Revision 36
Added by stefan about 19 years ago
| trunk/wb/include/htmlarea/popups/link.php | ||
|---|---|---|
| 75 | 75 |
global $template, $database; |
| 76 | 76 |
$get_pages = $database->query("SELECT page_id,menu_title,link,level FROM ".TABLE_PREFIX."pages WHERE parent = '$parent' AND visibility!='deleted' ORDER BY position ASC");
|
| 77 | 77 |
while($page = $get_pages->fetchRow()) {
|
| 78 |
$title = stripslashes($page['menu_title']); |
|
| 78 |
$title = $admin->stripslashes($page['menu_title']);
|
|
| 79 | 79 |
// Add leading -'s so we can tell what level a page is at |
| 80 | 80 |
$leading_dashes = ''; |
| 81 | 81 |
for($i = 0; $i < $page['level']; $i++) {
|
| ... | ... | |
| 99 | 99 |
$template->parse('page_list', 'page_list_block', true);
|
| 100 | 100 |
// Loop through pages |
| 101 | 101 |
while($page = $get_pages->fetchRow()) {
|
| 102 |
$title = stripslashes($page['menu_title']); |
|
| 102 |
$title = $admin->stripslashes($page['menu_title']);
|
|
| 103 | 103 |
$template->set_var('TITLE', $title);
|
| 104 | 104 |
$template->set_var('LINK', '[wblink'.$page['page_id'].']');
|
| 105 | 105 |
$template->parse('page_list', 'page_list_block', true);
|
| trunk/wb/search/search.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: search.php,v 1.9 2005/04/07 07:53:15 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 33 | 33 |
// Make pages_listed and items_listed blank arrays |
| 34 | 34 |
$pages_listed = array(); |
| 35 | 35 |
$items_listed = array(); |
| 36 |
|
|
| 36 |
|
|
| 37 | 37 |
// Get search string |
| 38 | 38 |
if(isset($_POST['string'])) {
|
| 39 |
$string = addslashes(str_replace(',', '', $_POST['string']));
|
|
| 40 |
$search_string = htmlspecialchars(stripslashes($string),ENT_QUOTES);
|
|
| 39 |
$string = addslashes(addslashes(str_replace(',', '', $_POST['string'])));
|
|
| 40 |
$search_string = htmlspecialchars($this->stripslashes(str_replace(',', '', $_POST['string'])),ENT_QUOTES);
|
|
| 41 | 41 |
} else {
|
| 42 |
$string = ''; |
|
| 42 |
$string = '';
|
|
| 43 | 43 |
$search_string = ''; |
| 44 | 44 |
} |
| 45 | 45 |
|
| ... | ... | |
| 81 | 81 |
$operator = 'LIKE'; |
| 82 | 82 |
$wildcard = '%'; |
| 83 | 83 |
$all_checked = ' checked'; |
| 84 |
} |
|
| 85 |
|
|
| 86 |
// Get list of usernames and display names |
|
| 87 |
$query_users = $database->query("SELECT user_id,username,display_name FROM ".TABLE_PREFIX."users");
|
|
| 88 |
$users = array('0' => array('display_name' => $TEXT['UNKNOWN'], 'username' => strtolower($TEXT['UNKNOWN'])));
|
|
| 89 |
if($query_users->numRows() > 0) {
|
|
| 90 |
while($user = $query_users->fetchRow()) {
|
|
| 91 |
$users[$user['user_id']] = array('display_name' => $user['display_name'], 'username' => $user['username']);
|
|
| 92 |
} |
|
| 93 | 84 |
} |
| 94 | 85 |
|
| 86 |
// Get list of usernames and display names |
|
| 87 |
$query_users = $database->query("SELECT user_id,username,display_name FROM ".TABLE_PREFIX."users");
|
|
| 88 |
$users = array('0' => array('display_name' => $TEXT['UNKNOWN'], 'username' => strtolower($TEXT['UNKNOWN'])));
|
|
| 89 |
if($query_users->numRows() > 0) {
|
|
| 90 |
while($user = $query_users->fetchRow()) {
|
|
| 91 |
$users[$user['user_id']] = array('display_name' => $user['display_name'], 'username' => $user['username']);
|
|
| 92 |
} |
|
| 93 |
} |
|
| 94 |
|
|
| 95 | 95 |
// Get search settings |
| 96 | 96 |
$query_header = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'header' LIMIT 1");
|
| 97 | 97 |
$fetch_header = $query_header->fetchRow(); |
| ... | ... | |
| 109 | 109 |
// Replace vars in search settings with values |
| 110 | 110 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
|
| 111 | 111 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']); |
| 112 |
$search_footer = str_replace($vars, $values, stripslashes($fetch_footer['value'])); |
|
| 113 |
$search_results_header = str_replace($vars, $values, stripslashes($fetch_results_header['value'])); |
|
| 114 |
$search_results_footer = str_replace($vars, $values, stripslashes($fetch_results_footer['value'])); |
|
| 112 |
$search_footer = str_replace($vars, $values, $this->stripslashes($fetch_footer['value']));
|
|
| 113 |
$search_results_header = str_replace($vars, $values, $this->stripslashes($fetch_results_header['value']));
|
|
| 114 |
$search_results_footer = str_replace($vars, $values, $this->stripslashes($fetch_results_footer['value']));
|
|
| 115 | 115 |
// Do extra vars/values replacement |
| 116 | 116 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
|
| 117 | 117 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked); |
| 118 |
$search_header = str_replace($vars, $values, stripslashes($fetch_header['value'])); |
|
| 118 |
$search_header = str_replace($vars, $values, $this->stripslashes($fetch_header['value']));
|
|
| 119 | 119 |
|
| 120 | 120 |
// Insert js code |
| 121 | 121 |
?> |
| ... | ... | |
| 138 | 138 |
|
| 139 | 139 |
// Show search results_header |
| 140 | 140 |
echo $search_results_header; |
| 141 |
|
|
| 142 | 141 |
// Search page details only, such as description, keywords, etc. |
| 143 | 142 |
if($match == 'all' OR $match == 'exact') {
|
| 144 | 143 |
$query_pages = $database->query("SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages".
|
| 145 |
" WHERE visibility != 'none' AND visibility != 'deleted' AND page_title $operator '$wildcard$string$wildcard' AND searching = '1' ". |
|
| 144 |
" WHERE visibility != 'none' AND visibility != 'deleted' AND page_title $operator '$wildcard$string$wildcard' AND searching = '1' ".
|
|
| 146 | 145 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$string$wildcard' AND searching = '1'". |
| 147 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$string$wildcard' AND searching = '1'". |
|
| 146 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$string$wildcard' AND searching = '1'".
|
|
| 148 | 147 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$string$wildcard' AND searching = '1'"); |
| 149 | 148 |
} elseif($match == 'any') {
|
| 150 | 149 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages WHERE "; |
| 151 | 150 |
$count = 0; |
| 152 | 151 |
foreach($string AS $each_string) {
|
| 153 | 152 |
if($count != 0) { $query_pages .= ' OR'; }
|
| 154 |
$query_pages .= " visibility != 'none' AND page_title $operator '$wildcard$each_string$wildcard' AND searching = '1'". |
|
| 153 |
$query_pages .= " visibility != 'none' AND page_title $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
|
| 155 | 154 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$each_string$wildcard' AND searching = '1'". |
| 156 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$each_string$wildcard' AND searching = '1'". |
|
| 155 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
|
| 157 | 156 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$each_string$wildcard' AND searching = '1'"; |
| 158 | 157 |
$count = $count+1; |
| 159 | 158 |
} |
| ... | ... | |
| 165 | 164 |
// Get page link |
| 166 | 165 |
$link = page_link($page['link']); |
| 167 | 166 |
// Set vars to be replaced by values |
| 168 |
$vars = array('[LINK]', '[TITLE]', '[DESCRIPTION]', '[USERNAME]','[DISPLAY_NAME]','[DATE]','[TIME]','[TEXT_LAST_UPDATED_BY]','[TEXT_ON]');
|
|
| 169 |
if($page['modified_when'] > 0) {
|
|
| 170 |
$date = gmdate(DATE_FORMAT, $page['modified_when']+TIMEZONE); |
|
| 171 |
$time = gmdate(TIME_FORMAT, $page['modified_when']+TIMEZONE); |
|
| 172 |
} else {
|
|
| 173 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
|
| 174 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
|
| 167 |
$vars = array('[LINK]', '[TITLE]', '[DESCRIPTION]', '[USERNAME]','[DISPLAY_NAME]','[DATE]','[TIME]','[TEXT_LAST_UPDATED_BY]','[TEXT_ON]');
|
|
| 168 |
if($page['modified_when'] > 0) {
|
|
| 169 |
$date = gmdate(DATE_FORMAT, $page['modified_when']+TIMEZONE);
|
|
| 170 |
$time = gmdate(TIME_FORMAT, $page['modified_when']+TIMEZONE);
|
|
| 171 |
} else {
|
|
| 172 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
|
|
| 173 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
|
|
| 175 | 174 |
} |
| 176 |
$values = array($link, stripslashes($page['page_title']),stripslashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 177 |
// Show loop code with vars replaced by values |
|
| 175 |
$values = array($link, $this->stripslashes($page['page_title']),$this->stripslashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 176 |
// Show loop code with vars replaced by values
|
|
| 178 | 177 |
if($values != array()) {
|
| 179 |
echo str_replace($vars, $values, stripslashes($fetch_results_loop['value']));
|
|
| 178 |
echo str_replace($vars, $values, $this->stripslashes($fetch_results_loop['value']));
|
|
| 180 | 179 |
} |
| 181 | 180 |
// Say that we have already listed this page id |
| 182 |
$pages_listed[$page['page_id']] = true; |
|
| 183 |
// Set values to blank |
|
| 181 |
$pages_listed[$page['page_id']] = true;
|
|
| 182 |
// Set values to blank
|
|
| 184 | 183 |
$value = array(); |
| 185 | 184 |
} |
| 186 | 185 |
} |
| ... | ... | |
| 199 | 198 |
// Fetch query start |
| 200 | 199 |
$fetch_query_start = $get_query_start->fetchRow(); |
| 201 | 200 |
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
|
| 202 |
$query_start = str_replace('[TP]', TABLE_PREFIX, stripslashes($fetch_query_start['value']));
|
|
| 201 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->stripslashes($fetch_query_start['value']));
|
|
| 203 | 202 |
// Get query end |
| 204 | 203 |
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
|
| 205 | 204 |
if($get_query_end->numRows() > 0) {
|
| 206 | 205 |
// Fetch query start |
| 207 | 206 |
$fetch_query_end = $get_query_end->fetchRow(); |
| 208 | 207 |
// Set query end |
| 209 |
$query_end = stripslashes($fetch_query_end['value']); |
|
| 208 |
$query_end = $this->stripslashes($fetch_query_end['value']);
|
|
| 210 | 209 |
// Get query body |
| 211 | 210 |
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
|
| 212 | 211 |
if($get_query_body->numRows() > 0) {
|
| 213 | 212 |
// Fetch query start |
| 214 | 213 |
$fetch_query_body = $get_query_body->fetchRow(); |
| 215 | 214 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 216 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,$operator,$wildcard), stripslashes($fetch_query_body['value']));
|
|
| 215 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,$operator,$wildcard), $this->stripslashes($fetch_query_body['value']));
|
|
| 217 | 216 |
// If we need to match any of the words, loop through the body for each one then combine with start and end, otherwise just combine without looping |
| 218 | 217 |
if($match == 'any') {
|
| 219 | 218 |
// Loop through query body for each string, then combine with start and end |
| ... | ... | |
| 238 | 237 |
if(!isset($fields['page_id']) OR !isset($pages_listed[$page[$fields['page_id']]])) {
|
| 239 | 238 |
// Get page link |
| 240 | 239 |
$link = page_link($page[$fields['link']]); |
| 241 |
// Set vars to be replaced by values |
|
| 242 |
$vars = array('[LINK]', '[TITLE]', '[DESCRIPTION]', '[USERNAME]','[DISPLAY_NAME]','[DATE]','[TIME]','[TEXT_LAST_UPDATED_BY]','[TEXT_ON]');
|
|
| 243 |
if($page[$fields['modified_when']] > 0) {
|
|
| 244 |
$date = gmdate(DATE_FORMAT, $page[$fields['modified_when']]+TIMEZONE); |
|
| 245 |
$time = gmdate(TIME_FORMAT, $page[$fields['modified_when']]+TIMEZONE); |
|
| 246 |
} else {
|
|
| 247 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
|
| 248 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
|
| 240 |
// Set vars to be replaced by values
|
|
| 241 |
$vars = array('[LINK]', '[TITLE]', '[DESCRIPTION]', '[USERNAME]','[DISPLAY_NAME]','[DATE]','[TIME]','[TEXT_LAST_UPDATED_BY]','[TEXT_ON]');
|
|
| 242 |
if($page[$fields['modified_when']] > 0) {
|
|
| 243 |
$date = gmdate(DATE_FORMAT, $page[$fields['modified_when']]+TIMEZONE);
|
|
| 244 |
$time = gmdate(TIME_FORMAT, $page[$fields['modified_when']]+TIMEZONE);
|
|
| 245 |
} else {
|
|
| 246 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE'];
|
|
| 247 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
|
|
| 249 | 248 |
} |
| 250 |
$values = array($link, stripslashes($page[$fields['title']]), stripslashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 249 |
$values = array($link, $this->stripslashes($page[$fields['title']]), $this->stripslashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 251 | 250 |
// Show loop code with vars replaced by values |
| 252 |
echo str_replace($vars, $values, stripslashes($fetch_results_loop['value'])); |
|
| 251 |
echo str_replace($vars, $values, $this->stripslashes($fetch_results_loop['value']));
|
|
| 253 | 252 |
// Say that this page or item has been listed if we can |
| 254 | 253 |
if(isset($fields['page_id'])) {
|
| 255 | 254 |
$pages_listed[$page[$fields['page_id']]] = true; |
| trunk/wb/admin/pages/intro.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: intro.php,v 1.2 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 43 | 43 |
$template->set_file('page', 'intro.html');
|
| 44 | 44 |
$template->set_block('page', 'main_block', 'main');
|
| 45 | 45 |
$template->set_var(array( |
| 46 |
'CONTENT' => stripslashes($content), |
|
| 46 |
'CONTENT' => $admin->stripslashes($content),
|
|
| 47 | 47 |
'WB_URL' => WB_URL, |
| 48 | 48 |
'ADMIN_URL' => ADMIN_URL, |
| 49 | 49 |
'TEXT_SAVE' => $TEXT['SAVE'], |
| trunk/wb/admin/pages/settings.php | ||
|---|---|---|
| 79 | 79 |
$template->set_block('page', 'main_block', 'main');
|
| 80 | 80 |
$template->set_var(array( |
| 81 | 81 |
'PAGE_ID' => $results_array['page_id'], |
| 82 |
'PAGE_TITLE' => stripslashes($results_array['page_title']), |
|
| 83 |
'MENU_TITLE' => stripslashes($results_array['menu_title']), |
|
| 84 |
'DESCRIPTION' => stripslashes($results_array['description']), |
|
| 85 |
'KEYWORDS' => stripslashes($results_array['keywords']), |
|
| 82 |
'PAGE_TITLE' => $admin->stripslashes($results_array['page_title']),
|
|
| 83 |
'MENU_TITLE' => $admin->stripslashes($results_array['menu_title']),
|
|
| 84 |
'DESCRIPTION' => $admin->stripslashes($results_array['description']),
|
|
| 85 |
'KEYWORDS' => $admin->stripslashes($results_array['keywords']),
|
|
| 86 | 86 |
'MODIFIED_BY' => $user['display_name'], |
| 87 | 87 |
'MODIFIED_BY_USERNAME' => $user['username'], |
| 88 | 88 |
'MODIFIED_WHEN' => $modified_ts, |
| ... | ... | |
| 251 | 251 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
|
| 252 | 252 |
$template->set_var(array( |
| 253 | 253 |
'ID' => $page['page_id'], |
| 254 |
'TITLE' => stripslashes($title_prefix.$page['page_title']) |
|
| 254 |
'TITLE' => $admin->stripslashes($title_prefix.$page['page_title'])
|
|
| 255 | 255 |
) |
| 256 | 256 |
); |
| 257 | 257 |
if($results_array['parent'] == $page['page_id']) {
|
| trunk/wb/admin/pages/index.php | ||
|---|---|---|
| 24 | 24 |
require('../../config.php');
|
| 25 | 25 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 26 | 26 |
$admin = new admin('Pages', 'pages');
|
| 27 |
|
|
| 27 |
echo "hier: ".get_magic_quotes_gpc(); |
|
| 28 | 28 |
// Include the WB functions file |
| 29 | 29 |
require_once(WB_PATH.'/framework/functions.php'); |
| 30 | 30 |
|
| ... | ... | |
| 151 | 151 |
</td> |
| 152 | 152 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
|
| 153 | 153 |
<td> |
| 154 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo stripslashes($page['page_title']); ?></a> |
|
| 154 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->stripslashes($page['page_title']); ?></a>
|
|
| 155 | 155 |
</td> |
| 156 | 156 |
<?php } else { ?>
|
| 157 | 157 |
<td> |
| 158 |
<?php echo stripslashes($page['page_title']); ?> |
|
| 158 |
<?php echo $admin->stripslashes($page['page_title']); ?>
|
|
| 159 | 159 |
</td> |
| 160 | 160 |
<?php } ?> |
| 161 | 161 |
<td align="left" width="232"> |
| 162 |
<font color="#999999"><?php echo $page['menu_title']; ?></font>
|
|
| 162 |
<font color="#999999"><?php echo $admin->stripslashes($page['menu_title']); ?></font>
|
|
| 163 | 163 |
</td> |
| 164 | 164 |
<td align="center" valign="middle" width="90"> |
| 165 | 165 |
<?php if($page['visibility'] == 'public') { ?>
|
| ... | ... | |
| 447 | 447 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
|
| 448 | 448 |
$template->set_var(array( |
| 449 | 449 |
'ID' => $page['page_id'], |
| 450 |
'TITLE' => stripslashes($title_prefix.$page['page_title']) |
|
| 450 |
'TITLE' => $admin->stripslashes($title_prefix.$page['page_title'])
|
|
| 451 | 451 |
) |
| 452 | 452 |
); |
| 453 | 453 |
if($can_modify == true) {
|
| trunk/wb/admin/pages/trash.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: trash.php,v 1.2 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 141 | 141 |
</td> |
| 142 | 142 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
|
| 143 | 143 |
<td> |
| 144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo stripslashes($page['page_title']); ?></a> |
|
| 144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->stripslashes($page['page_title']); ?></a>
|
|
| 145 | 145 |
</td> |
| 146 | 146 |
<?php } else { ?>
|
| 147 | 147 |
<td> |
| 148 | 148 |
<?php |
| 149 | 149 |
if($page['visibility'] != 'heading') {
|
| 150 |
echo stripslashes($page['page_title']); |
|
| 150 |
echo $admin->stripslashes($page['page_title']);
|
|
| 151 | 151 |
} else {
|
| 152 |
echo '<b>'.stripslashes($page['page_title']).'</b>'; |
|
| 152 |
echo '<b>'.$admin->stripslashes($page['page_title']).'</b>';
|
|
| 153 | 153 |
} |
| 154 | 154 |
?> |
| 155 | 155 |
</td> |
| trunk/wb/admin/pages/sections.php | ||
|---|---|---|
| 134 | 134 |
</td> |
| 135 | 135 |
<td align="right"> |
| 136 | 136 |
<?php echo $TEXT['CURRENT_PAGE']; ?>: |
| 137 |
<b><?php echo stripslashes($results_array['page_title']); ?></b> |
|
| 137 |
<b><?php echo $admin->stripslashes($results_array['page_title']); ?></b>
|
|
| 138 | 138 |
- |
| 139 | 139 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>"><?php echo $HEADING['MODIFY_PAGE']; ?></a> |
| 140 | 140 |
- |
| trunk/wb/admin/pages/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.2 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 81 | 81 |
$template->set_block('page', 'main_block', 'main');
|
| 82 | 82 |
$template->set_var(array( |
| 83 | 83 |
'PAGE_ID' => $results_array['page_id'], |
| 84 |
'PAGE_TITLE' => stripslashes($results_array['page_title']), |
|
| 84 |
'PAGE_TITLE' => $admin->stripslashes($results_array['page_title']),
|
|
| 85 | 85 |
'MODIFIED_BY' => $user['display_name'], |
| 86 | 86 |
'MODIFIED_BY_USERNAME' => $user['username'], |
| 87 | 87 |
'MODIFIED_WHEN' => $modified_ts, |
| trunk/wb/admin/settings/index.php | ||
|---|---|---|
| 45 | 45 |
$results = $database->query($query); |
| 46 | 46 |
while($setting = $results->fetchRow()) {
|
| 47 | 47 |
$setting_name = $setting['name']; |
| 48 |
$setting_value = htmlspecialchars(stripslashes($setting['value'])); |
|
| 48 |
$setting_value = htmlspecialchars($admin->stripslashes($setting['value']));
|
|
| 49 | 49 |
switch($setting_name) {
|
| 50 | 50 |
// Website title |
| 51 | 51 |
case 'title': |
| ... | ... | |
| 79 | 79 |
$results = $database->query($query); |
| 80 | 80 |
while($setting = $results->fetchRow()) {
|
| 81 | 81 |
$setting_name = $setting['name']; |
| 82 |
$setting_value = htmlspecialchars(stripslashes($setting['value'])); |
|
| 82 |
$setting_value = htmlspecialchars($admin->stripslashes($setting['value']));
|
|
| 83 | 83 |
switch($setting_name) {
|
| 84 | 84 |
// Search header |
| 85 | 85 |
case 'header': |
| ... | ... | |
| 463 | 463 |
} |
| 464 | 464 |
|
| 465 | 465 |
// Insert WYSIWYG style value into template |
| 466 |
$template->set_var('WYSIWYG_STYLE', stripslashes(WYSIWYG_STYLE));
|
|
| 466 |
$template->set_var('WYSIWYG_STYLE', $admin->stripslashes(WYSIWYG_STYLE));
|
|
| 467 | 467 |
|
| 468 | 468 |
// Insert Server Email value into template |
| 469 | 469 |
$template->set_var('SERVER_EMAIL', SERVER_EMAIL);
|
| trunk/wb/modules/wrapper/view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.1.1.1 2005/01/30 10:32:23 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 26 | 26 |
// Get url |
| 27 | 27 |
$get_settings = $database->query("SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_settings = $get_settings->fetchRow(); |
| 29 |
$url = stripslashes($fetch_settings['url']); |
|
| 29 |
$url = $this->stripslashes($fetch_settings['url']);
|
|
| 30 | 30 |
|
| 31 | 31 |
?> |
| 32 | 32 |
<iframe src="<?php echo $url; ?>" width="100%" height="<?php echo $fetch_settings['height']; ?>px" frameborder="0" scrolling="auto"> |
| trunk/wb/modules/wrapper/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.1.1.1 2005/01/30 10:32:23 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 32 | 32 |
$query = "SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'"; |
| 33 | 33 |
$get_settings = $database->query($query); |
| 34 | 34 |
$settings = $get_settings->fetchRow(); |
| 35 |
$url = stripslashes($settings['url']); |
|
| 35 |
$url = $admin->stripslashes($settings['url']);
|
|
| 36 | 36 |
$height = $settings['height']; |
| 37 | 37 |
|
| 38 | 38 |
// Insert vars |
| trunk/wb/modules/menu_link/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.1.1.1 2005/01/30 10:32:15 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 32 | 32 |
$query_info = "SELECT link,target FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
| 33 | 33 |
$get_info = $database->query($query_info); |
| 34 | 34 |
$fetch_info = $get_info->fetchRow(); |
| 35 |
$link = stripslashes($fetch_info['link']); |
|
| 35 |
$link = $admin->stripslashes($fetch_info['link']);
|
|
| 36 | 36 |
$target = $fetch_info['target']; |
| 37 | 37 |
|
| 38 | 38 |
// Insert vars |
| trunk/wb/modules/wysiwyg/view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.3 2005/06/21 09:08:41 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 26 | 26 |
// Get content |
| 27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_content = $get_content->fetchRow(); |
| 29 |
$content = stripslashes($fetch_content['content']); |
|
| 29 |
$content = $this->stripslashes($fetch_content['content']);
|
|
| 30 | 30 |
|
| 31 | 31 |
$this->preprocess($content); |
| 32 | 32 |
|
| trunk/wb/modules/wysiwyg/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.3 2005/06/21 09:11:10 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 29 | 29 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'"; |
| 30 | 30 |
$get_content = $database->query($query); |
| 31 | 31 |
$content = $get_content->fetchRow(); |
| 32 |
$content = stripslashes(htmlspecialchars($content['content'])); |
|
| 32 |
$content = $admin->stripslashes(htmlspecialchars($content['content']));
|
|
| 33 | 33 |
|
| 34 | 34 |
// Load HTMLArea |
| 35 | 35 |
if(!isset($loaded_htmlarea)) {
|
| ... | ... | |
| 55 | 55 |
echo 'var editor = new HTMLArea("content'.$wysiwyg_section["section_id"].'");'
|
| 56 | 56 |
. 'editor.registerPlugin(ContextMenu);' |
| 57 | 57 |
. 'editor.registerPlugin(TableOperations);' |
| 58 |
. 'editor.config.pageStyle = "body { '.stripslashes(WYSIWYG_STYLE).' }";'
|
|
| 58 |
. 'editor.config.pageStyle = "body { '.$admin->stripslashes(WYSIWYG_STYLE).' }";'
|
|
| 59 | 59 |
. 'editor.generate();'; |
| 60 | 60 |
} |
| 61 | 61 |
} |
| trunk/wb/modules/form/modify_field.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_field.php,v 1.5 2005/06/21 09:13:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 63 | 63 |
<tr> |
| 64 | 64 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 65 | 65 |
<td> |
| 66 |
<input type="text" name="title" value="<?php echo htmlspecialchars(stripslashes($form['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 66 |
<input type="text" name="title" value="<?php echo htmlspecialchars($admin->stripslashes($form['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 67 | 67 |
</td> |
| 68 | 68 |
</tr> |
| 69 | 69 |
<tr> |
| ... | ... | |
| 86 | 86 |
<tr> |
| 87 | 87 |
<td valign="top"><?php echo $TEXT['TEMPLATE']; ?>:</td> |
| 88 | 88 |
<td> |
| 89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars(stripslashes($form['extra'])); ?></textarea> |
|
| 89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->stripslashes($form['extra'])); ?></textarea>
|
|
| 90 | 90 |
</td> |
| 91 | 91 |
</tr> |
| 92 | 92 |
<?php } elseif($type == 'textfield') { ?>
|
| trunk/wb/modules/form/modify_settings.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_settings.php,v 1.4 2005/03/28 11:58:04 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 58 | 58 |
<tr> |
| 59 | 59 |
<td class="setting_name" width="220"><?php echo $TEXT['HEADER']; ?>:</td> |
| 60 | 60 |
<td class="setting_name"> |
| 61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo stripslashes($setting['header']); ?></textarea> |
|
| 61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->stripslashes($setting['header']); ?></textarea>
|
|
| 62 | 62 |
</td> |
| 63 | 63 |
</tr> |
| 64 | 64 |
<tr> |
| 65 | 65 |
<td class="setting_name"><?php echo $TEXT['FIELD'].' '.$TEXT['LOOP']; ?>:</td> |
| 66 | 66 |
<td class="setting_name"> |
| 67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo stripslashes($setting['field_loop']); ?></textarea> |
|
| 67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->stripslashes($setting['field_loop']); ?></textarea>
|
|
| 68 | 68 |
</td> |
| 69 | 69 |
</tr> |
| 70 | 70 |
<tr> |
| 71 | 71 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
| 72 | 72 |
<td class="setting_name"> |
| 73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, stripslashes($setting['footer'])); ?></textarea> |
|
| 73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['footer'])); ?></textarea>
|
|
| 74 | 74 |
</td> |
| 75 | 75 |
</tr> |
| 76 | 76 |
<tr> |
| 77 | 77 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['TO']; ?>:</td> |
| 78 | 78 |
<td class="setting_name"> |
| 79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, stripslashes($setting['email_to'])); ?></textarea> |
|
| 79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['email_to'])); ?></textarea>
|
|
| 80 | 80 |
</td> |
| 81 | 81 |
</tr> |
| 82 | 82 |
<tr> |
| ... | ... | |
| 85 | 85 |
<select name="email_from_field" style="width: 100%;"> |
| 86 | 86 |
<option value="" onclick="javascript: document.getElementById('email_from').style.display = 'block';"><?php echo $TEXT['CUSTOM']; ?>:</option>
|
| 87 | 87 |
<?php |
| 88 |
$email_from_value = str_replace($raw, $friendly, stripslashes($setting['email_from'])); |
|
| 88 |
$email_from_value = str_replace($raw, $friendly, $admin->stripslashes($setting['email_from']));
|
|
| 89 | 89 |
$query_email_fields = $database->query("SELECT field_id,title FROM ".TABLE_PREFIX."mod_form_fields ORDER BY position ASC");
|
| 90 | 90 |
if($query_email_fields->numRows() > 0) {
|
| 91 | 91 |
while($field = $query_email_fields->fetchRow()) {
|
| ... | ... | |
| 104 | 104 |
<tr> |
| 105 | 105 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['SUBJECT']; ?>:</td> |
| 106 | 106 |
<td class="setting_name"> |
| 107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, stripslashes($setting['email_subject'])); ?>" /> |
|
| 107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['email_subject'])); ?>" />
|
|
| 108 | 108 |
</td> |
| 109 | 109 |
</tr> |
| 110 | 110 |
<tr> |
| 111 | 111 |
<td class="setting_name"><?php echo $TEXT['SUCCESS'].' '.$TEXT['MESSAGE']; ?>:</td> |
| 112 | 112 |
<td class="setting_name"> |
| 113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, stripslashes($setting['success_message'])); ?></textarea> |
|
| 113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['success_message'])); ?></textarea>
|
|
| 114 | 114 |
</td> |
| 115 | 115 |
</tr> |
| 116 | 116 |
<tr> |
| 117 | 117 |
<td class="setting_name"><?php echo $TEXT['MAX_SUBMISSIONS_PER_HOUR']; ?>:</td> |
| 118 | 118 |
<td class="setting_name"> |
| 119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, stripslashes($setting['max_submissions'])); ?>" /> |
|
| 119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['max_submissions'])); ?>" />
|
|
| 120 | 120 |
</td> |
| 121 | 121 |
</tr> |
| 122 | 122 |
<tr> |
| 123 | 123 |
<td class="setting_name"><?php echo $TEXT['SUBMISSIONS_STORED_IN_DATABASE']; ?>:</td> |
| 124 | 124 |
<td class="setting_name"> |
| 125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, stripslashes($setting['stored_submissions'])); ?>" /> |
|
| 125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['stored_submissions'])); ?>" />
|
|
| 126 | 126 |
</td> |
| 127 | 127 |
</tr> |
| 128 | 128 |
</table> |
| trunk/wb/modules/form/view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.7 2005/04/08 07:36:58 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 113 | 113 |
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 114 | 114 |
if($query_settings->numRows() > 0) {
|
| 115 | 115 |
$fetch_settings = $query_settings->fetchRow(); |
| 116 |
$header = stripslashes($fetch_settings['header']); |
|
| 117 |
$field_loop = stripslashes($fetch_settings['field_loop']); |
|
| 118 |
$footer = stripslashes($fetch_settings['footer']); |
|
| 116 |
$header = $this->stripslashes($fetch_settings['header']);
|
|
| 117 |
$field_loop = $this->stripslashes($fetch_settings['field_loop']);
|
|
| 118 |
$footer = $this->stripslashes($fetch_settings['footer']);
|
|
| 119 | 119 |
} else {
|
| 120 | 120 |
$header = ''; |
| 121 | 121 |
$field_loop = ''; |
| ... | ... | |
| 136 | 136 |
while($field = $query_fields->fetchRow()) {
|
| 137 | 137 |
// Set field values |
| 138 | 138 |
$field_id = $field['field_id']; |
| 139 |
$value = stripslashes($field['value']); |
|
| 139 |
$value = $this->stripslashes($field['value']);
|
|
| 140 | 140 |
// Print field_loop after replacing vars with values |
| 141 | 141 |
$vars = array('{TITLE}', '{REQUIRED}');
|
| 142 | 142 |
$values = array($field['title']); |
| ... | ... | |
| 198 | 198 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 199 | 199 |
if($query_settings->numRows() > 0) {
|
| 200 | 200 |
$fetch_settings = $query_settings->fetchRow(); |
| 201 |
$email_to = stripslashes($fetch_settings['email_to']); |
|
| 202 |
$email_from = stripslashes($fetch_settings['email_from']); |
|
| 201 |
$email_to = $this->stripslashes($fetch_settings['email_to']);
|
|
| 202 |
$email_from = $this->stripslashes($fetch_settings['email_from']);
|
|
| 203 | 203 |
if(substr($email_from, 0, 5) == 'field') {
|
| 204 | 204 |
// Set the email from field to what the user entered in the specified field |
| 205 | 205 |
$email_from = addslashes($_POST[$email_from]); |
| 206 | 206 |
} |
| 207 |
$email_subject = stripslashes($fetch_settings['email_subject']); |
|
| 208 |
$success_message = stripslashes($fetch_settings['success_message']); |
|
| 209 |
$max_submissions = stripslashes($fetch_settings['max_submissions']); |
|
| 210 |
$stored_submissions = stripslashes($fetch_settings['stored_submissions']); |
|
| 207 |
$email_subject = $this->stripslashes($fetch_settings['email_subject']);
|
|
| 208 |
$success_message = $this->stripslashes($fetch_settings['success_message']);
|
|
| 209 |
$max_submissions = $this->stripslashes($fetch_settings['max_submissions']);
|
|
| 210 |
$stored_submissions = $this->stripslashes($fetch_settings['stored_submissions']);
|
|
| 211 | 211 |
} else {
|
| 212 | 212 |
exit($TEXT['UNDER_CONSTRUCTION']); |
| 213 | 213 |
} |
| ... | ... | |
| 231 | 231 |
} elseif (!is_array($_POST['field'.$field['field_id']])) {
|
| 232 | 232 |
$email_body .= ' |
| 233 | 233 |
|
| 234 |
'.stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n'; |
|
| 234 |
'.$this->stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n';
|
|
| 235 | 235 |
} else {
|
| 236 | 236 |
$email_body .= ' |
| 237 | 237 |
|
| 238 |
'.stripslashes($field['title']).': \n'; |
|
| 238 |
'.$this->stripslashes($field['title']).': \n';
|
|
| 239 | 239 |
foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
|
| 240 | 240 |
$email_body .= ' |
| 241 | 241 |
|
| ... | ... | |
| 243 | 243 |
} |
| 244 | 244 |
} |
| 245 | 245 |
} elseif($field['required'] == 1) {
|
| 246 |
$required[] = stripslashes($field['title']); |
|
| 246 |
$required[] = $this->stripslashes($field['title']);
|
|
| 247 | 247 |
} |
| 248 | 248 |
} |
| 249 | 249 |
} |
| trunk/wb/modules/form/view_submission.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view_submission.php,v 1.1 2005/03/28 04:35:39 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 75 | 75 |
</tr> |
| 76 | 76 |
<tr> |
| 77 | 77 |
<td colspan="2"> |
| 78 |
<?php echo stripslashes(str_replace('\n', '<br />', $submission['body'])); ?>
|
|
| 78 |
<?php echo $admin->stripslashes(str_replace('\n', '<br />', $submission['body'])); ?>
|
|
| 79 | 79 |
</td> |
| 80 | 80 |
</tr> |
| 81 | 81 |
</table> |
| trunk/wb/modules/code/view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.1.1.1 2005/01/30 10:32:22 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 26 | 26 |
// Get content |
| 27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_content = $get_content->fetchRow(); |
| 29 |
$content = stripslashes($fetch_content['content']); |
|
| 29 |
$content = $this->stripslashes($fetch_content['content']);
|
|
| 30 | 30 |
eval($content); |
| 31 | 31 |
|
| 32 | 32 |
?> |
| trunk/wb/modules/code/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.2 2005/06/21 09:13:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 32 | 32 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'"; |
| 33 | 33 |
$get_content = $database->query($query); |
| 34 | 34 |
$content = $get_content->fetchRow(); |
| 35 |
$content = stripslashes(htmlspecialchars($content['content'])); |
|
| 35 |
$content = $admin->stripslashes(htmlspecialchars($content['content']));
|
|
| 36 | 36 |
|
| 37 | 37 |
// Insert vars |
| 38 | 38 |
$template->set_var(array( |
| trunk/wb/modules/news/modify_post.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_post.php,v 1.3 2005/06/21 09:11:44 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 51 | 51 |
function initEditor() {
|
| 52 | 52 |
var editor = new HTMLArea("short");
|
| 53 | 53 |
editor.registerPlugin(ContextMenu); |
| 54 |
editor.config.pageStyle = "body { <?php echo stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 54 |
editor.config.pageStyle = "body { <?php echo $admin->stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 55 | 55 |
editor.generate(); |
| 56 | 56 |
var editor = new HTMLArea("long");
|
| 57 | 57 |
editor.registerPlugin(ContextMenu); |
| 58 | 58 |
editor.registerPlugin(TableOperations); |
| 59 |
editor.config.pageStyle = "body { <?php echo stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 59 |
editor.config.pageStyle = "body { <?php echo $admin->stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 60 | 60 |
editor.generate(); |
| 61 | 61 |
} |
| 62 | 62 |
</script> |
| ... | ... | |
| 72 | 72 |
<tr> |
| 73 | 73 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 74 | 74 |
<td> |
| 75 |
<input type="text" name="title" value="<?php echo stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 75 |
<input type="text" name="title" value="<?php echo $admin->stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 76 | 76 |
</td> |
| 77 | 77 |
</tr> |
| 78 | 78 |
<tr> |
| ... | ... | |
| 121 | 121 |
<tr> |
| 122 | 122 |
<td valign="top"><?php echo $TEXT['SHORT']; ?>:</td> |
| 123 | 123 |
<td> |
| 124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars(stripslashes($fetch_content['short'])); ?></textarea> |
|
| 124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->stripslashes($fetch_content['short'])); ?></textarea>
|
|
| 125 | 125 |
</td> |
| 126 | 126 |
</tr> |
| 127 | 127 |
<tr> |
| 128 | 128 |
<td valign="top"><?php echo $TEXT['LONG']; ?>:</td> |
| 129 | 129 |
<td> |
| 130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars(stripslashes($fetch_content['long'])); ?></textarea> |
|
| 130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->stripslashes($fetch_content['long'])); ?></textarea>
|
|
| 131 | 131 |
</td> |
| 132 | 132 |
</tr> |
| 133 | 133 |
</table> |
| trunk/wb/modules/news/comment_page.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: comment_page.php,v 1.1.1.1 2005/01/30 10:32:20 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 35 | 35 |
// Print comments page |
| 36 | 36 |
$vars = array('[POST_TITLE]', '[ACTION_URL]');
|
| 37 | 37 |
$values = array(POST_TITLE, WB_URL.'/modules/news/submit_comment.php?page_id='.PAGE_ID.'§ion_id='.SECTION_ID.'&post_id='.POST_ID); |
| 38 |
echo str_replace($vars, $values, stripslashes($settings['comments_page'])); |
|
| 38 |
echo str_replace($vars, $values, $this->stripslashes($settings['comments_page']));
|
|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
?> |
| trunk/wb/modules/news/modify_group.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_group.php,v 1.2 2005/06/21 09:13:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 51 | 51 |
<tr> |
| 52 | 52 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 53 | 53 |
<td> |
| 54 |
<input type="text" name="title" value="<?php echo stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 54 |
<input type="text" name="title" value="<?php echo $admin->stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 55 | 55 |
</td> |
| 56 | 56 |
</tr> |
| 57 | 57 |
<tr> |
| trunk/wb/modules/news/modify_settings.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_settings.php,v 1.2 2005/04/01 07:52:58 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 53 | 53 |
<tr> |
| 54 | 54 |
<td class="setting_name" width="100"><?php echo $TEXT['HEADER']; ?>:</td> |
| 55 | 55 |
<td class="setting_name"> |
| 56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo stripslashes($fetch_content['header']); ?></textarea> |
|
| 56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->stripslashes($fetch_content['header']); ?></textarea>
|
|
| 57 | 57 |
</td> |
| 58 | 58 |
</tr> |
| 59 | 59 |
<tr> |
| 60 | 60 |
<td class="setting_name"><?php echo $TEXT['POST'].' '.$TEXT['LOOP']; ?>:</td> |
| 61 | 61 |
<td class="setting_name"> |
| 62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo stripslashes($fetch_content['post_loop']); ?></textarea> |
|
| 62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->stripslashes($fetch_content['post_loop']); ?></textarea>
|
|
| 63 | 63 |
</td> |
| 64 | 64 |
</tr> |
| 65 | 65 |
<tr> |
| 66 | 66 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
| 67 | 67 |
<td class="setting_name"> |
| 68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['footer'])); ?></textarea> |
|
| 68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['footer'])); ?></textarea>
|
|
| 69 | 69 |
</td> |
| 70 | 70 |
</tr> |
| 71 | 71 |
<tr> |
| 72 | 72 |
<td class="setting_name"><?php echo $TEXT['POST_HEADER']; ?>:</td> |
| 73 | 73 |
<td class="setting_name"> |
| 74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['post_header'])); ?></textarea> |
|
| 74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['post_header'])); ?></textarea>
|
|
| 75 | 75 |
</td> |
| 76 | 76 |
</tr> |
| 77 | 77 |
<tr> |
| 78 | 78 |
<td class="setting_name"><?php echo $TEXT['POST_FOOTER']; ?>:</td> |
| 79 | 79 |
<td class="setting_name"> |
| 80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['post_footer'])); ?></textarea> |
|
| 80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['post_footer'])); ?></textarea>
|
|
| 81 | 81 |
</td> |
| 82 | 82 |
</tr> |
| 83 | 83 |
<tr> |
| ... | ... | |
| 130 | 130 |
<tr> |
| 131 | 131 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['HEADER']; ?>:</td> |
| 132 | 132 |
<td class="setting_name"> |
| 133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['comments_header'])); ?></textarea> |
|
| 133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_header'])); ?></textarea>
|
|
| 134 | 134 |
</td> |
| 135 | 135 |
</tr> |
| 136 | 136 |
<tr> |
| 137 | 137 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['LOOP']; ?>:</td> |
| 138 | 138 |
<td class="setting_name"> |
| 139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['comments_loop'])); ?></textarea> |
|
| 139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_loop'])); ?></textarea>
|
|
| 140 | 140 |
</td> |
| 141 | 141 |
</tr> |
| 142 | 142 |
<tr> |
| 143 | 143 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['FOOTER']; ?>:</td> |
| 144 | 144 |
<td class="setting_name"> |
| 145 |
<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['comments_footer'])); ?></textarea> |
|
| 145 |
<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_footer'])); ?></textarea>
|
|
| 146 | 146 |
</td> |
| 147 | 147 |
</tr> |
| 148 | 148 |
<tr> |
| 149 | 149 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['PAGE']; ?>:</td> |
| 150 | 150 |
<td class="setting_name"> |
| 151 |
<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, stripslashes($fetch_content['comments_page'])); ?></textarea> |
|
| 151 |
<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_page'])); ?></textarea>
|
|
| 152 | 152 |
</td> |
| 153 | 153 |
</tr> |
| 154 | 154 |
</table> |
| trunk/wb/modules/news/modify_comment.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify_comment.php,v 1.2 2005/06/21 09:13:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 52 | 52 |
<tr> |
| 53 | 53 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 54 | 54 |
<td> |
| 55 |
<input type="text" name="title" value="<?php echo stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 55 |
<input type="text" name="title" value="<?php echo $admin->stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 56 | 56 |
</td> |
| 57 | 57 |
</tr> |
| 58 | 58 |
<tr> |
| 59 | 59 |
<td valign="top"><?php echo $TEXT['COMMENT']; ?>:</td> |
| 60 | 60 |
<td> |
| 61 |
<textarea name="comment" style="width: 100%; height: 150px;"><?php echo stripslashes(htmlspecialchars($fetch_content['comment'])); ?></textarea> |
|
| 61 |
<textarea name="comment" style="width: 100%; height: 150px;"><?php echo $admin->stripslashes(htmlspecialchars($fetch_content['comment'])); ?></textarea>
|
|
| 62 | 62 |
</td> |
| 63 | 63 |
</tr> |
| 64 | 64 |
</table> |
| trunk/wb/modules/news/view.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: view.php,v 1.7 2005/06/21 09:11:27 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 55 | 55 |
while($group = $query_users->fetchRow()) {
|
| 56 | 56 |
// Insert user info into users array |
| 57 | 57 |
$group_id = $group['group_id']; |
| 58 |
$groups[$group_id]['title'] = stripslashes($group['title']); |
|
| 58 |
$groups[$group_id]['title'] = $this->stripslashes($group['title']);
|
|
| 59 | 59 |
$groups[$group_id]['active'] = $group['active']; |
| 60 | 60 |
if(file_exists(WB_PATH.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg')) {
|
| 61 | 61 |
$groups[$group_id]['image'] = WB_URL.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg'; |
| ... | ... | |
| 82 | 82 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
|
| 83 | 83 |
if($query_settings->numRows() > 0) {
|
| 84 | 84 |
$fetch_settings = $query_settings->fetchRow(); |
| 85 |
$setting_header = stripslashes($fetch_settings['header']); |
|
| 86 |
$setting_post_loop = stripslashes($fetch_settings['post_loop']); |
|
| 87 |
$setting_footer = stripslashes($fetch_settings['footer']); |
|
| 85 |
$setting_header = $this->stripslashes($fetch_settings['header']);
|
|
| 86 |
$setting_post_loop = $this->stripslashes($fetch_settings['post_loop']);
|
|
| 87 |
$setting_footer = $this->stripslashes($fetch_settings['footer']);
|
|
| 88 | 88 |
$setting_posts_per_page = $fetch_settings['posts_per_page']; |
| 89 | 89 |
} else {
|
| 90 | 90 |
$setting_header = ''; |
| ... | ... | |
| 185 | 185 |
if($group_image == '') { $display_image = 'none'; } else { $display_image = ''; }
|
| 186 | 186 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; }
|
| 187 | 187 |
// Replace [wblink--PAGE_ID--] with real link |
| 188 |
$short = stripslashes($post['short']); |
|
| 188 |
$short = $this->stripslashes($post['short']);
|
|
| 189 | 189 |
$this->preprocess($short); |
| 190 | 190 |
// Replace vars with values |
| 191 | 191 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[LINK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]', '[TEXT_READ_MORE]');
|
| 192 | 192 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
|
| 193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, stripslashes($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']); |
|
| 193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->stripslashes($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);
|
|
| 194 | 194 |
} else {
|
| 195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, stripslashes($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']); |
|
| 195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->stripslashes($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);
|
|
| 196 | 196 |
} |
| 197 | 197 |
echo str_replace($vars, $values, $setting_post_loop); |
| 198 | 198 |
} |
| ... | ... | |
| 212 | 212 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
|
| 213 | 213 |
if($query_settings->numRows() > 0) {
|
| 214 | 214 |
$fetch_settings = $query_settings->fetchRow(); |
| 215 |
$setting_post_header = stripslashes($fetch_settings['post_header']); |
|
| 216 |
$setting_post_footer = stripslashes($fetch_settings['post_footer']); |
|
| 217 |
$setting_comments_header = stripslashes($fetch_settings['comments_header']); |
|
| 218 |
$setting_comments_loop = stripslashes($fetch_settings['comments_loop']); |
|
| 219 |
$setting_comments_footer = stripslashes($fetch_settings['comments_footer']); |
|
| 215 |
$setting_post_header = $this->stripslashes($fetch_settings['post_header']);
|
|
| 216 |
$setting_post_footer = $this->stripslashes($fetch_settings['post_footer']);
|
|
| 217 |
$setting_comments_header = $this->stripslashes($fetch_settings['comments_header']);
|
|
| 218 |
$setting_comments_loop = $this->stripslashes($fetch_settings['comments_loop']);
|
|
| 219 |
$setting_comments_footer = $this->stripslashes($fetch_settings['comments_footer']);
|
|
| 220 | 220 |
} else {
|
| 221 | 221 |
$setting_post_header = ''; |
| 222 | 222 |
$setting_post_footer = ''; |
| ... | ... | |
| 258 | 258 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; }
|
| 259 | 259 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[BACK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]');
|
| 260 | 260 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
|
| 261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, stripslashes($post['title']), stripslashes($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
| 261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->stripslashes($post['title']), $this->stripslashes($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
| 262 | 262 |
} else {
|
| 263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, stripslashes($post['title']), stripslashes($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
| 263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->stripslashes($post['title']), $this->stripslashes($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
| 264 | 264 |
} |
| 265 |
$post_long = stripslashes($post['long']); |
|
| 265 |
$post_long = $this->stripslashes($post['long']);
|
|
| 266 | 266 |
} |
| 267 | 267 |
} else {
|
| 268 | 268 |
header('Location: '.WB_URL.'/pages/');
|
| ... | ... | |
| 290 | 290 |
if($query_comments->numRows() > 0) {
|
| 291 | 291 |
while($comment = $query_comments->fetchRow()) {
|
| 292 | 292 |
// Display Comments without slashes, but with new-line characters |
| 293 |
$comment['comment'] = nl2br(stripslashes($comment['comment'])); |
|
| 294 |
$comment['title'] = stripslashes($comment['title']); |
|
| 293 |
$comment['comment'] = nl2br($this->stripslashes($comment['comment']));
|
|
| 294 |
$comment['title'] = $this->stripslashes($comment['title']);
|
|
| 295 | 295 |
// Print comments loop |
| 296 | 296 |
$commented_date = gmdate(DATE_FORMAT, $comment['commented_when']+TIMEZONE); |
| 297 | 297 |
$commented_time = gmdate(TIME_FORMAT, $comment['commented_when']+TIMEZONE); |
| 298 | 298 |
$uid = $comment['commented_by']; |
| 299 | 299 |
$vars = array('[TITLE]','[COMMENT]','[DATE]','[TIME]','[USER_ID]','[USERNAME]','[DISPLAY_NAME]', '[EMAIL]');
|
| 300 | 300 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {
|
| 301 |
$values = array(stripslashes($comment['title']), stripslashes($comment['comment']), $commented_date, $commented_time, $uid, stripslashes($users[$uid]['username']), stripslashes($users[$uid]['display_name']), stripslashes($users[$uid]['email']));
|
|
| 301 |
$values = array($this->stripslashes($comment['title']), $this->stripslashes($comment['comment']), $commented_date, $commented_time, $uid, $this->stripslashes($users[$uid]['username']), $this->stripslashes($users[$uid]['display_name']), $this->stripslashes($users[$uid]['email']));
|
|
| 302 | 302 |
} else {
|
| 303 |
$values = array(stripslashes($comment['title']), stripslashes($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
| 303 |
$values = array($this->stripslashes($comment['title']), $this->stripslashes($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
| 304 | 304 |
} |
| 305 | 305 |
echo str_replace($vars, $values, $setting_comments_loop); |
| 306 | 306 |
} |
| trunk/wb/modules/news/modify.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: modify.php,v 1.2 2005/04/05 07:20:41 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 65 | 65 |
</td> |
| 66 | 66 |
<td> |
| 67 | 67 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>§ion_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>"> |
| 68 |
<?php echo stripslashes($post['title']); ?> |
|
| 68 |
<?php echo $admin->stripslashes($post['title']); ?>
|
|
| 69 | 69 |
</a> |
| 70 | 70 |
</td> |
| 71 | 71 |
<td width="180"> |
| ... | ... | |
| 74 | 74 |
$query_title = $database->query("SELECT title FROM ".TABLE_PREFIX."mod_news_groups WHERE group_id = '".$post['group_id']."'");
|
| 75 | 75 |
if($query_title->numRows() > 0) {
|
| 76 | 76 |
$fetch_title = $query_title->fetchRow(); |
| 77 |
echo stripslashes($fetch_title['title']); |
|
| 77 |
echo $admin->stripslashes($fetch_title['title']);
|
|
| 78 | 78 |
} else {
|
| 79 | 79 |
echo $TEXT['NONE']; |
| 80 | 80 |
} |
| trunk/wb/modules/admin.php | ||
|---|---|---|
| 126 | 126 |
$template->set_block('page', 'main_block', 'main');
|
| 127 | 127 |
$template->set_var(array( |
| 128 | 128 |
'PAGE_ID' => $results_array['page_id'], |
| 129 |
'PAGE_TITLE' => stripslashes($results_array['page_title']), |
|
| 129 |
'PAGE_TITLE' => $admin->stripslashes($results_array['page_title']),
|
|
| 130 | 130 |
'MODIFIED_BY' => $user['display_name'], |
| 131 | 131 |
'MODIFIED_BY_USERNAME' => $user['username'], |
| 132 | 132 |
'MODIFIED_WHEN' => $modified_ts, |
| trunk/wb/framework/class.admin.php | ||
|---|---|---|
| 93 | 93 |
'SECTION_NAME' => $MENU[strtoupper($this->section_name)], |
| 94 | 94 |
'INTERFACE_DIR' => ADMIN_URL.'/interface', |
| 95 | 95 |
'BODY_TAGS' => $body_tags, |
| 96 |
'WEBSITE_TITLE' => stripslashes($title['value']), |
|
| 96 |
'WEBSITE_TITLE' => $this->stripslashes($title['value']),
|
|
| 97 | 97 |
'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'], |
| 98 | 98 |
'VERSION' => VERSION |
| 99 | 99 |
) |
| trunk/wb/framework/class.wb.php | ||
|---|---|---|
| 73 | 73 |
} |
| 74 | 74 |
} |
| 75 | 75 |
|
| 76 |
function stripslashes($input) {
|
|
| 77 |
if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
|
|
| 78 |
return $input; |
|
| 79 |
} |
|
| 80 |
$output = stripslashes($input); |
|
| 81 |
return $output; |
|
| 82 |
} |
|
| 83 |
|
|
| 76 | 84 |
// Get POST data |
| 77 | 85 |
function get_post($field) {
|
| 78 | 86 |
if(isset($_POST[$field])) {
|
| ... | ... | |
| 131 | 139 |
|
| 132 | 140 |
// Get the current users display name |
| 133 | 141 |
function get_display_name() {
|
| 134 |
return stripslashes($_SESSION['DISPLAY_NAME']); |
|
| 142 |
return $this->stripslashes($_SESSION['DISPLAY_NAME']);
|
|
| 135 | 143 |
} |
| 136 | 144 |
|
| 137 | 145 |
// Get the current users email address |
| trunk/wb/framework/class.frontend.php | ||
|---|---|---|
| 72 | 72 |
$content = fread($handle, filesize($filename)); |
| 73 | 73 |
fclose($handle); |
| 74 | 74 |
$this->preprocess($content); |
| 75 |
echo stripslashes($content); |
|
| 75 |
echo $this->stripslashes($content);
|
|
| 76 | 76 |
return false; |
| 77 | 77 |
} |
| 78 | 78 |
} |
| ... | ... | |
| 140 | 140 |
define('PAGE_ID', $this->page['page_id']);
|
| 141 | 141 |
$this->page_id=$this->page['page_id']; |
| 142 | 142 |
// Page Title |
| 143 |
define('PAGE_TITLE', stripslashes($this->page['page_title']));
|
|
| 143 |
define('PAGE_TITLE', $this->stripslashes($this->page['page_title']));
|
|
| 144 | 144 |
$this->page_title=PAGE_TITLE; |
| 145 | 145 |
// Menu Title |
| 146 |
$menu_title = stripslashes($this->page['menu_title']); |
|
| 146 |
$menu_title = $this->stripslashes($this->page['menu_title']);
|
|
| 147 | 147 |
if($menu_title != '') {
|
| 148 | 148 |
define('MENU_TITLE', $menu_title);
|
| 149 | 149 |
} else {
|
| ... | ... | |
| 252 | 252 |
while($setting = $get_settings->fetchRow()) {
|
| 253 | 253 |
switch($setting['name']) {
|
| 254 | 254 |
case 'title': |
| 255 |
define('WEBSITE_TITLE', stripslashes($setting['value']));
|
|
| 255 |
define('WEBSITE_TITLE', $this->stripslashes($setting['value']));
|
|
| 256 | 256 |
$this->website_title=WEBSITE_TITLE; |
| 257 | 257 |
break; |
| 258 | 258 |
case 'description': |
| 259 | 259 |
if($page_description != '') {
|
| 260 | 260 |
define('WEBSITE_DESCRIPTION', $page_description);
|
| 261 | 261 |
} else {
|
| 262 |
define('WEBSITE_DESCRIPTION', stripslashes($setting['value']));
|
|
| 262 |
define('WEBSITE_DESCRIPTION', $this->stripslashes($setting['value']));
|
|
| 263 | 263 |
} |
| 264 | 264 |
$this->website_description=WEBSITE_DESCRIPTION; |
| 265 | 265 |
break; |
| 266 | 266 |
case 'keywords': |
| 267 | 267 |
if($page_keywords != '') {
|
| 268 |
define('WEBSITE_KEYWORDS', stripslashes($setting['value']).' '.$page_keywords);
|
|
| 268 |
define('WEBSITE_KEYWORDS', $this->stripslashes($setting['value']).' '.$page_keywords);
|
|
| 269 | 269 |
} else {
|
| 270 |
define('WEBSITE_KEYWORDS', stripslashes($setting['value']));
|
|
| 270 |
define('WEBSITE_KEYWORDS', $this->stripslashes($setting['value']));
|
|
| 271 | 271 |
} |
| 272 | 272 |
$this->website_keywords=WEBSITE_KEYWORDS; |
| 273 | 273 |
break; |
| 274 | 274 |
case 'header': |
| 275 |
define('WEBSITE_HEADER', stripslashes($setting['value']));
|
|
| 275 |
define('WEBSITE_HEADER', $this->stripslashes($setting['value']));
|
|
| 276 | 276 |
$this->website_header=WEBSITE_HEADER; |
| 277 | 277 |
break; |
| 278 | 278 |
case 'footer': |
| 279 |
define('WEBSITE_FOOTER', stripslashes($setting['value']));
|
|
| 279 |
define('WEBSITE_FOOTER', $this->stripslashes($setting['value']));
|
|
| 280 | 280 |
$this->website_footer=WEBSITE_FOOTER; |
| 281 | 281 |
break; |
| 282 | 282 |
} |
| ... | ... | |
| 390 | 390 |
$link = $this->page_link($page['link']); |
| 391 | 391 |
} |
| 392 | 392 |
// Create values |
| 393 |
$values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', stripslashes($page['menu_title']), stripslashes($page['page_title']));
|
|
| 393 |
$values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', $this->stripslashes($page['menu_title']), $this->stripslashes($page['page_title']));
|
|
| 394 | 394 |
// Replace vars with value and print |
| 395 | 395 |
echo "\n".str_replace($vars, $values, $this->menu_item_template); |
| 396 | 396 |
// Generate sub-menu |
| trunk/wb/framework/functions.php | ||
|---|---|---|
| 630 | 630 |
$parent = $results_array['parent']; |
| 631 | 631 |
$level = $results_array['level']; |
| 632 | 632 |
$link = $results_array['link']; |
| 633 |
$page_title = stripslashes($results_array['page_title']); |
|
| 634 |
$menu_title = stripslashes($results_array['menu_title']); |
|
| 633 |
$page_title = $admin->stripslashes($results_array['page_title']);
|
|
| 634 |
$menu_title = $admin->stripslashes($results_array['menu_title']);
|
|
| 635 | 635 |
|
| 636 | 636 |
// Get the sections that belong to the page |
| 637 | 637 |
$query_sections = $database->query("SELECT section_id,module FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
|
Also available in: Unified diff
Created new stripslashes method in class wb. Changed stripslashes() calls to method calls.