Revision 40
Added by stefan about 20 years ago
| trunk/wb/include/htmlarea/popups/link.php | ||
|---|---|---|
| 75 | 75 |
global $template, $database; |
| 76 | 76 |
$get_pages = $database->query("SELECT page_id,menu_title,link,level FROM ".TABLE_PREFIX."pages WHERE parent = '$parent' AND visibility!='deleted' ORDER BY position ASC");
|
| 77 | 77 |
while($page = $get_pages->fetchRow()) {
|
| 78 |
$title = $admin->stripslashes($page['menu_title']); |
|
| 78 |
$title = $admin->strip_slashes($page['menu_title']);
|
|
| 79 | 79 |
// Add leading -'s so we can tell what level a page is at |
| 80 | 80 |
$leading_dashes = ''; |
| 81 | 81 |
for($i = 0; $i < $page['level']; $i++) {
|
| ... | ... | |
| 99 | 99 |
$template->parse('page_list', 'page_list_block', true);
|
| 100 | 100 |
// Loop through pages |
| 101 | 101 |
while($page = $get_pages->fetchRow()) {
|
| 102 |
$title = $admin->stripslashes($page['menu_title']); |
|
| 102 |
$title = $admin->strip_slashes($page['menu_title']);
|
|
| 103 | 103 |
$template->set_var('TITLE', $title);
|
| 104 | 104 |
$template->set_var('LINK', '[wblink'.$page['page_id'].']');
|
| 105 | 105 |
$template->parse('page_list', 'page_list_block', true);
|
| trunk/wb/search/search.php | ||
|---|---|---|
| 40 | 40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
| 41 | 41 |
} |
| 42 | 42 |
// reverse potential magic_quotes action |
| 43 |
$original_string=$this->stripslashes($string); |
|
| 43 |
$original_string=$this->strip_slashes($string);
|
|
| 44 | 44 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
| 45 | 45 |
$string = addslashes($this->escape_backslashes($original_string)); |
| 46 | 46 |
// then escape for mySQL query |
| ... | ... | |
| 103 | 103 |
// Replace vars in search settings with values |
| 104 | 104 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
|
| 105 | 105 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']); |
| 106 |
$search_footer = str_replace($vars, $values, $this->stripslashes($fetch_footer['value'])); |
|
| 107 |
$search_results_header = str_replace($vars, $values, $this->stripslashes($fetch_results_header['value'])); |
|
| 108 |
$search_results_footer = str_replace($vars, $values, $this->stripslashes($fetch_results_footer['value'])); |
|
| 106 |
$search_footer = str_replace($vars, $values, $this->strip_slashes($fetch_footer['value']));
|
|
| 107 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes($fetch_results_header['value']));
|
|
| 108 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes($fetch_results_footer['value']));
|
|
| 109 | 109 |
// Do extra vars/values replacement |
| 110 | 110 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
|
| 111 | 111 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked); |
| 112 |
$search_header = str_replace($vars, $values, $this->stripslashes($fetch_header['value'])); |
|
| 112 |
$search_header = str_replace($vars, $values, $this->strip_slashes($fetch_header['value']));
|
|
| 113 | 113 |
|
| 114 | 114 |
// Insert js code |
| 115 | 115 |
?> |
| ... | ... | |
| 158 | 158 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 159 | 159 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 160 | 160 |
} |
| 161 |
$values = array($link, $this->stripslashes($page['page_title']),$this->stripslashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 161 |
$values = array($link, $this->strip_slashes($page['page_title']),$this->strip_slashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 162 | 162 |
// Show loop code with vars replaced by values |
| 163 | 163 |
if($values != array()) {
|
| 164 |
echo str_replace($vars, $values, $this->stripslashes($fetch_results_loop['value'])); |
|
| 164 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
|
|
| 165 | 165 |
} |
| 166 | 166 |
// Say that we have already listed this page id |
| 167 | 167 |
$pages_listed[$page['page_id']] = true; |
| ... | ... | |
| 184 | 184 |
// Fetch query start |
| 185 | 185 |
$fetch_query_start = $get_query_start->fetchRow(); |
| 186 | 186 |
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
|
| 187 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->stripslashes($fetch_query_start['value']));
|
|
| 187 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes($fetch_query_start['value']));
|
|
| 188 | 188 |
// Get query end |
| 189 | 189 |
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
|
| 190 | 190 |
if($get_query_end->numRows() > 0) {
|
| 191 | 191 |
// Fetch query start |
| 192 | 192 |
$fetch_query_end = $get_query_end->fetchRow(); |
| 193 | 193 |
// Set query end |
| 194 |
$query_end = $this->stripslashes($fetch_query_end['value']); |
|
| 194 |
$query_end = $this->strip_slashes($fetch_query_end['value']);
|
|
| 195 | 195 |
// Get query body |
| 196 | 196 |
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
|
| 197 | 197 |
if($get_query_body->numRows() > 0) {
|
| 198 | 198 |
// Fetch query start |
| 199 | 199 |
$fetch_query_body = $get_query_body->fetchRow(); |
| 200 | 200 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->stripslashes($fetch_query_body['value']));
|
|
| 201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes($fetch_query_body['value']));
|
|
| 202 | 202 |
// Loop through query body for each string, then combine with start and end |
| 203 | 203 |
$prepared_query = $query_start; |
| 204 | 204 |
$count = 0; |
| ... | ... | |
| 226 | 226 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 227 | 227 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 228 | 228 |
} |
| 229 |
$values = array($link, $this->stripslashes($page[$fields['title']]), $this->stripslashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 229 |
$values = array($link, $this->strip_slashes($page[$fields['title']]), $this->strip_slashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 230 | 230 |
// Show loop code with vars replaced by values |
| 231 |
echo str_replace($vars, $values, $this->stripslashes($fetch_results_loop['value'])); |
|
| 231 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value']));
|
|
| 232 | 232 |
// Say that this page or item has been listed if we can |
| 233 | 233 |
if(isset($fields['page_id'])) {
|
| 234 | 234 |
$pages_listed[$page[$fields['page_id']]] = true; |
| trunk/wb/install/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.15 2005/04/25 11:53:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 106 | 106 |
return $default_dir_mode; |
| 107 | 107 |
} |
| 108 | 108 |
|
| 109 |
require_once('../framework/class.wb.php');
|
|
| 110 |
|
|
| 109 | 111 |
// Begin check to see if form was even submitted |
| 110 |
// Set error if no post vars found
|
|
| 111 |
if(!isset($_POST['website_title'])) {
|
|
| 112 |
set_error('Please fill-in the form below');
|
|
| 113 |
}
|
|
| 112 |
// Set error if no post vars found |
|
| 113 |
if(!isset($_POST['website_title'])) {
|
|
| 114 |
set_error('Please fill-in the form below');
|
|
| 115 |
} |
|
| 114 | 116 |
// End check to see if form was even submitted |
| 115 | 117 |
|
| 116 | 118 |
// Begin path and timezone details code |
| 117 |
// Check if user has entered the installation path
|
|
| 118 |
if(!isset($_POST['wb_path']) OR $_POST['wb_path'] == '') {
|
|
| 119 |
set_error('Please enter an absolute path');
|
|
| 120 |
} else {
|
|
| 121 |
$wb_path = $_POST['wb_path'];
|
|
| 122 |
}
|
|
| 123 |
// Check if user has entered the installation url
|
|
| 124 |
if(!isset($_POST['wb_url']) OR $_POST['wb_url'] == '') {
|
|
| 125 |
set_error('Please enter an absolute URL');
|
|
| 126 |
} else {
|
|
| 127 |
$wb_url = $_POST['wb_url'];
|
|
| 128 |
}
|
|
| 129 |
// Remove any slashes at the end of the URL and path
|
|
| 130 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 131 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1);
|
|
| 132 |
}
|
|
| 133 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "/") {
|
|
| 134 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1);
|
|
| 135 |
}
|
|
| 136 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 137 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1);
|
|
| 138 |
}
|
|
| 139 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "\\") {
|
|
| 140 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1);
|
|
| 141 |
}
|
|
| 142 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 143 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1);
|
|
| 144 |
}
|
|
| 145 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "/") {
|
|
| 146 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1);
|
|
| 147 |
}
|
|
| 148 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 149 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1);
|
|
| 150 |
}
|
|
| 151 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "\\") {
|
|
| 152 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1);
|
|
| 153 |
}
|
|
| 154 |
// Get the default time zone
|
|
| 155 |
if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) {
|
|
| 156 |
set_error('Please select a valid default timezone');
|
|
| 157 |
} else {
|
|
| 158 |
$default_timezone = $_POST['default_timezone']*60*60;
|
|
| 159 |
}
|
|
| 119 |
// Check if user has entered the installation path |
|
| 120 |
if(!isset($_POST['wb_path']) OR $_POST['wb_path'] == '') {
|
|
| 121 |
set_error('Please enter an absolute path');
|
|
| 122 |
} else {
|
|
| 123 |
$wb_path = $_POST['wb_path']; |
|
| 124 |
} |
|
| 125 |
// Check if user has entered the installation url |
|
| 126 |
if(!isset($_POST['wb_url']) OR $_POST['wb_url'] == '') {
|
|
| 127 |
set_error('Please enter an absolute URL');
|
|
| 128 |
} else {
|
|
| 129 |
$wb_url = $_POST['wb_url']; |
|
| 130 |
} |
|
| 131 |
// Remove any slashes at the end of the URL and path |
|
| 132 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 133 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 134 |
} |
|
| 135 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "/") {
|
|
| 136 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1); |
|
| 137 |
} |
|
| 138 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 139 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 140 |
} |
|
| 141 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "\\") {
|
|
| 142 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1); |
|
| 143 |
} |
|
| 144 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 145 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 146 |
} |
|
| 147 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "/") {
|
|
| 148 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1); |
|
| 149 |
} |
|
| 150 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 151 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 152 |
} |
|
| 153 |
if(substr($wb_path, strlen($wb_path)-1, 1) == "\\") {
|
|
| 154 |
$wb_path = substr($wb_path, 0, strlen($wb_path)-1); |
|
| 155 |
} |
|
| 156 |
// Get the default time zone |
|
| 157 |
if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) {
|
|
| 158 |
set_error('Please select a valid default timezone');
|
|
| 159 |
} else {
|
|
| 160 |
$default_timezone = $_POST['default_timezone']*60*60; |
|
| 161 |
} |
|
| 160 | 162 |
// End path and timezone details code |
| 161 | 163 |
|
| 162 | 164 |
// Begin operating system specific code |
| 163 |
// Get operating system
|
|
| 164 |
if(!isset($_POST['operating_system']) OR $_POST['operating_system'] != 'linux' AND $_POST['operating_system'] != 'windows') {
|
|
| 165 |
set_error('Please select a valid operating system');
|
|
| 166 |
} else {
|
|
| 167 |
$operating_system = $_POST['operating_system'];
|
|
| 168 |
}
|
|
| 169 |
// Work-out file permissions
|
|
| 170 |
if($operating_system == 'windows') {
|
|
| 171 |
$file_mode = '0777';
|
|
| 172 |
$dir_mode = '0777';
|
|
| 173 |
} elseif(isset($_POST['world_writeable']) AND $_POST['world_writeable'] == 'true') {
|
|
| 174 |
$file_mode = '0777';
|
|
| 175 |
$dir_mode = '0777';
|
|
| 176 |
} else {
|
|
| 177 |
$file_mode = default_file_mode('../temp');
|
|
| 178 |
$dir_mode = default_dir_mode('../temp');
|
|
| 179 |
}
|
|
| 165 |
// Get operating system |
|
| 166 |
if(!isset($_POST['operating_system']) OR $_POST['operating_system'] != 'linux' AND $_POST['operating_system'] != 'windows') {
|
|
| 167 |
set_error('Please select a valid operating system');
|
|
| 168 |
} else {
|
|
| 169 |
$operating_system = $_POST['operating_system']; |
|
| 170 |
} |
|
| 171 |
// Work-out file permissions |
|
| 172 |
if($operating_system == 'windows') {
|
|
| 173 |
$file_mode = '0777'; |
|
| 174 |
$dir_mode = '0777'; |
|
| 175 |
} elseif(isset($_POST['world_writeable']) AND $_POST['world_writeable'] == 'true') {
|
|
| 176 |
$file_mode = '0777'; |
|
| 177 |
$dir_mode = '0777'; |
|
| 178 |
} else {
|
|
| 179 |
$file_mode = default_file_mode('../temp');
|
|
| 180 |
$dir_mode = default_dir_mode('../temp');
|
|
| 181 |
} |
|
| 180 | 182 |
// End operating system specific code |
| 181 | 183 |
|
| 182 | 184 |
// Begin database details code |
| 183 |
// Check if user has entered a database host
|
|
| 184 |
if(!isset($_POST['database_host']) OR $_POST['database_host'] == '') {
|
|
| 185 |
set_error('Please enter a database host name');
|
|
| 186 |
} else {
|
|
| 187 |
$database_host = $_POST['database_host'];
|
|
| 188 |
}
|
|
| 189 |
// Check if user has entered a database username
|
|
| 190 |
if(!isset($_POST['database_username']) OR $_POST['database_username'] == '') {
|
|
| 191 |
set_error('Please enter a database username');
|
|
| 192 |
} else {
|
|
| 193 |
$database_username = $_POST['database_username'];
|
|
| 194 |
}
|
|
| 195 |
// Check if user has entered a database password
|
|
| 196 |
if(!isset($_POST['database_password'])) {
|
|
| 197 |
set_error('Please enter a database password');
|
|
| 198 |
} else {
|
|
| 199 |
$database_password = $_POST['database_password'];
|
|
| 200 |
}
|
|
| 201 |
// Check if user has entered a database name
|
|
| 202 |
if(!isset($_POST['database_name']) OR $_POST['database_name'] == '') {
|
|
| 203 |
set_error('Please enter a database name');
|
|
| 204 |
} else {
|
|
| 205 |
$database_name = $_POST['database_name'];
|
|
| 206 |
}
|
|
| 207 |
// Get table prefix
|
|
| 208 |
$table_prefix = $_POST['table_prefix'];
|
|
| 209 |
// Find out if the user wants to install tables and data
|
|
| 210 |
if(isset($_POST['install_tables']) AND $_POST['install_tables'] == 'true') {
|
|
| 211 |
$install_tables = true;
|
|
| 212 |
} else {
|
|
| 213 |
$install_tables = false;
|
|
| 214 |
}
|
|
| 185 |
// Check if user has entered a database host |
|
| 186 |
if(!isset($_POST['database_host']) OR $_POST['database_host'] == '') {
|
|
| 187 |
set_error('Please enter a database host name');
|
|
| 188 |
} else {
|
|
| 189 |
$database_host = $_POST['database_host']; |
|
| 190 |
} |
|
| 191 |
// Check if user has entered a database username |
|
| 192 |
if(!isset($_POST['database_username']) OR $_POST['database_username'] == '') {
|
|
| 193 |
set_error('Please enter a database username');
|
|
| 194 |
} else {
|
|
| 195 |
$database_username = $_POST['database_username']; |
|
| 196 |
} |
|
| 197 |
// Check if user has entered a database password |
|
| 198 |
if(!isset($_POST['database_password'])) {
|
|
| 199 |
set_error('Please enter a database password');
|
|
| 200 |
} else {
|
|
| 201 |
$database_password = $_POST['database_password']; |
|
| 202 |
} |
|
| 203 |
// Check if user has entered a database name |
|
| 204 |
if(!isset($_POST['database_name']) OR $_POST['database_name'] == '') {
|
|
| 205 |
set_error('Please enter a database name');
|
|
| 206 |
} else {
|
|
| 207 |
$database_name = $_POST['database_name']; |
|
| 208 |
} |
|
| 209 |
// Get table prefix |
|
| 210 |
$table_prefix = $_POST['table_prefix']; |
|
| 211 |
// Find out if the user wants to install tables and data |
|
| 212 |
if(isset($_POST['install_tables']) AND $_POST['install_tables'] == 'true') {
|
|
| 213 |
$install_tables = true; |
|
| 214 |
} else {
|
|
| 215 |
$install_tables = false; |
|
| 216 |
} |
|
| 215 | 217 |
// End database details code |
| 216 | 218 |
|
| 217 | 219 |
// Begin website title code |
| 218 |
// Get website title
|
|
| 219 |
if(!isset($_POST['website_title']) OR $_POST['website_title'] == '') {
|
|
| 220 |
set_error('Please enter a website title');
|
|
| 221 |
} else {
|
|
| 222 |
$website_title = addslashes($_POST['website_title']);
|
|
| 223 |
}
|
|
| 220 |
// Get website title |
|
| 221 |
if(!isset($_POST['website_title']) OR $_POST['website_title'] == '') {
|
|
| 222 |
set_error('Please enter a website title');
|
|
| 223 |
} else {
|
|
| 224 |
$website_title = wb::addslashes($_POST['website_title']);
|
|
| 225 |
} |
|
| 224 | 226 |
// End website title code |
| 225 | 227 |
|
| 226 | 228 |
// Begin admin user details code |
| 227 |
// Get admin username |
|
| 228 |
if(!isset($_POST['admin_username']) OR $_POST['admin_username'] == '') {
|
|
| 229 |
set_error('Please enter a username for the Administrator account');
|
|
| 229 |
// Get admin username |
|
| 230 |
if(!isset($_POST['admin_username']) OR $_POST['admin_username'] == '') {
|
|
| 231 |
set_error('Please enter a username for the Administrator account');
|
|
| 232 |
} else {
|
|
| 233 |
$admin_username = $_POST['admin_username']; |
|
| 234 |
} |
|
| 235 |
// Get admin email and validate it |
|
| 236 |
if(!isset($_POST['admin_email']) OR $_POST['admin_email'] == '') {
|
|
| 237 |
set_error('Please enter an email for the Administrator account');
|
|
| 238 |
} else {
|
|
| 239 |
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['admin_email'])) {
|
|
| 240 |
$admin_email = $_POST['admin_email']; |
|
| 230 | 241 |
} else {
|
| 231 |
$admin_username = $_POST['admin_username'];
|
|
| 242 |
set_error('Please enter a valid email address for the Administrator account');
|
|
| 232 | 243 |
} |
| 233 |
// Get admin email and validate it |
|
| 234 |
if(!isset($_POST['admin_email']) OR $_POST['admin_email'] == '') {
|
|
| 235 |
set_error('Please enter an email for the Administrator account');
|
|
| 236 |
} else {
|
|
| 237 |
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['admin_email'])) {
|
|
| 238 |
$admin_email = $_POST['admin_email']; |
|
| 239 |
} else {
|
|
| 240 |
set_error('Please enter a valid email address for the Administrator account');
|
|
| 241 |
} |
|
| 242 |
} |
|
| 243 |
// Get the two admin passwords entered, and check that they match |
|
| 244 |
if(!isset($_POST['admin_password']) OR $_POST['admin_password'] == '') {
|
|
| 245 |
set_error('Please enter a password for the Administrator account');
|
|
| 246 |
} else {
|
|
| 247 |
$admin_password = $_POST['admin_password']; |
|
| 248 |
} |
|
| 249 |
if(!isset($_POST['admin_repassword']) OR $_POST['admin_repassword'] == '') {
|
|
| 250 |
set_error('Please make sure you re-enter the password for the Administrator account');
|
|
| 251 |
} else {
|
|
| 252 |
$admin_repassword = $_POST['admin_repassword']; |
|
| 253 |
} |
|
| 254 |
if($admin_password != $admin_repassword) {
|
|
| 255 |
set_error('Sorry, the two Administrator account passwords you entered do not match');
|
|
| 256 |
} |
|
| 244 |
} |
|
| 245 |
// Get the two admin passwords entered, and check that they match |
|
| 246 |
if(!isset($_POST['admin_password']) OR $_POST['admin_password'] == '') {
|
|
| 247 |
set_error('Please enter a password for the Administrator account');
|
|
| 248 |
} else {
|
|
| 249 |
$admin_password = $_POST['admin_password']; |
|
| 250 |
} |
|
| 251 |
if(!isset($_POST['admin_repassword']) OR $_POST['admin_repassword'] == '') {
|
|
| 252 |
set_error('Please make sure you re-enter the password for the Administrator account');
|
|
| 253 |
} else {
|
|
| 254 |
$admin_repassword = $_POST['admin_repassword']; |
|
| 255 |
} |
|
| 256 |
if($admin_password != $admin_repassword) {
|
|
| 257 |
set_error('Sorry, the two Administrator account passwords you entered do not match');
|
|
| 258 |
} |
|
| 257 | 259 |
// End admin user details code |
| 258 | 260 |
|
| 259 | 261 |
// Try and write settings to config file |
| ... | ... | |
| 362 | 364 |
mysql_close(); |
| 363 | 365 |
|
| 364 | 366 |
// Re-connect to the database, this time using in-build database class |
| 365 |
require(WB_PATH.'/framework/class.admin.php'); |
|
| 367 |
require_once(WB_PATH.'/framework/class.admin.php');
|
|
| 366 | 368 |
$database = new database(); |
| 367 | 369 |
|
| 368 | 370 |
// Check if we should install tables |
| ... | ... | |
| 498 | 500 |
$insert_website_footer = "INSERT INTO `".TABLE_PREFIX."settings` VALUES ('', 'footer', '')";
|
| 499 | 501 |
$database->query($insert_website_footer); |
| 500 | 502 |
// Search header |
| 501 |
$search_header = addslashes('
|
|
| 503 |
$search_header = wb::addslashes('
|
|
| 502 | 504 |
<h1>Search</h1> |
| 503 | 505 |
|
| 504 | 506 |
<form name="search" action="[WB_URL]/search/index[PAGE_EXTENSION]" method="post"> |
| 505 | 507 |
<table cellpadding="3" cellspacing="0" border="0" width="500"> |
| 506 | 508 |
<tr> |
| 507 | 509 |
<td> |
| 508 |
<input type="text" name="string" value="[SEARCH_STRING]" style="width: 100%;" />
|
|
| 510 |
<input type="text" name="string" value="[SEARCH_STRING]" style="width: 100%;" /> |
|
| 509 | 511 |
</td> |
| 510 | 512 |
<td width="150"> |
| 511 |
<input type="submit" value="[TEXT_SEARCH]" style="width: 100%;" />
|
|
| 513 |
<input type="submit" value="[TEXT_SEARCH]" style="width: 100%;" /> |
|
| 512 | 514 |
</td> |
| 513 | 515 |
</tr> |
| 514 | 516 |
<tr> |
| 515 | 517 |
<td colspan="2"> |
| 516 |
<input type="radio" name="match" id="match_all" value="all"[ALL_CHECKED] />
|
|
| 517 |
<a href="javascript: toggle_radio(\'match_all\');">[TEXT_ALL_WORDS]</a>
|
|
| 518 |
<input type="radio" name="match" id="match_any" value="any"[ANY_CHECKED] />
|
|
| 519 |
<a href="javascript: toggle_radio(\'match_any\');">[TEXT_ANY_WORDS]</a>
|
|
| 520 |
<input type="radio" name="match" id="match_exact" value="exact"[EXACT_CHECKED] />
|
|
| 521 |
<a href="javascript: toggle_radio(\'match_exact\');">[TEXT_EXACT_MATCH]</a>
|
|
| 518 |
<input type="radio" name="match" id="match_all" value="all"[ALL_CHECKED] /> |
|
| 519 |
<a href="javascript: toggle_radio(\'match_all\');">[TEXT_ALL_WORDS]</a> |
|
| 520 |
<input type="radio" name="match" id="match_any" value="any"[ANY_CHECKED] /> |
|
| 521 |
<a href="javascript: toggle_radio(\'match_any\');">[TEXT_ANY_WORDS]</a> |
|
| 522 |
<input type="radio" name="match" id="match_exact" value="exact"[EXACT_CHECKED] /> |
|
| 523 |
<a href="javascript: toggle_radio(\'match_exact\');">[TEXT_EXACT_MATCH]</a> |
|
| 522 | 524 |
</td> |
| 523 | 525 |
</tr> |
| 524 | 526 |
</table> |
| ... | ... | |
| 530 | 532 |
$insert_search_header = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'header', '$search_header', '')";
|
| 531 | 533 |
$database->query($insert_search_header); |
| 532 | 534 |
// Search footer |
| 533 |
$search_footer = addslashes('');
|
|
| 535 |
$search_footer = wb::addslashes('');
|
|
| 534 | 536 |
$insert_search_footer = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'footer', '$search_footer', '')";
|
| 535 | 537 |
$database->query($insert_search_footer); |
| 536 | 538 |
// Search results header |
| 537 |
$search_results_header = addslashes(''.
|
|
| 539 |
$search_results_header = wb::addslashes(''.
|
|
| 538 | 540 |
'[TEXT_RESULTS_FOR] \'<b>[SEARCH_STRING]</b>\': |
| 539 | 541 |
<table cellpadding="2" cellspacing="0" border="0" width="100%" style="padding-top: 10px;">'); |
| 540 | 542 |
$insert_search_results_header = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_header', '$search_results_header', '')";
|
| 541 | 543 |
$database->query($insert_search_results_header); |
| 542 | 544 |
// Search results loop |
| 543 |
$search_results_loop = addslashes(''.
|
|
| 545 |
$search_results_loop = wb::addslashes(''.
|
|
| 544 | 546 |
'<tr style="background-color: #F0F0F0;"> |
| 545 | 547 |
<td><a href="[LINK]">[TITLE]</a></td> |
| 546 | 548 |
<td align="right">[TEXT_LAST_UPDATED_BY] [DISPLAY_NAME] ([USERNAME]) [TEXT_ON] [DATE]</td> |
| 547 | 549 |
</tr> |
| 548 | 550 |
<tr><td colspan="2" style="text-align: justify; padding-bottom: 10px;">[DESCRIPTION]</td></tr>'); |
| 549 |
$insert_search_results_loop = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_loop', '$search_results_loop', '')";
|
|
| 550 |
$database->query($insert_search_results_loop);
|
|
| 551 |
// Search results footer
|
|
| 552 |
$search_results_footer = addslashes("</table>");
|
|
| 553 |
$insert_search_results_footer = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_footer', '$search_results_footer', '')";
|
|
| 554 |
$database->query($insert_search_results_footer);
|
|
| 555 |
// Search no results
|
|
| 556 |
$search_no_results = addslashes('<br />No results found');
|
|
| 551 |
$insert_search_results_loop = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_loop', '$search_results_loop', '')";
|
|
| 552 |
$database->query($insert_search_results_loop); |
|
| 553 |
// Search results footer |
|
| 554 |
$search_results_footer = wb::addslashes("</table>");
|
|
| 555 |
$insert_search_results_footer = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_footer', '$search_results_footer', '')";
|
|
| 556 |
$database->query($insert_search_results_footer); |
|
| 557 |
// Search no results |
|
| 558 |
$search_no_results = wb::add_slashes('<br />No results found');
|
|
| 557 | 559 |
$insert_search_no_results = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'no_results', '$search_no_results', '')";
|
| 558 | 560 |
$database->query($insert_search_no_results); |
| 559 | 561 |
// Search template |
| trunk/wb/admin/media/browse.php | ||
|---|---|---|
| 103 | 103 |
$temp_id++; |
| 104 | 104 |
$template->set_var(array( |
| 105 | 105 |
'NAME' => $name, |
| 106 |
'NAME_SLASHED' => addslashes($name),
|
|
| 106 |
'NAME_SLASHED' => $admin->add_slashes($name),
|
|
| 107 | 107 |
'TEMP_ID' => $temp_id, |
| 108 | 108 |
'LINK' => "browse.php?dir=$directory/$link_name", |
| 109 | 109 |
'LINK_TARGET' => '', |
| ... | ... | |
| 125 | 125 |
$temp_id++; |
| 126 | 126 |
$template->set_var(array( |
| 127 | 127 |
'NAME' => $name, |
| 128 |
'NAME_SLASHED' => addslashes($name),
|
|
| 128 |
'NAME_SLASHED' => $admin->add_slashes($name),
|
|
| 129 | 129 |
'TEMP_ID' => $temp_id, |
| 130 | 130 |
'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, |
| 131 | 131 |
'LINK_TARGET' => '_blank', |
| trunk/wb/admin/templates/uninstall.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: uninstall.php,v 1.2 2005/04/02 06:25:53 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 47 | 47 |
if($_POST['file'] == DEFAULT_TEMPLATE) {
|
| 48 | 48 |
$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNINSTALL_IN_USE']); |
| 49 | 49 |
} else {
|
| 50 |
$query_templates = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE template = '".addslashes($_POST['file'])."' LIMIT 1");
|
|
| 50 |
$query_templates = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE template = '".$admin->add_slashes($_POST['file'])."' LIMIT 1");
|
|
| 51 | 51 |
if($query_templates->numRows() > 0) {
|
| 52 | 52 |
$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNINSTALL_IN_USE']); |
| 53 | 53 |
} |
| trunk/wb/admin/pages/intro.php | ||
|---|---|---|
| 43 | 43 |
$template->set_file('page', 'intro.html');
|
| 44 | 44 |
$template->set_block('page', 'main_block', 'main');
|
| 45 | 45 |
$template->set_var(array( |
| 46 |
'CONTENT' => $admin->stripslashes($content), |
|
| 46 |
'CONTENT' => $admin->strip_slashes($content),
|
|
| 47 | 47 |
'WB_URL' => WB_URL, |
| 48 | 48 |
'ADMIN_URL' => ADMIN_URL, |
| 49 | 49 |
'TEXT_SAVE' => $TEXT['SAVE'], |
| trunk/wb/admin/pages/settings.php | ||
|---|---|---|
| 79 | 79 |
$template->set_block('page', 'main_block', 'main');
|
| 80 | 80 |
$template->set_var(array( |
| 81 | 81 |
'PAGE_ID' => $results_array['page_id'], |
| 82 |
'PAGE_TITLE' => $admin->stripslashes($results_array['page_title']), |
|
| 83 |
'MENU_TITLE' => $admin->stripslashes($results_array['menu_title']), |
|
| 84 |
'DESCRIPTION' => $admin->stripslashes($results_array['description']), |
|
| 85 |
'KEYWORDS' => $admin->stripslashes($results_array['keywords']), |
|
| 82 |
'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
|
|
| 83 |
'MENU_TITLE' => $admin->strip_slashes($results_array['menu_title']),
|
|
| 84 |
'DESCRIPTION' => $admin->strip_slashes($results_array['description']),
|
|
| 85 |
'KEYWORDS' => $admin->strip_slashes($results_array['keywords']),
|
|
| 86 | 86 |
'MODIFIED_BY' => $user['display_name'], |
| 87 | 87 |
'MODIFIED_BY_USERNAME' => $user['username'], |
| 88 | 88 |
'MODIFIED_WHEN' => $modified_ts, |
| ... | ... | |
| 251 | 251 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
|
| 252 | 252 |
$template->set_var(array( |
| 253 | 253 |
'ID' => $page['page_id'], |
| 254 |
'TITLE' => $admin->stripslashes($title_prefix.$page['page_title']) |
|
| 254 |
'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
|
|
| 255 | 255 |
) |
| 256 | 256 |
); |
| 257 | 257 |
if($results_array['parent'] == $page['page_id']) {
|
| trunk/wb/admin/pages/sections_save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: sections_save.php,v 1.6 2005/04/08 07:36:58 rdjurovich Exp $ +// $Id$ |
|
| 4 | 3 |
/* |
| 5 | 4 |
|
| ... | ... | |
| 84 | 84 |
$section_id = $section['section_id']; |
| 85 | 85 |
$sql = ''; |
| 86 | 86 |
if(isset($_POST['block'.$section_id]) AND $_POST['block'.$section_id] != '') {
|
| 87 |
$sql = "block = '".addslashes($_POST['block'.$section_id])."'";
|
|
| 87 |
$sql = "block = '".$admin->add_slashes($_POST['block'.$section_id])."'";
|
|
| 88 | 88 |
$query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id' LIMIT 1"; |
| 89 | 89 |
if($sql != '') {
|
| 90 | 90 |
$database->query($query); |
| trunk/wb/admin/pages/index.php | ||
|---|---|---|
| 150 | 150 |
</td> |
| 151 | 151 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
|
| 152 | 152 |
<td> |
| 153 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->stripslashes($page['page_title']); ?></a> |
|
| 153 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a>
|
|
| 154 | 154 |
</td> |
| 155 | 155 |
<?php } else { ?>
|
| 156 | 156 |
<td> |
| 157 |
<?php echo $admin->stripslashes($page['page_title']); ?> |
|
| 157 |
<?php echo $admin->strip_slashes($page['page_title']); ?>
|
|
| 158 | 158 |
</td> |
| 159 | 159 |
<?php } ?> |
| 160 | 160 |
<td align="left" width="232"> |
| 161 |
<font color="#999999"><?php echo $admin->stripslashes($page['menu_title']); ?></font> |
|
| 161 |
<font color="#999999"><?php echo $admin->strip_slashes($page['menu_title']); ?></font>
|
|
| 162 | 162 |
</td> |
| 163 | 163 |
<td align="center" valign="middle" width="90"> |
| 164 | 164 |
<?php if($page['visibility'] == 'public') { ?>
|
| ... | ... | |
| 446 | 446 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; }
|
| 447 | 447 |
$template->set_var(array( |
| 448 | 448 |
'ID' => $page['page_id'], |
| 449 |
'TITLE' => $admin->stripslashes($title_prefix.$page['page_title']) |
|
| 449 |
'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title'])
|
|
| 450 | 450 |
) |
| 451 | 451 |
); |
| 452 | 452 |
if($can_modify == true) {
|
| trunk/wb/admin/pages/trash.php | ||
|---|---|---|
| 141 | 141 |
</td> |
| 142 | 142 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?>
|
| 143 | 143 |
<td> |
| 144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->stripslashes($page['page_title']); ?></a> |
|
| 144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a>
|
|
| 145 | 145 |
</td> |
| 146 | 146 |
<?php } else { ?>
|
| 147 | 147 |
<td> |
| 148 | 148 |
<?php |
| 149 | 149 |
if($page['visibility'] != 'heading') {
|
| 150 |
echo $admin->stripslashes($page['page_title']); |
|
| 150 |
echo $admin->strip_slashes($page['page_title']);
|
|
| 151 | 151 |
} else {
|
| 152 |
echo '<b>'.$admin->stripslashes($page['page_title']).'</b>'; |
|
| 152 |
echo '<b>'.$admin->strip_slashes($page['page_title']).'</b>';
|
|
| 153 | 153 |
} |
| 154 | 154 |
?> |
| 155 | 155 |
</td> |
| trunk/wb/admin/pages/settings2.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: settings2.php,v 1.12 2005/06/23 05:46:06 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 39 | 39 |
require_once(WB_PATH.'/framework/functions.php'); |
| 40 | 40 |
|
| 41 | 41 |
// Get values |
| 42 |
$page_title = addslashes($admin->get_post('page_title'));
|
|
| 43 |
$menu_title = addslashes($admin->get_post('menu_title'));
|
|
| 44 |
$description = addslashes($admin->get_post('description'));
|
|
| 45 |
$keywords = addslashes($admin->get_post('keywords'));
|
|
| 42 |
$page_title = $admin->add_slashes($admin->get_post('page_title'));
|
|
| 43 |
$menu_title = $admin->add_slashes($admin->get_post('menu_title'));
|
|
| 44 |
$description = $admin->add_slashes($admin->get_post('description'));
|
|
| 45 |
$keywords = $admin->add_slashes($admin->get_post('keywords'));
|
|
| 46 | 46 |
$parent = $admin->get_post('parent');
|
| 47 | 47 |
$visibility = $admin->get_post('visibility');
|
| 48 | 48 |
$template = $admin->get_post('template');
|
| trunk/wb/admin/pages/sections.php | ||
|---|---|---|
| 134 | 134 |
</td> |
| 135 | 135 |
<td align="right"> |
| 136 | 136 |
<?php echo $TEXT['CURRENT_PAGE']; ?>: |
| 137 |
<b><?php echo $admin->stripslashes($results_array['page_title']); ?></b> |
|
| 137 |
<b><?php echo $admin->strip_slashes($results_array['page_title']); ?></b>
|
|
| 138 | 138 |
- |
| 139 | 139 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>"><?php echo $HEADING['MODIFY_PAGE']; ?></a> |
| 140 | 140 |
- |
| trunk/wb/admin/pages/modify.php | ||
|---|---|---|
| 81 | 81 |
$template->set_block('page', 'main_block', 'main');
|
| 82 | 82 |
$template->set_var(array( |
| 83 | 83 |
'PAGE_ID' => $results_array['page_id'], |
| 84 |
'PAGE_TITLE' => $admin->stripslashes($results_array['page_title']), |
|
| 84 |
'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']),
|
|
| 85 | 85 |
'MODIFIED_BY' => $user['display_name'], |
| 86 | 86 |
'MODIFIED_BY_USERNAME' => $user['username'], |
| 87 | 87 |
'MODIFIED_WHEN' => $modified_ts, |
| trunk/wb/admin/pages/add.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: add.php,v 1.12 2005/04/08 07:36:58 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 32 | 32 |
require_once(WB_PATH.'/framework/functions.php'); |
| 33 | 33 |
|
| 34 | 34 |
// Get values |
| 35 |
$title = addslashes($admin->get_post('title'));
|
|
| 35 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 36 | 36 |
$module = $admin->get_post('type');
|
| 37 | 37 |
$parent = $admin->get_post('parent');
|
| 38 | 38 |
$visibility = $admin->get_post('visibility');
|
| trunk/wb/admin/settings/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.14 2005/06/23 05:56:33 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 45 | 45 |
while($setting = $results->fetchRow()) {
|
| 46 | 46 |
$setting_name = $setting['name']; |
| 47 | 47 |
$value = $admin->get_post($setting_name); |
| 48 |
$value = addslashes($value);
|
|
| 48 |
$value = $admin->add_slashes($value);
|
|
| 49 | 49 |
$database->query("UPDATE ".TABLE_PREFIX."settings SET value = '$value' WHERE name = '$setting_name'");
|
| 50 | 50 |
} |
| 51 | 51 |
|
| ... | ... | |
| 56 | 56 |
$setting_name = $search_setting['name']; |
| 57 | 57 |
$post_name = 'search_'.$search_setting['name']; |
| 58 | 58 |
$value = $admin->get_post($post_name); |
| 59 |
$value = addslashes($value);
|
|
| 59 |
$value = $admin->add_slashes($value);
|
|
| 60 | 60 |
$database->query("UPDATE ".TABLE_PREFIX."search SET value = '$value' WHERE name = '$setting_name'");
|
| 61 | 61 |
} |
| 62 | 62 |
|
| ... | ... | |
| 199 | 199 |
"define('HOMEPAGE_REDIRECTION', ".str_replace(';', '', $_POST['homepage_redirection']).");\n".
|
| 200 | 200 |
"define('PAGE_LANGUAGES', ".str_replace(';', '', $_POST['page_languages']).");\n".
|
| 201 | 201 |
"\n". |
| 202 |
"define('WYSIWYG_STYLE', '".addslashes($_POST['wysiwyg_style'])."');\n".
|
|
| 202 |
"define('WYSIWYG_STYLE', '".$admin->add_slashes($_POST['wysiwyg_style'])."');\n".
|
|
| 203 | 203 |
"\n". |
| 204 | 204 |
"define('MANAGE_SECTIONS', ".str_replace(';', '', $_POST['manage_sections']).");\n".
|
| 205 | 205 |
"define('SECTION_BLOCKS', ".str_replace(';', '', $_POST['section_blocks']).");\n".
|
| trunk/wb/admin/settings/index.php | ||
|---|---|---|
| 45 | 45 |
$results = $database->query($query); |
| 46 | 46 |
while($setting = $results->fetchRow()) {
|
| 47 | 47 |
$setting_name = $setting['name']; |
| 48 |
$setting_value = htmlspecialchars($admin->stripslashes($setting['value'])); |
|
| 48 |
$setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
|
|
| 49 | 49 |
switch($setting_name) {
|
| 50 | 50 |
// Website title |
| 51 | 51 |
case 'title': |
| ... | ... | |
| 79 | 79 |
$results = $database->query($query); |
| 80 | 80 |
while($setting = $results->fetchRow()) {
|
| 81 | 81 |
$setting_name = $setting['name']; |
| 82 |
$setting_value = htmlspecialchars($admin->stripslashes($setting['value'])); |
|
| 82 |
$setting_value = htmlspecialchars($admin->strip_slashes($setting['value']));
|
|
| 83 | 83 |
switch($setting_name) {
|
| 84 | 84 |
// Search header |
| 85 | 85 |
case 'header': |
| ... | ... | |
| 463 | 463 |
} |
| 464 | 464 |
|
| 465 | 465 |
// Insert WYSIWYG style value into template |
| 466 |
$template->set_var('WYSIWYG_STYLE', $admin->stripslashes(WYSIWYG_STYLE));
|
|
| 466 |
$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes(WYSIWYG_STYLE));
|
|
| 467 | 467 |
|
| 468 | 468 |
// Insert Server Email value into template |
| 469 | 469 |
$template->set_var('SERVER_EMAIL', SERVER_EMAIL);
|
| trunk/wb/admin/users/add.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: add.php,v 1.5 2005/04/02 06:25:53 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 71 | 71 |
} |
| 72 | 72 |
|
| 73 | 73 |
// Check if the email already exists |
| 74 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".addslashes($_POST['email'])."'");
|
|
| 74 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'");
|
|
| 75 | 75 |
if($results->numRows() > 0) {
|
| 76 | 76 |
if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
|
| 77 | 77 |
$admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); |
| trunk/wb/admin/preferences/details.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: details.php,v 1.2 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 29 | 29 |
$admin = new admin('Preferences');
|
| 30 | 30 |
|
| 31 | 31 |
// Get entered values |
| 32 |
$display_name = addslashes($admin->get_post('display_name'));
|
|
| 32 |
$display_name = $admin->add_slashes($admin->get_post('display_name'));
|
|
| 33 | 33 |
$language = $admin->get_post('language');
|
| 34 | 34 |
$timezone = $admin->get_post('timezone')*60*60;
|
| 35 | 35 |
$date_format = $admin->get_post('date_format');
|
| trunk/wb/admin/languages/uninstall.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: uninstall.php,v 1.2 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 45 | 45 |
if($_POST['code'] == DEFAULT_LANGUAGE OR $_POST['code'] == LANGUAGE) {
|
| 46 | 46 |
$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNINSTALL_IN_USE']); |
| 47 | 47 |
} else {
|
| 48 |
$query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".addslashes($_POST['code'])."' LIMIT 1");
|
|
| 48 |
$query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$admin->add_slashes($_POST['code'])."' LIMIT 1");
|
|
| 49 | 49 |
if($query_users->numRows() > 0) {
|
| 50 | 50 |
$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNINSTALL_IN_USE']); |
| 51 | 51 |
} |
| trunk/wb/admin/login/forgot/index.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: index.php,v 1.4 2005/06/22 05:30:35 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 42 | 42 |
$email = $_POST['email']; |
| 43 | 43 |
|
| 44 | 44 |
// Check if the email exists in the database |
| 45 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".addslashes($_POST['email'])."'";
|
|
| 45 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
|
|
| 46 | 46 |
$results = $database->query($query); |
| 47 | 47 |
if($results->numRows() > 0) {
|
| 48 | 48 |
|
| trunk/wb/admin/modules/uninstall.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: uninstall.php,v 1.4 2005/04/25 11:53:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 44 | 44 |
} |
| 45 | 45 |
|
| 46 | 46 |
// Check if the module is in use |
| 47 |
$query_modules = $database->query("SELECT section_id FROM ".TABLE_PREFIX."sections WHERE module = '".addslashes($_POST['file'])."' LIMIT 1");
|
|
| 47 |
$query_modules = $database->query("SELECT section_id FROM ".TABLE_PREFIX."sections WHERE module = '".$admin->add_slashes($_POST['file'])."' LIMIT 1");
|
|
| 48 | 48 |
if($query_modules->numRows() > 0) {
|
| 49 | 49 |
$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNINSTALL_IN_USE']); |
| 50 | 50 |
} |
| trunk/wb/modules/wrapper/view.php | ||
|---|---|---|
| 26 | 26 |
// Get url |
| 27 | 27 |
$get_settings = $database->query("SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_settings = $get_settings->fetchRow(); |
| 29 |
$url = $this->stripslashes($fetch_settings['url']); |
|
| 29 |
$url = $this->strip_slashes($fetch_settings['url']);
|
|
| 30 | 30 |
|
| 31 | 31 |
?> |
| 32 | 32 |
<iframe src="<?php echo $url; ?>" width="100%" height="<?php echo $fetch_settings['height']; ?>px" frameborder="0" scrolling="auto"> |
| trunk/wb/modules/wrapper/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.2 2005/04/02 06:25:57 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 31 | 31 |
|
| 32 | 32 |
// Update the mod_wrapper table with the contents |
| 33 | 33 |
if(isset($_POST['url'])) {
|
| 34 |
$url = addslashes($_POST['url']);
|
|
| 34 |
$url = $admin->add_slashes($_POST['url']);
|
|
| 35 | 35 |
$height = $_POST['height']; |
| 36 | 36 |
if(!is_numeric($height)) {
|
| 37 | 37 |
$height = 400; |
| trunk/wb/modules/wrapper/modify.php | ||
|---|---|---|
| 32 | 32 |
$query = "SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'"; |
| 33 | 33 |
$get_settings = $database->query($query); |
| 34 | 34 |
$settings = $get_settings->fetchRow(); |
| 35 |
$url = $admin->stripslashes($settings['url']); |
|
| 35 |
$url = $admin->strip_slashes($settings['url']);
|
|
| 36 | 36 |
$height = $settings['height']; |
| 37 | 37 |
|
| 38 | 38 |
// Insert vars |
| trunk/wb/modules/menu_link/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.2 2005/04/02 06:25:56 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 34 | 34 |
// Update the mod_menu_links table with the link |
| 35 | 35 |
if(isset($_POST['link'])) {
|
| 36 | 36 |
// Update link and target |
| 37 |
$link = addslashes($_POST['link']);
|
|
| 37 |
$link = $admin->add_slashes($_POST['link']);
|
|
| 38 | 38 |
$target = $_POST['target']; |
| 39 | 39 |
$query = "UPDATE ".TABLE_PREFIX."pages SET link = '$link', target = '$target' WHERE page_id = '$page_id'"; |
| 40 | 40 |
$database->query($query); |
| trunk/wb/modules/menu_link/modify.php | ||
|---|---|---|
| 32 | 32 |
$query_info = "SELECT link,target FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
| 33 | 33 |
$get_info = $database->query($query_info); |
| 34 | 34 |
$fetch_info = $get_info->fetchRow(); |
| 35 |
$link = $admin->stripslashes($fetch_info['link']); |
|
| 35 |
$link = $admin->strip_slashes($fetch_info['link']);
|
|
| 36 | 36 |
$target = $fetch_info['target']; |
| 37 | 37 |
|
| 38 | 38 |
// Insert vars |
| trunk/wb/modules/wysiwyg/view.php | ||
|---|---|---|
| 26 | 26 |
// Get content |
| 27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_content = $get_content->fetchRow(); |
| 29 |
$content = $this->stripslashes($fetch_content['content']); |
|
| 29 |
$content = $this->strip_slashes($fetch_content['content']);
|
|
| 30 | 30 |
|
| 31 | 31 |
$this->preprocess($content); |
| 32 | 32 |
|
| trunk/wb/modules/wysiwyg/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.2 2005/04/02 06:25:57 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 31 | 31 |
|
| 32 | 32 |
// Update the mod_wysiwygs table with the contents |
| 33 | 33 |
if(isset($_POST['content'])) {
|
| 34 |
$content = addslashes($_POST['content']);
|
|
| 34 |
$content = $admin->add_slashes($_POST['content']);
|
|
| 35 | 35 |
$text = strip_tags($content); |
| 36 | 36 |
$database = new database(); |
| 37 | 37 |
$query = "UPDATE ".TABLE_PREFIX."mod_wysiwyg SET content = '$content', text = '$text' WHERE section_id = '$section_id'"; |
| trunk/wb/modules/wysiwyg/modify.php | ||
|---|---|---|
| 29 | 29 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'"; |
| 30 | 30 |
$get_content = $database->query($query); |
| 31 | 31 |
$content = $get_content->fetchRow(); |
| 32 |
$content = $admin->stripslashes(htmlspecialchars($content['content'])); |
|
| 32 |
$content = $admin->strip_slashes(htmlspecialchars($content['content']));
|
|
| 33 | 33 |
|
| 34 | 34 |
// Load HTMLArea |
| 35 | 35 |
if(!isset($loaded_htmlarea)) {
|
| ... | ... | |
| 55 | 55 |
echo 'var editor = new HTMLArea("content'.$wysiwyg_section["section_id"].'");'
|
| 56 | 56 |
. 'editor.registerPlugin(ContextMenu);' |
| 57 | 57 |
. 'editor.registerPlugin(TableOperations);' |
| 58 |
. 'editor.config.pageStyle = "body { '.$admin->stripslashes(WYSIWYG_STYLE).' }";'
|
|
| 58 |
. 'editor.config.pageStyle = "body { '.$admin->strip_slashes(WYSIWYG_STYLE).' }";'
|
|
| 59 | 59 |
. 'editor.generate();'; |
| 60 | 60 |
} |
| 61 | 61 |
} |
| trunk/wb/modules/form/modify_field.php | ||
|---|---|---|
| 63 | 63 |
<tr> |
| 64 | 64 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 65 | 65 |
<td> |
| 66 |
<input type="text" name="title" value="<?php echo htmlspecialchars($admin->stripslashes($form['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 66 |
<input type="text" name="title" value="<?php echo htmlspecialchars($admin->strip_slashes($form['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 67 | 67 |
</td> |
| 68 | 68 |
</tr> |
| 69 | 69 |
<tr> |
| ... | ... | |
| 86 | 86 |
<tr> |
| 87 | 87 |
<td valign="top"><?php echo $TEXT['TEMPLATE']; ?>:</td> |
| 88 | 88 |
<td> |
| 89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->stripslashes($form['extra'])); ?></textarea> |
|
| 89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->strip_slashes($form['extra'])); ?></textarea>
|
|
| 90 | 90 |
</td> |
| 91 | 91 |
</tr> |
| 92 | 92 |
<?php } elseif($type == 'textfield') { ?>
|
| trunk/wb/modules/form/save_field.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save_field.php,v 1.5 2005/03/28 11:58:04 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 46 | 46 |
if($admin->get_post('title') == '' OR $admin->get_post('type') == '') {
|
| 47 | 47 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$field_id); |
| 48 | 48 |
} else {
|
| 49 |
$title = addslashes($admin->get_post('title'));
|
|
| 49 |
$title = $admin($admin->get_post('title'));
|
|
| 50 | 50 |
$type = $admin->get_post('type');
|
| 51 | 51 |
$required = $admin->get_post('required');
|
| 52 | 52 |
} |
| ... | ... | |
| 77 | 77 |
} elseif($admin->get_post('type') == 'heading') {
|
| 78 | 78 |
$extra = $admin->get_post('template');
|
| 79 | 79 |
if(trim($extra) == '') $extra = '<tr><td class="field_heading" colspan="2">{TITLE}{FIELD}</td></tr>';
|
| 80 |
$extra = addslashes($extra);
|
|
| 80 |
$extra = $admin($extra);
|
|
| 81 | 81 |
$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '', extra = '$extra' WHERE field_id = '$field_id'");
|
| 82 | 82 |
} elseif($admin->get_post('type') == 'select') {
|
| 83 | 83 |
$extra = $admin->get_post('size').','.$admin->get_post('multiselect');
|
| trunk/wb/modules/form/modify_settings.php | ||
|---|---|---|
| 58 | 58 |
<tr> |
| 59 | 59 |
<td class="setting_name" width="220"><?php echo $TEXT['HEADER']; ?>:</td> |
| 60 | 60 |
<td class="setting_name"> |
| 61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->stripslashes($setting['header']); ?></textarea> |
|
| 61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($setting['header']); ?></textarea>
|
|
| 62 | 62 |
</td> |
| 63 | 63 |
</tr> |
| 64 | 64 |
<tr> |
| 65 | 65 |
<td class="setting_name"><?php echo $TEXT['FIELD'].' '.$TEXT['LOOP']; ?>:</td> |
| 66 | 66 |
<td class="setting_name"> |
| 67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->stripslashes($setting['field_loop']); ?></textarea> |
|
| 67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($setting['field_loop']); ?></textarea>
|
|
| 68 | 68 |
</td> |
| 69 | 69 |
</tr> |
| 70 | 70 |
<tr> |
| 71 | 71 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
| 72 | 72 |
<td class="setting_name"> |
| 73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['footer'])); ?></textarea> |
|
| 73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['footer'])); ?></textarea>
|
|
| 74 | 74 |
</td> |
| 75 | 75 |
</tr> |
| 76 | 76 |
<tr> |
| 77 | 77 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['TO']; ?>:</td> |
| 78 | 78 |
<td class="setting_name"> |
| 79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['email_to'])); ?></textarea> |
|
| 79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_to'])); ?></textarea>
|
|
| 80 | 80 |
</td> |
| 81 | 81 |
</tr> |
| 82 | 82 |
<tr> |
| ... | ... | |
| 85 | 85 |
<select name="email_from_field" style="width: 100%;"> |
| 86 | 86 |
<option value="" onclick="javascript: document.getElementById('email_from').style.display = 'block';"><?php echo $TEXT['CUSTOM']; ?>:</option>
|
| 87 | 87 |
<?php |
| 88 |
$email_from_value = str_replace($raw, $friendly, $admin->stripslashes($setting['email_from'])); |
|
| 88 |
$email_from_value = str_replace($raw, $friendly, $admin->strip_slashes($setting['email_from']));
|
|
| 89 | 89 |
$query_email_fields = $database->query("SELECT field_id,title FROM ".TABLE_PREFIX."mod_form_fields ORDER BY position ASC");
|
| 90 | 90 |
if($query_email_fields->numRows() > 0) {
|
| 91 | 91 |
while($field = $query_email_fields->fetchRow()) {
|
| ... | ... | |
| 104 | 104 |
<tr> |
| 105 | 105 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['SUBJECT']; ?>:</td> |
| 106 | 106 |
<td class="setting_name"> |
| 107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['email_subject'])); ?>" /> |
|
| 107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_subject'])); ?>" />
|
|
| 108 | 108 |
</td> |
| 109 | 109 |
</tr> |
| 110 | 110 |
<tr> |
| 111 | 111 |
<td class="setting_name"><?php echo $TEXT['SUCCESS'].' '.$TEXT['MESSAGE']; ?>:</td> |
| 112 | 112 |
<td class="setting_name"> |
| 113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['success_message'])); ?></textarea> |
|
| 113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['success_message'])); ?></textarea>
|
|
| 114 | 114 |
</td> |
| 115 | 115 |
</tr> |
| 116 | 116 |
<tr> |
| 117 | 117 |
<td class="setting_name"><?php echo $TEXT['MAX_SUBMISSIONS_PER_HOUR']; ?>:</td> |
| 118 | 118 |
<td class="setting_name"> |
| 119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['max_submissions'])); ?>" /> |
|
| 119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['max_submissions'])); ?>" />
|
|
| 120 | 120 |
</td> |
| 121 | 121 |
</tr> |
| 122 | 122 |
<tr> |
| 123 | 123 |
<td class="setting_name"><?php echo $TEXT['SUBMISSIONS_STORED_IN_DATABASE']; ?>:</td> |
| 124 | 124 |
<td class="setting_name"> |
| 125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->stripslashes($setting['stored_submissions'])); ?>" /> |
|
| 125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['stored_submissions'])); ?>" />
|
|
| 126 | 126 |
</td> |
| 127 | 127 |
</tr> |
| 128 | 128 |
</table> |
| trunk/wb/modules/form/view.php | ||
|---|---|---|
| 113 | 113 |
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 114 | 114 |
if($query_settings->numRows() > 0) {
|
| 115 | 115 |
$fetch_settings = $query_settings->fetchRow(); |
| 116 |
$header = $this->stripslashes($fetch_settings['header']); |
|
| 117 |
$field_loop = $this->stripslashes($fetch_settings['field_loop']); |
|
| 118 |
$footer = $this->stripslashes($fetch_settings['footer']); |
|
| 116 |
$header = $this->strip_slashes($fetch_settings['header']);
|
|
| 117 |
$field_loop = $this->strip_slashes($fetch_settings['field_loop']);
|
|
| 118 |
$footer = $this->strip_slashes($fetch_settings['footer']);
|
|
| 119 | 119 |
} else {
|
| 120 | 120 |
$header = ''; |
| 121 | 121 |
$field_loop = ''; |
| ... | ... | |
| 136 | 136 |
while($field = $query_fields->fetchRow()) {
|
| 137 | 137 |
// Set field values |
| 138 | 138 |
$field_id = $field['field_id']; |
| 139 |
$value = $this->stripslashes($field['value']); |
|
| 139 |
$value = $this->strip_slashes($field['value']);
|
|
| 140 | 140 |
// Print field_loop after replacing vars with values |
| 141 | 141 |
$vars = array('{TITLE}', '{REQUIRED}');
|
| 142 | 142 |
$values = array($field['title']); |
| ... | ... | |
| 198 | 198 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 199 | 199 |
if($query_settings->numRows() > 0) {
|
| 200 | 200 |
$fetch_settings = $query_settings->fetchRow(); |
| 201 |
$email_to = $this->stripslashes($fetch_settings['email_to']); |
|
| 202 |
$email_from = $this->stripslashes($fetch_settings['email_from']); |
|
| 201 |
$email_to = $this->strip_slashes($fetch_settings['email_to']);
|
|
| 202 |
$email_from = $this->strip_slashes($fetch_settings['email_from']);
|
|
| 203 | 203 |
if(substr($email_from, 0, 5) == 'field') {
|
| 204 | 204 |
// Set the email from field to what the user entered in the specified field |
| 205 |
$email_from = addslashes($_POST[$email_from]);
|
|
| 205 |
$email_from = $this->add_slashes($_POST[$email_from]);
|
|
| 206 | 206 |
} |
| 207 |
$email_subject = $this->stripslashes($fetch_settings['email_subject']); |
|
| 208 |
$success_message = $this->stripslashes($fetch_settings['success_message']); |
|
| 209 |
$max_submissions = $this->stripslashes($fetch_settings['max_submissions']); |
|
| 210 |
$stored_submissions = $this->stripslashes($fetch_settings['stored_submissions']); |
|
| 207 |
$email_subject = $this->strip_slashes($fetch_settings['email_subject']);
|
|
| 208 |
$success_message = $this->strip_slashes($fetch_settings['success_message']);
|
|
| 209 |
$max_submissions = $this->strip_slashes($fetch_settings['max_submissions']);
|
|
| 210 |
$stored_submissions = $this->strip_slashes($fetch_settings['stored_submissions']);
|
|
| 211 | 211 |
} else {
|
| 212 | 212 |
exit($TEXT['UNDER_CONSTRUCTION']); |
| 213 | 213 |
} |
| ... | ... | |
| 231 | 231 |
} elseif (!is_array($_POST['field'.$field['field_id']])) {
|
| 232 | 232 |
$email_body .= ' |
| 233 | 233 |
|
| 234 |
'.$this->stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n';
|
|
| 234 |
'.$this->strip_slashes($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
|
|
| 235 | 235 |
} else {
|
| 236 | 236 |
$email_body .= ' |
| 237 | 237 |
|
| 238 |
'.$this->stripslashes($field['title']).': \n';
|
|
| 238 |
'.$this->strip_slashes($field['title']).": \n";
|
|
| 239 | 239 |
foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
|
| 240 | 240 |
$email_body .= ' |
| 241 | 241 |
|
| ... | ... | |
| 243 | 243 |
} |
| 244 | 244 |
} |
| 245 | 245 |
} elseif($field['required'] == 1) {
|
| 246 |
$required[] = $this->stripslashes($field['title']); |
|
| 246 |
$required[] = $this->strip_slashes($field['title']);
|
|
| 247 | 247 |
} |
| 248 | 248 |
} |
| 249 | 249 |
} |
| 250 | 250 |
} |
| 251 | 251 |
|
| 252 |
// Addslashes to email body |
|
| 253 |
$email_body = addslashes($email_body);
|
|
| 252 |
// Addslashes to email body - proposed by Icheb in topic=1170.0
|
|
| 253 |
// $email_body = $this->add_slashes($email_body);
|
|
| 254 | 254 |
|
| 255 | 255 |
// Check if the user forgot to enter values into all the required fields |
| 256 | 256 |
if($required != array()) {
|
| ... | ... | |
| 288 | 288 |
} else {
|
| 289 | 289 |
$submitted_by = 0; |
| 290 | 290 |
} |
| 291 |
$email_body = $this->add_slashes($email_body); |
|
| 291 | 292 |
$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
|
| 292 | 293 |
// Make sure submissions table isn't too full |
| 293 | 294 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
|
| trunk/wb/modules/form/save_settings.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save_settings.php,v 1.3 2005/03/28 04:34:45 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 37 | 37 |
// This code removes any <?php tags and adds slashes |
| 38 | 38 |
$friendly = array('<', '>', '?php');
|
| 39 | 39 |
$raw = array('<', '>', '');
|
| 40 |
$header = addslashes($_POST['header']);
|
|
| 41 |
$field_loop = addslashes($_POST['field_loop']);
|
|
| 42 |
$footer = addslashes($_POST['footer']);
|
|
| 43 |
$email_to = addslashes($_POST['email_to']);
|
|
| 40 |
$header = $admin->add_slashes($_POST['header']);
|
|
| 41 |
$field_loop = $admin->add_slashes($_POST['field_loop']);
|
|
| 42 |
$footer = $admin->add_slashes($_POST['footer']);
|
|
| 43 |
$email_to = $admin->add_slashes($_POST['email_to']);
|
|
| 44 | 44 |
if($_POST['email_from_field'] == '') {
|
| 45 |
$email_from = addslashes($_POST['email_from']);
|
|
| 45 |
$email_from = $admin->add_slashes($_POST['email_from']);
|
|
| 46 | 46 |
} else {
|
| 47 |
$email_from = addslashes($_POST['email_from_field']);
|
|
| 47 |
$email_from = $admin->add_slashes($_POST['email_from_field']);
|
|
| 48 | 48 |
} |
| 49 |
$email_subject = addslashes($_POST['email_subject']);
|
|
| 50 |
$success_message = addslashes($_POST['success_message']);
|
|
| 49 |
$email_subject = $admin->add_slashes($_POST['email_subject']);
|
|
| 50 |
$success_message = $admin->add_slashes($_POST['success_message']);
|
|
| 51 | 51 |
if(!is_numeric($_POST['max_submissions'])) {
|
| 52 | 52 |
$max_submissions = 50; |
| 53 | 53 |
} else {
|
| trunk/wb/modules/form/view_submission.php | ||
|---|---|---|
| 75 | 75 |
</tr> |
| 76 | 76 |
<tr> |
| 77 | 77 |
<td colspan="2"> |
| 78 |
<?php echo $admin->stripslashes(str_replace('\n', '<br />', $submission['body'])); ?>
|
|
| 78 |
<?php echo $admin->strip_slashes(str_replace('\n', '<br />', $submission['body'])); ?>
|
|
| 79 | 79 |
</td> |
| 80 | 80 |
</tr> |
| 81 | 81 |
</table> |
| trunk/wb/modules/code/view.php | ||
|---|---|---|
| 26 | 26 |
// Get content |
| 27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'");
|
| 28 | 28 |
$fetch_content = $get_content->fetchRow(); |
| 29 |
$content = $this->stripslashes($fetch_content['content']); |
|
| 29 |
$content = $this->strip_slashes($fetch_content['content']);
|
|
| 30 | 30 |
eval($content); |
| 31 | 31 |
|
| 32 | 32 |
?> |
| trunk/wb/modules/code/save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save.php,v 1.2 2005/04/02 06:25:55 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 33 | 33 |
if(isset($_POST['content'])) {
|
| 34 | 34 |
$tags = array('<?php', '?>', '<?');
|
| 35 | 35 |
$blanks = array('','','');
|
| 36 |
$content = addslashes(str_replace($tags, $blanks, $_POST['content']));
|
|
| 36 |
$content = $admin->add_slashes(str_replace($tags, $blanks, $_POST['content']));
|
|
| 37 | 37 |
$database = new database(); |
| 38 | 38 |
$query = "UPDATE ".TABLE_PREFIX."mod_code SET content = '$content' WHERE section_id = '$section_id'"; |
| 39 | 39 |
$database->query($query); |
| trunk/wb/modules/code/modify.php | ||
|---|---|---|
| 32 | 32 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'"; |
| 33 | 33 |
$get_content = $database->query($query); |
| 34 | 34 |
$content = $get_content->fetchRow(); |
| 35 |
$content = $admin->stripslashes(htmlspecialchars($content['content'])); |
|
| 35 |
$content = $admin->strip_slashes(htmlspecialchars($content['content']));
|
|
| 36 | 36 |
|
| 37 | 37 |
// Insert vars |
| 38 | 38 |
$template->set_var(array( |
| trunk/wb/modules/news/modify_post.php | ||
|---|---|---|
| 51 | 51 |
function initEditor() {
|
| 52 | 52 |
var editor = new HTMLArea("short");
|
| 53 | 53 |
editor.registerPlugin(ContextMenu); |
| 54 |
editor.config.pageStyle = "body { <?php echo $admin->stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 54 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }";
|
|
| 55 | 55 |
editor.generate(); |
| 56 | 56 |
var editor = new HTMLArea("long");
|
| 57 | 57 |
editor.registerPlugin(ContextMenu); |
| 58 | 58 |
editor.registerPlugin(TableOperations); |
| 59 |
editor.config.pageStyle = "body { <?php echo $admin->stripslashes(WYSIWYG_STYLE); ?> }";
|
|
| 59 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }";
|
|
| 60 | 60 |
editor.generate(); |
| 61 | 61 |
} |
| 62 | 62 |
</script> |
| ... | ... | |
| 72 | 72 |
<tr> |
| 73 | 73 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 74 | 74 |
<td> |
| 75 |
<input type="text" name="title" value="<?php echo $admin->stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 75 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 76 | 76 |
</td> |
| 77 | 77 |
</tr> |
| 78 | 78 |
<tr> |
| ... | ... | |
| 121 | 121 |
<tr> |
| 122 | 122 |
<td valign="top"><?php echo $TEXT['SHORT']; ?>:</td> |
| 123 | 123 |
<td> |
| 124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->stripslashes($fetch_content['short'])); ?></textarea> |
|
| 124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['short'])); ?></textarea>
|
|
| 125 | 125 |
</td> |
| 126 | 126 |
</tr> |
| 127 | 127 |
<tr> |
| 128 | 128 |
<td valign="top"><?php echo $TEXT['LONG']; ?>:</td> |
| 129 | 129 |
<td> |
| 130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->stripslashes($fetch_content['long'])); ?></textarea> |
|
| 130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['long'])); ?></textarea>
|
|
| 131 | 131 |
</td> |
| 132 | 132 |
</tr> |
| 133 | 133 |
</table> |
| trunk/wb/modules/news/comment_page.php | ||
|---|---|---|
| 35 | 35 |
// Print comments page |
| 36 | 36 |
$vars = array('[POST_TITLE]', '[ACTION_URL]');
|
| 37 | 37 |
$values = array(POST_TITLE, WB_URL.'/modules/news/submit_comment.php?page_id='.PAGE_ID.'§ion_id='.SECTION_ID.'&post_id='.POST_ID); |
| 38 |
echo str_replace($vars, $values, $this->stripslashes($settings['comments_page'])); |
|
| 38 |
echo str_replace($vars, $values, $this->strip_slashes($settings['comments_page']));
|
|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
?> |
| trunk/wb/modules/news/save_post.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: save_post.php,v 1.8 2005/06/21 09:13:55 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 41 | 41 |
if($admin->get_post('title') == '' AND $admin->get_post('url') == '') {
|
| 42 | 42 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'§ion_id='.$section_id.'&post_id='.$id); |
| 43 | 43 |
} else {
|
| 44 |
$title = addslashes($admin->get_post('title'));
|
|
| 45 |
$short = addslashes($admin->get_post('short'));
|
|
| 46 |
$long = addslashes($admin->get_post('long'));
|
|
| 44 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 45 |
$short = $admin->add_slashes($admin->get_post('short'));
|
|
| 46 |
$long = $admin->add_slashes($admin->get_post('long'));
|
|
| 47 | 47 |
$commenting = $admin->get_post('commenting');
|
| 48 | 48 |
$active = $admin->get_post('active');
|
| 49 | 49 |
$old_link = $admin->get_post('link');
|
| trunk/wb/modules/news/modify_group.php | ||
|---|---|---|
| 51 | 51 |
<tr> |
| 52 | 52 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
| 53 | 53 |
<td> |
| 54 |
<input type="text" name="title" value="<?php echo $admin->stripslashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
| 54 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
| 55 | 55 |
</td> |
| 56 | 56 |
</tr> |
| 57 | 57 |
<tr> |
| trunk/wb/modules/news/modify_settings.php | ||
|---|---|---|
| 53 | 53 |
<tr> |
| 54 | 54 |
<td class="setting_name" width="100"><?php echo $TEXT['HEADER']; ?>:</td> |
| 55 | 55 |
<td class="setting_name"> |
| 56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->stripslashes($fetch_content['header']); ?></textarea> |
|
| 56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($fetch_content['header']); ?></textarea>
|
|
| 57 | 57 |
</td> |
| 58 | 58 |
</tr> |
| 59 | 59 |
<tr> |
| 60 | 60 |
<td class="setting_name"><?php echo $TEXT['POST'].' '.$TEXT['LOOP']; ?>:</td> |
| 61 | 61 |
<td class="setting_name"> |
| 62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->stripslashes($fetch_content['post_loop']); ?></textarea> |
|
| 62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($fetch_content['post_loop']); ?></textarea>
|
|
| 63 | 63 |
</td> |
| 64 | 64 |
</tr> |
| 65 | 65 |
<tr> |
| 66 | 66 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
| 67 | 67 |
<td class="setting_name"> |
| 68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['footer'])); ?></textarea> |
|
| 68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['footer'])); ?></textarea>
|
|
| 69 | 69 |
</td> |
| 70 | 70 |
</tr> |
| 71 | 71 |
<tr> |
| 72 | 72 |
<td class="setting_name"><?php echo $TEXT['POST_HEADER']; ?>:</td> |
| 73 | 73 |
<td class="setting_name"> |
| 74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['post_header'])); ?></textarea> |
|
| 74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_header'])); ?></textarea>
|
|
| 75 | 75 |
</td> |
| 76 | 76 |
</tr> |
| 77 | 77 |
<tr> |
| 78 | 78 |
<td class="setting_name"><?php echo $TEXT['POST_FOOTER']; ?>:</td> |
| 79 | 79 |
<td class="setting_name"> |
| 80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['post_footer'])); ?></textarea> |
|
| 80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_footer'])); ?></textarea>
|
|
| 81 | 81 |
</td> |
| 82 | 82 |
</tr> |
| 83 | 83 |
<tr> |
| ... | ... | |
| 130 | 130 |
<tr> |
| 131 | 131 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['HEADER']; ?>:</td> |
| 132 | 132 |
<td class="setting_name"> |
| 133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_header'])); ?></textarea> |
|
| 133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_header'])); ?></textarea>
|
|
| 134 | 134 |
</td> |
| 135 | 135 |
</tr> |
| 136 | 136 |
<tr> |
| 137 | 137 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['LOOP']; ?>:</td> |
| 138 | 138 |
<td class="setting_name"> |
| 139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->stripslashes($fetch_content['comments_loop'])); ?></textarea> |
|
| 139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_loop'])); ?></textarea> |
|
Also available in: Unified diff
Change addslashes,stripslashes to (wb class) method calls add_slashes,strip_slashes