當前位置: 首頁>>代碼示例>>PHP>>正文


PHP safe_html函數代碼示例

本文整理匯總了PHP中safe_html函數的典型用法代碼示例。如果您正苦於以下問題:PHP safe_html函數的具體用法?PHP safe_html怎麽用?PHP safe_html使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了safe_html函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。

示例1: filter

/**
* Filters the passed text to remove nasty html and turns urls to html links and embeds youtube and vimeo links
* @param  [type] $content [description]
* @return [type]          [description]
*/
function filter($content)
{
    // strip bad stuff
    $content = safe_html($content);
    // convert links to embedable content TODO much more that that is needed
    // taken from http://stackoverflow.com/questions/19050890/find-youtube-link-in-php-string-and-convert-it-into-embed-code
    // and from http://stackoverflow.com/questions/28563706/how-to-convert-vimeo-url-to-embed-without-letting-go-of-the-text-around-it
    /*
    // 1. Youtube
    $content = preg_replace(
    "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
    "<div class=\"embed-responsive embed-responsive-16by9\">
    <iframe src=\"//www.youtube.com/embed/$2\" allowfullscreen frameborder=\"0\" class=\"embed-responsive-item\">
    </iframe></div>", $content);
    
    // 2. Vimeo
    $content = preg_replace('#https?://(www\.)?vimeo\.com/(\d+)#',
    '<div class="embed-responsive embed-responsive-16by9">
    <iframe class="videoFrame" src="//player.vimeo.com/video/$2" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen class="embed-responsive-item">
    </iframe>
    </div>',$content);
    */
    // add links and returns
    return linkUrlsInTrustedHtml($content);
}
開發者ID:philippejadin,項目名稱:Mobilizator,代碼行數:30,代碼來源:Functions.php

示例2: label_for

 function label_for($record, $attribute, $label)
 {
     if (!$record instanceof CustomPost\Base) {
         throw new CustomPost\RecordNotCustomPost();
     }
     return safe_html(sprintf('<label for="%s">%s</label>', "{$record->post_type}_{$attribute}", $label));
 }
開發者ID:artovenry,項目名稱:wp,代碼行數:7,代碼來源:FormHelper.php

示例3: getSearchBox

function getSearchBox()
{
    $CMS_TITLE = CMS_TITLE;
    $lastquery = "";
    if ($_GET['query'] != "") {
        $lastquery = safe_html($_GET['query']);
    }
    if ($_POST['query'] != "") {
        $lastquery = safe_html($_POST['query']);
    }
    global $cmsFolder, $urlRequestRoot, $ICONS;
    $searchbox = <<<SEARCH
\t<style type="text/css">
\t\ttable.searchBox{border:1px solid #113377}
\t\t#result_report {
\t\t\ttext-align:center ;
\t\t\tpadding:3px;
\t\t\tbackground-color:#e5ecf9; 
\t\t\tfont-weight: bold;
\t\t\tmargin-bottom:14px;
\t\t\tmargin-right: 10px;
\t\t}
\t</style>

\t<fieldset>
\t<legend>{$ICONS['Search']['small']}{$CMS_TITLE} Search</legend>
\t
\t<center>
\t<form action="./+search" method="POST">
\t<table cellspacing="1" cellpadding="5" class="searchBox">
\t\t<tr>
\t\t\t<td align="center">
\t\t\t\t<table>
\t\t\t\t\t<tr>
\t\t\t\t\t\t<td><div align="left"><input type="text" size="40" id="query" name="query" value="{$lastquery}" /></td>
\t\t\t\t\t\t<td><input type="submit" value="Search"/></td>
\t\t\t\t\t</tr>
\t\t\t\t</table>
\t\t\t\t
\t\t\t</td>
\t\t</tr>
\t</table>
\tPowered by <a href="http://www.sphider.eu/" target="_blank"><img src="{$urlRequestRoot}/{$cmsFolder}/templates/common/images/sphider-logo.png" border="0" style="vertical-align: middle" alt="Sphider"></a><br/><br/>
\t</form>
\t</center>
SEARCH;
    return $searchbox;
}
開發者ID:ksb1712,項目名稱:pragyan,代碼行數:48,代碼來源:search.lib.php

示例4: bold_tag

 function bold_tag($color, $content){
 	 $string= sprintf('<b style="color: %s;">%s</b>', $color, $content);
 	 return safe_html($string);
 }
開發者ID:artovenry,項目名稱:haml,代碼行數:4,代碼來源:Helper.php

示例5: dirname

<?
require dirname(__DIR__) . "/vendor/autoload.php";
Artovenry\Haml::init("", ["debug"=>true]);
render("index", "hoge", ["var"=>safe_html("<i>hoge</i>")]);
開發者ID:artovenry,項目名稱:haml,代碼行數:4,代碼來源:index.php

示例6: getQuizCorrectForm

/**
 * fuction getQuizCorrectForm:
 * returns form where user answers submissions will be displayed, marks can be alloted for subjective answers
 */
function getQuizCorrectForm($quizId, $userId)
{
    $marks = mysql_fetch_array(mysql_query("SELECT SUM(`quiz_marksallotted`) AS `total`, MIN(`quiz_attemptstarttime`) AS `starttime`, MAX(`quiz_submissiontime`) AS `finishtime`, TIMEDIFF(MAX(`quiz_submissiontime`), MIN(`quiz_attemptstarttime`)) AS `timetaken` FROM `quiz_userattempts` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$quizId}'"));
    $title = mysql_fetch_array(mysql_query("SELECT `quiz_title` FROM `quiz_descriptions` WHERE `page_modulecomponentid` = '{$quizId}'"));
    $correctFormHtml = "";
    $sectionHead = "";
    $sections = mysql_query("SELECT `quiz_sections`.`quiz_sectiontitle` AS `quiz_sectiontitle`, `quiz_sections`.`quiz_sectionid` AS `quiz_sectionid`, `quiz_marksallotted` FROM `quiz_userattempts` JOIN `quiz_sections` ON `quiz_userattempts`.`quiz_sectionid` = `quiz_sections`.`quiz_sectionid` WHERE `user_id` = '{$userId}' AND `quiz_userattempts`.`page_modulecomponentid` = '{$quizId}' AND `quiz_sections`.`page_modulecomponentid` = '{$quizId}'");
    while ($sectionsRow = mysql_fetch_array($sections)) {
        $correctFormHtml .= "<h4>{$sectionsRow['quiz_sectiontitle']}(Marks: {$sectionsRow['quiz_marksallotted']})</h4>";
        $sectionHead .= "<td><b>{$sectionsRow['quiz_sectiontitle']}</b> section marks: {$sectionsRow['quiz_marksallotted']}</td>";
        $questionQuery = "SELECT `quiz_questions`.`quiz_questionid` AS `quiz_questionid`, " . "`quiz_questions`.`quiz_question` AS `quiz_question`, `quiz_questiontype`, " . "`quiz_rightanswer`, `quiz_submittedanswer`, `quiz_marksallotted`,`quiz_questions`.`quiz_sectionid` " . "FROM `quiz_questions`, `quiz_answersubmissions` WHERE " . "`quiz_questions`.`page_modulecomponentid` = '{$quizId}' AND " . "`quiz_questions`.`page_modulecomponentid` = `quiz_answersubmissions`.`page_modulecomponentid` AND " . "`quiz_questions`.`quiz_sectionid` = `quiz_answersubmissions`.`quiz_sectionid` AND " . "`quiz_questions`.`quiz_questionid` = `quiz_answersubmissions`.`quiz_questionid` AND " . "`quiz_questions`.`quiz_sectionid` = '{$sectionsRow['quiz_sectionid']}' AND " . "`user_id` = '{$userId}' ORDER BY `quiz_answersubmissions`.`quiz_questionrank`";
        $questionResult = mysql_query($questionQuery);
        if (!$questionResult) {
            displayerror($questionQuery . '<br />' . mysql_error());
        }
        while ($questionRow = mysql_fetch_assoc($questionResult)) {
            $correctFormHtml .= '<table class="quiz_' . (is_null($questionRow['quiz_marksallotted']) || floatval($questionRow['quiz_marksallotted']) <= 0 ? 'wrong' : 'right') . "answer\"><tr><td colspan=\"2\">{$questionRow['quiz_question']}</td></tr>\n";
            if ($questionRow['quiz_questiontype'] == 'subjective') {
                $submittedAnswers = array();
                $submittedAnswers[] = $questionRow['quiz_submittedanswer'];
                $correctAnswers = array();
                $correctAnswers[] = $questionRow['quiz_rightanswer'];
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Correct Answer:</td><td>' . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td>Mark:</td><td><form method=POST action='./+correct&useremail=" . safe_html($_GET['useremail']) . "'><input type=hidden name=quizid value='{$quizId}'><input type=hidden name=sectionid value={$questionRow['quiz_sectionid']}><input type=hidden name=questionid value={$questionRow['quiz_questionid']}><input type=hidden name=userid value={$userId}><input type=text name=mark size=5 value='{$questionRow['quiz_marksallotted']}'><input type=submit value='Submit' name=btnSetMark></form></td></tr>";
            } elseif ($questionRow['quiz_questiontype'] == 'sso' || $questionRow['quiz_questiontype'] == 'mso') {
                $optionList = getQuestionOptionList($quizId, $sectionsRow['quiz_sectionid'], $questionRow['quiz_questionid']);
                $options = array();
                for ($i = 0; $i < count($optionList); ++$i) {
                    $options[$optionList[$i]['quiz_optionid']] = $optionList[$i];
                }
                $correctAnswers = array();
                $rightAnswerIds = explode('|', $questionRow['quiz_rightanswer']);
                for ($i = 0; $i < count($rightAnswerIds); ++$i) {
                    $correctAnswers[] = $options[$rightAnswerIds[$i]]['quiz_optiontext'];
                }
                $submittedAnswers = array();
                $submittedAnswerIds = explode('|', $questionRow['quiz_submittedanswer']);
                for ($i = 0; $i < count($submittedAnswerIds); ++$i) {
                    $submittedAnswers[] = $options[$submittedAnswerIds[$i]]['quiz_optiontext'];
                }
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td nowrap=\"nowrap\" width=\"10%\">Correct Answer:</td><td>" . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td>Mark:</td><td>{$questionRow['quiz_marksallotted']}</td></tr>";
            }
            $correctFormHtml .= "</table>\n";
        }
    }
    $quizcorrectinfo = "<h3>{$title['quiz_title']} - Quiz Answers Correct form for user: " . safe_html($_GET['useremail']) . "</h3><form name='userclearform' method='POST' action='./+correct'><a href='./+correct'>&lt;&lt;Back</a> &nbsp;&nbsp;&nbsp;<input type='hidden' name='hdnUserId' id='hdnUserId' value='{$userId}' /><input type='submit' name='btnDeleteUser' id='btnDeleteUser' value='Reject Submission' /></form><table width=100%><tr><td>Total marks: {$marks['total']}</td>{$sectionHead}<td>Start time: {$marks['starttime']}</td><td>Finish time: {$marks['finishtime']}</td><td>Time taken: {$marks['timetaken']}</td></tr></table>";
    $correctFormHtml .= "<a href='./+correct'>&lt;&lt;Back</a>";
    return $quizcorrectinfo . $correctFormHtml;
}
開發者ID:ksb1712,項目名稱:pragyan,代碼行數:56,代碼來源:quizcorrect.php

示例7: show_wall

function show_wall()
{
    global $user, $config, $keyword, $search_mode, $page_name;
    ?>
    <table>
         	<tr>
                <td align="center"><b>Name</b></td>
                <td align="center"><b>Message</b></td>
                <td align="center"><b> </b></td>
            </tr>

            <form action="<?php 
    echo $page_name;
    ?>
" method="post">	
                <td align="center"><b><input type="text" value="<?php 
    echo $user->get_name();
    ?>
" name="author"></td>
                <td align="center"><b><textarea rows="2" name="message" style="width:100%"></textarea></td>
                <td align="center"><input type="submit" value="Post"><input type="hidden" name="post_message" value=true></td>
                <input type="hidden" name="post_message" value=true>
            </form>


            <?php 
    $author_sql = 'select distinct ip,author from ( select * from ' . $config[dbwall] . ' ORDER BY time DESC limit 40) as foo ;';
    $sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
    #send query to mysql
    $wall = MySQL_query($sql);
    $wall_line_number = 0;
    #show messages on wall
    while ($row = MySQL_fetch_array($wall)) {
        $class = $wall_line_number % 2 ? 'class="online_even"' : 'class="online_odd"';
        $i = 0;
        $query = MySQL_query($author_sql);
        while ($author_row = MySQL_fetch_array($query)) {
            if (strcasecmp($author_row['author'], $row['author']) == 0 and $author_row['ip'] == $row['ip']) {
                $author_number = $i;
                #so one color for each author
                break;
            }
            $i++;
        }
        echo "<tr {$class}>";
        echo "<td class='wallname wallcolour" . $author_number % 13 . "' >" . safe_html(stripslashes($row['author'])) . "</td>";
        echo "<td align='center' >" . safe_html(stripslashes($row['message'])) . "</td>";
        echo "<td align='center' style='font-size:x-small'>" . date("H:i", strtotime(stripslashes($row['time']))) . "<br>" . date("M d", strtotime(stripslashes($row['time']))) . "</td>";
        echo "</tr>";
        #produce readable HTML by having a new line here
        echo "\r\n";
        $wall_line_number++;
    }
    ?>
        </table>	
    <?php 
}
開發者ID:hurta2yaisel,項目名稱:trufflepig,代碼行數:57,代碼來源:html_samples.php

示例8: MySQL_query

?>

<?php 
include 'common.php';
$sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
$wall = MySQL_query($sql);
?>
 

<rss version="2.0">
<channel>

<?php 
echo "\r\n";
echo '<title>' . $config[website_name] . '</title>';
echo '<link>' . $config[web_address] . '</link>';
echo '<description>Feed for comments on the ' . $config[website_name] . ' wall</description>';
echo "\r\n";
while ($row = MySQL_fetch_array($wall)) {
    echo '<item>';
    echo '<title>' . safe_html($row['author']) . '</title>';
    echo '<link> ' . $config[web_address] . '</link>';
    echo '<description>' . safe_html(stripslashes($row['message'])) . '</description>';
    echo '</item>';
    echo "\r\n";
}
?>
 
</channel>
</rss>
開發者ID:hurta2yaisel,項目名稱:trufflepig,代碼行數:30,代碼來源:feed.php

示例9: connect

connect();
///Authentication process begins here
require_once $sourceFolder . "/authenticate.lib.php";
$cookieSupported = checkCookieSupport();
if ($cookieSupported == true) {
    session_start();
}
$userId = firstTimeGetUserId();
///Case 1 : request a page
if (isset($_GET['page'])) {
    $_GET['page'] = escape($_GET['page']);
    $pageFullPath = strtolower($_GET['page']);
} else {
    if (isset($_GET['user'])) {
        $publicPageRequest = true;
        $userProfileId = safe_html(escape($_GET['user']));
        //This is just to prevent parsing a NULL url when someone misplaces the code for User profile parser
        $pageFullPath = "home";
    } else {
        $pageFullPath = "home";
    }
}
///Retrieve the action, default is "view"
if (isset($_GET['action'])) {
    $action = strtolower(escape($_GET['action']));
} else {
    $action = "view";
}
///Just to check if server is alive, an alternative of Ping
if ($action == 'keepalive') {
    die("OK: " . rand());
開發者ID:ksb1712,項目名稱:pragyan,代碼行數:31,代碼來源:index.php

示例10: resetPasswd

/**
 * @package pragyan
 * @copyright (c) 2010 Pragyan Team
 * @license http://www.gnu.org/licenses/ GNU Public License
 * For more details, see README
 */
function resetPasswd($allow_login)
{
    if (!isset($_POST['user_email']) && !isset($_GET['key'])) {
        $resetPasswd = <<<RESET
\t\t\t\t\t<form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
\t\t\t\t\t\t<fieldset>
\t\t\t\t\t\t<legend>Reset Password</legend>
\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><label for="user_email"  class="labelrequired">Email</label></td>
\t\t\t\t\t\t\t\t\t<td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td colspan="2">&nbsp;</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t\t\t\t\t\t\t<td>
RESET;
        if ($allow_login) {
            $resetPasswd .= "<a href='./+login&subaction=register'>Sign Up</a> ";
        }
        $resetPasswd .= "<a href='./+login'>Login</a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>";
        return $resetPasswd;
    } elseif (!isset($_GET['key'])) {
        $user_email = escape($_GET['user_email']);
        if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", escape($_POST['user_email']))) {
            displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
        } else {
            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . escape($_POST[user_email]) . "' ";
            $result = mysql_query($query);
            $temp = mysql_fetch_assoc($result);
            if (mysql_num_rows($result) == 0) {
                displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
            } elseif ($temp['user_loginmethod'] === 'openid') {
                displayerror("This email is registered as an OpenID user. You do not have a permanent account on our server. Hence, we do not keep or maintain your password. Please ask the parent OpenID provider to reset the password for you");
            } elseif ($temp['user_activated'] == 0) {
                displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
            } else {
                $key = md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2));
                // send mail code starts here - see common.lib.php for more
                //								$from = "no-reply@pragyan.org";
                $to = "{$temp['user_email']}";
                $mailtype = "password_forgot_reset";
                $language = "en";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('RESETPASS_URL' => "{$onlineSiteUrl}/+login&subaction=resetPasswd&resetPasswd={$temp['user_email']}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key)) {
                    displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
                } else {
                    displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
                }
                // send mail code ends here
            }
        }
    } else {
        $key = escape($_GET['key']);
        $user_email = escape($_GET['resetPasswd']);
        $password = rand();
        $dbpassword = md5($password);
        $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
        $result = mysql_query($query);
        $temp = mysql_fetch_assoc($result);
        if ($key == md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2))) {
            $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users`  SET `user_password`='{$dbpassword}' WHERE `user_email`='{$user_email}'";
            $result = mysql_query($query);
            if (mysql_affected_rows() > 0) {
                // send mail code starts here
                //							$from = "no-reply@pragyan.org";
                $to = "{$temp['user_email']}";
                $mailtype = "password_reset";
                $language = "en";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('PASSWORD' => "{$password}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key)) {
                    displayinfo("Password reset. Kindly check your e-mail.");
                } else {
                    displayerror("Password reset failed. Kindly contact administrator");
                }
                // send mail code ends here
            }
        } else {
            displayinfo(safe_html("Authentication failure for password reset for {$user_email}"));
        }
    }
    return "";
}
開發者ID:ksb1712,項目名稱:pragyan,代碼行數:95,代碼來源:login.lib.php

示例11: updateGlobalSettings

function updateGlobalSettings()
{
    $global = array();
    $global['allow_pagespecific_header'] = isset($_POST['allow_page_header']) ? 1 : 0;
    $global['allow_pagespecific_template'] = isset($_POST['allow_page_template']) ? 1 : 0;
    $global['default_user_activate'] = isset($_POST['activate_useronreg']) ? 1 : 0;
    $global['default_mail_verify'] = isset($_POST['send_mail_on_reg']) ? 1 : 0;
    $global['breadcrumb_submenu'] = isset($_POST['breadcrumb_submenu']) ? 1 : 0;
    $global['allow_login'] = isset($_POST['allow_login']) ? 1 : 0;
    $global['deadline_notify'] = $_POST['deadline_notify'];
    $global['cms_title'] = escape($_POST['cms_title']);
    $global['default_template'] = escape($_POST['default_template']);
    $global['cms_email'] = escape($_POST['cms_email']);
    $global['upload_limit'] = escape($_POST['upload_limit']);
    $global['reindex_frequency'] = escape($_POST['reindex_frequency']);
    $global['cms_desc'] = escape($_POST['cms_desc']);
    $global['cms_keywords'] = escape($_POST['cms_keywords']);
    $global['cms_footer'] = escape($_POST['cms_footer']);
    $global['blacklist_domain'] = escape($_POST['blacklist_domain']);
    $global['blacklist_ip'] = escape($_POST['blacklist_ip']);
    $global['censor_words'] = safe_html($_POST['censor_words']);
    $blacklist_domain = safe_html($_POST['blacklist_domain']);
    $blacklist_ip = safe_html($_POST['blacklist_ip']);
    if (!($blacklist_domain == "" && $blacklist_ip == "")) {
        setblacklist($blacklist_domain, $blacklist_ip);
    }
    if (isset($_POST['openid_enabled']) && escape($_POST['openid_enabled'] == 'true')) {
        if (iscurlinstalled()) {
            //check if curl is enabled
            $global['openid_enabled'] = 'true';
        } else {
            global $curl_message;
            displaywarning($curl_message);
            //dispaly warnning that curl is not enabled
            $global['openid_enabled'] = 'false';
            //disable openid
        }
    } else {
        //if user submitted false
        $global['openid_enabled'] = 'false';
    }
    //disable openid
    if (isset($_POST['recaptcha_enable'])) {
        if ($_POST['public_key'] != NULL && $_POST['private_key'] != NULL) {
            $global['recaptcha'] = '1';
            // enable recaptcha
            $global['recaptcha_public'] = escape($_POST['public_key']);
            $global['recaptcha_private'] = escape($_POST['private_key']);
        } else {
            displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
            //dispaly warning
            $global['recaptcha'] = '0';
            //disable recaptcha
        }
    } else {
        $global['recaptcha'] = '0';
    }
    setGlobalSettings($global);
    displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
}
開發者ID:nobelium,項目名稱:pragyan,代碼行數:60,代碼來源:admin.lib.php

示例12: mailer

 function mailer($to, $mailtype, $key, $from)
 {
     if (empty($from)) {
         $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
     }
     //init mail template file path
     $mail_filepath = MAILPATH . "/" . LANGUAGE . "/email/{$mailtype}.txt";
     $drop_header = '';
     if (!file_exists($mail_filepath)) {
         displayerror(safe_html("NO FILE called {$mail_filepath} FOUND !"));
     }
     //check file
     if (($data = @file_get_contents($mail_filepath)) === false) {
         displayerror("{$mail_filepath} FILE READ ERROR !");
     }
     //read contents
     //escape quotes
     $body = str_replace("'", "\\'", $data);
     //replace the vars in file content with those defined
     $body = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . ((isset(\$this->vars['\\1'])) ? \$this->vars['\\1'] : '') . '", $body);
     //Make the content parseable
     eval("\$body = '{$body}';");
     //Extract the SUBJECT from mail content
     $match = array();
     if (preg_match('#^(Subject:(.*?))$#m', $body, $match)) {
         //Find SUBJECT
         $subject = trim($match[2]) != '' ? trim($match[2]) : $subject;
         $drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
     }
     if ($drop_header) {
         //Remove SUBJECT from BODY of mail
         $body = trim(preg_replace('#' . $drop_header . '#s', '', $body));
     }
     //Debug info
     //echo displayinfo($from.' <br> '.$to.' <br> '.$subject.' <br> '.$body);
     //Send mail
     global $debugSet;
     if ($debugSet == "on") {
         displayinfo("Vars :" . arraytostring($this->vars));
         displayinfo("Mail sent to {$to} from {$from} with subject {$subject} and body {$body}");
     }
     return mail($to, $subject, $body, $from);
 }
開發者ID:ksb1712,項目名稱:pragyan,代碼行數:43,代碼來源:common.lib.php

示例13: install_head

    install_head("設置管理員賬號密碼");
    echo_start();
    echo_msg("設置管理員賬號密碼" . HR);
    form_start("install.php?act=admin_ok");
    echo_msg("管理員賬號:", "<input type='text' name='user' value='admin'>", true);
    echo_msg("管理員密碼:", "<input type='text' name='pass' value='admin'>", true);
    echo_msg("管理員郵箱:", "<input type='text' name='email' value='admin@admin.com'>", true);
    echo_msg(HR);
    echo_msg(button("submit", "下一步"));
    echo_end();
    form_end();
    install_foot();
} elseif ($sysact == "admin_ok") {
    $user = safe_html($user);
    $pass = safe_html($pass);
    $email = safe_html($email);
    if (!$user) {
        error("管理員賬號不能為空", "admin");
    }
    if (!$pass) {
        error("管理員密碼不能為空", "admin");
    }
    if (!file_exists("config.php")) {
        error("config.php配置文件不存在,請返回修改", "setconfig", "設置config.php文件");
    }
    if (!file_exists("install.sql")) {
        error("install.sql 文件不存在,請上傳...", "incsql", "下一步");
    }
    include_once "config.php";
    include_once "class/db/mysql.php";
    $DB = new DB_SQL($dbHost, $dbUser, $dbPass);
開發者ID:BGCX067,項目名稱:f1project-svn-to-git,代碼行數:31,代碼來源:install.php

示例14: safe_html

 function safe_html($var)
 {
     if (!is_array($var)) {
         return $var === NULL ? NULL : htmlspecialchars($var, ENT_QUOTES, 'UTF-8');
         // htmlspecialchars keeps ñ, á and all the UTF-8 valid chars
     }
     $safe_array = array();
     foreach ($var as $k => $v) {
         $safe_array[$k] = is_array($v) ? safe_html($v) : ($v === NULL ? NULL : htmlspecialchars($v, ENT_QUOTES, 'UTF-8'));
     }
     return $safe_array;
 }
開發者ID:antonspavlovs,項目名稱:G-Library,代碼行數:12,代碼來源:functions.php

示例15: handleTemplateManagement

function handleTemplateManagement()
{
    global $sourceFolder;
    if (isset($_POST['btn_install'])) {
        $uploadId = processUploaded("Template");
        if ($uploadId != -1) {
            return installModule($uploadId, "Template");
        }
    } else {
        if (isset($_POST['btn_uninstall'])) {
            $query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
            $res = mysql_query($query);
            $row1 = array();
            $row1 = mysql_fetch_row($res);
            if (!isset($_POST['Template']) || $_POST['Template'] == "") {
                return "";
            }
            $toDelete = escape($_POST['Template']);
            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
            $query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
            $result2 = mysql_query($query2) or displayerror(mysql_error());
            if ($row1[0] == $toDelete) {
                displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
                return "";
            }
            if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) {
                if ($row = mysql_fetch_array(mysql_query($query))) {
                    $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
                    mysql_query($query);
                    $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'";
                    mysql_query($query) or displayerror(mysql_error());
                    $templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
                    if (file_exists($templateDir)) {
                        delDir($templateDir);
                    }
                    displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!");
                    return "";
                } else {
                    displayerror("Template uninstallation failed!");
                    return "";
                }
            }
            $pageList = "";
            while ($row = mysql_fetch_assoc($result2)) {
                $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
            }
            $templatename = safe_html($_POST['Template']);
            $ret = <<<RET
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Template Management</legend>
Some of the page with {$templatename} template are:<br>
{$pageList}
<div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
<form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
<input type=hidden value='{$templatename}' name='Template' />
<input type=submit value='Delete template' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
            return $ret;
        }
    }
    /*
    	this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
    	so template installation is also merged with module and widget installation,
    	but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
    	are missing in that installation, these will remain commented for reference till those features are implemented the other way
    	else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') 
    	{		
    	
    		$issues = "";
    		$ret = reportIssues(escape($_POST['path']),$issues);
    		if($ret[0] == 1) 
    		{
    			displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
    			delDir(escape($_POST['del']));
    			unlink(escape($_POST['file']));
    			return "";
    		}
    			
    		$templates=getAvailableTemplates();
    		$flag=false;
    		foreach ($templates as $template) 
    			if($template==$_POST['template'])
    			{
    				$flag=true;
    				break;
    			}
    		if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) 
    		{
    			displayerror("Template Installation failed : A folder by the template name already exists.");
    			$templatePath=safe_html($_POST['del']);
    			$str=safe_html($_POST['file']);
    			$ret=<<<RET
    			<form method=POST action='./+admin&subaction=canceltemplate'>
    			Please click the following button to start a fresh installation : 
    			<input type=hidden name='path' value='{$templatePath}'>
    			<input type=hidden name='file' value='{$str}'>
    			<input type=submit value="Fresh Installation">
//.........這裏部分代碼省略.........
開發者ID:nobelium,項目名稱:pragyan,代碼行數:101,代碼來源:template.lib.php


注:本文中的safe_html函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。