*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ACTIONS.php,v 1.6 2007-03-13 05:17:37 shizuki Exp $
- * @version $NucleusJP: ACTIONS.php,v 1.5 2007/02/26 23:42:01 kmorimatsu Exp $
+ * @version $Id: ACTIONS.php,v 1.7 2007-03-22 03:30:13 kmorimatsu Exp $
+ * @version $NucleusJP: ACTIONS.php,v 1.6 2007/03/13 05:17:37 shizuki Exp $
*/
class ACTIONS extends BaseActions {
function parse_additemform() {
global $blog, $CONF;
$this->formdata = array(
- 'adminurl' => htmlspecialchars($CONF['AdminURL']),
+ 'adminurl' => htmlspecialchars($CONF['AdminURL'],ENT_QUOTES),
'catid' => $blog->getDefaultCategory()
);
$blog->InsertJavaScriptInfo();
global $blog;
switch($which) {
case 'id':
- echo htmlspecialchars($blog->getID());
+ echo htmlspecialchars($blog->getID(),ENT_QUOTES);
break;
case 'url':
- echo htmlspecialchars($blog->getURL());
+ echo htmlspecialchars($blog->getURL(),ENT_QUOTES);
break;
case 'name':
- echo htmlspecialchars($blog->getName());
+ echo htmlspecialchars($blog->getName(),ENT_QUOTES);
break;
case 'desc':
- echo htmlspecialchars($blog->getDescription());
+ echo htmlspecialchars($blog->getDescription(),ENT_QUOTES);
break;
case 'short':
- echo htmlspecialchars($blog->getShortName());
+ echo htmlspecialchars($blog->getShortName(),ENT_QUOTES);
break;
}
}
// note: createLink returns an HTML encoded URL
} else {
// HTML encode URL
- $destinationurl = htmlspecialchars($destinationurl);
+ $destinationurl = htmlspecialchars($destinationurl,ENT_QUOTES);
}
// values to prefill
$this->formdata = array(
'destinationurl' => $destinationurl, // url is already HTML encoded
- 'actionurl' => htmlspecialchars($actionurl),
+ 'actionurl' => htmlspecialchars($actionurl,ENT_QUOTES),
'itemid' => $itemid,
- 'user' => htmlspecialchars($user),
- 'userid' => htmlspecialchars($userid),
- 'email' => htmlspecialchars($email),
- 'body' => htmlspecialchars($body),
+ 'user' => htmlspecialchars($user,ENT_QUOTES),
+ 'userid' => htmlspecialchars($userid,ENT_QUOTES),
+ 'email' => htmlspecialchars($email,ENT_QUOTES),
+ 'body' => htmlspecialchars($body,ENT_QUOTES),
'membername' => $member->getDisplayName(),
'rememberchecked' => cookieVar($CONF['CookiePrefix'] .'comment_user')?'checked="checked"':''
);
* Parse skinvar imagetext
*/
function parse_imagetext() {
- echo htmlspecialchars(requestVar('imagetext'));
+ echo htmlspecialchars(requestVar('imagetext'),ENT_QUOTES);
}
/**
echo $item['title'];
break;
default:
- echo htmlspecialchars(strip_tags($item['title']));
+ echo htmlspecialchars(strip_tags($item['title']),ENT_QUOTES);
break;
}
}
switch($what) {
case 'name':
- echo htmlspecialchars($memberinfo->getDisplayName());
+ echo htmlspecialchars($memberinfo->getDisplayName(),ENT_QUOTES);
break;
case 'realname':
- echo htmlspecialchars($memberinfo->getRealName());
+ echo htmlspecialchars($memberinfo->getRealName(),ENT_QUOTES);
break;
case 'notes':
- echo htmlspecialchars($memberinfo->getNotes());
+ echo htmlspecialchars($memberinfo->getNotes(),ENT_QUOTES);
break;
case 'url':
- echo htmlspecialchars($memberinfo->getURL());
+ echo htmlspecialchars($memberinfo->getURL(),ENT_QUOTES);
break;
case 'email':
- echo htmlspecialchars($memberinfo->getEmail());
+ echo htmlspecialchars($memberinfo->getEmail(),ENT_QUOTES);
break;
case 'id':
- echo htmlspecialchars($memberinfo->getID());
+ echo htmlspecialchars($memberinfo->getID(),ENT_QUOTES);
break;
}
}
$this->formdata = array(
'url' => htmlspecialchars($desturl),
- 'actionurl' => htmlspecialchars($CONF['ActionURL']),
+ 'actionurl' => htmlspecialchars($CONF['ActionURL'],ENT_QUOTES),
'memberid' => $memberid,
'rows' => $rows,
'cols' => $cols,
- 'message' => htmlspecialchars($message),
- 'frommail' => htmlspecialchars($frommail)
+ 'message' => htmlspecialchars($message,ENT_QUOTES),
+ 'frommail' => htmlspecialchars($frommail,ENT_QUOTES)
);
if ($member->isLoggedIn()) {
$this->doForm('membermailform-loggedin');
*/
function parse_nextitem() {
global $itemidnext;
- echo $itemidnext;
+ if (isset($itemidnext)) echo (int)$itemidnext;
}
/**
echo $itemtitlenext;
break;
default:
- echo htmlspecialchars($itemtitlenext);
+ echo htmlspecialchars($itemtitlenext,ENT_QUOTES);
break;
}
}
*/
function parse_previtem() {
global $itemidprev;
- echo $itemidprev;
+ if (isset($itemidprev)) echo (int)$itemidprev;
}
/**
echo $itemtitleprev;
break;
default:
- echo htmlspecialchars($itemtitleprev);
+ echo htmlspecialchars($itemtitleprev,ENT_QUOTES);
break;
}
}
*/
function parse_query() {
global $query;
- echo htmlspecialchars($query);
+ echo htmlspecialchars($query,ENT_QUOTES);
}
/**
* Parse skinvar referer
*/
function parse_referer() {
- echo htmlspecialchars(serverVar('HTTP_REFERER'));
+ echo htmlspecialchars(serverVar('HTTP_REFERER'),ENT_QUOTES);
}
/**
// use default blog when no blog is selected
$this->formdata = array(
'id' => $blog?$blog->getID():$CONF['DefaultBlog'],
- 'query' => htmlspecialchars(getVar('query')),
+ 'query' => htmlspecialchars(getVar('query'),ENT_QUOTES),
);
$this->doForm('searchform');
}
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ADMIN.php,v 1.19 2007-03-20 19:31:29 kmorimatsu Exp $
- * @version $NucleusJP: ADMIN.php,v 1.18 2007/03/19 10:21:41 shizuki Exp $
+ * @version $Id: ADMIN.php,v 1.20 2007-03-22 03:30:14 kmorimatsu Exp $
+ * @version $NucleusJP: ADMIN.php,v 1.19 2007/03/20 19:31:29 kmorimatsu Exp $
*/
if ( !function_exists('requestVar') ) exit;
if (method_exists($this, $methodName))
call_user_func(array(&$this, $methodName));
else
- $this->error(_BADACTION . " ($action)");
+ $this->error(_BADACTION . htmlspecialchars(" ($action)"));
}
* @param object BLOG
*/
function bloglink(&$blog) {
- return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';
+ return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';
}
/**
$error = $this->moveOneItem($itemid, $destCatid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
$error = $this->deleteOneComment($commentid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
$error = $this->moveOneCategory($catid, $destBlogId);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
?>
<h2><?php echo _DELETE_CONFIRM?></h2>
- <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b>
+ <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b>
</p>
<h2><?php echo _DELETE_CONFIRM?></h2>
<div>
- <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo $blog->getCategoryName($catid)?></b>
+ <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b>
</div>
<form method="post" action="index.php"><div>
?>
<h2><?php echo _DELETE_CONFIRM?></h2>
- <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo $mem->getDisplayName() ?></b>
+ <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>
</p>
<p>
<a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a>
</p>
- <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo $templatename; ?>'</h2>
+ <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2>
<?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
?>
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo $name?></b> (<?php echo htmlspecialchars($desc) ?>)
+ <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo htmlspecialchars($desc) ?>)
</p>
<form method="post" action="index.php"><div>
$tabstart = 75;
while ($row = mysql_fetch_assoc($res)) {
- echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . strtolower($row['stype']) . '">' . ucfirst($row['stype']) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . strtolower($row['stype']) . '">remove</a>)</li>';
+ echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>';
}
echo '</ul>';
?>
<p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p>
- <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo $skin->getName() ?>': <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>
+ <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>
<?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
?>
<input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />
<input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />
- (skin type: <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
+ (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
<?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {
help('skinpart' . $type);
} else {
<br />
<input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />
<input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />
- (skin type: <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
+ (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
<br /><br />
<?php echo _SKIN_ALLOWEDVARS?>
$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
$r = sql_query($query);
if ($o = mysql_fetch_object($r))
- $this->error(_ERROR_SKINDEFDELETE . $o->bname);
+ $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));
$this->pagehead();
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_SKIN?><b><?php echo $name ?></b> (<?php echo htmlspecialchars($desc)?>)
+ <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo htmlspecialchars($desc)?>)
</p>
<form method="post" action="index.php"><div>
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo $skintype; ?> (<?php echo $name; ?>)</b> (<?php echo htmlspecialchars($desc)?>)
+ <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo htmlspecialchars($desc)?>)
</p>
<form method="post" action="index.php"><div>
<input type="hidden" name="action" value="skinremovetypeconfirm" />
<?php $manager->addTicketHidden() ?>
<input type="hidden" name="skinid" value="<?php echo $skinid; ?>" />
- <input type="hidden" name="type" value="<?php echo $skintype; ?>" />
+ <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" />
<input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
</div></form>
<?php
if ($manager->pluginInstalled($name))
$this->error(_ERROR_DUPPLUGIN);
if (!checkPlugin($name))
- $this->error(_ERROR_PLUGFILEERROR . ' (' . $name . ')');
+ $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');
// get number of currently installed plugins
$res = sql_query('SELECT * FROM '.sql_table('plugin'));
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));
}
// check if plugin needs a newer Nucleus version
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
}
$pluginList = $plugin->getPluginDep();
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
- $this->error(_ERROR_INSREQPLUGIN . $pluginName);
+ $this->error(_ERROR_INSREQPLUGIN . htmlspecialchars($pluginName));
}
}
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: BODYACTIONS.php,v 1.4 2007-03-13 05:15:41 shizuki Exp $
- * @version $NucleusJP: BODYACTIONS.php,v 1.3 2007/02/04 06:28:46 kimitake Exp $
+ * @version $Id: BODYACTIONS.php,v 1.5 2007-03-22 03:30:14 kmorimatsu Exp $
+ * @version $NucleusJP: BODYACTIONS.php,v 1.4 2007/03/13 05:15:41 shizuki Exp $
*/
class BODYACTIONS extends BaseActions {
$windowwidth = $width;
$windowheight = $height;
- $vars['link'] = htmlspecialchars($CONF['MediaURL']. $filename);
- $vars['text'] = htmlspecialchars($text);
+ $vars['link'] = htmlspecialchars($CONF['MediaURL']. $filename ,ENT_QUOTES);
+ $vars['text'] = htmlspecialchars($text ,ENT_QUOTES);
$vars['image'] = '<img src="' . $vars['link'] . '" width="' . $width . '" height="' . $height . '" alt="' . $vars['text'] . '" title="' . $vars['text'] . '" />';
$vars['width'] = $width;
$vars['height'] = $height;
$filename = $this->currentItem->authorid . '/' . $filename;
}
- $vars['link'] = htmlspecialchars($CONF['MediaURL'] . $filename);
- $vars['text'] = htmlspecialchars($text);
+ $vars['link'] = htmlspecialchars($CONF['MediaURL'] . $filename ,ENT_QUOTES);
+ $vars['text'] = htmlspecialchars($text ,ENT_QUOTES);
$vars['media'] = '<a href="' . $vars['link'] . '">' . $vars['text'] . '</a>';
echo TEMPLATE::fill($this->template['MEDIA_CODE'],$vars);;
$windowwidth = $width;
$windowheight = $height;
- $vars['rawpopuplink'] = $CONF['Self'] . "?imagepopup=" . htmlspecialchars($filename) . "&width=$width&height=$height&imagetext=" . urlencode(htmlspecialchars($text));
+ $vars['rawpopuplink'] = $CONF['Self'] . "?imagepopup=" . htmlspecialchars($filename,ENT_QUOTES) . "&width=$width&height=$height&imagetext=" . urlencode(htmlspecialchars($text));
$vars['popupcode'] = "window.open(this.href,'imagepopup','status=no,toolbar=no,scrollbars=no,resizable=yes,width=$windowwidth,height=$windowheight');return false;";
- $vars['popuptext'] = htmlspecialchars($text);
+ $vars['popuptext'] = htmlspecialchars($text,ENT_QUOTES);
$vars['popuplink'] = '<a href="' . $vars['rawpopuplink']. '" onclick="'. $vars['popupcode'].'" >' . $vars['popuptext'] . '</a>';
$vars['width'] = $width;
$vars['height'] = $height;
$vars['text'] = $text;
- $vars['link'] = htmlspecialchars($CONF['MediaURL'] . $filename);
+ $vars['link'] = htmlspecialchars($CONF['MediaURL'] . $filename ,ENT_QUOTES);
$vars['media'] = '<a href="' . $vars['link'] . '">' . $vars['popuptext'] . '</a>';
echo TEMPLATE::fill($this->template['POPUP_CODE'],$vars);
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ENCAPSULATE.php,v 1.3 2007-02-04 06:28:46 kimitake Exp $
- * @version $NucleusJP: ENCAPSULATE.php,v 1.2 2006/07/20 08:01:52 kimitake Exp $
+ * @version $Id: ENCAPSULATE.php,v 1.4 2007-03-22 03:30:14 kmorimatsu Exp $
+ * @version $NucleusJP: ENCAPSULATE.php,v 1.3 2007/02/04 06:28:46 kimitake Exp $
*/
class ENCAPSULATE {
$minamount = $this->minamount;
$maxamount = $this->maxamount;
$blogid = $this->blogid;
- $search = $this->search;
+ $search = htmlspecialchars($this->search);
$itemid = $this->itemid;
$prev = $start - $amount;
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ITEMACTIONS.php,v 1.4 2007-03-13 05:04:13 shizuki Exp $
- * @version $NucleusJP: ITEMACTIONS.php,v 1.3 2007/02/04 06:28:46 kimitake Exp $
+ * @version $Id: ITEMACTIONS.php,v 1.5 2007-03-22 03:30:14 kmorimatsu Exp $
+ * @version $NucleusJP: ITEMACTIONS.php,v 1.4 2007/03/13 05:04:13 shizuki Exp $
*/
class ITEMACTIONS extends BaseActions {
*/
function parse_syndicate_title($maxLength = 100) {
$syndicated = strip_tags($this->currentItem->title);
- echo htmlspecialchars(shorten($syndicated,$maxLength,'...'));
+ echo htmlspecialchars(shorten($syndicated,$maxLength,'...'),ENT_QUOTES);
}
/**
function parse_syndicate_description($maxLength = 250, $addHighlight = 0) {
$syndicated = strip_tags($this->currentItem->body);
if ($addHighlight) {
- $tmp_highlight = htmlspecialchars(shorten($syndicated,$maxLength,'...'));
+ $tmp_highlight = htmlspecialchars(shorten($syndicated,$maxLength,'...'),ENT_QUOTES);
echo $this->highlightAndParse($tmp_highlight);
} else {
- echo htmlspecialchars(shorten($syndicated,$maxLength,'...'));
+ echo htmlspecialchars(shorten($syndicated,$maxLength,'...'),ENT_QUOTES);
}
}
/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: PAGEFACTORY.php,v 1.7 2007-02-04 06:28:46 kimitake Exp $
- * $NucleusJP: PAGEFACTORY.php,v 1.6 2006/07/12 07:11:47 kimitake Exp $
+ * @version $Id: PAGEFACTORY.php,v 1.8 2007-03-22 03:30:14 kmorimatsu Exp $
+ * $NucleusJP: PAGEFACTORY.php,v 1.7 2007/02/04 06:28:46 kimitake Exp $
*/
/**
}
function parse_contents($which) {
- echo htmlspecialchars($this->variables[$which]);
+ echo htmlspecialchars($this->variables[$which],ENT_QUOTES);
}
function parse_checkedonval($value, $name) {
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: PLUGINADMIN.php,v 1.7 2007-02-06 09:00:24 kimitake Exp $
- * $NucleusJP: PLUGINADMIN.php,v 1.6 2007/02/04 06:28:46 kimitake Exp $
+ * @version $Id: PLUGINADMIN.php,v 1.8 2007-03-22 03:30:14 kmorimatsu Exp $
+ * $NucleusJP: PLUGINADMIN.php,v 1.7 2007/02/06 09:00:24 kimitake Exp $
*/
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
//echo "\n<!--TicketForPlugin skipped-->\n";
return;
}
+ $ticket=htmlspecialchars($ticket,ENT_QUOTES);
?><script type="text/javascript">
/*<![CDATA[*/
/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: globalfunctions.php,v 1.18 2007-03-19 10:19:29 shizuki Exp $
- * $NucleusJP: globalfunctions.php,v 1.17 2007/03/13 05:10:23 shizuki Exp $
+ * @version $Id: globalfunctions.php,v 1.19 2007-03-22 03:30:14 kmorimatsu Exp $
+ * $NucleusJP: globalfunctions.php,v 1.18 2007/03/19 10:19:29 shizuki Exp $
*/
// needed if we include globalfunctions from install.php
/* Solve the plugin php file or admin directory */
$phppath=substr($p_translated,strlen($d_plugins));
$phppath=preg_replace('!^/!','',$phppath);// Remove the first "/" if exists.
- $path=preg_replace('/^NP_([.]*)\.php$/','$1',$phppath); // Remove the first "NP_" and the last ".php" if exists.
+ $path=preg_replace('/^NP_(.*)\.php$/','$1',$phppath); // Remove the first "NP_" and the last ".php" if exists.
$path=preg_replace('!^([^/]*)/(.*)$!','$1',$path); // Remove the "/" and beyond.
/* Solve the plugin name. */
}
mysql_free_result($res);
if ($plugins[$path]) $plugin_name=$plugins[$path];
- else if (array_key_exists($path,$plugins)) $plugin_name=$path;
+ else if (in_array($path,$plugins)) $plugin_name=$path;
else {
header("HTTP/1.0 404 Not Found");
exit('');
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: skinie.php,v 1.7 2007-02-04 06:28:46 kimitake Exp $
- * @version $NucleusJP: skinie.php,v 1.6 2006/07/20 08:01:52 kimitake Exp $
+ * @version $Id: skinie.php,v 1.8 2007-03-22 03:30:14 kmorimatsu Exp $
+ * @version $NucleusJP: skinie.php,v 1.7 2007/02/04 06:28:46 kimitake Exp $
*/
class SKINIMPORT {
* Called by XML parser for each new start element encountered
*/
function startElement($parser, $name, $attrs) {
- if ($this->debug) echo 'START: ', $name, '<br />';
+ if ($this->debug) echo 'START: ', htmlspecialchars($name), '<br />';
switch ($name) {
case 'nucleusskin':
$this->currentPartName = $attrs['name'];
break;
default:
- echo 'UNEXPECTED TAG: ' , $name , '<br />';
+ echo 'UNEXPECTED TAG: ' , htmlspecialchars($name) , '<br />';
break;
}
* Called by the XML parser for each closing tag encountered
*/
function endElement($parser, $name) {
- if ($this->debug) echo 'END: ', $name, '<br />';
+ if ($this->debug) echo 'END: ', htmlspecialchars($name), '<br />';
switch ($name) {
case 'nucleusskin':
}
break;
default:
- echo 'UNEXPECTED TAG: ' , $name, '<br />';
+ echo 'UNEXPECTED TAG: ' , htmlspecialchars($name), '<br />';
break;
}
$this->clearCharacterData();