displaylib.php

Revision 359, 16.9 kB (checked in by sven, 3 years ago)
html validation fixes
Property svn:eol-style set to `native`

Line
1	<?php
2
3	// Function to sanitise RTF edit text
4	/* function RTESafe($strText) {
5	//returns safe code for preloading in the RTE
6	$tmpString = trim($strText);
7
8	//convert all types of single quotes
9	$tmpString = str_replace(chr(145), chr(39), $tmpString);
10	$tmpString = str_replace(chr(146), chr(39), $tmpString);
11	$tmpString = str_replace("'", "'", $tmpString);
12
13	//convert all types of double quotes
14	$tmpString = str_replace(chr(147), chr(34), $tmpString);
15	$tmpString = str_replace(chr(148), chr(34), $tmpString);
16
17	//replace carriage returns & line feeds
18	$tmpString = str_replace(chr(10), " ", $tmpString);
19	$tmpString = str_replace(chr(13), " ", $tmpString);
20
21	return $tmpString;
22	} */
23
24	function display_input_field ($parameter) {
25	// Displays different HTML depending on input field type
26
27	/*
28
29	$parameter(
30
31	0 => input name to display (for forms etc)
32	1 => data
33	2 => type of input field
34	3 => reference name (for tag fields and so on)
35	4 => ID number (if any)
36	5 => Owner
37
38	)
39
40	*/
41
42	$run_result = '';
43
44	if (isset($parameter) && sizeof($parameter) > 2) {
45
46	if (!isset($parameter[4])) {
47	$parameter[4] = -1;
48	}
49
50	if (!isset($parameter[5])) {
51	$parameter[5] = $_SESSION['userid'];
52	}
53
54	$cleanid = $parameter[0];
55	if (!ereg("^[A-Za-z][A-Za-z0-9_:\\.-]*$", $cleanid)) {
56	if (!ereg("^[A-Za-z]", $cleanid)) {
57	$cleanid = "id_" . $cleanid;
58	}
59	$cleanid = ereg_replace("[^A-Za-z0-9_:\\.-]", "__", $cleanid);
60	}
61
62	switch($parameter[2]) {
63
64	case "text":
65	$run_result .= "<input type=\"text\" name=\"".$parameter[0]."\" value=\"".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."\" style=\"width: 95%\" id=\"".$cleanid."\" />";
66	break;
67	case "password":
68	$run_result .= "<input type=\"password\" name=\"".$parameter[0]."\" value=\"".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."\" style=\"width: 95%\" id=\"".$cleanid."\" />";
69	break;
70	case "mediumtext":
71	$run_result .= "<textarea name=\"".$parameter[0]."\" id=\"".$cleanid."\" style=\"width: 95%; height: 100px\">".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."</textarea>";
72	break;
73	case "keywords":
74	/*
75	$keywords = stripslashes($parameter[1]);
76	preg_match_all("/\[\[([A-Za-z0-9 ]+)\]\]/i",$keywords,$keyword_list);
77	$keyword_list = $keyword_list[1];
78	$keywords = "";
79	if (is_array($keyword_list) && sizeof($keyword_list) > 0) {
80	sort($keyword_list);
81	foreach($keyword_list as $key => $list_item) {
82	$keywords .= $list_item;
83	if ($key < sizeof($keyword_list) - 1) {
84	$keywords .= ", ";
85	}
86	}
87	}
88	$parameter[1] = $keywords;
89	*/
90	if (!isset($data['profile:preload'][$parameter[3]])) {
91	$keywords = "";
92	if ($tags = get_records_select('tags',"tagtype = ? and ref = ? and owner = ?",array($parameter[3],$parameter[4],$parameter[5]),'tag ASC')) {
93	$first = true;
94	foreach($tags as $key => $tag) {
95	if (empty($first)) {
96	$keywords .= ", ";
97	}
98	$keywords .= stripslashes($tag->tag);
99	$first = false;
100	}
101	}
102	$parameter[1] = $keywords;
103	} else {
104	// $parameter[1] = $data['profile:preload'][$parameter[3]];
105	}
106	// $parameter[1] = var_export($parameter,true);
107	$run_result .= "<textarea name=\"".$parameter[0]."\" id=\"".$cleanid."\" style=\"width: 95%; height: 100px\">".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."</textarea>";
108	break;
109	case "longtext":
110	$run_result .= "<textarea name=\"".$parameter[0]."\" id=\"".$cleanid."\" style=\"width: 95%; height: 200px\">".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."</textarea>";
111	break;
112	case "richtext":
113	// Rich text editor:
114	$run_result .= <<< END
115	<script language="JavaScript" type="text/javascript">
116	<!--
117	function submitForm() {
118	//make sure hidden and iframe values are in sync before submitting form
119	//to sync only 1 rte, use updateRTE(rte)
120	//to sync all rtes, use updateRTEs
121	updateRTE('<?php echo $parameter[0]; ?>');
122	//updateRTEs();
123	//alert("rte1 = " + document.elggform.<?php echo $parameter[0]; ?>.value);
124
125	//change the following line to true to submit form
126	return true;
127	}
128	END;
129	$content = RTESafe(stripslashes($parameter[1]));
130	$run_result .= <<< END
131	//Usage: initRTE(imagesPath, includesPath, cssFile)
132	initRTE("/units/display/rtfedit/images/", "/units/display/rtfedit/", "/units/display/rtfedit/rte.css");
133	</script>
134	<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>
135	<script language="JavaScript" type="text/javascript">
136	<!--
137	writeRichText('<?php echo $parameter[0];?>', '<?php echo $content; ?>', 220, 200, true, false);
138	// -->
139	</script>
140	END;
141	break;
142	case "blank":
143	$run_result .= "<input type=\"hidden\" name=\"".$parameter[0]."\" value=\"blank\" id=\"".$cleanid."\" />";
144	break;
145	case "web":
146	case "email":
147	case "aim":
148	case "msn":
149	case "skype":
150	case "icq":
151	$run_result .= "<input type=\"text\" name=\"".$parameter[0]."\" value=\"".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."\" style=\"width: 95%\" id=\"".$cleanid."\" />";
152	break;
153	case "weblogtext":
154	$run_result .= "<textarea name=\"".$parameter[0]."\" id=\"".$parameter[0]."\" style=\"width: 95%; height: 200px\">".htmlspecialchars(stripslashes($parameter[1]), ENT_COMPAT, 'utf-8')."</textarea>";
155	break;
156	}
157
158	}
159
160	return $run_result;
161	}
162
163	function log_on_pane () {
164
165
166	// Elgg default globals
167	global $function;
168	global $log;
169	global $actionlog;
170	global $errorlog;
171	global $messages;
172	global $data;
173
174	global $page_owner;
175	$url = url;
176
177	// If this is someone else's portfolio, display the user's icon
178	if ($page_owner != -1) {
179	$run_result .= run("profile:user:info");
180	}
181
182	if ((!defined("logged_on") \|\| logged_on == 0) && $page_owner == -1) {
183
184	$body = '<form action="'.url.'/login/index.php" method="post">';
185
186	if (public_reg == true) {
187	$reg_link = '<a href="' . $url . '_invite/register.php">'. gettext("Register") .'</a> \|';
188	} else {
189	$reg_link = "";
190	}
191
192	$body .= templates_draw(array(
193	'template' => -1,
194	'context' => 'contentholder',
195	'title' => gettext("Log On"),
196	'submenu' => '',
197	'body' => '
198	<table>
199	<tr>
200	<td align="right"><p>
201	<label>' . gettext("Username") . ' <input type="text" name="username" id="username" style="size: 200px" /></label><br />
202	<label>' . gettext("Password") . ' <input type="password" name="password" id="password" style="size: 200px" />
203	</label></p>
204	</td>
205	</tr>
206	<tr>
207	<td align="right"><p>
208	<input type="hidden" name="action" value="log_on" />
209	<label>' . gettext("Log on") . ':<input type="submit" name="submit" value="'.gettext("Go").'" /></label><br /><br />
210	<label><input type="checkbox" name="remember" checked="checked" />
211	' . gettext("Remember Login") . '</label><br />
212	<small>
213	' . $reg_link . '
214	<a href="' . $url . '_invite/forgotten_password.php">'. gettext("Forgotten password") .'</a>
215	</small></p>
216	</td>
217	</tr>
218
219	</table>
220
221	'
222	)
223	);
224	$body .= "</form>";
225
226	$run_result .= $body;
227
228	}
229
230	return $run_result;
231	}
232
233	function display_output_field ($parameter) {
234	// Displays different HTML depending on input field type
235
236	/*
237
238	$parameter(
239
240	0 => input name to display (for forms etc)
241	1 => data
242	2 => type of input field
243	3 => reference name (for tag fields and so on)
244	4 => ID number (if any)
245	5 => Owner (if not specified, current $page_owner is assumed)
246
247	)
248
249	*/
250
251	global $page_owner;
252
253	$run_result = '';
254
255	if (isset($parameter) && sizeof($parameter) > 1) {
256
257	if (!isset($parameter[4])) {
258	$parameter[4] = -1;
259	}
260	if (!isset($parameter[5])) {
261	if (isset($page_owner)) {
262	$parameter[5] = $page_owner;
263	} else {
264	$parameter[5] = -1;
265	}
266	}
267
268	switch($parameter[1]) {
269
270	case "icq":
271	$run_result = "<img src=\"http://web.icq.com/whitepages/online?icq=".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."&img=5\" height=\"18\" width=\"18\" /> <b>".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."</b> (<a href=\"http://wwp.icq.com/scripts/search.dll?to=".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."\">" . gettext("Add User") . "</a>, <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."\">". gettext("Send Message") ."</a>)";
272	break;
273	case "skype":
274	$run_result = "<a href=\"callto://".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."\">".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."</a> <img src=\"http://goodies.skype.com/graphics/skypeme_btn_small_white.gif\" alt=\"Skype Me!\" border=\"0\" />";
275	break;
276	case "msn":
277	$run_result = "MSN <b>".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."</b>";
278	break;
279	case "aim":
280	$run_result = "<img src=\"http://big.oscar.aol.com/".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."?on_url=http://www.aol.com/aim/gr/online.gif&off_url=http://www.aol.com/aim/gr/offline.gif\" width=\"14\" height=\"17\" /> <b>".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."</b> (<a href=\"aim:addbuddy?screenname=".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."\">". gettext("Add Buddy") ."</a>, <a href=\"aim:goim?screenname=".htmlspecialchars(stripslashes($parameter[0]), ENT_COMPAT, 'utf-8')."&message=Hello\">". gettext("Send Message") ."</a>)";
281	break;
282	case "text":
283	case "mediumtext":
284	case "longtext":
285	$run_result = nl2br(stripslashes($parameter[0]));
286	break;
287	case "keywords":
288	/*
289	$keywords = stripslashes($parameter[0]);
290	preg_match_all("/\[\[([A-Za-z0-9 ]+)\]\]/i",$keywords,$keyword_list);
291	$keyword_list = $keyword_list[1];
292	$keywords = "";
293	if (is_array($keyword_list) && sizeof($keyword_list) > 0) {
294	sort($keyword_list);
295	$where = run("users:access_level_sql_where",$_SESSION['userid']);
296	foreach($keyword_list as $key => $list_item) {
297	$number = count_records_select('profile_data',"($where) and name = '".$parameter[2]."' and value like \"%[[".$list_item."]]%\"");
298	if ($number > 1) {
299	$keywords .= "<a href=\"/profile/search.php?".$parameter[2]."=".$list_item."\" title=\"$number users\">";
300	}
301	$keywords .= $list_item;
302	if ($number > 1) {
303	$keywords .= "</a>";
304	}
305	if ($key < sizeof($keyword_list) - 1) {
306	$keywords .= ", ";
307	}
308	}
309	}
310	$run_result = $keywords;
311	*/
312	$where = run("users:access_level_sql_where",$_SESSION['userid']);
313	$keywords = "";
314	if ($tags = get_records_select('tags',"($where) and tagtype = '".addslashes($parameter[2])."' and ref = ".$parameter[4],null,'tag ASC')) {
315	$first = true;
316	foreach($tags as $tag) {
317	if (empty($first)) {
318	$keywords .= ", ";
319	}
320	$numberoftags = count_records('tags','tag',$tag->tag);
321	if ($numberoftags > 1) {
322	$keywords .= "<a href=\"".url."search/index.php?".$parameter[2]."=".urlencode(stripslashes($tag->tag))."&ref=".$parameter[4]."&owner=".$parameter[5]."\" >";
323	}
324	$keywords .= stripslashes($tag->tag);
325	if ($numberoftags > 1) {
326	$keywords .= "</a>";
327	}
328	$first = false;
329	}
330	}
331	$run_result = $keywords;
332	break;
333	case "email":
334	$run_result = preg_replace("/[\\d\\w\\.\\-_]+@([\\d\\w\\-_\\.]+\\.)+([\\w]{2,6})/i","<a href=\"mailto:$0\">$0</a>",$parameter[0]);
335	break;
336	case "web":
337	$run_result = $parameter[0];
338	if (substr_count($run_result,"http://") == 0) {
339	$run_result = "http://" . $run_result;
340	}
341	$run_result = "<a href=\"" . $run_result . "\" target=\"_blank\">" . $run_result . "</a>";
342	break;
343	}
344
345	}
346	return $run_result;
347	}
348
349	function displaymenu_top () {
350
351	global $PAGE;
352
353	if (logged_on == 1) {
354
355	return templates_draw(array(
356	'context' => 'topmenu',
357	'menuitems' => menu_join('', $PAGE->menu_top)
358	)
359	);
360
361	}
362
363	return '';
364	}
365
366
367	function displaymenu () {
368
369	global $PAGE;
370
371	return templates_draw(array(
372	'context' => 'menu',
373	'menuitems' => menu_join('', $PAGE->menu)
374	)
375	);
376
377	}
378
379
380	function displaymenu_sub () {
381
382	global $PAGE;
383
384	if (logged_on == 1) {
385
386	return templates_draw(array(
387	'context' => 'submenu',
388	'menuitems' => menu_join('', $PAGE->menu_sub)
389	)
390	);
391
392	}
393
394	return '';
395	}
396
397	function displaymenu_user () {
398
399	if (logged_on == 1) {
400
401	return templates_draw(array(
402	'context' => 'menu',
403	'menuitems' => menu_join('', $PAGE->menu_user)
404	)
405	);
406
407	}
408
409	return '';
410	}
411
412	function main () {
413
414
415	// Elgg default globals
416	global $function;
417	global $log;
418	global $actionlog;
419	global $errorlog;
420	global $messages;
421	global $data;
422
423
424	// Log on pane
425	$function['display:log_on_pane'][] = path . "units/display/function_log_on_pane.php";
426	$function['display:sidebar'][] = path . "units/display/function_log_on_pane.php";
427
428	// Form elements
429	$function['display:input_field'][] = path . "units/display/function_input_field_display.php";
430	$function['display:output_field'][] = path . "units/display/function_output_field_display.php";
431
432	return $run_result;
433	}
434
435
436
437	?>

Note: See TracBrowser for help on using the browser.

root/releases/0.6/lib/displaylib.php

Download in other formats:

Developers

Discuss

Specialised

Featured