當前位置: 首頁>>代碼示例>>PHP>>正文


PHP COM_applyBasicFilter函數代碼示例

本文整理匯總了PHP中COM_applyBasicFilter函數的典型用法代碼示例。如果您正苦於以下問題:PHP COM_applyBasicFilter函數的具體用法?PHP COM_applyBasicFilter怎麽用?PHP COM_applyBasicFilter使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了COM_applyBasicFilter函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。

示例1: applyFilter

 /**
  * Apply a basic filter
  *
  * @param  string|array $var
  * @param  bool         $isNumeric
  * @return string|array
  */
 public static function applyFilter($var, $isNumeric = false)
 {
     if (is_array($var)) {
         return array_map(__METHOD__, $var);
     }
     if (is_callable('COM_applyBasicFilter')) {
         $var = COM_applyBasicFilter($var);
     } else {
         // Simulate COM_applyBasicFilter
         $var = \GLText::remove4byteUtf8Chars($var);
         $var = strip_tags($var);
         if (is_callable('COM_killJS')) {
             $var = COM_killJS($var);
             // doesn't help a lot right now, but still ...
         } else {
             $var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
         }
         if ($isNumeric) {
             // Note: PHP's is_numeric() accepts values like 4e4 as numeric
             if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
                 $var = 0;
             }
         } else {
             $var = preg_replace('/\\/\\*.*/', '', $var);
             $var = explode("'", $var);
             $var = explode('"', $var[0]);
             $var = explode('`', $var[0]);
             $var = explode(';', $var[0]);
             $var = explode(',', $var[0]);
             $var = explode('\\', $var[0]);
             $var = $var[0];
         }
     }
     return $var;
 }
開發者ID:mystralkk,項目名稱:geeklog,代碼行數:42,代碼來源:Input.php

示例2: filter

 /**
  * Apply basic filter if necessary
  *
  * @param   string|array  $value
  * @return  string|array
  */
 private function filter($value)
 {
     if ($this->applyFilter) {
         if (is_array($value)) {
             $value = array_map(array($this, 'filter'), $value);
         } else {
             $value = COM_applyBasicFilter($value);
         }
     }
     return $value;
 }
開發者ID:ivywe,項目名稱:geeklog,代碼行數:17,代碼來源:input.class.php

示例3: service_get_staticpages

/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($mode !== 'autotag') {
                $_CONF['pagetitle'] = $output['sp_title'];
            }
        } else {
            // an error occured (page not found, access denied, ...)
            if (empty($page)) {
                $failflg = 0;
            } else {
                $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
            }
            if ($failflg) {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= SEC_loginRequiredForm();
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter();
                }
            } else {
                if ($mode !== 'autotag') {
                    COM_404();
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['sp_date']));
            $output['updated'] = date('c', strtotime($output['sp_date']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
//.........這裏部分代碼省略.........
開發者ID:JohnToro,項目名稱:glfusion,代碼行數:101,代碼來源:services.inc.php

示例4: service_get_staticpages

/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = array();
        $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
        $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($output['template_id'] != '') {
                $retval = '';
                $mode = '';
                $xmlObject = simplexml_load_string($output['sp_content']);
                // create array of XML data
                $tag = array();
                foreach ($xmlObject->variable as $variable) {
                    $key = $variable["name"] . '';
                    $value = $variable->data;
                    $tag[$key] = $value;
                }
                // Loop through variables to replace any autotags first
                foreach ($tag as &$value) {
                    $value = PLG_replaceTags($value);
                }
                $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
                $svc_msg = array();
                if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
                    $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
                    $output['sp_content'] = $retval['sp_content'];
                }
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
//.........這裏部分代碼省略.........
開發者ID:alxstuart,項目名稱:ajfs.me,代碼行數:101,代碼來源:services.inc.php

示例5: service_get_story

/**
 * Get an existing story
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_get_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER;
    $output = array();
    $retval = '';
    if (!isset($_CONF['atom_max_stories'])) {
        $_CONF['atom_max_stories'] = 10;
        // set a resonable default
    }
    $svc_msg['output_fields'] = array('draft_flag', 'hits', 'numemails', 'comments', 'trackbacks', 'featured', 'commentcode', 'statuscode', 'expire_date', 'postmode', 'advanced_editor_mode', 'frontpage', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon');
    if (empty($args['sid']) && !empty($args['id'])) {
        $args['sid'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['sid'])) {
            $args['sid'] = COM_applyBasicFilter($args['sid']);
        }
        if (empty($args['sid'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (empty($args['mode'])) {
        $args['mode'] = 'view';
    }
    if (!$svc_msg['gl_feed']) {
        $sid = $args['sid'];
        $mode = $args['mode'];
        $story = new Story();
        $retval = $story->loadFromDatabase($sid, $mode);
        if ($retval != STORY_LOADED_OK) {
            $output = $retval;
            return PLG_RET_ERROR;
        }
        reset($story->_dbFields);
        while (list($fieldname, $save) = each($story->_dbFields)) {
            $varname = '_' . $fieldname;
            $output[$fieldname] = $story->{$varname};
        }
        $output['username'] = $story->_username;
        $output['fullname'] = $story->_fullname;
        if ($args['gl_svc']) {
            if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
                // This date format is PHP 5 only,
                // but only the web-service uses the value
                $output['expire_date'] = date('c', $output['expire']);
            }
            $output['id'] = $output['sid'];
            $output['category'] = array($output['tid']);
            $output['published'] = date('c', $output['date']);
            $output['updated'] = date('c', $output['date']);
            if (empty($output['bodytext'])) {
                $output['content'] = $output['introtext'];
            } else {
                $output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
            }
            $output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $sid;
        }
    } else {
        $output = array();
        $mode = $args['mode'];
        $sql = array();
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        } else {
            $offset = 0;
        }
        $max_items = $_CONF['atom_max_stories'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
        $order = " ORDER BY unixdate DESC";
        $sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
        $sql['pgsql'] = "SELECT  s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl  FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
        $result = DB_query($sql);
        $count = 0;
        while (($story_array = DB_fetchArray($result, false)) !== false) {
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
                break;
            }
            $story = new Story();
            $story->loadFromArray($story_array);
            // This access check is not strictly necessary
//.........這裏部分代碼省略.........
開發者ID:mystralkk,項目名稱:geeklog,代碼行數:101,代碼來源:lib-story.php

示例6: WS_authenticate

/**
 * Authenticates the user if authentication headers are present
 *
 * Our handling of the speedlimit here requires some explanation ...
 * Atompub clients will usually try to do everything without logging in first.
 * Since that would mean that we can't provide feeds for drafts, items with
 * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
 * That, however, means that every request from an Atompub client will count
 * as one failed login attempt. So doing a couple of requests in quick
 * succession will surely get the client blocked. Therefore
 * - a request without any login credentials counts as one failed login attempt
 * - a request with wrong login credentials counts as two failed login attempts
 * - if, after a successful login, we have only one failed attempt on record,
 *   we reset the speedlimit
 * This still ensures that
 * - repeated failed logins (without or with invalid credentials) will cause the
 *   client to be blocked eventually
 * - this can not be used for dictionary attacks
 *
 */
function WS_authenticate()
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
    $uid = '';
    $username = '';
    $password = '';
    $status = -1;
    if (isset($_SERVER['PHP_AUTH_USER'])) {
        $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
        $password = $_SERVER['PHP_AUTH_PW'];
        if ($WS_VERBOSE) {
            COM_errorLog("WS: Attempting to log in user '{$username}'");
        }
        /** this does not work! *******************************************************
        
            } elseif (!empty($_SERVER['HTTP_X_WSSE']) &&
                    (strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) {
        
                // this is loosely based on a code snippet taken from Elgg (elgg.org)
        
                $wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']);
                $wsse = explode(',', $wsse);
        
                $username = '';
                $pwdigest = '';
                $created = '';
                $nonce = '';
        
                foreach ($wsse as $element) {
                    $element = explode('=', $element);
                    $key = array_shift($element);
                    if (count($element) == 1) {
                        $val = $element[0];
                    } else {
                        $val = implode('=', $element);
                    }
                    $key = trim($key);
                    $val = trim($val, "\x22\x27");
                    if ($key == 'Username') {
                        $username = COM_applyBasicFilter($val);
                    } elseif ($key == 'PasswordDigest') {
                        $pwdigest = $val;
                    } elseif ($key == 'Created') {
                        $created = $val;
                    } elseif ($key == 'Nonce') {
                        $nonce = $val;
                    }
                }
        
                if (!empty($username) && !empty($pwdigest) && !empty($created) &&
                        !empty($nonce)) {
        
                    $uname = DB_escapeString($username);
                    $pwd = DB_getItem($_TABLES['users'], 'passwd',
                                      "username = '$uname'");
                    // ... and here we would need the _unencrypted_ password
        
                    if (!empty($pwd)) {
                        $mydigest = pack('H*', sha1($nonce . $created . $pwd));
                        $mydigest = base64_encode($mydigest);
        
                        if ($pwdigest == $mydigest) {
                            $password = $pwd;
                        }
                    }
                }
        
                if ($WS_VERBOSE) {
                    COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
                }
        
        ******************************************************************************/
    } elseif (!empty($_SERVER['REMOTE_USER'])) {
        /* PHP installed as CGI may not have access to authorization headers of
         * Apache. In that case, use .htaccess to store the auth header as
         * explained at
         * http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
         */
        list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
        list($username, $password) = explode(':', base64_decode($auth_data));
//.........這裏部分代碼省略.........
開發者ID:Geeklog-Core,項目名稱:geeklog,代碼行數:101,代碼來源:lib-webservices.php

示例7: COM_applyFilter

/**
* Filter parameters passed per GET (URL) or POST.
*
* @param    string    $parameter   the parameter to test
* @param    boolean   $isnumeric   true if $parameter is supposed to be numeric
* @return   string    the filtered parameter (may now be empty or 0)
* @see COM_applyBasicFilter
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
    $p = COM_stripslashes($parameter);
    return COM_applyBasicFilter($p, $isnumeric);
}
開發者ID:alxstuart,項目名稱:ajfs.me,代碼行數:14,代碼來源:lib-common.php

示例8: COM_applyfilter

$fid = COM_applyfilter($_GET['fid'], true);
$op = COM_applyfilter($_GET['op']);
COM_errorLog("Download.php - op:{$op}, uid:{$_USER['uid']}, fid:{$fid}");
if ($op == 'incoming') {
    if (!DB_count($_TABLES['nxfile_import_queue'], 'id', $fid)) {
        echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
        exit;
    }
}
if ($op == 'download') {
    if (!DB_count($_TABLES['nxfile_files'], 'fid', $fid)) {
        echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
        exit;
    }
    include_once $_CONF['path_system'] . 'classes/downloader.class.php';
    $version = COM_applyBasicFilter($_GET['version'], true);
    if ($version > 0) {
        $query = DB_query("SELECT fname,ftype FROM {$_TABLES['nxfile_fileversions']} WHERE fid={$fid} AND version={$version}");
        list($fname, $ftype) = DB_fetchARRAY($query);
        $cid = DB_getItem($_TABLES['nxfile_files'], "cid", "fid={$fid}");
    } else {
        $query = DB_query("SELECT cid,fname,ftype,mimetype FROM {$_TABLES['nxfile_files']} WHERE fid={$fid}");
        list($cid, $fname, $ftype, $mimetype) = DB_fetchARRAY($query);
    }
    // Make sure user has access
    if (!fm_getPermission($cid, 'view')) {
        echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
        exit;
    }
    if ($ftype == "file") {
        $directory = $_FMCONF['storage_path'] . $cid . '/';
開發者ID:hostellerie,項目名稱:nexpro,代碼行數:31,代碼來源:download.php

示例9: PLG_replaceTags


//.........這裏部分代碼省略.........
                        USES_lib_story();
                        if (isset($_USER['uid']) && $_USER['uid'] > 1) {
                            $result = DB_query("SELECT maxstories,tids,aids FROM {$_TABLES['userindex']} WHERE uid = {$_USER['uid']}");
                            $U = DB_fetchArray($result);
                        } else {
                            $U['maxstories'] = 0;
                            $U['aids'] = '';
                            $U['tids'] = '';
                        }
                        $sql = " (date <= NOW()) AND (draft_flag = 0)";
                        if (empty($topic)) {
                            $sql .= COM_getLangSQL('tid', 'AND', 's');
                        }
                        $sql .= COM_getPermSQL('AND', 0, 2, 's');
                        if (!empty($U['aids'])) {
                            $sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
                        }
                        if (!empty($U['tids'])) {
                            $sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
                        }
                        $sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
                        $userfields = 'u.uid, u.username, u.fullname';
                        $msql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE s.sid = '" . $autotag['parm1'] . "' AND (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql;
                        $result = DB_query($msql);
                        $nrows = DB_numRows($result);
                        if ($A = DB_fetchArray($result)) {
                            $story = new Story();
                            $story->loadFromArray($A);
                            $linktext = STORY_renderArticle($story, 'y');
                        }
                        $content = str_replace($autotag['tagstr'], $linktext, $content);
                    }
                    if ($autotag['tag'] == 'showblock') {
                        $blockName = COM_applyBasicFilter($autotag['parm1']);
                        $result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE name = '" . DB_escapeString($blockName) . "'" . COM_getPermSQL('AND'));
                        if (DB_numRows($result) > 0) {
                            $skip = 0;
                            $B = DB_fetchArray($result);
                            $template = '';
                            $side = '';
                            $px = explode(' ', trim($autotag['parm2']));
                            if (is_array($px)) {
                                foreach ($px as $part) {
                                    if (substr($part, 0, 9) == 'template:') {
                                        $a = explode(':', $part);
                                        $template = $a[1];
                                        $skip++;
                                    } elseif (substr($part, 0, 5) == 'side:') {
                                        $a = explode(':', $part);
                                        $side = $a[1];
                                        $skip++;
                                        break;
                                    }
                                }
                                if ($skip != 0) {
                                    if (count($px) > $skip) {
                                        for ($i = 0; $i < $skip; $i++) {
                                            array_shift($px);
                                        }
                                        $caption = trim(implode(' ', $px));
                                    } else {
                                        $caption = '';
                                    }
                                }
                            }
                            if ($template != '') {
開發者ID:spacequad,項目名稱:glfusion,代碼行數:67,代碼來源:lib-plugins.php

示例10: fncSave

function fncSave($edt_flg, $navbarMenu, $menuno)
{
    $pi_name = "userbox";
    global $_CONF;
    global $_TABLES;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG_USERBOX_ADMIN;
    global $_FILES;
    $addition_def = DATABOX_getadditiondef($pi_name);
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    //@@@@@ username fullname
    $username = COM_applyFilter($_POST['username']);
    $username = addslashes(COM_checkHTML(COM_checkWords($username)));
    $fullname = COM_applyFilter($_POST['fullname']);
    $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
    $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
    $draft_flag = COM_applyFilter($_POST['draft_flag'], true);
    //            $hits =0;
    //            $comments=0;
    $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
    if ($comment_expire_flag) {
        $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
        $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
        $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
        $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
        $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
        if ($comment_expire_ampm == 'pm') {
            if ($comment_expire_hour < 12) {
                $comment_expire_hour = $comment_expire_hour + 12;
            }
        }
        if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
            $comment_expire_hour = '00';
        }
    } else {
        $comment_expire_month = 0;
        $comment_expire_day = 0;
        $comment_expire_year = 0;
        $comment_expire_hour = 0;
        $comment_expire_minute = 0;
    }
    $commentcode = COM_applyFilter($_POST['commentcode'], true);
    $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
    $cache_time = COM_applyFilter($_POST['cache_time'], true);
    $meta_description = $_POST['meta_description'];
    $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
    $meta_keywords = $_POST['meta_keywords'];
    $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //
    $owner_id = COM_applyFilter($_POST['owner_id'], true);
    $group_id = COM_applyFilter($_POST['group_id'], true);
    //
    $array['perm_owner'] = $_POST['perm_owner'];
    $array['perm_group'] = $_POST['perm_group'];
    $array['perm_members'] = $_POST['perm_members'];
    $array['perm_anon'] = $_POST['perm_anon'];
    if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
    } else {
        $perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
        $perm_group = COM_applyBasicFilter($array['perm_group'], true);
        $perm_members = COM_applyBasicFilter($array['perm_members'], true);
        $perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
    }
    //編集日付
    $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
    if ($modified_autoupdate == 1) {
        //$udate = date('Ymd');
        $modified_month = date('m');
        $modified_day = date('d');
        $modified_year = date('Y');
        $modified_hour = date('H');
        $modified_minute = date('i');
    } else {
        $modified_month = COM_applyFilter($_POST['modified_month'], true);
        $modified_day = COM_applyFilter($_POST['modified_day'], true);
        $modified_year = COM_applyFilter($_POST['modified_year'], true);
        $modified_hour = COM_applyFilter($_POST['modified_hour'], true);
        $modified_minute = COM_applyFilter($_POST['modified_minute'], true);
//.........這裏部分代碼省略.........
開發者ID:mistgrass,項目名稱:geeklog-ivywe,代碼行數:101,代碼來源:profile.php

示例11: service_get_staticpages

/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        // Topic Permissions
        $topic_perms = COM_getTopicSQL('', 0, 'ta');
        if ($topic_perms != "") {
            $topic_perms = " AND (" . $topic_perms . "";
            if (COM_onFrontpage()) {
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            } else {
                // $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            }
        }
        $topic_perms .= " GROUP BY sp_id";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            $page = $output['sp_id'];
            // reset page id so case mimics id perfectly since this affects the cache file and canonical link
            // WE ASSUME $output doesn't have any confidential fields
            // Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
            if (!isset($args['template'])) {
                $output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
//.........這裏部分代碼省略.........
開發者ID:Geeklog-Core,項目名稱:geeklog,代碼行數:101,代碼來源:services.inc.php

示例12: dispatch

 /**
  * Dispatch the client based on $_SERVER['PATH_INFO']
  *
  * @return bool when not dispatched
  */
 public static function dispatch()
 {
     global $_CONF, $_TABLES, $LANG_ROUTER;
     // URL rewrite is disabled
     if (!$_CONF['url_rewrite']) {
         return false;
     }
     // URL routing is not supported
     if (!isset($_CONF['url_routing'])) {
         return false;
     }
     $routingType = intval($_CONF['url_routing'], 10);
     // URL routing is disabled
     if ($routingType === self::ROUTING_DISABLED) {
         return false;
     }
     // $_SERVER['PATH_INFO'] is unavailable
     if (!isset($_SERVER['PATH_INFO']) || empty($_SERVER['PATH_INFO'])) {
         return false;
     }
     $pathInfo = COM_applyBasicFilter($_SERVER['PATH_INFO']);
     if (self::$debug) {
         COM_errorLog(__METHOD__ . ': PATH_INFO = ' . $pathInfo);
     }
     // Get request type
     switch ($_SERVER['REQUEST_METHOD']) {
         case 'GET':
             $method = self::HTTP_REQUEST_GET;
             break;
         case 'POST':
             $method = self::HTTP_REQUEST_POST;
             break;
         case 'PUT':
             $method = self::HTTP_REQUEST_PUT;
             break;
         case 'DELETE':
             $method = self::HTTP_REQUEST_DELETE;
             break;
         case 'HEAD':
             $method = self::HTTP_REQUEST_HEAD;
             break;
         default:
             // Unsupported method
             COM_errorLog(__METHOD__ . ': unknown HTTP request method "' . $_SERVER['REQUEST_METHOD'] . '" was supplied');
             return false;
     }
     // Get routing rules and routes from database
     $sql = "SELECT * FROM {$_TABLES['routes']} WHERE method = " . DB_escapeString($method) . " ORDER BY priority ";
     $result = DB_query($sql);
     if (DB_error()) {
         COM_errorLog(__METHOD__ . ': ' . DB_error());
         return false;
     }
     while (($A = DB_fetchArray($result, false)) !== false) {
         $rule = $A['rule'];
         $route = $A['route'];
         // Try simple comparison without placeholders
         if (strcasecmp($rule, $pathInfo) === 0) {
             $route = $_CONF['site_url'] . $route;
             if (self::$debug) {
                 COM_errorLog(__METHOD__ . ': "' . $pathInfo . '"matched with simple comparison rule "' . $A['rule'] . '", converted into "' . $route . '"');
             }
             header('Location: ' . $route);
             COM_errorLog(__METHOD__ . ': somehow could not redirect');
             return false;
         }
         // Try comparison with placeholders
         if (preg_match_all(self::PLACEHOLDER_MATCH, $rule, $matches, PREG_SET_ORDER)) {
             // Escape a period and a question mark so that they can safely be used in a regular expression
             $rule = str_replace(array('.', '?'), array('\\.', '\\?'), $rule);
             $placeHolders = array();
             // Replace placeholders in a rule with ones for regular expressions
             foreach ($matches as $match) {
                 $placeHolders[] = $match[1];
                 $rule = str_replace($match[1], self::PLACEHOLDER_REPLACE, $rule);
             }
             $rule = '|\\A' . $rule . '\\z|i';
             if (!preg_match($rule, $pathInfo, $values)) {
                 continue;
             }
             array_shift($values);
             foreach ($values as $value) {
                 if (preg_match(self::VALUE_MATCH, $value)) {
                     $value = urlencode($value);
                 }
                 $placeHolder = array_shift($placeHolders);
                 $route = str_replace($placeHolder, $value, $route);
             }
             if (strpos($route, '@') !== false && self::$debug) {
                 COM_errorLog(sprintf('%s: %s. Rule (rid = %d) = %s, Route = %s', __METHOD__, @$LANG_ROUTER[15], $A['rid'], $A['rule'], $A['route']));
                 continue;
             }
             $route = $_CONF['site_url'] . $route;
             if (self::$debug) {
                 COM_errorLog(__METHOD__ . ': "' . $pathInfo . '" matched with regular expression rule "' . $A['rule'] . '", converted into "' . $route . '"');
//.........這裏部分代碼省略.........
開發者ID:Geeklog-Core,項目名稱:geeklog,代碼行數:101,代碼來源:router.class.php

示例13: COM_applyFilter

/**
* Filter parameters passed per GET (URL) or POST.
*
* @param    string    $parameter   the parameter to test
* @param    boolean   $isnumeric   true if $parameter is supposed to be numeric
* @return   string    the filtered parameter (may now be empty or 0)
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
    $p = $parameter;
    return COM_applyBasicFilter($p, $isnumeric);
}
開發者ID:NewRoute,項目名稱:glfusion,代碼行數:13,代碼來源:lib-common.php

示例14: filter

 /**
  * Apply basic filter if necessary
  *
  * @param     $value
  * @return    string
  */
 private function filter($value)
 {
     return $this->applyFilter ? COM_applyBasicFilter($value) : $value;
 }
開發者ID:milk54,項目名稱:geeklog-japan,代碼行數:10,代碼來源:input.class.php

示例15: service_get_staticpages

/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = array();
        $sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $sql['mssql'] = "SELECT sp_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,commentcode,owner_id,group_id," . "perm_owner,perm_group,perm_members,perm_anon,sp_tid," . "sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
        } else {
            // an error occured (page not found, access denied, ...)
            if (empty($page)) {
                $failflg = 0;
            } else {
                $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
            }
            if ($failflg) {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
                $login = new Template($_CONF['path_layout'] . 'submit');
                $login->set_file(array('login' => 'submitloginrequired.thtml'));
                $login->set_var('login_message', $LANG_LOGIN[2]);
                $login->set_var('site_url', $_CONF['site_url']);
                $login->set_var('lang_login', $LANG_LOGIN[3]);
                $login->set_var('lang_newuser', $LANG_LOGIN[4]);
                $login->parse('output', 'login');
                $output .= $login->finish($login->get_var('output'));
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter(true);
                }
            } else {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG_STATIC['deny_msg'];
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter(true);
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['sp_date']));
//.........這裏部分代碼省略.........
開發者ID:Geeklog-Core,項目名稱:test-framework,代碼行數:101,代碼來源:services.inc.php


注:本文中的COM_applyBasicFilter函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。