Revision 42
Added by stefan about 19 years ago
trunk/wb/include/htmlarea/popups/link.php | ||
---|---|---|
75 | 75 |
global $template, $database; |
76 | 76 |
$get_pages = $database->query("SELECT page_id,menu_title,link,level FROM ".TABLE_PREFIX."pages WHERE parent = '$parent' AND visibility!='deleted' ORDER BY position ASC"); |
77 | 77 |
while($page = $get_pages->fetchRow()) { |
78 |
$title = $admin->strip_slashes($page['menu_title']); |
|
78 |
$title = $admin->strip_slashes_dummy($page['menu_title']);
|
|
79 | 79 |
// Add leading -'s so we can tell what level a page is at |
80 | 80 |
$leading_dashes = ''; |
81 | 81 |
for($i = 0; $i < $page['level']; $i++) { |
... | ... | |
99 | 99 |
$template->parse('page_list', 'page_list_block', true); |
100 | 100 |
// Loop through pages |
101 | 101 |
while($page = $get_pages->fetchRow()) { |
102 |
$title = $admin->strip_slashes($page['menu_title']); |
|
102 |
$title = $admin->strip_slashes_dummy($page['menu_title']);
|
|
103 | 103 |
$template->set_var('TITLE', $title); |
104 | 104 |
$template->set_var('LINK', '[wblink'.$page['page_id'].']'); |
105 | 105 |
$template->parse('page_list', 'page_list_block', true); |
trunk/wb/search/search.php | ||
---|---|---|
38 | 38 |
if(isset($_REQUEST['string'])) { |
39 | 39 |
if ($_REQUEST['match']!='exact') { |
40 | 40 |
$string=str_replace(',', '', $_REQUEST['string']); |
41 |
} |
|
41 |
} else { |
|
42 |
$string=$_REQUEST['string']; |
|
43 |
} |
|
42 | 44 |
// reverse potential magic_quotes action |
43 | 45 |
$original_string=$this->strip_slashes($string); |
44 | 46 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
... | ... | |
54 | 56 |
$all_checked = ''; |
55 | 57 |
$any_checked = ''; |
56 | 58 |
$exact_checked = ''; |
57 |
if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
|
|
59 |
if($_REQUEST['match'] != 'exact') {
|
|
58 | 60 |
// Split string into array with explode() function |
59 | 61 |
$exploded_string = explode(' ', $string); |
60 | 62 |
// Make sure there is no blank values in the array |
... | ... | |
103 | 105 |
// Replace vars in search settings with values |
104 | 106 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]'); |
105 | 107 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']); |
106 |
$search_footer = str_replace($vars, $values, $this->strip_slashes($fetch_footer['value'])); |
|
107 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes($fetch_results_header['value'])); |
|
108 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes($fetch_results_footer['value'])); |
|
108 |
$search_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_footer['value']));
|
|
109 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_header['value']));
|
|
110 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_footer['value']));
|
|
109 | 111 |
// Do extra vars/values replacement |
110 | 112 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]'); |
111 | 113 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked); |
112 |
$search_header = str_replace($vars, $values, $this->strip_slashes($fetch_header['value'])); |
|
114 |
$search_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_header['value']));
|
|
113 | 115 |
|
114 | 116 |
// Insert js code |
115 | 117 |
?> |
... | ... | |
158 | 160 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
159 | 161 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
160 | 162 |
} |
161 |
$values = array($link, $this->strip_slashes($page['page_title']),$this->strip_slashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
163 |
$values = array($link, $this->strip_slashes_dummy($page['page_title']),$this->strip_slashes_dummy($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
162 | 164 |
// Show loop code with vars replaced by values |
163 | 165 |
if($values != array()) { |
164 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value'])); |
|
166 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
165 | 167 |
} |
166 | 168 |
// Say that we have already listed this page id |
167 | 169 |
$pages_listed[$page['page_id']] = true; |
... | ... | |
184 | 186 |
// Fetch query start |
185 | 187 |
$fetch_query_start = $get_query_start->fetchRow(); |
186 | 188 |
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX |
187 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes($fetch_query_start['value'])); |
|
189 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes_dummy($fetch_query_start['value']));
|
|
188 | 190 |
// Get query end |
189 | 191 |
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1"); |
190 | 192 |
if($get_query_end->numRows() > 0) { |
191 | 193 |
// Fetch query start |
192 | 194 |
$fetch_query_end = $get_query_end->fetchRow(); |
193 | 195 |
// Set query end |
194 |
$query_end = $this->strip_slashes($fetch_query_end['value']); |
|
196 |
$query_end = $this->strip_slashes_dummy($fetch_query_end['value']);
|
|
195 | 197 |
// Get query body |
196 | 198 |
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1"); |
197 | 199 |
if($get_query_body->numRows() > 0) { |
198 | 200 |
// Fetch query start |
199 | 201 |
$fetch_query_body = $get_query_body->fetchRow(); |
200 | 202 |
// Prepare query body for execution by replacing {STRING} with the correct one |
201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes($fetch_query_body['value'])); |
|
203 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes_dummy($fetch_query_body['value']));
|
|
202 | 204 |
// Loop through query body for each string, then combine with start and end |
203 | 205 |
$prepared_query = $query_start; |
204 | 206 |
$count = 0; |
... | ... | |
226 | 228 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
227 | 229 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
228 | 230 |
} |
229 |
$values = array($link, $this->strip_slashes($page[$fields['title']]), $this->strip_slashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
231 |
$values = array($link, $this->strip_slashes_dummy($page[$fields['title']]), $this->strip_slashes_dummy($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
230 | 232 |
// Show loop code with vars replaced by values |
231 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value'])); |
|
233 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
232 | 234 |
// Say that this page or item has been listed if we can |
233 | 235 |
if(isset($fields['page_id'])) { |
234 | 236 |
$pages_listed[$page[$fields['page_id']]] = true; |
trunk/wb/admin/pages/intro.php | ||
---|---|---|
43 | 43 |
$template->set_file('page', 'intro.html'); |
44 | 44 |
$template->set_block('page', 'main_block', 'main'); |
45 | 45 |
$template->set_var(array( |
46 |
'CONTENT' => $admin->strip_slashes($content), |
|
46 |
'CONTENT' => $admin->strip_slashes_dummy($content),
|
|
47 | 47 |
'WB_URL' => WB_URL, |
48 | 48 |
'ADMIN_URL' => ADMIN_URL, |
49 | 49 |
'TEXT_SAVE' => $TEXT['SAVE'], |
trunk/wb/admin/pages/settings.php | ||
---|---|---|
79 | 79 |
$template->set_block('page', 'main_block', 'main'); |
80 | 80 |
$template->set_var(array( |
81 | 81 |
'PAGE_ID' => $results_array['page_id'], |
82 |
'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']), |
|
83 |
'MENU_TITLE' => $admin->strip_slashes($results_array['menu_title']), |
|
84 |
'DESCRIPTION' => $admin->strip_slashes($results_array['description']), |
|
85 |
'KEYWORDS' => $admin->strip_slashes($results_array['keywords']), |
|
82 |
'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
|
|
83 |
'MENU_TITLE' => $admin->strip_slashes_dummy($results_array['menu_title']),
|
|
84 |
'DESCRIPTION' => $admin->strip_slashes_dummy($results_array['description']),
|
|
85 |
'KEYWORDS' => $admin->strip_slashes_dummy($results_array['keywords']),
|
|
86 | 86 |
'MODIFIED_BY' => $user['display_name'], |
87 | 87 |
'MODIFIED_BY_USERNAME' => $user['username'], |
88 | 88 |
'MODIFIED_WHEN' => $modified_ts, |
... | ... | |
251 | 251 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; } |
252 | 252 |
$template->set_var(array( |
253 | 253 |
'ID' => $page['page_id'], |
254 |
'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title']) |
|
254 |
'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
|
|
255 | 255 |
) |
256 | 256 |
); |
257 | 257 |
if($results_array['parent'] == $page['page_id']) { |
trunk/wb/admin/pages/index.php | ||
---|---|---|
150 | 150 |
</td> |
151 | 151 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?> |
152 | 152 |
<td> |
153 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a> |
|
153 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes_dummy($page['page_title']); ?></a>
|
|
154 | 154 |
</td> |
155 | 155 |
<?php } else { ?> |
156 | 156 |
<td> |
157 |
<?php echo $admin->strip_slashes($page['page_title']); ?> |
|
157 |
<?php echo $admin->strip_slashes_dummy($page['page_title']); ?>
|
|
158 | 158 |
</td> |
159 | 159 |
<?php } ?> |
160 | 160 |
<td align="left" width="232"> |
161 |
<font color="#999999"><?php echo $admin->strip_slashes($page['menu_title']); ?></font> |
|
161 |
<font color="#999999"><?php echo $admin->strip_slashes_dummy($page['menu_title']); ?></font>
|
|
162 | 162 |
</td> |
163 | 163 |
<td align="center" valign="middle" width="90"> |
164 | 164 |
<?php if($page['visibility'] == 'public') { ?> |
... | ... | |
446 | 446 |
for($i = 1; $i <= $page['level']; $i++) { $title_prefix .= ' - '; } |
447 | 447 |
$template->set_var(array( |
448 | 448 |
'ID' => $page['page_id'], |
449 |
'TITLE' => $admin->strip_slashes($title_prefix.$page['page_title']) |
|
449 |
'TITLE' => $admin->strip_slashes_dummy($title_prefix.$page['page_title'])
|
|
450 | 450 |
) |
451 | 451 |
); |
452 | 452 |
if($can_modify == true) { |
trunk/wb/admin/pages/trash.php | ||
---|---|---|
141 | 141 |
</td> |
142 | 142 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true AND $page['visibility'] != 'heading') { ?> |
143 | 143 |
<td> |
144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes($page['page_title']); ?></a> |
|
144 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"><?php echo $admin->strip_slashes_dummy($page['page_title']); ?></a>
|
|
145 | 145 |
</td> |
146 | 146 |
<?php } else { ?> |
147 | 147 |
<td> |
148 | 148 |
<?php |
149 | 149 |
if($page['visibility'] != 'heading') { |
150 |
echo $admin->strip_slashes($page['page_title']); |
|
150 |
echo $admin->strip_slashes_dummy($page['page_title']);
|
|
151 | 151 |
} else { |
152 |
echo '<b>'.$admin->strip_slashes($page['page_title']).'</b>'; |
|
152 |
echo '<b>'.$admin->strip_slashes_dummy($page['page_title']).'</b>';
|
|
153 | 153 |
} |
154 | 154 |
?> |
155 | 155 |
</td> |
trunk/wb/admin/pages/sections.php | ||
---|---|---|
134 | 134 |
</td> |
135 | 135 |
<td align="right"> |
136 | 136 |
<?php echo $TEXT['CURRENT_PAGE']; ?>: |
137 |
<b><?php echo $admin->strip_slashes($results_array['page_title']); ?></b> |
|
137 |
<b><?php echo $admin->strip_slashes_dummy($results_array['page_title']); ?></b>
|
|
138 | 138 |
- |
139 | 139 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>"><?php echo $HEADING['MODIFY_PAGE']; ?></a> |
140 | 140 |
- |
trunk/wb/admin/pages/modify.php | ||
---|---|---|
81 | 81 |
$template->set_block('page', 'main_block', 'main'); |
82 | 82 |
$template->set_var(array( |
83 | 83 |
'PAGE_ID' => $results_array['page_id'], |
84 |
'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']), |
|
84 |
'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
|
|
85 | 85 |
'MODIFIED_BY' => $user['display_name'], |
86 | 86 |
'MODIFIED_BY_USERNAME' => $user['username'], |
87 | 87 |
'MODIFIED_WHEN' => $modified_ts, |
trunk/wb/admin/pages/add.php | ||
---|---|---|
77 | 77 |
$database = new database(); |
78 | 78 |
$get_same_page = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE link = '$link'"); |
79 | 79 |
if($get_same_page->numRows() > 0) { |
80 |
$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
80 |
$admin->print_error("database"); |
|
81 |
// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
81 | 82 |
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'.php')) { |
82 |
$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
83 |
$admin->print_error(WB_PATH.PAGES_DIRECTORY.$link.'.php'); |
|
84 |
// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
83 | 85 |
} elseif(file_exists(WB_PATH.PAGES_DIRECTORY.$link.'/')) { |
84 |
$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
86 |
$admin->print_error("dir"); |
|
87 |
// $admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']); |
|
85 | 88 |
} |
86 | 89 |
|
87 | 90 |
// Include the ordering class |
trunk/wb/admin/settings/index.php | ||
---|---|---|
45 | 45 |
$results = $database->query($query); |
46 | 46 |
while($setting = $results->fetchRow()) { |
47 | 47 |
$setting_name = $setting['name']; |
48 |
$setting_value = htmlspecialchars($admin->strip_slashes($setting['value'])); |
|
48 |
$setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
|
|
49 | 49 |
switch($setting_name) { |
50 | 50 |
// Website title |
51 | 51 |
case 'title': |
... | ... | |
79 | 79 |
$results = $database->query($query); |
80 | 80 |
while($setting = $results->fetchRow()) { |
81 | 81 |
$setting_name = $setting['name']; |
82 |
$setting_value = htmlspecialchars($admin->strip_slashes($setting['value'])); |
|
82 |
$setting_value = htmlspecialchars($admin->strip_slashes_dummy($setting['value']));
|
|
83 | 83 |
switch($setting_name) { |
84 | 84 |
// Search header |
85 | 85 |
case 'header': |
... | ... | |
463 | 463 |
} |
464 | 464 |
|
465 | 465 |
// Insert WYSIWYG style value into template |
466 |
$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes(WYSIWYG_STYLE)); |
|
466 |
$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes_dummy(WYSIWYG_STYLE));
|
|
467 | 467 |
|
468 | 468 |
// Insert Server Email value into template |
469 | 469 |
$template->set_var('SERVER_EMAIL', SERVER_EMAIL); |
trunk/wb/modules/wrapper/view.php | ||
---|---|---|
26 | 26 |
// Get url |
27 | 27 |
$get_settings = $database->query("SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'"); |
28 | 28 |
$fetch_settings = $get_settings->fetchRow(); |
29 |
$url = $this->strip_slashes($fetch_settings['url']); |
|
29 |
$url = $this->strip_slashes_dummy($fetch_settings['url']);
|
|
30 | 30 |
|
31 | 31 |
?> |
32 | 32 |
<iframe src="<?php echo $url; ?>" width="100%" height="<?php echo $fetch_settings['height']; ?>px" frameborder="0" scrolling="auto"> |
trunk/wb/modules/wrapper/modify.php | ||
---|---|---|
32 | 32 |
$query = "SELECT url,height FROM ".TABLE_PREFIX."mod_wrapper WHERE section_id = '$section_id'"; |
33 | 33 |
$get_settings = $database->query($query); |
34 | 34 |
$settings = $get_settings->fetchRow(); |
35 |
$url = $admin->strip_slashes($settings['url']); |
|
35 |
$url = $admin->strip_slashes_dummy($settings['url']);
|
|
36 | 36 |
$height = $settings['height']; |
37 | 37 |
|
38 | 38 |
// Insert vars |
trunk/wb/modules/menu_link/modify.php | ||
---|---|---|
32 | 32 |
$query_info = "SELECT link,target FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
33 | 33 |
$get_info = $database->query($query_info); |
34 | 34 |
$fetch_info = $get_info->fetchRow(); |
35 |
$link = $admin->strip_slashes($fetch_info['link']); |
|
35 |
$link = $admin->strip_slashes_dummy($fetch_info['link']);
|
|
36 | 36 |
$target = $fetch_info['target']; |
37 | 37 |
|
38 | 38 |
// Insert vars |
trunk/wb/modules/wysiwyg/view.php | ||
---|---|---|
26 | 26 |
// Get content |
27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'"); |
28 | 28 |
$fetch_content = $get_content->fetchRow(); |
29 |
$content = $this->strip_slashes($fetch_content['content']); |
|
29 |
$content = $this->strip_slashes_dummy($fetch_content['content']);
|
|
30 | 30 |
|
31 | 31 |
$this->preprocess($content); |
32 | 32 |
|
trunk/wb/modules/wysiwyg/modify.php | ||
---|---|---|
29 | 29 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_wysiwyg WHERE section_id = '$section_id'"; |
30 | 30 |
$get_content = $database->query($query); |
31 | 31 |
$content = $get_content->fetchRow(); |
32 |
$content = $admin->strip_slashes(htmlspecialchars($content['content'])); |
|
32 |
$content = $admin->strip_slashes_dummy(htmlspecialchars($content['content']));
|
|
33 | 33 |
|
34 | 34 |
// Load HTMLArea |
35 | 35 |
if(!isset($loaded_htmlarea)) { |
... | ... | |
55 | 55 |
echo 'var editor = new HTMLArea("content'.$wysiwyg_section["section_id"].'");' |
56 | 56 |
. 'editor.registerPlugin(ContextMenu);' |
57 | 57 |
. 'editor.registerPlugin(TableOperations);' |
58 |
. 'editor.config.pageStyle = "body { '.$admin->strip_slashes(WYSIWYG_STYLE).' }";' |
|
58 |
. 'editor.config.pageStyle = "body { '.$admin->strip_slashes_dummy(WYSIWYG_STYLE).' }";'
|
|
59 | 59 |
. 'editor.generate();'; |
60 | 60 |
} |
61 | 61 |
} |
trunk/wb/modules/form/modify_field.php | ||
---|---|---|
63 | 63 |
<tr> |
64 | 64 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
65 | 65 |
<td> |
66 |
<input type="text" name="title" value="<?php echo htmlspecialchars($admin->strip_slashes($form['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
66 |
<input type="text" name="title" value="<?php echo htmlspecialchars($admin->strip_slashes_dummy($form['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
67 | 67 |
</td> |
68 | 68 |
</tr> |
69 | 69 |
<tr> |
... | ... | |
86 | 86 |
<tr> |
87 | 87 |
<td valign="top"><?php echo $TEXT['TEMPLATE']; ?>:</td> |
88 | 88 |
<td> |
89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->strip_slashes($form['extra'])); ?></textarea> |
|
89 |
<textarea name="template" style="width: 100%; height: 20px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($form['extra'])); ?></textarea>
|
|
90 | 90 |
</td> |
91 | 91 |
</tr> |
92 | 92 |
<?php } elseif($type == 'textfield') { ?> |
trunk/wb/modules/form/modify_settings.php | ||
---|---|---|
58 | 58 |
<tr> |
59 | 59 |
<td class="setting_name" width="220"><?php echo $TEXT['HEADER']; ?>:</td> |
60 | 60 |
<td class="setting_name"> |
61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($setting['header']); ?></textarea> |
|
61 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes_dummy($setting['header']); ?></textarea>
|
|
62 | 62 |
</td> |
63 | 63 |
</tr> |
64 | 64 |
<tr> |
65 | 65 |
<td class="setting_name"><?php echo $TEXT['FIELD'].' '.$TEXT['LOOP']; ?>:</td> |
66 | 66 |
<td class="setting_name"> |
67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($setting['field_loop']); ?></textarea> |
|
67 |
<textarea name="field_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes_dummy($setting['field_loop']); ?></textarea>
|
|
68 | 68 |
</td> |
69 | 69 |
</tr> |
70 | 70 |
<tr> |
71 | 71 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
72 | 72 |
<td class="setting_name"> |
73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['footer'])); ?></textarea> |
|
73 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['footer'])); ?></textarea>
|
|
74 | 74 |
</td> |
75 | 75 |
</tr> |
76 | 76 |
<tr> |
77 | 77 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['TO']; ?>:</td> |
78 | 78 |
<td class="setting_name"> |
79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_to'])); ?></textarea> |
|
79 |
<textarea name="email_to" style="width: 100%; height: 30px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_to'])); ?></textarea>
|
|
80 | 80 |
</td> |
81 | 81 |
</tr> |
82 | 82 |
<tr> |
... | ... | |
85 | 85 |
<select name="email_from_field" style="width: 100%;"> |
86 | 86 |
<option value="" onclick="javascript: document.getElementById('email_from').style.display = 'block';"><?php echo $TEXT['CUSTOM']; ?>:</option> |
87 | 87 |
<?php |
88 |
$email_from_value = str_replace($raw, $friendly, $admin->strip_slashes($setting['email_from'])); |
|
88 |
$email_from_value = str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_from']));
|
|
89 | 89 |
$query_email_fields = $database->query("SELECT field_id,title FROM ".TABLE_PREFIX."mod_form_fields ORDER BY position ASC"); |
90 | 90 |
if($query_email_fields->numRows() > 0) { |
91 | 91 |
while($field = $query_email_fields->fetchRow()) { |
... | ... | |
104 | 104 |
<tr> |
105 | 105 |
<td class="setting_name"><?php echo $TEXT['EMAIL'].' '.$TEXT['SUBJECT']; ?>:</td> |
106 | 106 |
<td class="setting_name"> |
107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['email_subject'])); ?>" /> |
|
107 |
<input type="text" name="email_subject" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['email_subject'])); ?>" />
|
|
108 | 108 |
</td> |
109 | 109 |
</tr> |
110 | 110 |
<tr> |
111 | 111 |
<td class="setting_name"><?php echo $TEXT['SUCCESS'].' '.$TEXT['MESSAGE']; ?>:</td> |
112 | 112 |
<td class="setting_name"> |
113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['success_message'])); ?></textarea> |
|
113 |
<textarea name="success_message" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['success_message'])); ?></textarea>
|
|
114 | 114 |
</td> |
115 | 115 |
</tr> |
116 | 116 |
<tr> |
117 | 117 |
<td class="setting_name"><?php echo $TEXT['MAX_SUBMISSIONS_PER_HOUR']; ?>:</td> |
118 | 118 |
<td class="setting_name"> |
119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['max_submissions'])); ?>" /> |
|
119 |
<input type="text" name="max_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['max_submissions'])); ?>" />
|
|
120 | 120 |
</td> |
121 | 121 |
</tr> |
122 | 122 |
<tr> |
123 | 123 |
<td class="setting_name"><?php echo $TEXT['SUBMISSIONS_STORED_IN_DATABASE']; ?>:</td> |
124 | 124 |
<td class="setting_name"> |
125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes($setting['stored_submissions'])); ?>" /> |
|
125 |
<input type="text" name="stored_submissions" style="width: 100%;" maxlength="255" value="<?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($setting['stored_submissions'])); ?>" />
|
|
126 | 126 |
</td> |
127 | 127 |
</tr> |
128 | 128 |
</table> |
trunk/wb/modules/form/view.php | ||
---|---|---|
113 | 113 |
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'"); |
114 | 114 |
if($query_settings->numRows() > 0) { |
115 | 115 |
$fetch_settings = $query_settings->fetchRow(); |
116 |
$header = $this->strip_slashes($fetch_settings['header']); |
|
117 |
$field_loop = $this->strip_slashes($fetch_settings['field_loop']); |
|
118 |
$footer = $this->strip_slashes($fetch_settings['footer']); |
|
116 |
$header = $this->strip_slashes_dummy($fetch_settings['header']);
|
|
117 |
$field_loop = $this->strip_slashes_dummy($fetch_settings['field_loop']);
|
|
118 |
$footer = $this->strip_slashes_dummy($fetch_settings['footer']);
|
|
119 | 119 |
} else { |
120 | 120 |
$header = ''; |
121 | 121 |
$field_loop = ''; |
... | ... | |
136 | 136 |
while($field = $query_fields->fetchRow()) { |
137 | 137 |
// Set field values |
138 | 138 |
$field_id = $field['field_id']; |
139 |
$value = $this->strip_slashes($field['value']); |
|
139 |
$value = $this->strip_slashes_dummy($field['value']);
|
|
140 | 140 |
// Print field_loop after replacing vars with values |
141 | 141 |
$vars = array('{TITLE}', '{REQUIRED}'); |
142 | 142 |
$values = array($field['title']); |
... | ... | |
198 | 198 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'"); |
199 | 199 |
if($query_settings->numRows() > 0) { |
200 | 200 |
$fetch_settings = $query_settings->fetchRow(); |
201 |
$email_to = $this->strip_slashes($fetch_settings['email_to']); |
|
202 |
$email_from = $this->strip_slashes($fetch_settings['email_from']); |
|
201 |
$email_to = $this->strip_slashes_dummy($fetch_settings['email_to']);
|
|
202 |
$email_from = $this->strip_slashes_dummy($fetch_settings['email_from']);
|
|
203 | 203 |
if(substr($email_from, 0, 5) == 'field') { |
204 | 204 |
// Set the email from field to what the user entered in the specified field |
205 | 205 |
$email_from = $this->add_slashes($_POST[$email_from]); |
206 | 206 |
} |
207 |
$email_subject = $this->strip_slashes($fetch_settings['email_subject']); |
|
208 |
$success_message = $this->strip_slashes($fetch_settings['success_message']); |
|
209 |
$max_submissions = $this->strip_slashes($fetch_settings['max_submissions']); |
|
210 |
$stored_submissions = $this->strip_slashes($fetch_settings['stored_submissions']); |
|
207 |
$email_subject = $this->strip_slashes_dummy($fetch_settings['email_subject']);
|
|
208 |
$success_message = $this->strip_slashes_dummy($fetch_settings['success_message']);
|
|
209 |
$max_submissions = $this->strip_slashes_dummy($fetch_settings['max_submissions']);
|
|
210 |
$stored_submissions = $this->strip_slashes_dummy($fetch_settings['stored_submissions']);
|
|
211 | 211 |
} else { |
212 | 212 |
exit($TEXT['UNDER_CONSTRUCTION']); |
213 | 213 |
} |
... | ... | |
231 | 231 |
} elseif (!is_array($_POST['field'.$field['field_id']])) { |
232 | 232 |
$email_body .= ' |
233 | 233 |
|
234 |
'.$this->strip_slashes($field['title']).': '.$_POST['field'.$field['field_id']]."\n"; |
|
234 |
'.$this->strip_slashes_dummy($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
|
|
235 | 235 |
} else { |
236 | 236 |
$email_body .= ' |
237 | 237 |
|
238 |
'.$this->strip_slashes($field['title']).": \n"; |
|
238 |
'.$this->strip_slashes_dummy($field['title']).": \n";
|
|
239 | 239 |
foreach ($_POST['field'.$field['field_id']] as $k=>$v) { |
240 | 240 |
$email_body .= ' |
241 | 241 |
|
... | ... | |
243 | 243 |
} |
244 | 244 |
} |
245 | 245 |
} elseif($field['required'] == 1) { |
246 |
$required[] = $this->strip_slashes($field['title']); |
|
246 |
$required[] = $this->strip_slashes_dummy($field['title']);
|
|
247 | 247 |
} |
248 | 248 |
} |
249 | 249 |
} |
trunk/wb/modules/form/view_submission.php | ||
---|---|---|
75 | 75 |
</tr> |
76 | 76 |
<tr> |
77 | 77 |
<td colspan="2"> |
78 |
<?php echo $admin->strip_slashes(str_replace('\n', '<br />', $submission['body'])); ?> |
|
78 |
<?php echo $admin->strip_slashes_dummy(str_replace('\n', '<br />', $submission['body'])); ?>
|
|
79 | 79 |
</td> |
80 | 80 |
</tr> |
81 | 81 |
</table> |
trunk/wb/modules/code/view.php | ||
---|---|---|
26 | 26 |
// Get content |
27 | 27 |
$get_content = $database->query("SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'"); |
28 | 28 |
$fetch_content = $get_content->fetchRow(); |
29 |
$content = $this->strip_slashes($fetch_content['content']); |
|
29 |
$content = $this->strip_slashes_dummy($fetch_content['content']);
|
|
30 | 30 |
eval($content); |
31 | 31 |
|
32 | 32 |
?> |
trunk/wb/modules/code/modify.php | ||
---|---|---|
32 | 32 |
$query = "SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'"; |
33 | 33 |
$get_content = $database->query($query); |
34 | 34 |
$content = $get_content->fetchRow(); |
35 |
$content = $admin->strip_slashes(htmlspecialchars($content['content'])); |
|
35 |
$content = $admin->strip_slashes_dummy(htmlspecialchars($content['content']));
|
|
36 | 36 |
|
37 | 37 |
// Insert vars |
38 | 38 |
$template->set_var(array( |
trunk/wb/modules/news/modify_post.php | ||
---|---|---|
51 | 51 |
function initEditor() { |
52 | 52 |
var editor = new HTMLArea("short"); |
53 | 53 |
editor.registerPlugin(ContextMenu); |
54 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }"; |
|
54 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes_dummy(WYSIWYG_STYLE); ?> }";
|
|
55 | 55 |
editor.generate(); |
56 | 56 |
var editor = new HTMLArea("long"); |
57 | 57 |
editor.registerPlugin(ContextMenu); |
58 | 58 |
editor.registerPlugin(TableOperations); |
59 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes(WYSIWYG_STYLE); ?> }"; |
|
59 |
editor.config.pageStyle = "body { <?php echo $admin->strip_slashes_dummy(WYSIWYG_STYLE); ?> }";
|
|
60 | 60 |
editor.generate(); |
61 | 61 |
} |
62 | 62 |
</script> |
... | ... | |
72 | 72 |
<tr> |
73 | 73 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
74 | 74 |
<td> |
75 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
75 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
76 | 76 |
</td> |
77 | 77 |
</tr> |
78 | 78 |
<tr> |
... | ... | |
121 | 121 |
<tr> |
122 | 122 |
<td valign="top"><?php echo $TEXT['SHORT']; ?>:</td> |
123 | 123 |
<td> |
124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['short'])); ?></textarea> |
|
124 |
<textarea name="short" id="short" style="width: 100%; height: 135px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($fetch_content['short'])); ?></textarea>
|
|
125 | 125 |
</td> |
126 | 126 |
</tr> |
127 | 127 |
<tr> |
128 | 128 |
<td valign="top"><?php echo $TEXT['LONG']; ?>:</td> |
129 | 129 |
<td> |
130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->strip_slashes($fetch_content['long'])); ?></textarea> |
|
130 |
<textarea name="long" id="long" style="width: 100%; height: 300px;"><?php echo htmlspecialchars($admin->strip_slashes_dummy($fetch_content['long'])); ?></textarea>
|
|
131 | 131 |
</td> |
132 | 132 |
</tr> |
133 | 133 |
</table> |
trunk/wb/modules/news/comment_page.php | ||
---|---|---|
35 | 35 |
// Print comments page |
36 | 36 |
$vars = array('[POST_TITLE]', '[ACTION_URL]'); |
37 | 37 |
$values = array(POST_TITLE, WB_URL.'/modules/news/submit_comment.php?page_id='.PAGE_ID.'§ion_id='.SECTION_ID.'&post_id='.POST_ID); |
38 |
echo str_replace($vars, $values, $this->strip_slashes($settings['comments_page'])); |
|
38 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($settings['comments_page']));
|
|
39 | 39 |
} |
40 | 40 |
|
41 | 41 |
?> |
trunk/wb/modules/news/modify_group.php | ||
---|---|---|
51 | 51 |
<tr> |
52 | 52 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
53 | 53 |
<td> |
54 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
54 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
55 | 55 |
</td> |
56 | 56 |
</tr> |
57 | 57 |
<tr> |
trunk/wb/modules/news/modify_settings.php | ||
---|---|---|
53 | 53 |
<tr> |
54 | 54 |
<td class="setting_name" width="100"><?php echo $TEXT['HEADER']; ?>:</td> |
55 | 55 |
<td class="setting_name"> |
56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes($fetch_content['header']); ?></textarea> |
|
56 |
<textarea name="header" style="width: 100%; height: 80px;"><?php echo $admin->strip_slashes_dummy($fetch_content['header']); ?></textarea>
|
|
57 | 57 |
</td> |
58 | 58 |
</tr> |
59 | 59 |
<tr> |
60 | 60 |
<td class="setting_name"><?php echo $TEXT['POST'].' '.$TEXT['LOOP']; ?>:</td> |
61 | 61 |
<td class="setting_name"> |
62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes($fetch_content['post_loop']); ?></textarea> |
|
62 |
<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo $admin->strip_slashes_dummy($fetch_content['post_loop']); ?></textarea>
|
|
63 | 63 |
</td> |
64 | 64 |
</tr> |
65 | 65 |
<tr> |
66 | 66 |
<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td> |
67 | 67 |
<td class="setting_name"> |
68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['footer'])); ?></textarea> |
|
68 |
<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['footer'])); ?></textarea>
|
|
69 | 69 |
</td> |
70 | 70 |
</tr> |
71 | 71 |
<tr> |
72 | 72 |
<td class="setting_name"><?php echo $TEXT['POST_HEADER']; ?>:</td> |
73 | 73 |
<td class="setting_name"> |
74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_header'])); ?></textarea> |
|
74 |
<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['post_header'])); ?></textarea>
|
|
75 | 75 |
</td> |
76 | 76 |
</tr> |
77 | 77 |
<tr> |
78 | 78 |
<td class="setting_name"><?php echo $TEXT['POST_FOOTER']; ?>:</td> |
79 | 79 |
<td class="setting_name"> |
80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['post_footer'])); ?></textarea> |
|
80 |
<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['post_footer'])); ?></textarea>
|
|
81 | 81 |
</td> |
82 | 82 |
</tr> |
83 | 83 |
<tr> |
... | ... | |
130 | 130 |
<tr> |
131 | 131 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['HEADER']; ?>:</td> |
132 | 132 |
<td class="setting_name"> |
133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_header'])); ?></textarea> |
|
133 |
<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_header'])); ?></textarea>
|
|
134 | 134 |
</td> |
135 | 135 |
</tr> |
136 | 136 |
<tr> |
137 | 137 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['LOOP']; ?>:</td> |
138 | 138 |
<td class="setting_name"> |
139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_loop'])); ?></textarea> |
|
139 |
<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_loop'])); ?></textarea>
|
|
140 | 140 |
</td> |
141 | 141 |
</tr> |
142 | 142 |
<tr> |
143 | 143 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['FOOTER']; ?>:</td> |
144 | 144 |
<td class="setting_name"> |
145 |
<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_footer'])); ?></textarea> |
|
145 |
<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_footer'])); ?></textarea>
|
|
146 | 146 |
</td> |
147 | 147 |
</tr> |
148 | 148 |
<tr> |
149 | 149 |
<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['PAGE']; ?>:</td> |
150 | 150 |
<td class="setting_name"> |
151 |
<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes($fetch_content['comments_page'])); ?></textarea> |
|
151 |
<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, $admin->strip_slashes_dummy($fetch_content['comments_page'])); ?></textarea>
|
|
152 | 152 |
</td> |
153 | 153 |
</tr> |
154 | 154 |
</table> |
trunk/wb/modules/news/modify_comment.php | ||
---|---|---|
52 | 52 |
<tr> |
53 | 53 |
<td width="80"><?php echo $TEXT['TITLE']; ?>:</td> |
54 | 54 |
<td> |
55 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" /> |
|
55 |
<input type="text" name="title" value="<?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['title'])); ?>" style="width: 100%;" maxlength="255" />
|
|
56 | 56 |
</td> |
57 | 57 |
</tr> |
58 | 58 |
<tr> |
59 | 59 |
<td valign="top"><?php echo $TEXT['COMMENT']; ?>:</td> |
60 | 60 |
<td> |
61 |
<textarea name="comment" style="width: 100%; height: 150px;"><?php echo $admin->strip_slashes(htmlspecialchars($fetch_content['comment'])); ?></textarea> |
|
61 |
<textarea name="comment" style="width: 100%; height: 150px;"><?php echo $admin->strip_slashes_dummy(htmlspecialchars($fetch_content['comment'])); ?></textarea>
|
|
62 | 62 |
</td> |
63 | 63 |
</tr> |
64 | 64 |
</table> |
trunk/wb/modules/news/view.php | ||
---|---|---|
55 | 55 |
while($group = $query_users->fetchRow()) { |
56 | 56 |
// Insert user info into users array |
57 | 57 |
$group_id = $group['group_id']; |
58 |
$groups[$group_id]['title'] = $this->strip_slashes($group['title']); |
|
58 |
$groups[$group_id]['title'] = $this->strip_slashes_dummy($group['title']);
|
|
59 | 59 |
$groups[$group_id]['active'] = $group['active']; |
60 | 60 |
if(file_exists(WB_PATH.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg')) { |
61 | 61 |
$groups[$group_id]['image'] = WB_URL.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg'; |
... | ... | |
82 | 82 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'"); |
83 | 83 |
if($query_settings->numRows() > 0) { |
84 | 84 |
$fetch_settings = $query_settings->fetchRow(); |
85 |
$setting_header = $this->strip_slashes($fetch_settings['header']); |
|
86 |
$setting_post_loop = $this->strip_slashes($fetch_settings['post_loop']); |
|
87 |
$setting_footer = $this->strip_slashes($fetch_settings['footer']); |
|
85 |
$setting_header = $this->strip_slashes_dummy($fetch_settings['header']);
|
|
86 |
$setting_post_loop = $this->strip_slashes_dummy($fetch_settings['post_loop']);
|
|
87 |
$setting_footer = $this->strip_slashes_dummy($fetch_settings['footer']);
|
|
88 | 88 |
$setting_posts_per_page = $fetch_settings['posts_per_page']; |
89 | 89 |
} else { |
90 | 90 |
$setting_header = ''; |
... | ... | |
185 | 185 |
if($group_image == '') { $display_image = 'none'; } else { $display_image = ''; } |
186 | 186 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; } |
187 | 187 |
// Replace [wblink--PAGE_ID--] with real link |
188 |
$short = $this->strip_slashes($post['short']); |
|
188 |
$short = $this->strip_slashes_dummy($post['short']);
|
|
189 | 189 |
$this->preprocess($short); |
190 | 190 |
// Replace vars with values |
191 | 191 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[LINK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]', '[TEXT_READ_MORE]'); |
192 | 192 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']); |
|
193 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);
|
|
194 | 194 |
} else { |
195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']); |
|
195 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);
|
|
196 | 196 |
} |
197 | 197 |
echo str_replace($vars, $values, $setting_post_loop); |
198 | 198 |
} |
... | ... | |
212 | 212 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'"); |
213 | 213 |
if($query_settings->numRows() > 0) { |
214 | 214 |
$fetch_settings = $query_settings->fetchRow(); |
215 |
$setting_post_header = $this->strip_slashes($fetch_settings['post_header']); |
|
216 |
$setting_post_footer = $this->strip_slashes($fetch_settings['post_footer']); |
|
217 |
$setting_comments_header = $this->strip_slashes($fetch_settings['comments_header']); |
|
218 |
$setting_comments_loop = $this->strip_slashes($fetch_settings['comments_loop']); |
|
219 |
$setting_comments_footer = $this->strip_slashes($fetch_settings['comments_footer']); |
|
215 |
$setting_post_header = $this->strip_slashes_dummy($fetch_settings['post_header']);
|
|
216 |
$setting_post_footer = $this->strip_slashes_dummy($fetch_settings['post_footer']);
|
|
217 |
$setting_comments_header = $this->strip_slashes_dummy($fetch_settings['comments_header']);
|
|
218 |
$setting_comments_loop = $this->strip_slashes_dummy($fetch_settings['comments_loop']);
|
|
219 |
$setting_comments_footer = $this->strip_slashes_dummy($fetch_settings['comments_footer']);
|
|
220 | 220 |
} else { |
221 | 221 |
$setting_post_header = ''; |
222 | 222 |
$setting_post_footer = ''; |
... | ... | |
258 | 258 |
if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; } |
259 | 259 |
$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[BACK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]'); |
260 | 260 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
261 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email']);
|
|
262 | 262 |
} else { |
263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes($post['title']), $this->strip_slashes($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
263 |
$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $this->strip_slashes_dummy($post['title']), $this->strip_slashes_dummy($post['short']), $page_link, $post_date, $post_time, '', '', '', '');
|
|
264 | 264 |
} |
265 |
$post_long = $this->strip_slashes($post['long']); |
|
265 |
$post_long = $this->strip_slashes_dummy($post['long']);
|
|
266 | 266 |
} |
267 | 267 |
} else { |
268 | 268 |
header('Location: '.WB_URL.'/pages/'); |
... | ... | |
290 | 290 |
if($query_comments->numRows() > 0) { |
291 | 291 |
while($comment = $query_comments->fetchRow()) { |
292 | 292 |
// Display Comments without slashes, but with new-line characters |
293 |
$comment['comment'] = nl2br($this->strip_slashes($comment['comment'])); |
|
294 |
$comment['title'] = $this->strip_slashes($comment['title']); |
|
293 |
$comment['comment'] = nl2br($this->strip_slashes_dummy($comment['comment']));
|
|
294 |
$comment['title'] = $this->strip_slashes_dummy($comment['title']);
|
|
295 | 295 |
// Print comments loop |
296 | 296 |
$commented_date = gmdate(DATE_FORMAT, $comment['commented_when']+TIMEZONE); |
297 | 297 |
$commented_time = gmdate(TIME_FORMAT, $comment['commented_when']+TIMEZONE); |
298 | 298 |
$uid = $comment['commented_by']; |
299 | 299 |
$vars = array('[TITLE]','[COMMENT]','[DATE]','[TIME]','[USER_ID]','[USERNAME]','[DISPLAY_NAME]', '[EMAIL]'); |
300 | 300 |
if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') { |
301 |
$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes($users[$uid]['username']), $this->strip_slashes($users[$uid]['display_name']), $this->strip_slashes($users[$uid]['email']));
|
|
301 |
$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, $uid, $this->strip_slashes_dummy($users[$uid]['username']), $this->strip_slashes_dummy($users[$uid]['display_name']), $this->strip_slashes_dummy($users[$uid]['email']));
|
|
302 | 302 |
} else { |
303 |
$values = array($this->strip_slashes($comment['title']), $this->strip_slashes($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
303 |
$values = array($this->strip_slashes_dummy($comment['title']), $this->strip_slashes_dummy($comment['comment']), $commented_date, $commented_time, '0', strtolower($TEXT['UNKNOWN']), $TEXT['UNKNOWN'], '');
|
|
304 | 304 |
} |
305 | 305 |
echo str_replace($vars, $values, $setting_comments_loop); |
306 | 306 |
} |
trunk/wb/modules/news/modify.php | ||
---|---|---|
65 | 65 |
</td> |
66 | 66 |
<td> |
67 | 67 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>§ion_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>"> |
68 |
<?php echo $admin->strip_slashes($post['title']); ?> |
|
68 |
<?php echo $admin->strip_slashes_dummy($post['title']); ?>
|
|
69 | 69 |
</a> |
70 | 70 |
</td> |
71 | 71 |
<td width="180"> |
... | ... | |
74 | 74 |
$query_title = $database->query("SELECT title FROM ".TABLE_PREFIX."mod_news_groups WHERE group_id = '".$post['group_id']."'"); |
75 | 75 |
if($query_title->numRows() > 0) { |
76 | 76 |
$fetch_title = $query_title->fetchRow(); |
77 |
echo $admin->strip_slashes($fetch_title['title']); |
|
77 |
echo $admin->strip_slashes_dummy($fetch_title['title']);
|
|
78 | 78 |
} else { |
79 | 79 |
echo $TEXT['NONE']; |
80 | 80 |
} |
trunk/wb/modules/admin.php | ||
---|---|---|
126 | 126 |
$template->set_block('page', 'main_block', 'main'); |
127 | 127 |
$template->set_var(array( |
128 | 128 |
'PAGE_ID' => $results_array['page_id'], |
129 |
'PAGE_TITLE' => $admin->strip_slashes($results_array['page_title']), |
|
129 |
'PAGE_TITLE' => $admin->strip_slashes_dummy($results_array['page_title']),
|
|
130 | 130 |
'MODIFIED_BY' => $user['display_name'], |
131 | 131 |
'MODIFIED_BY_USERNAME' => $user['username'], |
132 | 132 |
'MODIFIED_WHEN' => $modified_ts, |
trunk/wb/framework/class.admin.php | ||
---|---|---|
93 | 93 |
'SECTION_NAME' => $MENU[strtoupper($this->section_name)], |
94 | 94 |
'INTERFACE_DIR' => ADMIN_URL.'/interface', |
95 | 95 |
'BODY_TAGS' => $body_tags, |
96 |
'WEBSITE_TITLE' => $this->strip_slashes($title['value']), |
|
96 |
'WEBSITE_TITLE' => $this->strip_slashes_dummy($title['value']),
|
|
97 | 97 |
'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'], |
98 | 98 |
'VERSION' => VERSION |
99 | 99 |
) |
trunk/wb/framework/class.wb.php | ||
---|---|---|
71 | 71 |
|
72 | 72 |
// Modified addslashes function which takes into account magic_quotes |
73 | 73 |
function add_slashes($input) { |
74 |
return addslashes($input); |
|
75 | 74 |
if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) { |
76 | 75 |
return $input; |
77 | 76 |
} |
... | ... | |
88 | 87 |
return $output; |
89 | 88 |
} |
90 | 89 |
|
90 |
function strip_slashes_dummy($input) { |
|
91 |
return $input; |
|
92 |
} |
|
93 |
|
|
91 | 94 |
// Escape backslashes for use with mySQL LIKE strings |
92 | 95 |
function escape_backslashes($input) { |
93 |
return str_replace("\\","\\\\",$output);
|
|
96 |
return str_replace("\\","\\\\",$input);
|
|
94 | 97 |
} |
95 | 98 |
|
96 | 99 |
// Get POST data |
... | ... | |
151 | 154 |
|
152 | 155 |
// Get the current users display name |
153 | 156 |
function get_display_name() { |
154 |
return $this->strip_slashes($_SESSION['DISPLAY_NAME']); |
|
157 |
return $this->strip_slashes_dummy($_SESSION['DISPLAY_NAME']);
|
|
155 | 158 |
} |
156 | 159 |
|
157 | 160 |
// Get the current users email address |
trunk/wb/framework/class.frontend.php | ||
---|---|---|
72 | 72 |
$content = fread($handle, filesize($filename)); |
73 | 73 |
fclose($handle); |
74 | 74 |
$this->preprocess($content); |
75 |
echo $this->strip_slashes($content); |
|
75 |
echo $this->strip_slashes_dummy($content);
|
|
76 | 76 |
return false; |
77 | 77 |
} |
78 | 78 |
} |
... | ... | |
140 | 140 |
define('PAGE_ID', $this->page['page_id']); |
141 | 141 |
$this->page_id=$this->page['page_id']; |
142 | 142 |
// Page Title |
143 |
define('PAGE_TITLE', $this->strip_slashes($this->page['page_title'])); |
|
143 |
define('PAGE_TITLE', $this->strip_slashes_dummy($this->page['page_title']));
|
|
144 | 144 |
$this->page_title=PAGE_TITLE; |
145 | 145 |
// Menu Title |
146 |
$menu_title = $this->strip_slashes($this->page['menu_title']); |
|
146 |
$menu_title = $this->strip_slashes_dummy($this->page['menu_title']);
|
|
147 | 147 |
if($menu_title != '') { |
148 | 148 |
define('MENU_TITLE', $menu_title); |
149 | 149 |
} else { |
... | ... | |
252 | 252 |
while($setting = $get_settings->fetchRow()) { |
253 | 253 |
switch($setting['name']) { |
254 | 254 |
case 'title': |
255 |
define('WEBSITE_TITLE', $this->strip_slashes($setting['value'])); |
|
255 |
define('WEBSITE_TITLE', $this->strip_slashes_dummy($setting['value']));
|
|
256 | 256 |
$this->website_title=WEBSITE_TITLE; |
257 | 257 |
break; |
258 | 258 |
case 'description': |
259 | 259 |
if($page_description != '') { |
260 | 260 |
define('WEBSITE_DESCRIPTION', $page_description); |
261 | 261 |
} else { |
262 |
define('WEBSITE_DESCRIPTION', $this->strip_slashes($setting['value'])); |
|
262 |
define('WEBSITE_DESCRIPTION', $this->strip_slashes_dummy($setting['value']));
|
|
263 | 263 |
} |
264 | 264 |
$this->website_description=WEBSITE_DESCRIPTION; |
265 | 265 |
break; |
266 | 266 |
case 'keywords': |
267 | 267 |
if($page_keywords != '') { |
268 |
define('WEBSITE_KEYWORDS', $this->strip_slashes($setting['value']).' '.$page_keywords); |
|
268 |
define('WEBSITE_KEYWORDS', $this->strip_slashes_dummy($setting['value']).' '.$page_keywords);
|
|
269 | 269 |
} else { |
270 |
define('WEBSITE_KEYWORDS', $this->strip_slashes($setting['value'])); |
|
270 |
define('WEBSITE_KEYWORDS', $this->strip_slashes_dummy($setting['value']));
|
|
271 | 271 |
} |
272 | 272 |
$this->website_keywords=WEBSITE_KEYWORDS; |
273 | 273 |
break; |
274 | 274 |
case 'header': |
275 |
define('WEBSITE_HEADER', $this->strip_slashes($setting['value'])); |
|
275 |
define('WEBSITE_HEADER', $this->strip_slashes_dummy($setting['value']));
|
|
276 | 276 |
$this->website_header=WEBSITE_HEADER; |
277 | 277 |
break; |
278 | 278 |
case 'footer': |
279 |
define('WEBSITE_FOOTER', $this->strip_slashes($setting['value'])); |
|
279 |
define('WEBSITE_FOOTER', $this->strip_slashes_dummy($setting['value']));
|
|
280 | 280 |
$this->website_footer=WEBSITE_FOOTER; |
281 | 281 |
break; |
282 | 282 |
} |
... | ... | |
390 | 390 |
$link = $this->page_link($page['link']); |
391 | 391 |
} |
392 | 392 |
// Create values |
393 |
$values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', $this->strip_slashes($page['menu_title']), $this->strip_slashes($page['page_title']));
|
|
393 |
$values = array($class,'<a href="'.$link.'" target="'.$page['target'].'" '.$class.'>', '</a>', $this->strip_slashes_dummy($page['menu_title']), $this->strip_slashes_dummy($page['page_title']));
|
|
394 | 394 |
// Replace vars with value and print |
395 | 395 |
echo "\n".str_replace($vars, $values, $this->menu_item_template); |
396 | 396 |
// Generate sub-menu |
trunk/wb/framework/functions.php | ||
---|---|---|
630 | 630 |
$parent = $results_array['parent']; |
631 | 631 |
$level = $results_array['level']; |
632 | 632 |
$link = $results_array['link']; |
633 |
$page_title = $admin->strip_slashes($results_array['page_title']); |
|
634 |
$menu_title = $admin->strip_slashes($results_array['menu_title']); |
|
633 |
$page_title = $admin->strip_slashes_dummy($results_array['page_title']);
|
|
634 |
$menu_title = $admin->strip_slashes_dummy($results_array['menu_title']);
|
|
635 | 635 |
|
636 | 636 |
// Get the sections that belong to the page |
637 | 637 |
$query_sections = $database->query("SELECT section_id,module FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'"); |
Also available in: Unified diff
Changed most occurrences of strip_slashes to new dummy method strip_slashes_dummy.