Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1207)
+++ branches/2.8.x/CHANGELOG	(revision 1208)
@@ -11,6 +11,9 @@
 ! = Update/Change
 
 ------------------------------------- 2.8.1 -------------------------------------
+03-Dez-2009 Dietmar Woellbrink (Luisehahne)
+!	change searchstring mdcr.js, workout crypt emails in output_filter/filter-routines.php
+!	comment out ob_end_flush line 259 in form/view.php
 02-Dez-2009 Dietmar Woellbrink (Luisehahne)
 !	next step to validate backend themes
 01-Dez-2009 Dietmar Woellbrink (Luisehahne)
Index: branches/2.8.x/wb/modules/form/view.php
===================================================================
--- branches/2.8.x/wb/modules/form/view.php	(revision 1207)
+++ branches/2.8.x/wb/modules/form/view.php	(revision 1208)
@@ -1,486 +1,494 @@
-<?php
-
-// $Id$
-
-/*
-
- Website Baker Project <http://www.websitebaker.org/>
- Copyright (C) 2004-2009, Ryan Djurovich
-
- Website Baker is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- Website Baker is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Website Baker; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-*/
-
-/*
-The Website Baker Project would like to thank Rudolph Lartey <www.carbonect.com>
-for his contributions to this module - adding extra field types
-*/
-
-// Must include code to stop this file being access directly
-if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
-
-// check if frontend.css file needs to be included into the <body></body> of view.php
-if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) &&  
-	file_exists(WB_PATH .'/modules/form/frontend.css')) {
-	echo '<style type="text/css">';
-	include(WB_PATH .'/modules/form/frontend.css');
-	echo "\n</style>\n";
-} 
-
-require_once(WB_PATH.'/include/captcha/captcha.php');
-
-// obtain the settings of the output filter module
-if(file_exists(WB_PATH.'/modules/output_filter/filter-routines.php')) {
-	include_once(WB_PATH.'/modules/output_filter/filter-routines.php');
-	$filter_settings = get_output_filter_settings();
-} else {
-	// no output filter used, define default settings
-	$filter_settings['email_filter'] = 0;
-}
-
-// Function for generating an optionsfor a select field
-if (!function_exists('make_option')) {
-function make_option(&$n, $k, $values) {
-	// start option group if it exists
-	if (substr($n,0,2) == '[=') {
-	 	$n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
-	} elseif ($n == ']') {
-		$n = '</optgroup>';
-	} else {
-		if(in_array($n, $values)) {
-			$n = '<option selected="selected" value="'.$n.'">'.$n.'</option>';
-		} else {
-			$n = '<option value="'.$n.'">'.$n.'</option>';
-		}
-	}
-}
-}
-// Function for generating a checkbox
-if (!function_exists('make_checkbox')) {
-function make_checkbox(&$n, $idx, $params) {
-	$field_id = $params[0][0];
-	$seperator = $params[0][1];
-	$label_id = 'wb_'.str_replace(" ", "_", $n);
-	if(in_array($n, $params[1])) {
-		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</lable>'.$seperator;
-	} else {
-		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</label>'.$seperator;
-	}	
-}
-}
-// Function for generating a radio button
-if (!function_exists('make_radio')) {
-function make_radio(&$n, $idx, $params) {
-	$field_id = $params[0];
-	$group = $params[1];
-	$seperator = $params[2];
-	$label_id = 'wb_'.str_replace(" ", "_", $n);
-	if($n == $params[3]) { 
-		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
-	} else {
-		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
-	}
-}
-}
-
-if (!function_exists("new_submission_id") ) {
-	function new_submission_id() {
-		$submission_id = '';
-		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
-		srand((double)microtime()*1000000);
-		$i = 0;
-		while ($i <= 7) {
-			$num = rand() % 33;
-			$tmp = substr($salt, $num, 1);
-			$submission_id = $submission_id . $tmp;
-			$i++;
-		}
-		return $submission_id;
-	}
-}
-
-// Work-out if the form has been submitted or not
-if($_POST == array()) {
-
-// Set new submission ID in session
-$_SESSION['form_submission_id'] = new_submission_id();
-
-// Get settings
-$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
-if($query_settings->numRows() > 0) {
-	$fetch_settings = $query_settings->fetchRow();
-	$header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']);
-	$field_loop = $fetch_settings['field_loop'];
-	$footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']);
-	$use_captcha = $fetch_settings['use_captcha'];
-	$form_name = 'form';
-	$use_xhtml_strict = false;
-} else {
-	$header = '';
-	$field_loop = '';
-	$footer = '';
-	$form_name = 'form';
-	$use_xhtml_strict = false;
-}
-
-?>
-<form <?php echo ( ( (strlen($form_name) > 0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])); ?>#wb_<?PHP echo $section_id;?>" method="post">
-<div>
-<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
-</div>
-<?php
-if(ENABLED_ASP) { // first add some honeypot-fields
-?>
-<div>
-<input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" />
-</div>
-<p class="nixhier">
-email address:
-<label for="email">Leave this field email-address blank:</label>
-<input id="email" name="email" size="56" value="" /><br />
-Homepage:
-<label for="homepage">Leave this field homepage blank:</label>
-<input id="homepage" name="homepage" size="55" value="" /><br />
-URL:
-<label for="url">Leave this field url blank:</label>
-<input id="url" name="url" size="61" value="" /><br />
-Comment:
-<label for="comment">Leave this field comment blank:</label>
-<textarea id="comment" name="comment" cols="50" rows="10"></textarea><br />
-</p>
-
-<?php }
-
-// Print header
-echo $header;
-
-// Get list of fields
-$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
-
-if($query_fields->numRows() > 0) {
-	while($field = $query_fields->fetchRow()) {
-		// Set field values
-		$field_id = $field['field_id'];
-		$value = $field['value'];
-		// Print field_loop after replacing vars with values
-		$vars = array('{TITLE}', '{REQUIRED}');
-		if (($field['type'] == "radio") || ($field['type'] == "checkbox")) {
-			$field_title = $field['title'];
-		} else {
-			$field_title = '<label for="field'.$field_id.'">'.$field['title'].'</label>';
-		}
-		$values = array($field_title);
-		if ($field['required'] == 1) {
-			$values[] = '<span class="required">*</span>';
-		} else {
-			$values[] = '';
-		}
-		if($field['type'] == 'textfield') {
-			$vars[] = '{FIELD}';
-			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" maxlength="'.$field['extra'].'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'" class="textfield" />';
-		} elseif($field['type'] == 'textarea') {
-			$vars[] = '{FIELD}';
-			$values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="textarea" cols="25" rows="5">'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'</textarea>';
-		} elseif($field['type'] == 'select') {
-			$vars[] = '{FIELD}';
-			$options = explode(',', $value);
-			array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()));
-			$field['extra'] = explode(',',$field['extra']);
-			$values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].' class="select">'.implode($options).'</select>';		
-		} elseif($field['type'] == 'heading') {
-			$vars[] = '{FIELD}';
-			$str = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
-			$values[] = ( true == $use_xhtml_strict) ? "<div>".$str."</div>" : $str;
-			$tmp_field_loop = $field_loop;		// temporarily modify the field loop template
-			$field_loop = $field['extra'];
-		} elseif($field['type'] == 'checkbox') {
-			$vars[] = '{FIELD}';
-			$options = explode(',', $value);
-			array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())));
-			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
-			$values[] = implode($options);
-		} elseif($field['type'] == 'radio') {
-			$vars[] = '{FIELD}';
-			$options = explode(',', $value);
-			array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'')));
-			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
-			$values[] = implode($options);
-		} elseif($field['type'] == 'email') {
-			$vars[] = '{FIELD}';
-			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'').'" maxlength="'.$field['extra'].'" class="email" />';
-		}
-		if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
-		if($field['type'] != '') {
-			echo str_replace($vars, $values, $field_loop);
-		}
-		if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop;
-	}
-}
-
-// Captcha
-if($use_captcha) { ?>
-	<tr>
-	<td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td>
-	<td><?php call_captcha(); ?></td>
-	</tr>
-	<?php
-}
-
-// Print footer
-echo $footer;
-
-/**
-	NOTE: comment out the line ob_end_flush() if you indicate problems (e.g. when using ob_start in the index.php of your template)
-	With ob_end_flush(): output filter will be disabled for this page (and all sections embedded on this page)
-	Without ob_end_flush(): emails are rewritten (e.g. name@domain.com --> name(at)domain(dot)com) if output filter is enabled
-	All replacements made by the Output-Filter module will be reverted before the email is send out
-*/
-if($filter_settings['email_filter'] && !($filter_settings['at_replacement']=='@' && $filter_settings['dot_replacement']=='.')) { 
-	ob_end_flush();
-}
-
-// Add form end code
-?>
-</form>
-<?php
-
-} else {
-	
-	// Check that submission ID matches
-	if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
-		
-		// Set new submission ID in session
-		$_SESSION['form_submission_id'] = new_submission_id();
-		
-		if(ENABLED_ASP && ( // form faked? Check the honeypot-fields.
-			(!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR 
-			($_POST['submitted_when'] != $_SESSION['submitted_when']) OR
-			(!isset($_POST['email']) OR $_POST['email']) OR
-			(!isset($_POST['homepage']) OR $_POST['homepage']) OR
-			(!isset($_POST['comment']) OR $_POST['comment']) OR
-			(!isset($_POST['url']) OR $_POST['url'])
-		)) {
-			exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
-		}
-
-		// Submit form data
-		// First start message settings
-		$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
-		if($query_settings->numRows() > 0) {
-			$fetch_settings = $query_settings->fetchRow();
-			$email_to = $fetch_settings['email_to'];
-			$email_from = $fetch_settings['email_from'];
-			if(substr($email_from, 0, 5) == 'field') {
-				// Set the email from field to what the user entered in the specified field
-				$email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from]));
-			}
-			$email_fromname = $fetch_settings['email_fromname'];
-			$email_subject = $fetch_settings['email_subject'];
-			$success_page = $fetch_settings['success_page'];
-			$success_email_to = $fetch_settings['success_email_to'];
-			if(substr($success_email_to, 0, 5) == 'field') {
-				// Set the success_email to field to what the user entered in the specified field
-				$success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to]));
-			}
-			$success_email_from = $fetch_settings['success_email_from'];
-			$success_email_fromname = $fetch_settings['success_email_fromname'];
-			$success_email_text = $fetch_settings['success_email_text'];
-			$success_email_subject = $fetch_settings['success_email_subject'];		
-			$max_submissions = $fetch_settings['max_submissions'];
-			$stored_submissions = $fetch_settings['stored_submissions'];
-			$use_captcha = $fetch_settings['use_captcha'];
-		} else {
-			exit($TEXT['UNDER_CONSTRUCTION']);
-		}
-		$email_body = '';
-		
-		// Create blank "required" array
-		$required = array();
-		
-		// Captcha
-		if($use_captcha) {
-			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
-				// Check for a mismatch
-				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
-					$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
-				}
-			} else {
-				$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
-			}
-		}
-		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
-
-		// Loop through fields and add to message body
-		// Get list of fields
-		$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
-		if($query_fields->numRows() > 0) {
-			while($field = $query_fields->fetchRow()) {
-				// Add to message body
-				if($field['type'] != '') {
-					if(!empty($_POST['field'.$field['field_id']])) {
-						if (is_array($_POST['field'.$field['field_id']])) {
-							$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
-						} else {
-							$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
-						}
-						// if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings)
-						// otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc.
-						if ($filter_settings['email_filter']) {
-							$field_value = $_POST['field'.$field['field_id']];
-							$field_value = str_replace($filter_settings['at_replacement'], '@', $field_value);
-							$field_value = str_replace($filter_settings['dot_replacement'], '.', $field_value);
-							$_POST['field'.$field['field_id']] = $field_value;
-						}
-						if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
-							$email_error = $MESSAGE['USERS']['INVALID_EMAIL'];
-						}
-						if($field['type'] == 'heading') {
-							$email_body .= $_POST['field'.$field['field_id']]."\n\n";
-						} elseif (!is_array($_POST['field'.$field['field_id']])) {
-							$email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n";
-						} else {
-							$email_body .= $field['title'].": \n";
-							foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
-								$email_body .= $v."\n";
-							}
-							$email_body .= "\n";
-						}
-					} elseif($field['required'] == 1) {
-						$required[] = $field['title'];
-					}
-				}
-			}
-		}
-	
-		// Check if the user forgot to enter values into all the required fields
-		if($required != array()) {
-			if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) {
-				echo 'You must enter details for the following fields';
-			} else {
-				echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS'];
-			}
-			echo ':<br /><ul>';
-			foreach($required AS $field_title) {
-				echo '<li>'.$field_title;
-			}
-			if(isset($email_error)) {
-				echo '<li>'.$email_error.'</li>';
-			}
-			if(isset($captcha_error)) {
-				echo '<li>'.$captcha_error.'</li>';
-			}
-			echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
-		} else {
-			if(isset($email_error)) {
-				echo '<br /><ul>';
-				echo '<li>'.$email_error.'</li>';
-				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
-			} elseif(isset($captcha_error)) {
-				echo '<br /><ul>';
-				echo '<li>'.$captcha_error.'</li>';
-				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
-			} else {
-				// Check how many times form has been submitted in last hour
-				$last_hour = time()-3600;
-				$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
-				if($query_submissions->numRows() > $max_submissions) {
-					// Too many submissions so far this hour
-					echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'];
-					$success = false;
-				} else {
-					/**	
-					 *	Adding the IP to the body and try to send the email
-					 */
-					$email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR'];
-					
-					if($email_to != '') {
-						if($email_from != '') {
-							if($wb->mail($email_from,$email_to,$email_subject,$email_body,$email_fromname)) {
-								$success = true;
-							}
-						} else {
-							if($wb->mail('',$email_to,$email_subject,$email_body,$email_fromname)) { 
-								$success = true; 
-							}
-						}
-					}				
-					if($success_email_to != '') {
-						if($success_email_from != '') {
-							if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
-								$success = true;
-							}
-						} else {
-							if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
-								$success = true;
-							}
-						}
-					}				
-			
-					// Write submission to database
-					if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) {
-						$submitted_by = $admin->get_user_id();
-					} else {
-						$submitted_by = 0;
-					}
-					$email_body = $wb->add_slashes($email_body);
-					$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".time()."','$submitted_by','$email_body')");
-					// Make sure submissions table isn't too full
-					$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
-					$num_submissions = $query_submissions->numRows();
-					if($num_submissions > $stored_submissions) {
-						// Remove excess submission
-						$num_to_remove = $num_submissions-$stored_submissions;
-						while($submission = $query_submissions->fetchRow()) {
-							if($num_to_remove > 0) {
-								$submission_id = $submission['submission_id'];
-								$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
-								$num_to_remove = $num_to_remove-1;
-							}
-						}
-					}
-					if(!$database->is_error()) {
-						$success = true;
-					}
-				}
-			}	
-		}
-	}
-	
-	// Now check if the email was sent successfully
-	if(isset($success) AND $success == true) {
-	   if ($success_page=='none') {
-			echo str_replace("\n","<br />",$success_email_text);
-  		} else {
-			$query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'");
-			if($query_menu->numRows() > 0) {
-  	        	$fetch_settings = $query_menu->fetchRow();
-			   $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION;
-			   echo "<script type='text/javascript'>location.href='".$link."';</script>";
-			}    
-		}
-		// clearing session on success
-		$query_fields = $database->query("SELECT field_id FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id'");
-		while($field = $query_fields->fetchRow()) {
-			$field_id = $field[0];
-			if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
-		}
-	} else {
-		if(isset($success) AND $success == false) {
-			echo $TEXT['ERROR'];
-		}
-	}
-}
-
+<?php
+
+// $Id$
+
+/*
+
+ Website Baker Project <http://www.websitebaker.org/>
+ Copyright (C) 2004-2009, Ryan Djurovich
+
+ Website Baker is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ Website Baker is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Website Baker; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ * @category   frontend
+ * @package    outputfilter
+ * @author(s)  Dietmar Wöllbrink <Luisehahne>, Dietrich Roland Pehlke <Aldus>
+ * @platform   WB 2.8.0
+ * @require    PHP 5.2.x
+ * @license    http://www.gnu.org/licenses/gpl.html
+ * @link       http://project.websitebaker2.org/browser/branches/2.8.x/wb/modules/form/view.php
+ * @changeset   2009/12/03 comment out ob_end_flush line 259
+*/
+
+/*
+The Website Baker Project would like to thank Rudolph Lartey <www.carbonect.com>
+for his contributions to this module - adding extra field types
+*/
+
+// Must include code to stop this file being access directly
+if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
+
+// check if frontend.css file needs to be included into the <body></body> of view.php
+if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) &&
+	file_exists(WB_PATH .'/modules/form/frontend.css')) {
+	echo '<style type="text/css">';
+	include(WB_PATH .'/modules/form/frontend.css');
+	echo "\n</style>\n";
+} 
+
+require_once(WB_PATH.'/include/captcha/captcha.php');
+
+// obtain the settings of the output filter module
+if(file_exists(WB_PATH.'/modules/output_filter/filter-routines.php')) {
+	include_once(WB_PATH.'/modules/output_filter/filter-routines.php');
+	$filter_settings = get_output_filter_settings();
+} else {
+	// no output filter used, define default settings
+	$filter_settings['email_filter'] = 0;
+}
+
+// Function for generating an optionsfor a select field
+if (!function_exists('make_option')) {
+function make_option(&$n, $k, $values) {
+	// start option group if it exists
+	if (substr($n,0,2) == '[=') {
+	 	$n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
+	} elseif ($n == ']') {
+		$n = '</optgroup>';
+	} else {
+		if(in_array($n, $values)) {
+			$n = '<option selected="selected" value="'.$n.'">'.$n.'</option>';
+		} else {
+			$n = '<option value="'.$n.'">'.$n.'</option>';
+		}
+	}
+}
+}
+// Function for generating a checkbox
+if (!function_exists('make_checkbox')) {
+function make_checkbox(&$n, $idx, $params) {
+	$field_id = $params[0][0];
+	$seperator = $params[0][1];
+	$label_id = 'wb_'.str_replace(" ", "_", $n);
+	if(in_array($n, $params[1])) {
+		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</lable>'.$seperator;
+	} else {
+		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</label>'.$seperator;
+	}	
+}
+}
+// Function for generating a radio button
+if (!function_exists('make_radio')) {
+function make_radio(&$n, $idx, $params) {
+	$field_id = $params[0];
+	$group = $params[1];
+	$seperator = $params[2];
+	$label_id = 'wb_'.str_replace(" ", "_", $n);
+	if($n == $params[3]) { 
+		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
+	} else {
+		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
+	}
+}
+}
+
+if (!function_exists("new_submission_id") ) {
+	function new_submission_id() {
+		$submission_id = '';
+		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
+		srand((double)microtime()*1000000);
+		$i = 0;
+		while ($i <= 7) {
+			$num = rand() % 33;
+			$tmp = substr($salt, $num, 1);
+			$submission_id = $submission_id . $tmp;
+			$i++;
+		}
+		return $submission_id;
+	}
+}
+
+// Work-out if the form has been submitted or not
+if($_POST == array()) {
+
+// Set new submission ID in session
+$_SESSION['form_submission_id'] = new_submission_id();
+
+// Get settings
+$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
+if($query_settings->numRows() > 0) {
+	$fetch_settings = $query_settings->fetchRow();
+	$header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']);
+	$field_loop = $fetch_settings['field_loop'];
+	$footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']);
+	$use_captcha = $fetch_settings['use_captcha'];
+	$form_name = 'form';
+	$use_xhtml_strict = false;
+} else {
+	$header = '';
+	$field_loop = '';
+	$footer = '';
+	$form_name = 'form';
+	$use_xhtml_strict = false;
+}
+
+?>
+<form <?php echo ( ( (strlen($form_name) > 0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])); ?>#wb_<?PHP echo $section_id;?>" method="post">
+<div>
+<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
+</div>
+<?php
+if(ENABLED_ASP) { // first add some honeypot-fields
+?>
+<div>
+<input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" />
+</div>
+<p class="nixhier">
+email address:
+<label for="email">Leave this field email-address blank:</label>
+<input id="email" name="email" size="56" value="" /><br />
+Homepage:
+<label for="homepage">Leave this field homepage blank:</label>
+<input id="homepage" name="homepage" size="55" value="" /><br />
+URL:
+<label for="url">Leave this field url blank:</label>
+<input id="url" name="url" size="61" value="" /><br />
+Comment:
+<label for="comment">Leave this field comment blank:</label>
+<textarea id="comment" name="comment" cols="50" rows="10"></textarea><br />
+</p>
+
+<?php }
+
+// Print header
+echo $header;
+
+// Get list of fields
+$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
+
+if($query_fields->numRows() > 0) {
+	while($field = $query_fields->fetchRow()) {
+		// Set field values
+		$field_id = $field['field_id'];
+		$value = $field['value'];
+		// Print field_loop after replacing vars with values
+		$vars = array('{TITLE}', '{REQUIRED}');
+		if (($field['type'] == "radio") || ($field['type'] == "checkbox")) {
+			$field_title = $field['title'];
+		} else {
+			$field_title = '<label for="field'.$field_id.'">'.$field['title'].'</label>';
+		}
+		$values = array($field_title);
+		if ($field['required'] == 1) {
+			$values[] = '<span class="required">*</span>';
+		} else {
+			$values[] = '';
+		}
+		if($field['type'] == 'textfield') {
+			$vars[] = '{FIELD}';
+			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" maxlength="'.$field['extra'].'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'" class="textfield" />';
+		} elseif($field['type'] == 'textarea') {
+			$vars[] = '{FIELD}';
+			$values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="textarea" cols="25" rows="5">'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'</textarea>';
+		} elseif($field['type'] == 'select') {
+			$vars[] = '{FIELD}';
+			$options = explode(',', $value);
+			array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()));
+			$field['extra'] = explode(',',$field['extra']);
+			$values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].' class="select">'.implode($options).'</select>';		
+		} elseif($field['type'] == 'heading') {
+			$vars[] = '{FIELD}';
+			$str = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
+			$values[] = ( true == $use_xhtml_strict) ? "<div>".$str."</div>" : $str;
+			$tmp_field_loop = $field_loop;		// temporarily modify the field loop template
+			$field_loop = $field['extra'];
+		} elseif($field['type'] == 'checkbox') {
+			$vars[] = '{FIELD}';
+			$options = explode(',', $value);
+			array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())));
+			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
+			$values[] = implode($options);
+		} elseif($field['type'] == 'radio') {
+			$vars[] = '{FIELD}';
+			$options = explode(',', $value);
+			array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'')));
+			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
+			$values[] = implode($options);
+		} elseif($field['type'] == 'email') {
+			$vars[] = '{FIELD}';
+			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'').'" maxlength="'.$field['extra'].'" class="email" />';
+		}
+		if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
+		if($field['type'] != '') {
+			echo str_replace($vars, $values, $field_loop);
+		}
+		if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop;
+	}
+}
+
+// Captcha
+if($use_captcha) { ?>
+	<tr>
+	<td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td>
+	<td><?php call_captcha(); ?></td>
+	</tr>
+	<?php
+}
+
+// Print footer
+echo $footer;
+
+/**
+	NOTE: comment out the line ob_end_flush() if you indicate problems (e.g. when using ob_start in the index.php of your template)
+	With ob_end_flush(): output filter will be disabled for this page (and all sections embedded on this page)
+	Without ob_end_flush(): emails are rewritten (e.g. name@domain.com --> name(at)domain(dot)com) if output filter is enabled
+	All replacements made by the Output-Filter module will be reverted before the email is send out
+*/
+if($filter_settings['email_filter'] && !($filter_settings['at_replacement']=='@' && $filter_settings['dot_replacement']=='.')) {
+  /* 	ob_end_flush(); */
+}
+
+// Add form end code
+?>
+</form>
+<?php
+
+} else {
+
+	// Check that submission ID matches
+	if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
+		
+		// Set new submission ID in session
+		$_SESSION['form_submission_id'] = new_submission_id();
+		
+		if(ENABLED_ASP && ( // form faked? Check the honeypot-fields.
+			(!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR 
+			($_POST['submitted_when'] != $_SESSION['submitted_when']) OR
+			(!isset($_POST['email']) OR $_POST['email']) OR
+			(!isset($_POST['homepage']) OR $_POST['homepage']) OR
+			(!isset($_POST['comment']) OR $_POST['comment']) OR
+			(!isset($_POST['url']) OR $_POST['url'])
+		)) {
+			exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
+		}
+
+		// Submit form data
+		// First start message settings
+		$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
+		if($query_settings->numRows() > 0) {
+			$fetch_settings = $query_settings->fetchRow();
+			$email_to = $fetch_settings['email_to'];
+			$email_from = $fetch_settings['email_from'];
+			if(substr($email_from, 0, 5) == 'field') {
+				// Set the email from field to what the user entered in the specified field
+				$email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from]));
+			}
+			$email_fromname = $fetch_settings['email_fromname'];
+			$email_subject = $fetch_settings['email_subject'];
+			$success_page = $fetch_settings['success_page'];
+			$success_email_to = $fetch_settings['success_email_to'];
+			if(substr($success_email_to, 0, 5) == 'field') {
+				// Set the success_email to field to what the user entered in the specified field
+				$success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to]));
+			}
+			$success_email_from = $fetch_settings['success_email_from'];
+			$success_email_fromname = $fetch_settings['success_email_fromname'];
+			$success_email_text = $fetch_settings['success_email_text'];
+			$success_email_subject = $fetch_settings['success_email_subject'];		
+			$max_submissions = $fetch_settings['max_submissions'];
+			$stored_submissions = $fetch_settings['stored_submissions'];
+			$use_captcha = $fetch_settings['use_captcha'];
+		} else {
+			exit($TEXT['UNDER_CONSTRUCTION']);
+		}
+		$email_body = '';
+		
+		// Create blank "required" array
+		$required = array();
+		
+		// Captcha
+		if($use_captcha) {
+			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
+				// Check for a mismatch
+				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
+					$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
+				}
+			} else {
+				$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
+			}
+		}
+		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
+
+		// Loop through fields and add to message body
+		// Get list of fields
+		$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
+		if($query_fields->numRows() > 0) {
+			while($field = $query_fields->fetchRow()) {
+				// Add to message body
+				if($field['type'] != '') {
+					if(!empty($_POST['field'.$field['field_id']])) {
+						if (is_array($_POST['field'.$field['field_id']])) {
+							$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
+						} else {
+							$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
+						}
+						// if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings)
+						// otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc.
+						if ($filter_settings['email_filter']) {
+							$field_value = $_POST['field'.$field['field_id']];
+							$field_value = str_replace($filter_settings['at_replacement'], '@', $field_value);
+							$field_value = str_replace($filter_settings['dot_replacement'], '.', $field_value);
+							$_POST['field'.$field['field_id']] = $field_value;
+						}
+						if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
+							$email_error = $MESSAGE['USERS']['INVALID_EMAIL'];
+						}
+						if($field['type'] == 'heading') {
+							$email_body .= $_POST['field'.$field['field_id']]."\n\n";
+						} elseif (!is_array($_POST['field'.$field['field_id']])) {
+							$email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n";
+						} else {
+							$email_body .= $field['title'].": \n";
+							foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
+								$email_body .= $v."\n";
+							}
+							$email_body .= "\n";
+						}
+					} elseif($field['required'] == 1) {
+						$required[] = $field['title'];
+					}
+				}
+			}
+		}
+	
+		// Check if the user forgot to enter values into all the required fields
+		if($required != array()) {
+			if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) {
+				echo 'You must enter details for the following fields';
+			} else {
+				echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS'];
+			}
+			echo ':<br /><ul>';
+			foreach($required AS $field_title) {
+				echo '<li>'.$field_title;
+			}
+			if(isset($email_error)) {
+				echo '<li>'.$email_error.'</li>';
+			}
+			if(isset($captcha_error)) {
+				echo '<li>'.$captcha_error.'</li>';
+			}
+			echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
+		} else {
+			if(isset($email_error)) {
+				echo '<br /><ul>';
+				echo '<li>'.$email_error.'</li>';
+				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
+			} elseif(isset($captcha_error)) {
+				echo '<br /><ul>';
+				echo '<li>'.$captcha_error.'</li>';
+				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
+			} else {
+				// Check how many times form has been submitted in last hour
+				$last_hour = time()-3600;
+				$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
+				if($query_submissions->numRows() > $max_submissions) {
+					// Too many submissions so far this hour
+					echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'];
+					$success = false;
+				} else {
+					/**	
+					 *	Adding the IP to the body and try to send the email
+					 */
+					$email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR'];
+					
+					if($email_to != '') {
+						if($email_from != '') {
+							if($wb->mail($email_from,$email_to,$email_subject,$email_body,$email_fromname)) {
+								$success = true;
+							}
+						} else {
+							if($wb->mail('',$email_to,$email_subject,$email_body,$email_fromname)) { 
+								$success = true; 
+							}
+						}
+					}				
+					if($success_email_to != '') {
+						if($success_email_from != '') {
+							if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
+								$success = true;
+							}
+						} else {
+							if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
+								$success = true;
+							}
+						}
+					}				
+			
+					// Write submission to database
+					if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) {
+						$submitted_by = $admin->get_user_id();
+					} else {
+						$submitted_by = 0;
+					}
+					$email_body = $wb->add_slashes($email_body);
+					$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".time()."','$submitted_by','$email_body')");
+					// Make sure submissions table isn't too full
+					$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
+					$num_submissions = $query_submissions->numRows();
+					if($num_submissions > $stored_submissions) {
+						// Remove excess submission
+						$num_to_remove = $num_submissions-$stored_submissions;
+						while($submission = $query_submissions->fetchRow()) {
+							if($num_to_remove > 0) {
+								$submission_id = $submission['submission_id'];
+								$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
+								$num_to_remove = $num_to_remove-1;
+							}
+						}
+					}
+					if(!$database->is_error()) {
+						$success = true;
+					}
+				}
+			}	
+		}
+	}
+	
+	// Now check if the email was sent successfully
+	if(isset($success) AND $success == true) {
+	   if ($success_page=='none') {
+			echo str_replace("\n","<br />",$success_email_text);
+  		} else {
+			$query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'");
+			if($query_menu->numRows() > 0) {
+  	        	$fetch_settings = $query_menu->fetchRow();
+			   $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION;
+			   echo "<script type='text/javascript'>location.href='".$link."';</script>";
+			}    
+		}
+		// clearing session on success
+		$query_fields = $database->query("SELECT field_id FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id'");
+		while($field = $query_fields->fetchRow()) {
+			$field_id = $field[0];
+			if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
+		}
+	} else {
+		if(isset($success) AND $success == false) {
+			echo $TEXT['ERROR'];
+		}
+	}
+}
+
 ?>
\ No newline at end of file
Index: branches/2.8.x/wb/modules/output_filter/filter-routines.php
===================================================================
--- branches/2.8.x/wb/modules/output_filter/filter-routines.php	(revision 1207)
+++ branches/2.8.x/wb/modules/output_filter/filter-routines.php	(revision 1208)
@@ -1,212 +1,220 @@
-<?php
-
-// $Id$
-
-/*
-
- Website Baker Project <http://www.websitebaker.org/>
- Copyright (C) 2004-2009, Ryan Djurovich
-
- Website Baker is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- Website Baker is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Website Baker; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-*/
-
-// prevent this file from being accessed directly
-if(!defined('WB_PATH')) die(header('Location: ../index.php'));
-
-// function to read the current filter settings
-if (!function_exists('get_output_filter_settings')) {
-	function get_output_filter_settings() {
-		global $database, $admin;
-		// connect to database and read out filter settings
-		$result = $database->query("SELECT * FROM " .TABLE_PREFIX ."mod_output_filter");
-		if($result && $result->numRows() > 0) {
-			// get all data
-			$data = $result->fetchRow();
-			$filter_settings['email_filter'] = $admin->strip_slashes($data['email_filter']);
-			$filter_settings['mailto_filter'] = $admin->strip_slashes($data['mailto_filter']);
-			$filter_settings['at_replacement'] = $admin->strip_slashes($data['at_replacement']);
-			$filter_settings['dot_replacement'] = $admin->strip_slashes($data['dot_replacement']);
-		} else {
-			// something went wrong, use default values
-			$filter_settings['email_filter'] = '0';
-			$filter_settings['mailto_filter'] = '0';
-			$filter_settings['at_replacement'] = '(at)';
-			$filter_settings['dot_replacement'] = '(dot)';
-		}
-		
-		// return array with filter settings
-		return $filter_settings;
-	}
-}
-
-// function to filter the output before displaying it on the frontend
-if (!function_exists('filter_frontend_output')) {
-	function filter_frontend_output($content) {
-		// get output filter settings from database
-		$filter_settings = get_output_filter_settings();
-		
-		// work out the defined output filter mode: possible output filter modes: [0], 1, 2, 3, 6, 7
-		// 2^0 * (0.. disable, 1.. enable) filtering of mail addresses in text
-		// 2^1 * (0.. disable, 1.. enable) filtering of mail addresses in mailto links
-		// 2^2 * (0.. disable, 1.. enable) Javascript mailto encryption (only if mailto filtering enabled)
-
-		// only filter output if we are supposed to
-		if($filter_settings['email_filter'] != '1' && $filter_settings['mailto_filter'] != '1'){
-			// nothing to do ...
-			return $content;
-		}
-
-		// check if non mailto mail addresses needs to be filtered
-		$output_filter_mode = ($filter_settings['email_filter'] == '1') ? 1 : 0;		// 0|1
-		
-		// check if mailto mail addresses needs to be filtered
-		if($filter_settings['mailto_filter'] == '1') {
-			$output_filter_mode = $output_filter_mode + 2;								// 0|2
-						
-			// check if Javascript mailto encryption is enabled (call register_frontend_functions in the template)
-			$search = '<script type="text/javascript" src="' .WB_URL .'/modules/output_filter/js/mdcr.js"></script>';
-			$search_droplet = '<script type="text/javascript" src="' .WB_URL .'/modules/droplets/js/mdcr.js"></script>';
-			if(strpos($content, $search) !== false || strpos($content, $search_droplet) !== false) { 
-				$output_filter_mode = $output_filter_mode + 4;							// 0|4
-			}
-		}
-		
-		// define some constants so we do not call the database in the callback function again
-		define('OUTPUT_FILTER_MODE', (int) $output_filter_mode);
-		define('OUTPUT_FILTER_AT_REPLACEMENT', $filter_settings['at_replacement']);
-		define('OUTPUT_FILTER_DOT_REPLACEMENT', $filter_settings['dot_replacement']);
-		
-		// first search part to find all mailto email addresses
-		$pattern = '#(<a[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})([^"]*?)"([^>]*>)(.*?)</a>';
-		// second part to find all non mailto email addresses
-		$pattern .= '|(value\s*=\s*"|\')??\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b#i';
-		/*
-		Sub 1:\b(<a.[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)			-->	"<a id="yyy" class="xxx" href = " mailto :" ignoring white spaces
-		Sub 2:([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})			-->	the email address in the mailto: part of the mail link
-		Sub 3:([^"]*?)"												--> possible ?Subject&cc... stuff attached to the mail address
-		Sub 4:([^>]*>)												--> all class or id statements after the mailto but before closing ..>
-		Sub 5:(.*?)</a>\b											--> the mailto text; all characters between >xxxxx</a>
-		Sub 6:|\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b		--> email addresses which may appear in the text (require word boundaries)
-		*/
-			
-		// find all email addresses embedded in the content and filter them using a callback function
-		$content = preg_replace_callback($pattern, 'filter_mail_addresses', $content);
-		return $content;
-	}
-}		
-
-
-// function to filter mail addresses embedded in text or mailto links before outputing them on the frontend
-if (!function_exists('filter_mail_addresses')) {
-	function filter_mail_addresses($match) { 
-		
-		// check if required output filter mode is defined
-		if(!(defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE'))) {
-			return $match[0];
-		}
-		
-		$search = array('@', '.');
-		$replace = array(OUTPUT_FILTER_AT_REPLACEMENT ,OUTPUT_FILTER_DOT_REPLACEMENT);
-		
-		// check if the match contains the expected number of subpatterns (6|8)
-		if(count($match) == 8) {
-			/**
-				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN TEXT
-			**/
-			
-			// 1.. text mails only, 3.. text mails + mailto (no JS), 7 text mails + mailto (JS)
-			if(!in_array(OUTPUT_FILTER_MODE, array(1,3,7))) return $match[0];
-
-			// do not filter mail addresses included in input tags (<input ... value = "test@mail)
-			if (strpos($match[6], 'value') !== false) return $match[0];
-			
-			// filtering of non mailto email addresses enabled
-			return str_replace($search, $replace, $match[0]);
-				
-		} elseif(count($match) == 6) {
-			/**
-				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN MAILTO LINKS
-			**/
-
-			// 2.. mailto only (no JS), 3.. text mails + mailto (no JS), 6.. mailto only (JS), 7.. all filters active
-			if(!in_array(OUTPUT_FILTER_MODE, array(2,3,6,7))) return $match[0];
-			
-			// check if last part of the a href link: >xxxx</a> contains a email address we need to filter
-			$pattern = '#[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4}#i';
-			if(preg_match_all($pattern, $match[5], $matches)) {
-				foreach($matches as $submatch) {
-					foreach($submatch as $value) {
-						// replace all . and all @ in email address parts by (dot) and (at) strings
-						$match[5] = str_replace($value, str_replace($search, $replace, $value), $match[5]);
-					}
-				}
-			}
-
-			// check if Javascript encryption routine is enabled
-			if(in_array(OUTPUT_FILTER_MODE, array(6,7))) {
-				/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
-				
-				// extract possible class and id attribute from ahref link
-				preg_match('/class\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $class_attr);
-				$class_attr = empty($class_attr) ? '' : 'class="' . $class_attr[2] . '" ';
-				preg_match('/id\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $id_attr);
-				$id_attr = empty($id_attr) ? '' : 'id="' . $id_attr[2] . '" ';
-				
-				// preprocess mailto link parts for further usage
-				$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K');
-				$email_address = str_replace($search, $replace, strtolower($match[2]));
-				$email_subject = rawurlencode(html_entity_decode($match[3]));
-				
-				// create a random encryption key for the Caesar cipher
-				mt_srand((double)microtime()*1000000);	// (PHP < 4.2.0)
-				$shift = mt_rand(1, 25);
-				
-				// encrypt the email using an adapted Caesar cipher
-		  		$encrypted_email = "";
-				for($i = strlen($email_address) -1; $i > -1; $i--) {
-					if(preg_match('#[FZXK0-9]#', $email_address[$i], $characters)) {
-						$encrypted_email .= $email_address[$i];
-					} else {	
-						$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97);
-					}
-				}
-				$encrypted_email .= chr($shift + 97);
-
-				// build the encrypted Javascript mailto link
-				$mailto_link  = "<a {$class_attr}{$id_attr}href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>";
-				
-				return $mailto_link;	
-
-			} else {
-				/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
-
-				// as minimum protection, replace replace @ in the mailto part by (at)
-				// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com
-				
-				// rebuild the mailto link from the subpatterns (at the missing characters " and </a>")
-				return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
-				// if you want to protect both, @ and dots, comment out the line above and remove the comment from the line below
-				// return $match[1] .str_replace($search, $replace, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
-			}
-		
-		}
-		
-		// number of subpatterns do not match the requirements ... do nothing
-		return $match[0];
-	}		
-}
-
-?>
+<?php
+
+// $Id$
+
+/*
+
+ Website Baker Project <http://www.websitebaker.org/>
+ Copyright (C) 2004-2009, Ryan Djurovich
+
+ Website Baker is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ Website Baker is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Website Baker; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * @category   frontend
+ * @package    outputfilter
+ * @author(s)  Dietmar Wöllbrink <Luisehahne>, Dietrich Roland Pehlke <Aldus>
+ * @platform   WB 2.8.0
+ * @require    PHP 5.2.x
+ * @license    http://www.gnu.org/licenses/gpl.html
+ * @link       http://project.websitebaker2.org/browser/branches/2.8.x/wb/modules/output_filter/filter-routines.php
+ * @changeset   2009/12/03 change searchstring mdcr.js, workout crypt emails
+
+*/
+
+// prevent this file from being accessed directly
+if(!defined('WB_PATH')) die(header('Location: ../index.php'));
+
+// function to read the current filter settings
+if (!function_exists('get_output_filter_settings')) {
+	function get_output_filter_settings() {
+		global $database, $admin;
+		// connect to database and read out filter settings
+		$result = $database->query("SELECT * FROM " .TABLE_PREFIX ."mod_output_filter");
+		if($result && $result->numRows() > 0) {
+			// get all data
+			$data = $result->fetchRow();
+			$filter_settings['email_filter'] = $admin->strip_slashes($data['email_filter']);
+			$filter_settings['mailto_filter'] = $admin->strip_slashes($data['mailto_filter']);
+			$filter_settings['at_replacement'] = $admin->strip_slashes($data['at_replacement']);
+			$filter_settings['dot_replacement'] = $admin->strip_slashes($data['dot_replacement']);
+		} else {
+			// something went wrong, use default values
+			$filter_settings['email_filter'] = '0';
+			$filter_settings['mailto_filter'] = '0';
+			$filter_settings['at_replacement'] = '(at)';
+			$filter_settings['dot_replacement'] = '(dot)';
+		}
+		
+		// return array with filter settings
+		return $filter_settings;
+	}
+}
+
+// function to filter the output before displaying it on the frontend
+if (!function_exists('filter_frontend_output')) {
+	function filter_frontend_output($content) {
+		// get output filter settings from database
+		$filter_settings = get_output_filter_settings();
+		
+		// work out the defined output filter mode: possible output filter modes: [0], 1, 2, 3, 6, 7
+		// 2^0 * (0.. disable, 1.. enable) filtering of mail addresses in text
+		// 2^1 * (0.. disable, 1.. enable) filtering of mail addresses in mailto links
+		// 2^2 * (0.. disable, 1.. enable) Javascript mailto encryption (only if mailto filtering enabled)
+
+		// only filter output if we are supposed to
+		if($filter_settings['email_filter'] != '1' && $filter_settings['mailto_filter'] != '1'){
+			// nothing to do ...
+			return $content;
+		}
+
+		// check if non mailto mail addresses needs to be filtered
+		$output_filter_mode = ($filter_settings['email_filter'] == '1') ? 1 : 0;		// 0|1
+
+		// check if mailto mail addresses needs to be filtered
+		if($filter_settings['mailto_filter'] == '1') {
+			$output_filter_mode = $output_filter_mode + 2;								// 0|2
+						
+			// check if Javascript mailto encryption is enabled (call register_frontend_functions in the template)
+			$search = '<script src="' .WB_URL .'/modules/output_filter/js/mdcr.js" type="text/javascript"></script>';
+			$search_droplet = '<script src="' .WB_URL .'/modules/droplets/js/mdcr.js" type="text/javascript"></script>';
+			if(strpos($content, $search) !== false || strpos($content, $search_droplet) !== false) { 
+				$output_filter_mode = $output_filter_mode + 4;							// 0|4
+			}
+		}
+		
+		// define some constants so we do not call the database in the callback function again
+		define('OUTPUT_FILTER_MODE', (int) $output_filter_mode);
+		define('OUTPUT_FILTER_AT_REPLACEMENT', $filter_settings['at_replacement']);
+		define('OUTPUT_FILTER_DOT_REPLACEMENT', $filter_settings['dot_replacement']);
+		
+		// first search part to find all mailto email addresses
+		$pattern = '#(<a[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})([^"]*?)"([^>]*>)(.*?)</a>';
+		// second part to find all non mailto email addresses
+		$pattern .= '|(value\s*=\s*"|\')??\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b#i';
+		/*
+		Sub 1:\b(<a.[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)			-->	"<a id="yyy" class="xxx" href = " mailto :" ignoring white spaces
+		Sub 2:([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})			-->	the email address in the mailto: part of the mail link
+		Sub 3:([^"]*?)"												--> possible ?Subject&cc... stuff attached to the mail address
+		Sub 4:([^>]*>)												--> all class or id statements after the mailto but before closing ..>
+		Sub 5:(.*?)</a>\b											--> the mailto text; all characters between >xxxxx</a>
+		Sub 6:|\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b		--> email addresses which may appear in the text (require word boundaries)
+		*/
+			
+		// find all email addresses embedded in the content and filter them using a callback function
+		$content = preg_replace_callback($pattern, 'filter_mail_addresses', $content);
+		return $content;
+	}
+}		
+
+
+// function to filter mail addresses embedded in text or mailto links before outputing them on the frontend
+if (!function_exists('filter_mail_addresses')) {
+	function filter_mail_addresses($match) { 
+		
+		// check if required output filter mode is defined
+		if(!(defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE'))) {
+			return $match[0];
+		}
+		
+		$search = array('@', '.');
+		$replace = array(OUTPUT_FILTER_AT_REPLACEMENT ,OUTPUT_FILTER_DOT_REPLACEMENT);
+		
+		// check if the match contains the expected number of subpatterns (6|8)
+		if(count($match) == 8) {
+			/**
+				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN TEXT
+			**/
+			
+			// 1.. text mails only, 3.. text mails + mailto (no JS), 7 text mails + mailto (JS)
+			if(!in_array(OUTPUT_FILTER_MODE, array(1,3,7))) return $match[0];
+
+			// do not filter mail addresses included in input tags (<input ... value = "test@mail)
+			if (strpos($match[6], 'value') !== false) return $match[0];
+			
+			// filtering of non mailto email addresses enabled
+			return str_replace($search, $replace, $match[0]);
+				
+		} elseif(count($match) == 6) {
+			/**
+				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN MAILTO LINKS
+			**/
+
+			// 2.. mailto only (no JS), 3.. text mails + mailto (no JS), 6.. mailto only (JS), 7.. all filters active
+			if(!in_array(OUTPUT_FILTER_MODE, array(2,3,6,7))) return $match[0];
+			
+			// check if last part of the a href link: >xxxx</a> contains a email address we need to filter
+			$pattern = '#[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4}#i';
+			if(preg_match_all($pattern, $match[5], $matches)) {
+				foreach($matches as $submatch) {
+					foreach($submatch as $value) {
+						// replace all . and all @ in email address parts by (dot) and (at) strings
+						$match[5] = str_replace($value, str_replace($search, $replace, $value), $match[5]);
+					}
+				}
+			}
+
+			// check if Javascript encryption routine is enabled
+			if(in_array(OUTPUT_FILTER_MODE, array(6,7))) {
+				/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
+				
+				// extract possible class and id attribute from ahref link
+				preg_match('/class\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $class_attr);
+				$class_attr = empty($class_attr) ? '' : 'class="' . $class_attr[2] . '" ';
+				preg_match('/id\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $id_attr);
+				$id_attr = empty($id_attr) ? '' : 'id="' . $id_attr[2] . '" ';
+				
+				// preprocess mailto link parts for further usage
+				$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K');
+				$email_address = str_replace($search, $replace, strtolower($match[2]));
+				$email_subject = rawurlencode(html_entity_decode($match[3]));
+				
+				// create a random encryption key for the Caesar cipher
+				mt_srand((double)microtime()*1000000);	// (PHP < 4.2.0)
+				$shift = mt_rand(1, 25);
+				
+				// encrypt the email using an adapted Caesar cipher
+		  		$encrypted_email = "";
+				for($i = strlen($email_address) -1; $i > -1; $i--) {
+					if(preg_match('#[FZXK0-9]#', $email_address[$i], $characters)) {
+						$encrypted_email .= $email_address[$i];
+					} else {	
+						$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97);
+					}
+				}
+				$encrypted_email .= chr($shift + 97);
+
+				// build the encrypted Javascript mailto link
+				$mailto_link  = "<a {$class_attr}{$id_attr}href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>";
+				
+				return $mailto_link;	
+
+			} else {
+				/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
+
+				// as minimum protection, replace replace @ in the mailto part by (at)
+				// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com
+				
+				// rebuild the mailto link from the subpatterns (at the missing characters " and </a>")
+				return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
+				// if you want to protect both, @ and dots, comment out the line above and remove the comment from the line below
+				// return $match[1] .str_replace($search, $replace, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
+			}
+		
+		}
+		
+		// number of subpatterns do not match the requirements ... do nothing
+		return $match[0];
+	}		
+}
+
+?>