本文整理汇总了PHP中safe_html函数的典型用法代码示例。如果您正苦于以下问题:PHP safe_html函数的具体用法?PHP safe_html怎么用?PHP safe_html使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了safe_html函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: filter
/**
* Filters the passed text to remove nasty html and turns urls to html links and embeds youtube and vimeo links
* @param [type] $content [description]
* @return [type] [description]
*/
function filter($content)
{
// strip bad stuff
$content = safe_html($content);
// convert links to embedable content TODO much more that that is needed
// taken from http://stackoverflow.com/questions/19050890/find-youtube-link-in-php-string-and-convert-it-into-embed-code
// and from http://stackoverflow.com/questions/28563706/how-to-convert-vimeo-url-to-embed-without-letting-go-of-the-text-around-it
/*
// 1. Youtube
$content = preg_replace(
"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
"<div class=\"embed-responsive embed-responsive-16by9\">
<iframe src=\"//www.youtube.com/embed/$2\" allowfullscreen frameborder=\"0\" class=\"embed-responsive-item\">
</iframe></div>", $content);
// 2. Vimeo
$content = preg_replace('#https?://(www\.)?vimeo\.com/(\d+)#',
'<div class="embed-responsive embed-responsive-16by9">
<iframe class="videoFrame" src="//player.vimeo.com/video/$2" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen class="embed-responsive-item">
</iframe>
</div>',$content);
*/
// add links and returns
return linkUrlsInTrustedHtml($content);
}示例2: label_for
function label_for($record, $attribute, $label)
{
if (!$record instanceof CustomPost\Base) {
throw new CustomPost\RecordNotCustomPost();
}
return safe_html(sprintf('<label for="%s">%s</label>', "{$record->post_type}_{$attribute}", $label));
}示例3: getSearchBox
function getSearchBox()
{
$CMS_TITLE = CMS_TITLE;
$lastquery = "";
if ($_GET['query'] != "") {
$lastquery = safe_html($_GET['query']);
}
if ($_POST['query'] != "") {
$lastquery = safe_html($_POST['query']);
}
global $cmsFolder, $urlRequestRoot, $ICONS;
$searchbox = <<<SEARCH
\t<style type="text/css">
\t\ttable.searchBox{border:1px solid #113377}
\t\t#result_report {
\t\t\ttext-align:center ;
\t\t\tpadding:3px;
\t\t\tbackground-color:#e5ecf9;
\t\t\tfont-weight: bold;
\t\t\tmargin-bottom:14px;
\t\t\tmargin-right: 10px;
\t\t}
\t</style>
\t<fieldset>
\t<legend>{$ICONS['Search']['small']}{$CMS_TITLE} Search</legend>
\t
\t<center>
\t<form action="./+search" method="POST">
\t<table cellspacing="1" cellpadding="5" class="searchBox">
\t\t<tr>
\t\t\t<td align="center">
\t\t\t\t<table>
\t\t\t\t\t<tr>
\t\t\t\t\t\t<td><div align="left"><input type="text" size="40" id="query" name="query" value="{$lastquery}" /></td>
\t\t\t\t\t\t<td><input type="submit" value="Search"/></td>
\t\t\t\t\t</tr>
\t\t\t\t</table>
\t\t\t\t
\t\t\t</td>
\t\t</tr>
\t</table>
\tPowered by <a href="http://www.sphider.eu/" target="_blank"><img src="{$urlRequestRoot}/{$cmsFolder}/templates/common/images/sphider-logo.png" border="0" style="vertical-align: middle" alt="Sphider"></a><br/><br/>
\t</form>
\t</center>
SEARCH;
return $searchbox;
}示例4: bold_tag
function bold_tag($color, $content){
$string= sprintf('<b style="color: %s;">%s</b>', $color, $content);
return safe_html($string);
}示例5: dirname
<?
require dirname(__DIR__) . "/vendor/autoload.php";
Artovenry\Haml::init("", ["debug"=>true]);
render("index", "hoge", ["var"=>safe_html("<i>hoge</i>")]);
示例6: getQuizCorrectForm
/**
* fuction getQuizCorrectForm:
* returns form where user answers submissions will be displayed, marks can be alloted for subjective answers
*/
function getQuizCorrectForm($quizId, $userId)
{
$marks = mysql_fetch_array(mysql_query("SELECT SUM(`quiz_marksallotted`) AS `total`, MIN(`quiz_attemptstarttime`) AS `starttime`, MAX(`quiz_submissiontime`) AS `finishtime`, TIMEDIFF(MAX(`quiz_submissiontime`), MIN(`quiz_attemptstarttime`)) AS `timetaken` FROM `quiz_userattempts` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$quizId}'"));
$title = mysql_fetch_array(mysql_query("SELECT `quiz_title` FROM `quiz_descriptions` WHERE `page_modulecomponentid` = '{$quizId}'"));
$correctFormHtml = "";
$sectionHead = "";
$sections = mysql_query("SELECT `quiz_sections`.`quiz_sectiontitle` AS `quiz_sectiontitle`, `quiz_sections`.`quiz_sectionid` AS `quiz_sectionid`, `quiz_marksallotted` FROM `quiz_userattempts` JOIN `quiz_sections` ON `quiz_userattempts`.`quiz_sectionid` = `quiz_sections`.`quiz_sectionid` WHERE `user_id` = '{$userId}' AND `quiz_userattempts`.`page_modulecomponentid` = '{$quizId}' AND `quiz_sections`.`page_modulecomponentid` = '{$quizId}'");
while ($sectionsRow = mysql_fetch_array($sections)) {
$correctFormHtml .= "<h4>{$sectionsRow['quiz_sectiontitle']}(Marks: {$sectionsRow['quiz_marksallotted']})</h4>";
$sectionHead .= "<td><b>{$sectionsRow['quiz_sectiontitle']}</b> section marks: {$sectionsRow['quiz_marksallotted']}</td>";
$questionQuery = "SELECT `quiz_questions`.`quiz_questionid` AS `quiz_questionid`, " . "`quiz_questions`.`quiz_question` AS `quiz_question`, `quiz_questiontype`, " . "`quiz_rightanswer`, `quiz_submittedanswer`, `quiz_marksallotted`,`quiz_questions`.`quiz_sectionid` " . "FROM `quiz_questions`, `quiz_answersubmissions` WHERE " . "`quiz_questions`.`page_modulecomponentid` = '{$quizId}' AND " . "`quiz_questions`.`page_modulecomponentid` = `quiz_answersubmissions`.`page_modulecomponentid` AND " . "`quiz_questions`.`quiz_sectionid` = `quiz_answersubmissions`.`quiz_sectionid` AND " . "`quiz_questions`.`quiz_questionid` = `quiz_answersubmissions`.`quiz_questionid` AND " . "`quiz_questions`.`quiz_sectionid` = '{$sectionsRow['quiz_sectionid']}' AND " . "`user_id` = '{$userId}' ORDER BY `quiz_answersubmissions`.`quiz_questionrank`";
$questionResult = mysql_query($questionQuery);
if (!$questionResult) {
displayerror($questionQuery . '<br />' . mysql_error());
}
while ($questionRow = mysql_fetch_assoc($questionResult)) {
$correctFormHtml .= '<table class="quiz_' . (is_null($questionRow['quiz_marksallotted']) || floatval($questionRow['quiz_marksallotted']) <= 0 ? 'wrong' : 'right') . "answer\"><tr><td colspan=\"2\">{$questionRow['quiz_question']}</td></tr>\n";
if ($questionRow['quiz_questiontype'] == 'subjective') {
$submittedAnswers = array();
$submittedAnswers[] = $questionRow['quiz_submittedanswer'];
$correctAnswers = array();
$correctAnswers[] = $questionRow['quiz_rightanswer'];
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Correct Answer:</td><td>' . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td>Mark:</td><td><form method=POST action='./+correct&useremail=" . safe_html($_GET['useremail']) . "'><input type=hidden name=quizid value='{$quizId}'><input type=hidden name=sectionid value={$questionRow['quiz_sectionid']}><input type=hidden name=questionid value={$questionRow['quiz_questionid']}><input type=hidden name=userid value={$userId}><input type=text name=mark size=5 value='{$questionRow['quiz_marksallotted']}'><input type=submit value='Submit' name=btnSetMark></form></td></tr>";
} elseif ($questionRow['quiz_questiontype'] == 'sso' || $questionRow['quiz_questiontype'] == 'mso') {
$optionList = getQuestionOptionList($quizId, $sectionsRow['quiz_sectionid'], $questionRow['quiz_questionid']);
$options = array();
for ($i = 0; $i < count($optionList); ++$i) {
$options[$optionList[$i]['quiz_optionid']] = $optionList[$i];
}
$correctAnswers = array();
$rightAnswerIds = explode('|', $questionRow['quiz_rightanswer']);
for ($i = 0; $i < count($rightAnswerIds); ++$i) {
$correctAnswers[] = $options[$rightAnswerIds[$i]]['quiz_optiontext'];
}
$submittedAnswers = array();
$submittedAnswerIds = explode('|', $questionRow['quiz_submittedanswer']);
for ($i = 0; $i < count($submittedAnswerIds); ++$i) {
$submittedAnswers[] = $options[$submittedAnswerIds[$i]]['quiz_optiontext'];
}
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td nowrap=\"nowrap\" width=\"10%\">Correct Answer:</td><td>" . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td>Mark:</td><td>{$questionRow['quiz_marksallotted']}</td></tr>";
}
$correctFormHtml .= "</table>\n";
}
}
$quizcorrectinfo = "<h3>{$title['quiz_title']} - Quiz Answers Correct form for user: " . safe_html($_GET['useremail']) . "</h3><form name='userclearform' method='POST' action='./+correct'><a href='./+correct'><<Back</a> <input type='hidden' name='hdnUserId' id='hdnUserId' value='{$userId}' /><input type='submit' name='btnDeleteUser' id='btnDeleteUser' value='Reject Submission' /></form><table width=100%><tr><td>Total marks: {$marks['total']}</td>{$sectionHead}<td>Start time: {$marks['starttime']}</td><td>Finish time: {$marks['finishtime']}</td><td>Time taken: {$marks['timetaken']}</td></tr></table>";
$correctFormHtml .= "<a href='./+correct'><<Back</a>";
return $quizcorrectinfo . $correctFormHtml;
}示例7: show_wall
function show_wall()
{
global $user, $config, $keyword, $search_mode, $page_name;
?>
<table>
<tr>
<td align="center"><b>Name</b></td>
<td align="center"><b>Message</b></td>
<td align="center"><b> </b></td>
</tr>
<form action="<?php
echo $page_name;
?>
" method="post">
<td align="center"><b><input type="text" value="<?php
echo $user->get_name();
?>
" name="author"></td>
<td align="center"><b><textarea rows="2" name="message" style="width:100%"></textarea></td>
<td align="center"><input type="submit" value="Post"><input type="hidden" name="post_message" value=true></td>
<input type="hidden" name="post_message" value=true>
</form>
<?php
$author_sql = 'select distinct ip,author from ( select * from ' . $config[dbwall] . ' ORDER BY time DESC limit 40) as foo ;';
$sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
#send query to mysql
$wall = MySQL_query($sql);
$wall_line_number = 0;
#show messages on wall
while ($row = MySQL_fetch_array($wall)) {
$class = $wall_line_number % 2 ? 'class="online_even"' : 'class="online_odd"';
$i = 0;
$query = MySQL_query($author_sql);
while ($author_row = MySQL_fetch_array($query)) {
if (strcasecmp($author_row['author'], $row['author']) == 0 and $author_row['ip'] == $row['ip']) {
$author_number = $i;
#so one color for each author
break;
}
$i++;
}
echo "<tr {$class}>";
echo "<td class='wallname wallcolour" . $author_number % 13 . "' >" . safe_html(stripslashes($row['author'])) . "</td>";
echo "<td align='center' >" . safe_html(stripslashes($row['message'])) . "</td>";
echo "<td align='center' style='font-size:x-small'>" . date("H:i", strtotime(stripslashes($row['time']))) . "<br>" . date("M d", strtotime(stripslashes($row['time']))) . "</td>";
echo "</tr>";
#produce readable HTML by having a new line here
echo "\r\n";
$wall_line_number++;
}
?>
</table>
<?php
}示例8: MySQL_query
?>
<?php
include 'common.php';
$sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
$wall = MySQL_query($sql);
?>
<rss version="2.0">
<channel>
<?php
echo "\r\n";
echo '<title>' . $config[website_name] . '</title>';
echo '<link>' . $config[web_address] . '</link>';
echo '<description>Feed for comments on the ' . $config[website_name] . ' wall</description>';
echo "\r\n";
while ($row = MySQL_fetch_array($wall)) {
echo '<item>';
echo '<title>' . safe_html($row['author']) . '</title>';
echo '<link> ' . $config[web_address] . '</link>';
echo '<description>' . safe_html(stripslashes($row['message'])) . '</description>';
echo '</item>';
echo "\r\n";
}
?>
</channel>
</rss>
示例9: connect
connect();
///Authentication process begins here
require_once $sourceFolder . "/authenticate.lib.php";
$cookieSupported = checkCookieSupport();
if ($cookieSupported == true) {
session_start();
}
$userId = firstTimeGetUserId();
///Case 1 : request a page
if (isset($_GET['page'])) {
$_GET['page'] = escape($_GET['page']);
$pageFullPath = strtolower($_GET['page']);
} else {
if (isset($_GET['user'])) {
$publicPageRequest = true;
$userProfileId = safe_html(escape($_GET['user']));
//This is just to prevent parsing a NULL url when someone misplaces the code for User profile parser
$pageFullPath = "home";
} else {
$pageFullPath = "home";
}
}
///Retrieve the action, default is "view"
if (isset($_GET['action'])) {
$action = strtolower(escape($_GET['action']));
} else {
$action = "view";
}
///Just to check if server is alive, an alternative of Ping
if ($action == 'keepalive') {
die("OK: " . rand());示例10: resetPasswd
/**
* @package pragyan
* @copyright (c) 2010 Pragyan Team
* @license http://www.gnu.org/licenses/ GNU Public License
* For more details, see README
*/
function resetPasswd($allow_login)
{
if (!isset($_POST['user_email']) && !isset($_GET['key'])) {
$resetPasswd = <<<RESET
\t\t\t\t\t<form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
\t\t\t\t\t\t<fieldset>
\t\t\t\t\t\t<legend>Reset Password</legend>
\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><label for="user_email" class="labelrequired">Email</label></td>
\t\t\t\t\t\t\t\t\t<td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td colspan="2"> </td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t\t\t\t\t\t\t<td>
RESET;
if ($allow_login) {
$resetPasswd .= "<a href='./+login&subaction=register'>Sign Up</a> ";
}
$resetPasswd .= "<a href='./+login'>Login</a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>";
return $resetPasswd;
} elseif (!isset($_GET['key'])) {
$user_email = escape($_GET['user_email']);
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", escape($_POST['user_email']))) {
displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} else {
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . escape($_POST[user_email]) . "' ";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
if (mysql_num_rows($result) == 0) {
displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} elseif ($temp['user_loginmethod'] === 'openid') {
displayerror("This email is registered as an OpenID user. You do not have a permanent account on our server. Hence, we do not keep or maintain your password. Please ask the parent OpenID provider to reset the password for you");
} elseif ($temp['user_activated'] == 0) {
displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} else {
$key = md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2));
// send mail code starts here - see common.lib.php for more
// $from = "no-reply@pragyan.org";
$to = "{$temp['user_email']}";
$mailtype = "password_forgot_reset";
$language = "en";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('RESETPASS_URL' => "{$onlineSiteUrl}/+login&subaction=resetPasswd&resetPasswd={$temp['user_email']}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key)) {
displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
} else {
displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
}
// send mail code ends here
}
}
} else {
$key = escape($_GET['key']);
$user_email = escape($_GET['resetPasswd']);
$password = rand();
$dbpassword = md5($password);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
if ($key == md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2))) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_password`='{$dbpassword}' WHERE `user_email`='{$user_email}'";
$result = mysql_query($query);
if (mysql_affected_rows() > 0) {
// send mail code starts here
// $from = "no-reply@pragyan.org";
$to = "{$temp['user_email']}";
$mailtype = "password_reset";
$language = "en";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('PASSWORD' => "{$password}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key)) {
displayinfo("Password reset. Kindly check your e-mail.");
} else {
displayerror("Password reset failed. Kindly contact administrator");
}
// send mail code ends here
}
} else {
displayinfo(safe_html("Authentication failure for password reset for {$user_email}"));
}
}
return "";
}示例11: updateGlobalSettings
function updateGlobalSettings()
{
$global = array();
$global['allow_pagespecific_header'] = isset($_POST['allow_page_header']) ? 1 : 0;
$global['allow_pagespecific_template'] = isset($_POST['allow_page_template']) ? 1 : 0;
$global['default_user_activate'] = isset($_POST['activate_useronreg']) ? 1 : 0;
$global['default_mail_verify'] = isset($_POST['send_mail_on_reg']) ? 1 : 0;
$global['breadcrumb_submenu'] = isset($_POST['breadcrumb_submenu']) ? 1 : 0;
$global['allow_login'] = isset($_POST['allow_login']) ? 1 : 0;
$global['deadline_notify'] = $_POST['deadline_notify'];
$global['cms_title'] = escape($_POST['cms_title']);
$global['default_template'] = escape($_POST['default_template']);
$global['cms_email'] = escape($_POST['cms_email']);
$global['upload_limit'] = escape($_POST['upload_limit']);
$global['reindex_frequency'] = escape($_POST['reindex_frequency']);
$global['cms_desc'] = escape($_POST['cms_desc']);
$global['cms_keywords'] = escape($_POST['cms_keywords']);
$global['cms_footer'] = escape($_POST['cms_footer']);
$global['blacklist_domain'] = escape($_POST['blacklist_domain']);
$global['blacklist_ip'] = escape($_POST['blacklist_ip']);
$global['censor_words'] = safe_html($_POST['censor_words']);
$blacklist_domain = safe_html($_POST['blacklist_domain']);
$blacklist_ip = safe_html($_POST['blacklist_ip']);
if (!($blacklist_domain == "" && $blacklist_ip == "")) {
setblacklist($blacklist_domain, $blacklist_ip);
}
if (isset($_POST['openid_enabled']) && escape($_POST['openid_enabled'] == 'true')) {
if (iscurlinstalled()) {
//check if curl is enabled
$global['openid_enabled'] = 'true';
} else {
global $curl_message;
displaywarning($curl_message);
//dispaly warnning that curl is not enabled
$global['openid_enabled'] = 'false';
//disable openid
}
} else {
//if user submitted false
$global['openid_enabled'] = 'false';
}
//disable openid
if (isset($_POST['recaptcha_enable'])) {
if ($_POST['public_key'] != NULL && $_POST['private_key'] != NULL) {
$global['recaptcha'] = '1';
// enable recaptcha
$global['recaptcha_public'] = escape($_POST['public_key']);
$global['recaptcha_private'] = escape($_POST['private_key']);
} else {
displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
//dispaly warning
$global['recaptcha'] = '0';
//disable recaptcha
}
} else {
$global['recaptcha'] = '0';
}
setGlobalSettings($global);
displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
}示例12: mailer
function mailer($to, $mailtype, $key, $from)
{
if (empty($from)) {
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
}
//init mail template file path
$mail_filepath = MAILPATH . "/" . LANGUAGE . "/email/{$mailtype}.txt";
$drop_header = '';
if (!file_exists($mail_filepath)) {
displayerror(safe_html("NO FILE called {$mail_filepath} FOUND !"));
}
//check file
if (($data = @file_get_contents($mail_filepath)) === false) {
displayerror("{$mail_filepath} FILE READ ERROR !");
}
//read contents
//escape quotes
$body = str_replace("'", "\\'", $data);
//replace the vars in file content with those defined
$body = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . ((isset(\$this->vars['\\1'])) ? \$this->vars['\\1'] : '') . '", $body);
//Make the content parseable
eval("\$body = '{$body}';");
//Extract the SUBJECT from mail content
$match = array();
if (preg_match('#^(Subject:(.*?))$#m', $body, $match)) {
//Find SUBJECT
$subject = trim($match[2]) != '' ? trim($match[2]) : $subject;
$drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
}
if ($drop_header) {
//Remove SUBJECT from BODY of mail
$body = trim(preg_replace('#' . $drop_header . '#s', '', $body));
}
//Debug info
//echo displayinfo($from.' <br> '.$to.' <br> '.$subject.' <br> '.$body);
//Send mail
global $debugSet;
if ($debugSet == "on") {
displayinfo("Vars :" . arraytostring($this->vars));
displayinfo("Mail sent to {$to} from {$from} with subject {$subject} and body {$body}");
}
return mail($to, $subject, $body, $from);
}示例13: install_head
install_head("设置管理员账号密码");
echo_start();
echo_msg("设置管理员账号密码" . HR);
form_start("install.php?act=admin_ok");
echo_msg("管理员账号:", "<input type='text' name='user' value='admin'>", true);
echo_msg("管理员密码:", "<input type='text' name='pass' value='admin'>", true);
echo_msg("管理员邮箱:", "<input type='text' name='email' value='admin@admin.com'>", true);
echo_msg(HR);
echo_msg(button("submit", "下一步"));
echo_end();
form_end();
install_foot();
} elseif ($sysact == "admin_ok") {
$user = safe_html($user);
$pass = safe_html($pass);
$email = safe_html($email);
if (!$user) {
error("管理员账号不能为空", "admin");
}
if (!$pass) {
error("管理员密码不能为空", "admin");
}
if (!file_exists("config.php")) {
error("config.php配置文件不存在,请返回修改", "setconfig", "设置config.php文件");
}
if (!file_exists("install.sql")) {
error("install.sql 文件不存在,请上传...", "incsql", "下一步");
}
include_once "config.php";
include_once "class/db/mysql.php";
$DB = new DB_SQL($dbHost, $dbUser, $dbPass);示例14: safe_html
function safe_html($var)
{
if (!is_array($var)) {
return $var === NULL ? NULL : htmlspecialchars($var, ENT_QUOTES, 'UTF-8');
// htmlspecialchars keeps ñ, á and all the UTF-8 valid chars
}
$safe_array = array();
foreach ($var as $k => $v) {
$safe_array[$k] = is_array($v) ? safe_html($v) : ($v === NULL ? NULL : htmlspecialchars($v, ENT_QUOTES, 'UTF-8'));
}
return $safe_array;
}示例15: handleTemplateManagement
function handleTemplateManagement()
{
global $sourceFolder;
if (isset($_POST['btn_install'])) {
$uploadId = processUploaded("Template");
if ($uploadId != -1) {
return installModule($uploadId, "Template");
}
} else {
if (isset($_POST['btn_uninstall'])) {
$query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
$res = mysql_query($query);
$row1 = array();
$row1 = mysql_fetch_row($res);
if (!isset($_POST['Template']) || $_POST['Template'] == "") {
return "";
}
$toDelete = escape($_POST['Template']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
$query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
$result2 = mysql_query($query2) or displayerror(mysql_error());
if ($row1[0] == $toDelete) {
displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
return "";
}
if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) {
if ($row = mysql_fetch_array(mysql_query($query))) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
mysql_query($query);
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'";
mysql_query($query) or displayerror(mysql_error());
$templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
if (file_exists($templateDir)) {
delDir($templateDir);
}
displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!");
return "";
} else {
displayerror("Template uninstallation failed!");
return "";
}
}
$pageList = "";
while ($row = mysql_fetch_assoc($result2)) {
$pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
}
$templatename = safe_html($_POST['Template']);
$ret = <<<RET
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Template Management</legend>
Some of the page with {$templatename} template are:<br>
{$pageList}
<div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
<form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
<input type=hidden value='{$templatename}' name='Template' />
<input type=submit value='Delete template' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
return $ret;
}
}
/*
this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
so template installation is also merged with module and widget installation,
but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
are missing in that installation, these will remain commented for reference till those features are implemented the other way
else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize')
{
$issues = "";
$ret = reportIssues(escape($_POST['path']),$issues);
if($ret[0] == 1)
{
displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
delDir(escape($_POST['del']));
unlink(escape($_POST['file']));
return "";
}
$templates=getAvailableTemplates();
$flag=false;
foreach ($templates as $template)
if($template==$_POST['template'])
{
$flag=true;
break;
}
if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/"))
{
displayerror("Template Installation failed : A folder by the template name already exists.");
$templatePath=safe_html($_POST['del']);
$str=safe_html($_POST['file']);
$ret=<<<RET
<form method=POST action='./+admin&subaction=canceltemplate'>
Please click the following button to start a fresh installation :
<input type=hidden name='path' value='{$templatePath}'>
<input type=hidden name='file' value='{$str}'>
<input type=submit value="Fresh Installation">
//.........这里部分代码省略.........