PHP htmlencode函数代码示例

function _openMenuGroupList($menuName, $isSelected, $skipIfAlreadyInGroup = false)
{
    global $SHOW_EXPANDED_MENU;
    if ($skipIfAlreadyInGroup && @$GLOBALS['IN_GROUP']) {
        return;
    }
    $aClass = 'nav-top-item';
    $liAttr = '';
    $ulAttr = ' style="display: none;"';
    if ($isSelected) {
        $aClass .= ' current';
        $liAttr = ' class="current"';
    }
    if ($isSelected || $SHOW_EXPANDED_MENU || $menuName == '') {
        $ulAttr = '';
    }
    $html = _closeMenuGroupList();
    $html .= "\n  <li{$liAttr}>";
    if ($menuName) {
        $html .= "<a href='javascript:void(0);' class='{$aClass}'>" . htmlencode($menuName) . "</a>";
    }
    $html .= "\n    <ul{$ulAttr}>\n";
    $GLOBALS['IN_GROUP'] = true;
    return $html;
}

    function editFormHtml($record)
    {
        // set field attributes
        $fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100;
        $fieldPrefix = @$this->fieldPrefix;
        if ($fieldPrefix != '') {
            $fieldPrefix .= "<br/>\n";
        }
        // get field value
        if ($record) {
            $fieldValue = @$record[$this->name];
        } else {
            if (array_key_exists($this->name, $_REQUEST)) {
                $fieldValue = @$_REQUEST[$this->name];
            } else {
                $fieldValue = getEvalOutput(@$this->defaultContent);
            }
        }
        //
        if ($this->autoFormat) {
            $fieldValue = preg_replace("/<br\\/>\n/", "\n", $fieldValue);
        }
        // remove autoformat break tags
        $encodedValue = htmlencode($fieldValue);
        // display field
        print <<<__HTML__
   <tr>
    <td style="vertical-align: top">{$this->label}</td>
    <td>
      {$fieldPrefix}
      <textarea name="{$this->name}" style="width: 100%; height: {$fieldHeight}px" rows="5" cols="50">{$encodedValue}</textarea>
    </td>
   </tr>
__HTML__;
    }

    function editFormHtml($record)
    {
        // set field attributes
        $description = getEvalOutput(@$this->description);
        $fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100;
        $fieldPrefix = @$this->fieldPrefix;
        if ($fieldPrefix != '') {
            $fieldPrefix .= "<br/>\n";
        }
        // get field value
        if ($record) {
            $fieldValue = @$record[$this->name];
        } else {
            if (array_key_exists($this->name, $_REQUEST)) {
                $fieldValue = @$_REQUEST[$this->name];
            } else {
                $fieldValue = getEvalOutput(@$this->defaultContent);
            }
        }
        $encodedValue = htmlencode($fieldValue);
        // display field
        print <<<__HTML__
 <tr>
  <td style="vertical-align: top">{$this->label}</td>
  <td>
    {$fieldPrefix}
    <textarea name="{$this->name}" id="field_{$this->name}" rows="5" cols="40" style="width: 100%; height: {$fieldHeight}px; visibility: hidden;">{$encodedValue}</textarea>
    {$description}
  </td>
 </tr>
__HTML__;
    }

 function editFormHtml($record)
 {
     global $isMyAccountMenu;
     // set field attributes
     $formRowAttrs = array('inputType' => @$this->isPasswordField ? 'password' : 'text', 'maxLengthAttr' => @$this->maxLength ? "maxlength='{$this->maxLength}'" : '', 'styleWidth' => @$this->fieldWidth ? "{$this->fieldWidth}px" : "250px", 'description' => getEvalOutput(@$this->description), 'prefixText' => @$this->fieldPrefix, 'readOnly' => '');
     // get field value
     if ($record) {
         $fieldValue = @$record[$this->name];
     } else {
         if (array_key_exists($this->name, $_REQUEST)) {
             $fieldValue = @$_REQUEST[$this->name];
         } else {
             $fieldValue = getEvalOutput(@$this->defaultValue);
         }
     }
     $encodedValue = htmlencode($fieldValue);
     // special case for My Account's password field
     if ($isMyAccountMenu && $this->name == 'password') {
         $this->_editFormRow($formRowAttrs + array('label' => t('Current Password'), 'fieldname' => 'password:old', 'encodedValue' => ''));
         $this->_editFormRow($formRowAttrs + array('label' => t('New Password'), 'fieldname' => $this->name, 'encodedValue' => ''));
         $this->_editFormRow($formRowAttrs + array('label' => t('New Password (again)'), 'fieldname' => 'password:again', 'encodedValue' => ''));
     } else {
         $this->_editFormRow($formRowAttrs + array('label' => $this->label, 'fieldname' => $this->name, 'encodedValue' => $encodedValue));
     }
 }

function set_var(&$result, $var, $type, $multibyte = false, $regex = '')
{
    settype($var, $type);
    $result = $var;
    if ($type == 'string') {
        $result = htmlencode($result, $multibyte);
    }
}

 function getDisplayValue($record)
 {
     // override me in derived classes
     $value = $this->getDatabaseValue($record);
     if (is_array($value)) {
         return 'array';
     }
     // for debugging
     return htmlencode($value);
 }

function HtmlEditor($FieldName, $Value, $Width = '100%', $Height = '300px')
{
    global $__CKEDITOR_JS_LOAD_Status__;
    if (!$__CKEDITOR_JS_LOAD_Status__) {
        $html_js = '<script type="text/javascript" src="/Plugins/ckeditor/ckeditor.js"></script><script type="text/javascript" src="/Javascripts/editor.functions.js"></script>';
        $__CKEDITOR_JS_LOAD_Status__ = true;
    }
    $html = '<textarea name="' . $FieldName . '"  cols="45" rows="5" style="width:' . $Width . ';height:' . $Height . ';">' . htmlencode($Value) . '</textarea>';
    if ($html_js) {
        $html .= $html_js;
    }
    $html .= '<script language="javascript" type="text/javascript">HtmlEditor(\'' . $FieldName . '\');</script>';
    return $html;
}

function _pel_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
    if ($tableName != '_error_log') {
        return $displayValue;
    }
    // skip all by our table
    //
    if ($fieldname == 'dateLogged') {
        if (!$record) {
            return str_replace(' ', ' ', t("Date / When"));
        }
        // header - we detect the header hook by checking if the 4th argument is set
        $displayValue = "<div title='" . htmlencode($record['dateLogged']) . "'>";
        $displayValue .= str_replace(' ', '&nbsp;', prettyDate($record['dateLogged']));
        // row cell - we detect the row cell by checking if $record is set
        $displayValue .= "</div>";
    }
    //
    if ($fieldname == '_error_summary_') {
        if (!$record) {
            return t("Error Details");
        }
        // header - we detect the header hook by checking if the 4th argument is set
        // row cell - we detect the row cell by checking if $record is set
        // get truncated url
        $truncatedUrl = $record['url'];
        $maxLength = 90;
        if (preg_match("/^(.{0,{$maxLength}})(\\s|\$)/s", $truncatedUrl, $matches)) {
            $truncatedUrl = $matches[1];
        } else {
            $truncatedUrl = mb_substr($truncatedUrl, 0, $maxLength);
        }
        // otherwise force cut at maxlength (for content with no whitespace such as malicious or non-english)
        if (strlen($truncatedUrl) < strlen($record['url'])) {
            $truncatedUrl .= " ...";
        }
        //
        $displayValue = "<div style='line-height:1.5em'>\n";
        $displayValue .= nl2br(htmlencode("{$record['error']}\n{$record['filepath']} (line {$record['line_num']})\n{$truncatedUrl}"));
        $displayValue .= "</div>";
        //$displayValue  = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n";
        //                           $displayValue .= "  <tr><td>" .t('Error').    "</td><td>&nbsp:&nbsp;</td><td>" .htmlencode($record['error']).    "</div></td></tr>\n";
        //if ($record['url'])      { $displayValue .= "  <tr><td>" .t('URL').      "</td><td>&nbsp:&nbsp;</td><td>" .htmlencode($record['url']).      "</div></td></tr>\n"; }
        //if ($record['filepath']) { $displayValue .= "  <tr><td>" .t('Filepath'). "</td><td>&nbsp:&nbsp;</td><td>" .htmlencode($record['filepath']). "</div></td></tr>\n";   }
        //$displayValue .= "  </table>\n";
    }
    return $displayValue;
}

    function editFormHtml($record)
    {
        global $TABLE_PREFIX, $tableName;
        $calendarTable = $TABLE_PREFIX . "_datecalendar";
        // get dates
        $dates = array();
        $date = getdate();
        $monthNum = $date['mon'];
        $year = $date['year'];
        $firstMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
        for ($i = 1; $i <= 12; $i++) {
            $dates[] = array('year' => $year, 'monthNum' => $monthNum);
            if (++$monthNum > 12) {
                $year++;
                $monthNum = 1;
            }
        }
        $lastMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
        // load dates from database
        $selectedDates = array();
        $query = "SELECT DATE_FORMAT(date, '%Y%m%d') as date FROM `{$calendarTable}` ";
        $query .= "WHERE `tablename` = '{$tableName}' ";
        $query .= "  AND `fieldname` = '{$this->name}' ";
        $query .= "  AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' ";
        $query .= "  AND '{$firstMonth}' <= `date` AND `date` <= '{$lastMonth}'";
        $result = mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
        while ($row = mysql_fetch_assoc($result)) {
            $selectedDates[$row['date']] = 1;
        }
        if (is_resource($result)) {
            mysql_free_result($result);
        }
        // get calendar HTML
        $calendarHtml = '';
        foreach ($dates as $date) {
            $calendarHtml .= _createEditCalendar($date['monthNum'], $date['year'], $selectedDates);
        }
        // display field
        print <<<__HTML__
   <tr>
    <td valign="top">{$this->label}</td>
    <td>{$calendarHtml}</td>
   </tr>
__HTML__;
    }

function _ogm_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
    if ($tableName != '_outgoing_mail') {
        return $displayValue;
    }
    // skip all by our table
    if ($fieldname != '_message_summary_') {
        return $displayValue;
    }
    // skip all but pseudo-field
    // header - we detect the header hook by checking if the 4th argument is set
    if (!$record) {
        return t("Messages");
    }
    // row cell - we detect the row cell by checking if $record is set
    $output = "\n  <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n   <tr><td><b>" . t('Date') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['createdDate']) . "</td></tr>\n   <tr><td><b>" . t('From') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['from']) . "</td></tr>\n   <tr><td><b>" . t('To') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['to']) . "</td></tr>\n   <tr><td><b>" . t('Subject') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['subject']) . "</td></tr>\n  </table>\n";
    return $output;
}

function showListResultsForHookKey($hookInfo, $key)
{
    uksort($hookInfo[$key], '_sortUnderscoresLast');
    $i = 0;
    foreach (array_keys($hookInfo[$key]) as $callerName) {
        $i++;
        if ($i == 2) {
            echo "\n<a href=\"#\" onclick=\"\$(this).hide(); \$(this).closest('td').find('div').show(); return false;\">(" . count(array_keys(array_keys($hookInfo[$key]))) . " " . t('total') . ")</a><div style=\"display: none;\">\n";
        }
        echo htmlencode($callerName);
        if ($i != 1) {
            echo "<br/>\n";
        }
    }
    if ($i > 1) {
        echo "</div>\n";
    }
}

function showCopyOptions()
{
    $includedTypes = array('single', 'multi', 'category');
    $skippedTables = array('accounts');
    foreach (getSortedSchemas() as $tableName => $schema) {
        if (preg_match("/^_/", $tableName)) {
            continue;
        }
        // skip private tables
        if (in_array($tableName, $skippedTables)) {
            continue;
        }
        // skip system tables
        if (!in_array(@$schema['menuType'], $includedTypes)) {
            continue;
        }
        // skip unknown menu types
        $encodedValue = htmlencode($tableName);
        $encodedLabel = htmlencode(coalesce(@$schema['menuName'], $tableName));
        print "<option value='{$encodedValue}'>{$encodedLabel}</option>\n";
    }
}

function saveUploadDetails()
{
    global $TABLE_PREFIX;
    security_dieUnlessPostForm();
    security_dieUnlessInternalReferer();
    security_dieOnInvalidCsrfToken();
    // update uploads
    if (is_array(@$_REQUEST['uploadNums'])) {
        foreach ($_REQUEST['uploadNums'] as $uploadNum) {
            if (!$uploadNum) {
                die(__FUNCTION__ . ": No upload num specified!");
            }
            $query = "UPDATE `{$TABLE_PREFIX}uploads`\n";
            $query .= "   SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n";
            $query .= "       info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n";
            $query .= "       info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n";
            $query .= "       info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n";
            $query .= "       info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n";
            $query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND ";
            if ($_REQUEST['num']) {
                $query .= "recordNum     = '" . mysql_escape($_REQUEST['num']) . "'";
            } else {
                if ($_REQUEST['preSaveTempId']) {
                    $query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'";
                } else {
                    die("No value specified for 'num' or 'preSaveTempId'!");
                }
            }
            mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
        }
    }
    //
    print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>";
    // reload uploadlist
    print "<script type='text/javascript'>self.parent.tb_remove();</script>\n";
    // close thickbox
    exit;
}

 function editFormHtml($record)
 {
     global $escapedTableName, $CURRENT_USER;
     // set field attributes
     $fieldValue = $record ? @$record[$this->name] : '';
     // load categories
     $categoriesByNum = array();
     $query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
     $result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
     while ($row = mysql_fetch_assoc($result)) {
         $isOwner = @$row['createdByUserNum'] == $CURRENT_USER['num'];
         if (@$row['createdByUserNum'] && (!$isOwner && !$GLOBALS['hasEditorAccess'])) {
             continue;
         }
         $categoriesByNum[$row['num']] = $row;
     }
     if (is_resource($result)) {
         mysql_free_result($result);
     }
     //
     print "  <tr>\n";
     print "   <td>{$this->label}</td>\n";
     print "   <td>\n";
     print "  <select name='{$this->name}'>\n";
     print "  <option value='0'>None (top level category)</option>\n";
     foreach ($categoriesByNum as $num => $category) {
         $value = $category['num'];
         $selectedAttr = selectedIf($value, $fieldValue, true);
         $encodedLabel = htmlencode($category['breadcrumb']);
         $isUnavailable = preg_match("/:" . @$record['num'] . ":/", $category['lineage']);
         $extraAttr = $isUnavailable ? "style='color: #AAA' disabled='disabled' " : '';
         print "<option value=\"{$value}\" {$extraAttr} {$selectedAttr}>{$encodedLabel}</option>\n";
     }
     print "  </select>\n";
     //
     print "   </td>\n";
     print "  </tr>\n";
 }

function _emt_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
    if ($tableName != '_email_templates') {
        return $displayValue;
    }
    // skip all by our table
    //
    if ($fieldname == '_template_summary_') {
        if (!$record) {
            return t("Template");
        }
        // header - we detect the header hook by checking if the 4th argument is set
        // row cell - we detect the row cell by checking if $record is set
        $displayValue = "\n      <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n       <tr><td><b>" . str_replace(' ', '&nbsp;', t('Template ID')) . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['template_id']) . "</td></tr>\n       <tr><td><b>" . t('Description') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['description']) . "</td></tr>\n       <tr><td><b>" . t('Subject') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['subject']) . "</td></tr>\n      </table>\n    ";
    }
    //
    if ($fieldname == '_message_summary_') {
        if (!$record) {
            return t("Content");
        }
        // header - we detect the header hook by checking if the 4th argument is set
        // row cell - we detect the row cell by checking if $record is set
        $displayValue = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n";
        $displayValue .= "  <tr><td><b>" . t('From') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['from']) . "</td></tr>\n";
        if ($record['reply-to']) {
            $displayValue .= "  <tr><td><b>" . t('Reply-To') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['reply-to']) . "</td></tr>\n";
        }
        $displayValue .= "  <tr><td><b>" . t('To') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['to']) . "</td></tr>\n";
        if ($record['cc']) {
            $displayValue .= "  <tr><td><b>" . t('CC') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['cc']) . "</td></tr>\n";
        }
        if ($record['bcc']) {
            $displayValue .= "  <tr><td><b>" . t('BCC') . "</b></td><td>&nbsp:&nbsp;</td><td>" . htmlencode($record['bcc']) . "</td></tr>\n";
        }
        $displayValue .= "  </table>\n";
    }
    return $displayValue;
}