当前位置: 首页>>代码示例>>PHP>>正文


PHP Security::remove_XSS方法代码示例

本文整理汇总了PHP中Security::remove_XSS方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::remove_XSS方法的具体用法?PHP Security::remove_XSS怎么用?PHP Security::remove_XSS使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Security的用法示例。


在下文中一共展示了Security::remove_XSS方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: __construct

 /**
  * constructor
  * @path the path to a folder
  * @calculateSubdir force to get the subdirectories information
  */
 function __construct($path = null, $calculateSubdir = true)
 {
     $this->calculateSubdir = $calculateSubdir;
     if (defined('CONFIG_SYS_FOLDER_SHOWN_ON_TOP')) {
         $this->forceFolderOnTop = CONFIG_SYS_FOLDER_SHOWN_ON_TOP;
     }
     if (!is_null($path)) {
         $this->currentFolderPath = $path;
     } elseif (isset($_GET[$this->folderPathIndex]) && file_exists(base64_decode($_GET[$this->folderPathIndex])) && !is_file(base64_decode($_GET[$this->folderPathIndex]))) {
         $this->currentFolderPath = api_htmlentities(Security::remove_XSS($_GET[$this->folderPathIndex]));
     } elseif (isset($_SESSION[$this->lastVisitedFolderPathIndex]) && file_exists($_SESSION[$this->lastVisitedFolderPathIndex]) && !is_file($_SESSION[$this->lastVisitedFolderPathIndex])) {
         $this->currentFolderPath = $_SESSION[$this->lastVisitedFolderPathIndex];
     } else {
         $this->currentFolderPath = CONFIG_SYS_DEFAULT_PATH;
     }
     $this->currentFolderPath = isUnderRoot($this->getCurrentFolderPath()) ? backslashToSlash(addTrailingSlash($this->getCurrentFolderPath())) : $this->currentFolderPath;
     $this->currentFolderPath = base64_encode($this->currentFolderPath);
     if ($this->calculateSubdir) {
         // keep track of this folder path in session
         $_SESSION[$this->lastVisitedFolderPathIndex] = $this->currentFolderPath;
     }
     if (is_dir($this->getCurrentFolderPath())) {
         $file = new file($this->getCurrentFolderPath());
         $folderInfo = $file->getFileInfo();
         if (sizeof($folderInfo)) {
             //for Chamilo in a name folder, replace num user by user names
             if (preg_match('/sf_user_/', basename($this->getCurrentFolderPath()))) {
                 $userinfo = api_get_user_info(substr(basename($this->getCurrentFolderPath()), 8));
                 $this->currentFolderInfo['name'] = $userinfo['complete_name'];
             } else {
                 $this->currentFolderInfo['name'] = str_replace('_', ' ', basename($this->getCurrentFolderPath()));
                 //for Chamilo. Prevent long directory name
             }
             if (preg_match('/shared_folder/', basename($this->getCurrentFolderPath()))) {
                 $this->currentFolderInfo['name'] = get_lang('UserFolders');
             }
             if (preg_match('/shared_folder_session_/', basename($this->getCurrentFolderPath()))) {
                 $session = explode('_', basename($this->getCurrentFolderPath()));
                 $session = strtolower($session[sizeof($session) - 1]);
                 $this->currentFolderInfo['name'] = get_lang('UserFolders') . ' (' . api_get_session_name($session) . ')*';
             }
             //end Chamilo
             $this->currentFolderInfo['subdir'] = 0;
             $this->currentFolderInfo['file'] = 0;
             $this->currentFolderInfo['ctime'] = $folderInfo['ctime'];
             $this->currentFolderInfo['mtime'] = $folderInfo['mtime'];
             $this->currentFolderInfo['is_readable'] = $folderInfo['is_readable'];
             $this->currentFolderInfo['is_writable'] = $folderInfo['is_writable'];
             $this->currentFolderInfo['path'] = $this->getCurrentFolderPath();
             $this->currentFolderInfo['path_base64'] = base64_encode($this->getCurrentFolderPath());
             $this->currentFolderInfo['friendly_path'] = transformFilePath($this->getCurrentFolderPath());
             $this->currentFolderInfo['type'] = 'folder';
             $this->currentFolderInfo['cssClass'] = 'folder';
             //$this->currentFolderInfo['flag'] = $folderInfo['flag'];
         }
     }
     if ($calculateSubdir && !file_exists($this->getCurrentFolderPath())) {
         die(ERR_FOLDER_NOT_FOUND . $this->getCurrentFolderPath());
     }
 }
开发者ID:annickvdp,项目名称:Chamilo1.9.10,代码行数:65,代码来源:class.manager.php

示例2: read

 /**
  * Read file and returns an array filled up with its' content.
  * 
  * @return array of objects
  */
 protected function read()
 {
     $result = array();
     $path = $this->path;
     if (!is_readable($path)) {
         return array();
     }
     $items = \Import::csv_reader($path);
     foreach ($items as $item) {
         $item = (object) $item;
         $title = isset($item->title) ? trim($item->title) : '';
         $content = isset($item->content) ? trim($item->content) : '';
         $type = isset($item->type) ? trim($item->type) : '';
         $title = \Security::remove_XSS($title);
         $content = \Security::remove_XSS($content);
         $type = \Security::remove_XSS($type);
         $is_blank_line = empty($title) && empty($content) && empty($type);
         if ($is_blank_line) {
             continue;
         }
         $type = CourseDescriptionType::repository()->find_one_by_name($type);
         $type_id = $type ? $type->id : 0;
         $description = CourseDescription::create();
         $description->title = $title;
         $description->content = $content;
         $description->description_type = $type_id;
         $result[] = $description;
     }
     return $result;
 }
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:35,代码来源:csv_reader.class.php

示例3: check_download_survey

/**
 *	@package chamilo.survey
 *	@author Arnaud Ligot <arnaud@cblue.be>
 *	@version $Id: $
 *
 *	A small peace of code to enable user to access images included into survey
 *	which are accessible by non authenticated users. This file is included
 *	by document/download.php
 */
function check_download_survey($course, $invitation, $doc_url)
{
    require_once 'survey.lib.php';
    // Getting all the course information
    $_course = CourseManager::get_course_information($course);
    $course_id = $_course['real_id'];
    // Database table definitions
    $table_survey = Database::get_course_table(TABLE_SURVEY);
    $table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
    $table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
    $table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);
    // Now we check if the invitationcode is valid
    $sql = "SELECT * FROM {$table_survey_invitation} WHERE c_id = {$course_id} AND invitation_code = '" . Database::escape_string($invitation) . "'";
    $result = Database::query($sql);
    if (Database::num_rows($result) < 1) {
        Display::display_error_message(get_lang('WrongInvitationCode'), false);
        Display::display_footer();
        exit;
    }
    $survey_invitation = Database::fetch_assoc($result);
    // Now we check if the user already filled the survey
    if ($survey_invitation['answered'] == 1) {
        Display::display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
        Display::display_footer();
        exit;
    }
    // Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
    // Fetch survey ID
    // If this is the case there will be a language choice
    $sql = "SELECT * FROM {$table_survey} WHERE c_id = {$course_id} AND code='" . Database::escape_string($survey_invitation['survey_code']) . "'";
    $result = Database::query($sql);
    if (Database::num_rows($result) > 1) {
        if ($_POST['language']) {
            $survey_invitation['survey_id'] = $_POST['language'];
        } else {
            echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . Security::remove_XSS($_GET['course']) . '&invitationcode=' . Security::remove_XSS($_GET['invitationcode']) . '">';
            echo '  <select name="language">';
            while ($row = Database::fetch_assoc($result)) {
                echo '<option value="' . $row['survey_id'] . '">' . $row['lang'] . '</option>';
            }
            echo '</select>';
            echo '  <input type="submit" name="Submit" value="' . get_lang('Ok') . '" />';
            echo '</form>';
            display::display_footer();
            exit;
        }
    } else {
        $row = Database::fetch_assoc($result);
        $survey_invitation['survey_id'] = $row['survey_id'];
    }
    $sql = "SELECT count(*) FROM {$table_survey} WHERE c_id = {$course_id} AND survey_id = " . $survey_invitation['survey_id'] . "\n\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\ttitle LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t\tor subtitle LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t\tor intro LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t\tor surveythanks LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t)\n\t\tunion select count(*) from {$table_survey_question}  where c_id = {$course_id} AND survey_id = " . $survey_invitation['survey_id'] . "\n\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\tsurvey_question LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t\tor survey_question_comment LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t)\n\t\tunion select count(*) from {$table_survey_question_option} where c_id = {$course_id} AND survey_id = " . $survey_invitation['survey_id'] . "\n\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\toption_text LIKE '%{$doc_url}%'\n\t\t\t\t\t\t\t\t)";
    $result = Database::query($sql);
    if (Database::num_rows($result) == 0) {
        Display::display_error_message(get_lang('WrongInvitationCode'), false);
        Display::display_footer();
        exit;
    }
    return $_course;
}
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:68,代码来源:survey.download.inc.php

示例4: modify_filter

/**
 * Filter for sortable table to display edit icons for class
 */
function modify_filter($class_id)
{
    $class_id = Security::remove_XSS($class_id);
    $result = '<a href="class_information.php?id=' . $class_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a>';
    $result .= ' <a href="class_edit.php?idclass=' . $class_id . '">' . Display::return_icon('edit.png', get_lang('Edit')) . '</a>';
    $result .= ' <a href="subscribe_user2class.php?idclass=' . $class_id . '">' . Display::return_icon('add_multiple_users.gif', get_lang('AddUsersToAClass')) . '</a>';
    $result .= ' <a href="class_list.php?action=delete_class&amp;class_id=' . $class_id . '" onclick="javascript: if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete')) . '</a>';
    return $result;
}
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:12,代码来源:class_list.php

示例5: build_simple_search

 protected function build_simple_search()
 {
     if (isset($_GET['search']) && !empty($_GET['search'])) {
         $this->setDefaults(array('keyword' => Security::remove_XSS($_GET['search'])));
     }
     $renderer =& $this->defaultRenderer();
     $renderer->setCustomElementTemplate('<span>{element}</span> ');
     $this->addElement('text', 'keyword', '');
     $this->addButtonSearch(get_lang('Search'), 'submit');
 }
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:10,代码来源:userform.class.php

示例6: heartbeat

 /**
  * Refreshes the chat windows (usually called every x seconds through AJAX)
  * @return void (prints JSON array of chat windows)
  */
 public function heartbeat()
 {
     $to_user_id = api_get_user_id();
     $minutes = 60;
     $now = time() - $minutes * 60;
     $now = api_get_utc_datetime($now);
     //OR  sent > '$now'
     $sql = "SELECT * FROM " . $this->table . "\n                WHERE to_user = '" . intval($to_user_id) . "' AND ( recd  = 0 ) ORDER BY id ASC";
     $result = Database::query($sql);
     $chat_list = array();
     while ($chat = Database::fetch_array($result, 'ASSOC')) {
         $chat_list[$chat['from_user']]['items'][] = $chat;
     }
     $items = array();
     foreach ($chat_list as $from_user_id => $rows) {
         $rows = $rows['items'];
         $user_info = api_get_user_info($from_user_id, true);
         //Cleaning tsChatBoxes
         unset($_SESSION['tsChatBoxes'][$from_user_id]);
         foreach ($rows as $chat) {
             $chat['message'] = Security::remove_XSS($chat['message']);
             $item = array('s' => '0', 'f' => $from_user_id, 'm' => $chat['message'], 'username' => $user_info['complete_name'], 'id' => $chat['id']);
             $items[$from_user_id]['items'][] = $item;
             $items[$from_user_id]['user_info']['user_name'] = $user_info['complete_name'];
             $items[$from_user_id]['user_info']['online'] = $user_info['user_is_online'];
             $_SESSION['openChatBoxes'][$from_user_id] = api_strtotime($chat['sent'], 'UTC');
         }
         $_SESSION['chatHistory'][$from_user_id]['items'][] = $item;
         $_SESSION['chatHistory'][$from_user_id]['user_info']['user_name'] = $user_info['complete_name'];
         $_SESSION['chatHistory'][$from_user_id]['user_info']['online'] = $user_info['user_is_online'];
     }
     if (!empty($_SESSION['openChatBoxes'])) {
         foreach ($_SESSION['openChatBoxes'] as $user_id => $time) {
             if (!isset($_SESSION['tsChatBoxes'][$user_id])) {
                 $now = time() - $time;
                 $time = api_convert_and_format_date($time, DATE_TIME_FORMAT_SHORT_TIME_FIRST);
                 $message = sprintf(get_lang('SentAtX'), $time);
                 if ($now > 180) {
                     $item = array('s' => '2', 'f' => $user_id, 'm' => $message);
                     if (isset($_SESSION['chatHistory'][$user_id])) {
                         $_SESSION['chatHistory'][$user_id]['items'][] = $item;
                     }
                     $_SESSION['tsChatBoxes'][$user_id] = 1;
                 }
             }
         }
     }
     //print_r($_SESSION['chatHistory']);
     $sql = "UPDATE " . $this->table . " SET recd = 1 WHERE to_user = '" . $to_user_id . "' AND recd = 0";
     Database::query($sql);
     if ($items != '') {
         //$items = substr($items, 0, -1);
     }
     echo json_encode(array('items' => $items));
 }
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:59,代码来源:chat.lib.php

示例7: get_description_data

 /**
  * Get all data of course description by session id,
  * first you must set session_id property with the object CourseDescription
  * @return array
  */
 public function get_description_data()
 {
     $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION);
     $condition_session = api_get_session_condition($this->session_id, true, true);
     $course_id = api_get_course_int_id();
     $sql = "SELECT * FROM {$tbl_course_description}\n\t\t        WHERE c_id = {$course_id} {$condition_session}\n\t\t        ORDER BY id ";
     $rs = Database::query($sql);
     $data = array();
     while ($description = Database::fetch_array($rs)) {
         $data['descriptions'][$description['id']] = Security::remove_XSS($description, STUDENT);
     }
     return $data;
 }
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:18,代码来源:course_description.lib.php

示例8: print_course_last_visit

 /**
  * Shows statistics about the time of last visit to each course.
  */
 static function print_course_last_visit()
 {
     $access_url_rel_course_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
     $current_url_id = api_get_current_access_url_id();
     $columns[0] = 'c_id';
     $columns[1] = 'access_date';
     $sql_order[SORT_ASC] = 'ASC';
     $sql_order[SORT_DESC] = 'DESC';
     $per_page = isset($_GET['per_page']) ? intval($_GET['per_page']) : 10;
     $page_nr = isset($_GET['page_nr']) ? intval($_GET['page_nr']) : 1;
     $column = isset($_GET['column']) ? intval($_GET['column']) : 0;
     $date_diff = isset($_GET['date_diff']) ? intval($_GET['date_diff']) : 60;
     if (!in_array($_GET['direction'], array(SORT_ASC, SORT_DESC))) {
         $direction = SORT_ASC;
     } else {
         $direction = isset($_GET['direction']) ? $_GET['direction'] : SORT_ASC;
     }
     $form = new FormValidator('courselastvisit', 'get');
     $form->addElement('hidden', 'report', 'courselastvisit');
     $form->add_textfield('date_diff', get_lang('Days'), true);
     $form->addRule('date_diff', 'InvalidNumber', 'numeric');
     $form->addElement('style_submit_button', 'submit', get_lang('Search'), 'class="search"');
     if (!isset($_GET['date_diff'])) {
         $defaults['date_diff'] = 60;
     } else {
         $defaults['date_diff'] = Security::remove_XSS($_GET['date_diff']);
     }
     $form->setDefaults($defaults);
     $form->display();
     $values = $form->exportValues();
     $date_diff = $values['date_diff'];
     $table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
     $tableCourse = Database::get_main_table(TABLE_MAIN_COURSE);
     if (api_is_multiple_url_enabled()) {
         $sql = "SELECT access_date, c.code FROM {$table} s , {$access_url_rel_course_table} u, {$tableCourse} c\n                    WHERE c.id = u.c_id AND c.id = s.c_id AND access_url_id='" . $current_url_id . "' " . "GROUP BY access_cours_code " . "HAVING s.c_id <> '' " . "AND DATEDIFF( '" . date('Y-m-d h:i:s') . "' , access_date ) <= " . $date_diff;
     } else {
         $sql = "SELECT access_date, c.code FROM {$table} , {$tableCourse} c\n                    WHERE c_id = c.id\n                    GROUP BY c_id\n                    HAVING c_id <> ''AND\n                    DATEDIFF( '" . date('Y-m-d h:i:s') . "' , access_date ) <= " . $date_diff;
     }
     $res = Database::query($sql);
     $number_of_courses = Database::num_rows($res);
     $sql .= ' ORDER BY ' . $columns[$column] . ' ' . $sql_order[$direction];
     $from = ($page_nr - 1) * $per_page;
     $sql .= ' LIMIT ' . $from . ',' . $per_page;
     echo '<p>' . get_lang('LastAccess') . ' &gt;= ' . $date_diff . ' ' . get_lang('Days') . '</p>';
     $res = Database::query($sql);
     if (Database::num_rows($res) > 0) {
         $courses = array();
         while ($obj = Database::fetch_object($res)) {
             $course = array();
             $course[] = '<a href="' . api_get_path(WEB_PATH) . 'courses/' . $obj->code . '">' . $obj->code . ' <a>';
             //Allow sort by date hiding the numerical date
             $course[] = '<span style="display:none;">' . $obj->access_date . '</span>' . api_convert_and_format_date($obj->access_date);
             $courses[] = $course;
         }
         $parameters['date_diff'] = $date_diff;
         $parameters['report'] = 'courselastvisit';
         $table_header[] = array(get_lang("CourseCode"), true);
         $table_header[] = array(get_lang("LastAccess"), true);
         Display::display_sortable_table($table_header, $courses, array('column' => $column, 'direction' => $direction), array(), $parameters);
     } else {
         echo get_lang('NoSearchResults');
     }
 }
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:66,代码来源:statistics.lib.php

示例9: get_lang

 if (!empty($production_list) || !empty($file_list) || $count_pending_invitations > 0) {
     //Pending invitations
     if (!isset($_GET['u']) || isset($_GET['u']) && $_GET['u'] == api_get_user_id()) {
         if ($count_pending_invitations > 0) {
             $invitations = '<div><h3>' . get_lang('PendingInvitations') . '</h3></div>';
             for ($i = 0; $i < $count_pending_invitations; $i++) {
                 $user_invitation_id = $pending_invitations[$i]['user_sender_id'];
                 $invitations .= '<div id="dpending_' . $user_invitation_id . '" class="friend_invitations">';
                 $invitations .= '<div style="float:left;width:60px;" >';
                 $invitations .= '<img style="margin-bottom:5px;"' . ' src="' . $list_get_path_web[$i]['dir'] . '/' . $list_get_path_web[$i]['file'] . '"' . ' width="60px">';
                 $invitations .= '</div>';
                 $invitations .= '<div style="padding-left:70px;">';
                 $user_invitation_info = api_get_user_info($user_invitation_id);
                 $invitations .= '<a href="' . api_get_path(WEB_PATH) . 'main/social/profile.php' . '?u=' . $user_invitation_id . '">' . api_get_person_name($user_invitation_info['firstname'], $user_invitation_info['lastname']) . '</a>';
                 $invitations .= '<br />';
                 $invitations .= Security::remove_XSS(cut($pending_invitations[$i]['content'], 50), STUDENT, true);
                 $invitations .= '<br />';
                 $invitations .= '<a id="btn_accepted_' . $user_invitation_id . '"' . ' class="btn btn-default" onclick="register_friend(this)" href="javascript:void(0)">' . get_lang('SocialAddToFriends') . '</a>';
                 $invitations .= '<div id="id_response"></div>';
                 $invitations .= '</div>';
                 $invitations .= '</div>';
             }
             $socialRightInformation .= SocialManager::social_wrapper_div($invitations, 4);
         }
     }
     // Productions
     $production_list = UserManager::build_production_list($user_id);
     $product_content = '';
     if (!empty($production_list)) {
         $product_content .= '<div><h3>' . get_lang('MyProductions') . '</h3></div>';
         $product_content .= $production_list;
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:31,代码来源:profile.php

示例10: header

    if (isset($_POST['group_members']) && count($_POST['group_members']) > $max_member && $max_member != GroupManager::MEMBER_PER_GROUP_NO_LIMIT) {
        Display::addFlash(Display::return_message(get_lang('GroupTooMuchMembers'), 'warning'));
        header('Location: group.php?' . api_get_cidreq(true, false));
    } else {
        Display::addFlash(Display::return_message(get_lang('GroupSettingsModified'), 'success'));
        header('Location: group.php?' . api_get_cidreq(true, false) . '&category=' . $cat['id']);
    }
    exit;
}
$action = isset($_GET['action']) ? $_GET['action'] : null;
switch ($action) {
    case 'empty':
        if (api_is_allowed_to_edit(false, true)) {
            GroupManager::unsubscribe_all_users($group_id);
            Display::display_confirmation_message(get_lang('GroupEmptied'));
        }
        break;
}
$defaults = $current_group;
$defaults['group_members'] = $selected_users;
$action = isset($_GET['action']) ? $_GET['action'] : '';
$defaults['action'] = $action;
if (!empty($_GET['keyword']) && !empty($_GET['submit'])) {
    $keyword_name = Security::remove_XSS($_GET['keyword']);
    echo '<br/>' . get_lang('SearchResultsFor') . ' <span style="font-style: italic ;"> ' . $keyword_name . ' </span><br>';
}
Display::display_header($nameTools, 'Group');
$form->setDefaults($defaults);
echo GroupManager::getSettingBar('member');
$form->display();
Display::display_footer();
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:31,代码来源:member_settings.php

示例11: esc_url

/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since wordpress 2.8.0
 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
 *		via $protocols or the common ones set in the function.
 *
 * @param string $url The URL to be cleaned.
 * @param array $protocols Optional. An array of acceptable protocols.
 *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
 * @param string $_context Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url($url, $protocols = null, $_context = 'display')
{
    //$original_url = $url;
    if ('' == $url) {
        return $url;
    }
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $url = _deep_replace($strip, $url);
    $url = str_replace(';//', '://', $url);
    /* If the URL doesn't appear to contain a scheme, we
     * presume it needs http:// appended (unless a relative
     * link starting with /, # or ? or a php file).
     */
    if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
        $url = 'http://' . $url;
    }
    return Security::remove_XSS($url);
    /*// Replace ampersands and single quotes only when displaying.
        if ( 'display' == $_context ) {
            $url = wp_kses_normalize_entities( $url );
            $url = str_replace( '&amp;', '&#038;', $url );
            $url = str_replace( "'", '&#039;', $url );
        }
    
        if ( '/' === $url[0] ) {
            $good_protocol_url = $url;
        } else {
            if ( ! is_array( $protocols ) )
                $protocols = wp_allowed_protocols();
            $good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
            if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
                return '';
        }
    
        /**
         * Filter a string cleaned and escaped for output as a URL.
         *
         * @since 2.3.0
         *
         * @param string $good_protocol_url The cleaned URL to be returned.
         * @param string $original_url      The URL prior to cleaning.
         * @param string $_context          If 'display', replace ampersands and single quotes only.
         */
    //return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );98
}
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:63,代码来源:text.lib.php

示例12: get_lang

        $actionsRight = Display::url(Display::return_icon('printer.png', get_lang('Print'), array(), 32), 'javascript: void(0);', array('onclick' => 'javascript: window.print();'));
        $actionsRight .= Display::url(Display::return_icon('export_csv.png', get_lang('ExportAsCSV'), array(), 32), api_get_self() . '?export=csv');
    }
    $toolbar = Display::toolbarAction('toolbar-session', $content = array(0 => $actionsLeft, 1 => $actionsRight));
    echo $toolbar;
    echo Display::page_header(get_lang('YourSessionsList'));
} else {
    $a_sessions = Tracking::get_sessions_coached_by_user($id_coach);
}
$form = new FormValidator('search_course', 'get', api_get_path(WEB_CODE_PATH) . 'mySpace/session.php');
$form->addElement('text', 'keyword', get_lang('Keyword'));
$form->addButtonSearch(get_lang('Search'));
$keyword = '';
if ($form->validate()) {
    $keyword = $form->getSubmitValue('keyword');
}
$form->setDefaults(array('keyword' => $keyword));
$url = api_get_path(WEB_AJAX_PATH) . 'model.ajax.php?a=get_sessions_tracking&keyword=' . Security::remove_XSS($keyword);
$columns = array(get_lang('Title'), get_lang('Date'), get_lang('NbCoursesPerSession'), get_lang('NbStudentPerSession'), get_lang('Details'));
// Column config
$columnModel = array(array('name' => 'name', 'index' => 'name', 'width' => '255', 'align' => 'left'), array('name' => 'date', 'index' => 'date', 'width' => '150', 'align' => 'left', 'sortable' => 'false'), array('name' => 'course_per_session', 'index' => 'course_per_session', 'width' => '150', 'sortable' => 'false'), array('name' => 'student_per_session', 'index' => 'student_per_session', 'width' => '100', 'sortable' => 'false'), array('name' => 'details', 'index' => 'details', 'width' => '100', 'sortable' => 'false'));
$extraParams = array('autowidth' => 'true', 'height' => 'auto');
$js = '<script>
    $(function() {
        ' . Display::grid_js('session_tracking', $url, $columns, $columnModel, $extraParams, array(), null, true) . '
    });
</script>';
echo $js;
$form->display();
echo Display::grid_html('session_tracking');
Display::display_footer();
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:31,代码来源:session.php

示例13:

<?php

/* For licensing terms, see /license.txt */
//require_once '../inc/global.inc.php';
$type = $_REQUEST['type'];
$src = Security::remove_XSS($_REQUEST['src']);
if (empty($type) || empty($src)) {
    api_not_allowed();
}
switch ($type) {
    case 'youtube':
        $src = 'http://www.youtube.com/embed/' . $src;
        $iframe = '<iframe class="youtube-player" type="text/html" width="640" height="385" src="' . $src . '" frameborder="0"></iframe>';
        break;
    case 'vimeo':
        $src = 'http://player.vimeo.com/video/' . $src;
        $iframe = '<iframe src="' . $src . '" width="640" height="385" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>';
        break;
}
?>
<!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title></title>
    </head>
    <body>
        <div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;">
        <br />
        <?php 
echo $iframe;
开发者ID:ragebat,项目名称:chamilo-lms,代码行数:31,代码来源:embed.php

示例14: display_myminimonthcalendar

/**
 * Show the mini calender of the given month
 */
function display_myminimonthcalendar($agendaitems, $month, $year, $monthName)
{
    global $DaysShort, $course_path;
    //Handle leap year
    $numberofdays = array(0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
    if ($year % 400 == 0 or $year % 4 == 0 and $year % 100 != 0) {
        $numberofdays[2] = 29;
    }
    //Get the first day of the month
    $dayone = getdate(mktime(0, 0, 0, $month, 1, $year));
    //Start the week on monday
    $startdayofweek = $dayone['wday'] != 0 ? $dayone['wday'] - 1 : 6;
    $g_cc = isset($_GET['courseCode']) ? $_GET['courseCode'] : '';
    $backwardsURL = api_get_self() . "?coursePath=" . Security::remove_XSS($course_path) . "&amp;courseCode=" . Security::remove_XSS($g_cc) . "&amp;month=" . ($month == 1 ? 12 : $month - 1) . "&amp;year=" . ($month == 1 ? $year - 1 : $year);
    $forewardsURL = api_get_self() . "?coursePath=" . Security::remove_XSS($course_path) . "&amp;courseCode=" . Security::remove_XSS($g_cc) . "&amp;month=" . ($month == 12 ? 1 : $month + 1) . "&amp;year=" . ($month == 12 ? $year + 1 : $year);
    echo "<table class=\"data_table\">", "<tr>", "<th width=\"10%\"><a href=\"", $backwardsURL, "\">" . Display::return_icon('action_prev.png', get_lang('Previous')) . "</a></th>";
    echo "<th width=\"80%\" colspan=\"5\">", $monthName, " ", $year, "</th>", "<th width=\"10%\"><a href=\"", $forewardsURL, "\">" . Display::return_icon('action_next.png', get_lang('Next')) . "</a></th>", "</tr>";
    echo "<tr>";
    for ($ii = 1; $ii < 8; $ii++) {
        echo "<td class=\"weekdays\">", $DaysShort[$ii % 7], "</td>";
    }
    echo "</tr>";
    $curday = -1;
    $today = getdate();
    while ($curday <= $numberofdays[$month]) {
        echo "<tr>";
        for ($ii = 0; $ii < 7; $ii++) {
            if ($curday == -1 && $ii == $startdayofweek) {
                $curday = 1;
            }
            if ($curday > 0 && $curday <= $numberofdays[$month]) {
                $bgcolor = $ii < 5 ? $class = 'class="days_week"' : ($class = 'class="days_weekend"');
                $dayheader = "{$curday}";
                if ($curday == $today['mday'] && $year == $today['year'] && $month == $today['mon']) {
                    $dayheader = "{$curday}";
                    $class = "class=\"days_today\"";
                }
                echo "<td " . $class . ">";
                if (!empty($agendaitems[$curday])) {
                    echo "<a href=\"" . api_get_self() . "?action=view&amp;view=day&amp;day=" . $curday . "&amp;month=" . $month . "&amp;year=" . $year . "\">" . $dayheader . "</a>";
                } else {
                    echo $dayheader;
                }
                // "a".$dayheader." <span class=\"agendaitem\">".$agendaitems[$curday]."</span>";
                echo "</td>";
                $curday++;
            } else {
                echo "<td>&nbsp;</td>";
            }
        }
        echo "</tr>";
    }
    echo "</table>";
}
开发者ID:ragebat,项目名称:chamilo-lms,代码行数:57,代码来源:myagenda.inc.php

示例15: str_replace

        $cleanUrl = str_replace('/', '-', $url);
        $adminExtraContentDir = api_get_path(SYS_PATH) . "home/{$cleanUrl}/admin/";
    }
}
// Displaying the header
$message = '';
if (api_is_platform_admin()) {
    if (is_dir(api_get_path(SYS_ARCHIVE_PATH)) && !is_writable(api_get_path(SYS_ARCHIVE_PATH))) {
        $message = Display::return_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin'), 'warning');
    }
    /* ACTION HANDLING */
    if (!empty($_POST['Register'])) {
        api_register_campus(!$_POST['donotlistcampus']);
        $message = Display::return_message(get_lang('VersionCheckEnabled'), 'confirmation');
    }
    $keyword_url = Security::remove_XSS(empty($_GET['keyword']) ? '' : $_GET['keyword']);
}
if (isset($_GET['msg']) && isset($_GET['type'])) {
    if (in_array($_GET['msg'], array('ArchiveDirCleanupSucceeded', 'ArchiveDirCleanupFailed'))) {
        switch ($_GET['type']) {
            case 'error':
                $message = Display::return_message(get_lang($_GET['msg']), 'error');
                break;
            case 'confirmation':
                $message = Display::return_message(get_lang($_GET['msg']), 'confirm');
        }
    }
}
$blocks = array();
// Instantiate Hook Event for Admin Block
$hook = HookAdminBlock::create();
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:31,代码来源:index.php


注:本文中的Security::remove_XSS方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。