                tile_search_blank($tile, $tile_id, $tile_width, $tile_height);
                exit;
        }
    }
}

function HookNewsHomeHomebeforepanels()
{
    if (getvalescaped("ajax", false)) {
        ?>
		<script>ReloadSearchBar();</script>
		<?php 
    }
}

function save_themename()
{
    global $baseurl, $link, $themename, $collection_column;
    $sql = "update collection set\t" . $collection_column . "='" . getvalescaped("rename", "") . "' where " . $collection_column . "='" . escape_check($themename) . "'";
    sql_query($sql);
    hook("after_save_themename");
    redirect("pages/" . $link);
}

function HookFilterboxSearchSearchstringprocessing()
	{
	global $search;
	$refine=trim(getvalescaped("refine_keywords", ""));
	if ($refine != "")
		$search .= ",".$refine;

	$search=refine_searchstring($search);
	}

/**
 * Validate the given field.
 * 
 * If the field validates, this function will store it in the provided conifguration
 * module and key.
 * 
 * @param string $fieldname Name of field (provided to the render functions)
 * @param string $modulename Module name to store the field in.
 * @param string $modulekey Module key
 * @param string $type Validation patthern: (bool,safe,float,int,email,regex)
 * @param string $required Optional required flag.  Defaults to true.
 * @param string $pattern If $type is 'regex' the regex pattern to use.
 * @return bool Returns true if the field was stored in the config database.
 */
function validate_field($fieldname, $modulename, $modulekey, $type, $required = true, $pattern = '')
{
    global $errorfields, $lang;
    $value = getvalescaped($fieldname, '');
    if ($value == '' && $required == true) {
        $errorfields[$fieldname] = $lang['cfg-err-fieldrequired'];
        return false;
    } elseif ($value == '' && $required == false) {
        set_module_config_key($modulename, $modulekey, $value);
    } else {
        switch ($type) {
            case 'safe':
                if (!preg_match('/^.+$/', $value)) {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldsafe'];
                    return false;
                }
                break;
            case 'float':
                if (!preg_match('/^[\\d]+(\\.[\\d]*)?$/', $value)) {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldnumeric'];
                    return false;
                }
                break;
            case 'int':
                if (!preg_match('/^[\\d]+$/', $value)) {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldnumeric'];
                    return false;
                }
                break;
            case 'email':
                if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}$/i', $value)) {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldemail'];
                    return false;
                }
                break;
            case 'regex':
                if (!preg_match($pattern, $value)) {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldsafe'];
                    return false;
                }
                break;
            case 'bool':
                if (strtolower($value) == 'true') {
                    $value = true;
                } elseif (strtolower($value) == 'false') {
                    $value = false;
                } else {
                    $errorfields[$fieldname] = $lang['cfg-err-fieldsafe'];
                    return false;
                }
                break;
        }
        set_module_config_key($modulename, $modulekey, $value);
        return true;
    }
}

function HookDiscount_codePurchase_callbackPayment_complete()
{
    # Find out the discount code applied to this collection.
    $code = sql_value("select discount_code value from collection_resource where collection='" . getvalescaped("custom", "") . "' limit 1", "");
    # Find out the purchasing user
    # As this is a callback script being called by PayPal, there is no login/authentication and we can't therefore simply use $userref.
    $user = sql_value("select ref value from user where current_collection='" . getvalescaped("custom", "") . "'", 0);
    # Insert used discount code row
    sql_query("insert into discount_code_used (code,user) values ('" . escape_check($code) . "','{$user}')");
}

function HookFilterboxSearchSearchaftersearchcookie()
{
    global $filter_keywords, $perform_filter, $filter_pos, $search;
    $filter_keywords = getvalescaped("filter_keywords", "");
    $filter_pos = getvalescaped("cursorpos", "");
    setcookie('filter', $filter_keywords, 0, '', '', false, true);
    setcookie('filter_pos', $filter_pos, 0, '', '', false, true);
    setcookie('original_search', $search, 0, '', '', false, true);
    $perform_filter = true;
}

function HookFormat_chooserCollection_downloadReplacedownloadextension($resource, $extension)
{
    global $format_chooser_output_formats;
    $inputFormat = $resource['file_extension'];
    if (!supportsInputFormat($inputFormat)) {
        # Do not replace the extension for this resource
        return false;
    }
    $ext = strtoupper(getvalescaped('ext', getDefaultOutputFormat($inputFormat)));
    if (!in_array($ext, $format_chooser_output_formats)) {
        return false;
    }
    return strtolower($ext);
}

function HookFormat_chooserAllGetdownloadurl($ref, $size, $ext, $page = 1, $alternative = -1)
{
    global $baseurl_short;
    $profile = getvalescaped('profile', null);
    if (!empty($profile)) {
        $profile = '&profile=' . $profile;
    } else {
        $path = get_resource_path($ref, true, $size, false, $ext, -1, $page, $size == "scr" && checkperm("w") && $alternative == -1, '', $alternative);
        if (file_exists($path)) {
            return false;
        }
    }
    return $baseurl_short . 'plugins/format_chooser/pages/convert.php?ref=' . $ref . '&size=' . $size . '&ext=' . $ext . $profile . '&page=' . $page . '&alt=' . $alternative;
}

function HookRefineresultsSearchSearchstringprocessing()
	{
	global $search,$k;
	$refine=trim(getvalescaped("refine_keywords",""));
	if ($refine!="")
		{
		if ($k!="")
			{
			# Slightly different behaviour when searching within external shares. There is no search bar, so the provided string is the entirity of the search.
			$s=explode(" ",$search);
			$search=$s[0] . " " . $refine;	
			}
		else
			{
			$search.=", " . $refine;	
			}
		}
	$search=refine_searchstring($search);	
	}

function get_annotate_file_path($ref, $getfilepath, $extension)
{
    global $storageurl;
    global $storagedir;
    global $scramble_key;
    if (!file_exists($storagedir . "/annotate")) {
        mkdir($storagedir . "/annotate", 0777);
    }
    global $uniqid;
    // if setting uniqid before manual create_annotated_pdf function use
    $uniqid = getvalescaped("uniqid", $uniqid);
    //or if sent through a request
    if ($uniqid != "") {
        $uniqfolder = "/" . $uniqid;
    } else {
        $uniqfolder = "";
    }
    $tmpfolder = get_temp_dir(!$getfilepath, "annotate{$uniqfolder}");
    $file = $tmpfolder . "/{$uniqid}-annotations." . $extension;
    return $file;
}

function HookDiscount_codePurchaseAdjust_item_price($origprice, $resource, $size)
{
    global $discount_error, $discount_applied, $lang;
    # Discount pipeline support, allow multiple hook calls to modify the price multiple times
    global $purchase_pipeline_price;
    if (isset($purchase_pipeline_price[$resource][$size])) {
        $origprice = $purchase_pipeline_price[$resource][$size];
    }
    $discount_code = trim(strtoupper(getvalescaped("discount_code", "")));
    if ($discount_code == "") {
        return $origprice;
    }
    # No code specified
    # Check that the discount code exists.
    $discount_info = sql_query("select * from discount_code where upper(code)='{$discount_code}'");
    if (count($discount_info) == 0) {
        $discount_error = $lang["error-invalid-discount-code"];
        return false;
    } else {
        $discount_info = $discount_info[0];
    }
    # Check that the user has not already used this discount code
    global $userref;
    $used = sql_value("select count(*) value from discount_code_used where user='{$userref}' and upper(code)='{$discount_code}'", 0);
    if ($used > 0) {
        $discount_error = $lang["error-discount-code-already-used"];
        return false;
    }
    $discount_applied = $discount_info["percent"];
    # Update collection with code, so it can be retrieved when we get the callback from PayPal and then insert a row into discount_code_used to mark that the user has used this discount code.
    global $usercollection;
    sql_query("update collection_resource set discount_code='" . $discount_code . "' where collection='" . $usercollection . "'");
    $return = round((100 - $discount_info["percent"]) / 100 * $origprice, 2);
    $purchase_pipeline_price[$resource][$size] = $return;
    # Use this price instead for future hook calls.
    return $return;
}

function HookUser_preferencesuser_preferencesSaveadditionaluserpreferences()
{
    global $user_preferences_change_username, $user_preferences_change_email, $user_preferences_change_name, $userref, $useremail, $username, $userfullname, $lang;
    $newUsername = trim(safe_file_name(getvalescaped('username', $username)));
    $newEmail = getvalescaped('email', $userfullname);
    $newFullname = getvalescaped('fullname', $userfullname);
    # Check if a user with that username already exists
    if ($user_preferences_change_username && $username != $newUsername) {
        $existing = sql_query('select ref from user where username=\'' . escape_check($newUsername) . '\'');
        if (!empty($existing)) {
            $GLOBALS['errorUsername'] = $lang['useralreadyexists'];
            return false;
        }
    }
    # Check if a user with that email already exists
    if ($user_preferences_change_email && $useremail != $newEmail) {
        $existing = sql_query('select ref from user where email=\'' . escape_check($newEmail) . '\'');
        if (!empty($existing)) {
            $GLOBALS['errorEmail'] = $lang['useremailalreadyexists'];
            return false;
        }
    }
    # Store changed values in DB, and update the global variables as header.php is included next
    if ($user_preferences_change_username && $username != $newUsername) {
        sql_query("update user set username='" . escape_check($newUsername) . "' where ref='" . $userref . "'");
        $username = $newUsername;
    }
    if ($user_preferences_change_email && $useremail != $newEmail) {
        sql_query("update user set email='" . escape_check($newEmail) . "' where ref='" . $userref . "'");
        $useremail = $newEmail;
    }
    if ($user_preferences_change_name && $userfullname != $newFullname) {
        sql_query("update user set fullname='" . escape_check($newFullname) . "' where ref='" . $userref . "'");
        $userfullname = $newFullname;
    }
    return getvalescaped('currentpassword', '') == '' || getvalescaped('password', '') == '' && getvalescaped('password2', '') == '';
}

<?php
include "../include/db.php";
include "../include/general.php";
include "../include/authenticate.php";
include_once "../include/collections_functions.php";

$offset=getvalescaped("offset",0);
$ref=getvalescaped("ref","",true);

# Check access
if (!collection_readable($ref)) {exit($lang["no_access_to_collection"]);}

# pager
$per_page=getvalescaped("per_page_list_log",15);setcookie("per_page_list_log",$per_page, 0, '', '', false, true);

include "../include/header.php";
$log=get_collection_log($ref, $offset+$per_page);
$results=count($log);
$totalpages=ceil($results/$per_page);
$curpage=floor($offset/$per_page)+1;

$url=$baseurl . "/pages/collection_log.php?ref=" . $ref;
$jumpcount=1;

?>

<?php
# Fetch and translate collection name
$colinfo = get_collection($ref);
$colname = i18n_get_collection_name($colinfo);
if (!checkperm("b"))