PHP security::toHTML方法代码示例

 private function checkSessionVariables()
 {
     if (count($_SESSION) > 0) {
         foreach ($_SESSION as $nElement => $nValue) {
             if (is_array($nValue)) {
                 die("SESSION variable nElement can't be array");
             }
             $nValue = security::toHTML($nValue);
         }
     }
 }

         }
         echo "<br/>";
         misc::back();
     }
     break;
 case 'dl':
     if (!isset($_GET['subact'])) {
         echo "<a href='?pg=admin&act=dl&subact=add'><b>Add</b></a><br/>\r\n\t\t\t\t  <a href='?pg=admin&act=dl&subact=del'><b>Delete</b></a><br/>\r\n\t\t\t\t  <a href='?pg=admin&act=dl&subact=edit'><b>Edit</b></a><br/>";
     } else {
         switch ($_GET['subact']) {
             case 'add':
                 if (!isset($_POST['submit']) && !isset($_POST['link'])) {
                     echo "<table id='table-3' border='1' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t\t<form method='post'>\r\n\t\t\t\t\t\t\t\t\t<td>Name</td><td><input type='text' name='name'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td>Link</td><td><input type='text' name='link'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td>Description</td><td><input type='text' name='description'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td></td><td><input type='submit' name='submit' value='Add'></td>\r\n\t\t\t\t\t\t\t\t</form>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t ";
                 } else {
                     $szName = security::toHTML($_POST['name']);
                     $szDesc = security::toHTML($_POST['description']);
                     if (!security::isValidUrl($_POST['link'])) {
                         misc::back();
                         echo "Invalid URL<br/>";
                         break;
                     } else {
                         core::$sql->exec("insert into srcms_downloads(name,link,description) values('{$szName}','{$_POST['link']}','{$szDesc}')");
                         echo "Successfully added link to downloads.<br/>";
                         misc::redirect('?pg=admin&act=dl', 1);
                     }
                 }
                 break;
             case 'del':
                 if (!isset($_POST['submit']) && !isset($_GET['id'])) {
                     echo "<table id='table-3' border='1' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t\t<td>ID</td><td>Name</td><td>Link</td><td>Description</td><td>Delete</td><tr/>\r\n\t\t\t\t\t\t\t ";
                     $hLinkList = core::$sql->exec("select * from srcms_downloads");

     break;
 case 'myprofile':
     //module disabled
     if ($core->aConfig['allowMyProfile'] == 0) {
         echo "This module is currently disabled.";
         return;
     }
     if (isset($_POST['submit'])) {
         $nGender = (int) $_POST['gender'];
         $szAvatarUrl = null;
         $szSkype = null;
         $szMsn = null;
         $nPublic = (int) $_POST['ispublic'];
         security::isValidUrl($_POST['avatar']) ? $szAvatarUrl = $_POST['avatar'] : ($szAvatarUrl = $core->aConfig[url] . "img/noavatar.png");
         security::isCorrectEmail($_POST['msn']) ? $szMsn = $_POST['msn'] : ($szMsn = "None");
         $szSkype = security::toHTML($_POST['skype']);
         if (strlen($szSkype) > 50) {
             $szSkype = "None";
         }
         if (strlen($szMsn) > 60) {
             $szMsn = "None";
         }
         if (strlen($szAvatarUrl) > 500) {
             $szAvatarUrl = $core->aConfig['url'] . "img/noavatar.png";
         }
         $avatarImageData = @getimagesize($szAvatarUrl);
         //no error if shit happens
         if (empty($avatarImageData[0]) || empty($avatarImageData[1])) {
             $avatarImageData[0] = 0;
             $avatarImageData[1] = 0;
         }

     for ($a = 1, $i = 0; $i < count($commentData); $i++) {
         if ($i % 10 == 0) {
             echo "<a href='?pg=news&comment={$nID}&page={$a}'>{$a}</a>&nbsp;";
             $a++;
             $nPages++;
         }
     }
     if ($_GET['page'] < $nPages) {
         echo "<a class='pageblue' href='?pg=news&comment={$nID}&page=" . ($_GET['page'] + 1) . "'>></a>";
     }
     if (isset($_SESSION['username'])) {
         if (!isset($_POST['submit'])) {
             echo " \r\n\t\t\t\t\t<br/>\r\n\t\t\t\t\t\t<form method='post'>\r\n\t\t\t\t\t\t\t<textarea id = 'commentTextBox' name='commentText' rows='5' cols='100'>Type your message here</textarea><br/>\r\n\t\t\t\t\t\t\t<input type='submit' name='submit' value='Submit'>\r\n\t\t\t\t\t\t</form>\r\n\t\t\t\t<script>CKEDITOR.replace( 'commentText' );</script>\r\n\t\t\t\t\t ";
         } else {
             //$cleanText = misc::applyAttributesToText($_POST['commentText']);
             $cleanText = stripslashes(security::toHTML($_POST['commentText']));
             if (strlen($cleanText) < $core->aConfig['minNewsCommentLen'] || strlen($cleanText) > $core->aConfig['maxNewsCommentLen']) {
                 echo "<br/>Your message is too short or too long. It has to be at least <b>" . $core->aConfig['minNewsCommentLen'] . "</b> \r\n\t\t\t\t\tsymbols long, your one is just <b>" . strlen($cleanText) . "</b> symbols long. Max length is " . $core->aConfig['maxNewsCommentLen'] . ".<br/>";
                 misc::back();
             } else {
                 $datetime = misc::getDateTime();
                 core::$sql->exec("insert into srcms_newscomments(newsID, author, text, time) values('{$nID}','{$_SESSION['username']}', '{$cleanText}', '{$datetime}')");
                 echo "<br/><br/><b>Your comment has been successfully added</b>";
                 misc::redirect("?pg=news&comment={$nID}", 1);
             }
         }
     } else {
         echo "<br/><br/>You must be logged in to post comments";
     }
 } else {
     echo "<br/>You can't comment news article that doesn't exist.";

 public static function sendWebPrivMsg($to, $from, $title, $text)
 {
     global $core;
     $msgTitle = security::toHTML($title);
     $msgText = security::toHTML($text);
     $senderJID = user::accountJIDbyUsername($from);
     $receiverJID = user::accountJIDbyUsername($to);
     if ($senderJID != $receiverJID) {
         if (core::$sql->numRows("select * from srcms_privatemessages where receiver='{$receiverJID}'") >= $core->aConfig['maxPrivMsg']) {
             echo "Receiver inbox is full.<br/>";
         } else {
             if (strlen($msgTitle) < $core->aConfig['minPrivMsgTitleLen'] || strlen($msgTitle) > $core->aConfig['maxPrivMsgTitleLen'] || strlen($msgText) < $core->aConfig['minPrivMsgBodyLen'] || strlen($msgText) > $core->aConfig['maxPrivMsgBodyLen']) {
                 echo "Message text, or title is too long or too short. Minimum title length is " . $core->aConfig['minPrivMsgTitleLen'] . " and " . $core->aConfig['maxPrivMsgTitleLen'] . "symbols\r\n\t\t\t\t\t\t\t\tmaximum. Message content minimum length is " . $core->aConfig['minPrivMsgBodyLen'] . " and " . $core->aConfig['maxPrivMsgBodyLen'] . " symbols maximum.<br/>";
                 misc::back();
             } else {
                 $datetime = misc::getDateTime();
                 core::$sql->exec("insert into srcms_privatemessages(sender,receiver, title, msg, viewed, time) values('{$senderJID}', '{$receiverJID}', '{$msgTitle}', '{$msgText}', '0', '{$datetime}')");
                 echo "<br/>Message sent.<br/>";
                 misc::redirect("?pg=ucp&act=mailbox", 2);
             }
         }
     } else {
         echo "You can't send message to yourself.<br/>";
         misc::back();
     }
 }