mirror of
https://github.com/Mibew/i18n.git
synced 2025-01-22 21:40:28 +03:00
Fix multiple XSS vulnerabilities (including CVE-2012-0829)
This commit is contained in:
webadmin
parent
3ee7fca025
commit
9aef0fb2d4
@ -25,7 +25,7 @@ if($referer && isset($_SESSION['threadid'])) {
|
||||
$link = connect();
|
||||
$thread = thread_by_id_($_SESSION['threadid'], $link);
|
||||
if ($thread && $thread['istate'] != $state_closed) {
|
||||
$msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale']);
|
||||
$msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale'], true);
|
||||
post_message_($thread['threadid'], $kind_for_agent,$msg,$link);
|
||||
}
|
||||
mysql_close($link);
|
||||
|
||||
@ -131,14 +131,14 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
|
||||
$_SESSION['threadid'] = $thread['threadid'];
|
||||
|
||||
if( $referrer ) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
|
||||
}
|
||||
post_message_($thread['threadid'],$kind_info,getstring('chat.wait'),$link);
|
||||
post_message_($thread['threadid'],$kind_info,getstring('chat.wait', true),$link);
|
||||
if($email) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
|
||||
}
|
||||
if($info) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
|
||||
}
|
||||
if($firstmessage) {
|
||||
$postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']);
|
||||
|
||||
@ -33,13 +33,13 @@ function store_message($name, $email, $info, $message,$groupid,$referrer) {
|
||||
$link = connect();
|
||||
$thread = create_thread($groupid,$name,$remoteHost,$referrer,$current_locale,$visitor['id'], $userbrowser,$state_left,$link);
|
||||
if( $referrer ) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
|
||||
}
|
||||
if($email) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
|
||||
}
|
||||
if($info) {
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
|
||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
|
||||
}
|
||||
post_message_($thread['threadid'],$kind_user,$message,$link,$name);
|
||||
mysql_close($link);
|
||||
@ -102,8 +102,8 @@ if(!locale_exists($message_locale)) {
|
||||
|
||||
store_message($visitor_name, $email, $info, $message, $groupid, $referrer);
|
||||
|
||||
$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale);
|
||||
$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale);
|
||||
$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale,true);
|
||||
$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale,true);
|
||||
|
||||
if (isset($group) && !empty($group['vcemail'])) {
|
||||
$inbox_mail = $group['vcemail'];
|
||||
|
||||
@ -166,7 +166,7 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
|
||||
$output = get_messages($threadid, "xml", $isuser, $lastid);
|
||||
|
||||
start_xml_output();
|
||||
print("<thread lastid=\"$lastid\" typing=\"" . $istyping . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
|
||||
print("<thread lastid=\"$lastid\" typing=\"" . htmlspecialchars($istyping) . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
|
||||
foreach ($output as $msg) {
|
||||
print $msg;
|
||||
}
|
||||
@ -176,13 +176,13 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
|
||||
$output = get_messages($threadid, "html", $isuser, $lastid);
|
||||
|
||||
start_html_output();
|
||||
$url = "$webimroot/thread.php?act=refresh&thread=$threadid&token=$token&html=on&user=" . ($isuser ? "true" : "false");
|
||||
$url = "$webimroot/thread.php?act=refresh&thread=" . htmlspecialchars($threadid) . "&token=" . htmlspecialchars($token) . "&html=on&user=" . ($isuser ? "true" : "false");
|
||||
|
||||
print(
|
||||
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
|
||||
"<html>\n<head>\n" .
|
||||
"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
|
||||
"<meta http-equiv=\"Refresh\" content=\"" . $settings['updatefrequency_oldchat'] . "; URL=$url&sn=11\">\n" .
|
||||
"<meta http-equiv=\"Refresh\" content=\"" . htmlspecialchars($settings['updatefrequency_oldchat']) . "; URL=$url&sn=11\">\n" .
|
||||
"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
|
||||
"<title>chat</title>\n" .
|
||||
"</head>\n" .
|
||||
@ -290,9 +290,9 @@ function setup_logo()
|
||||
{
|
||||
global $page, $settings;
|
||||
loadsettings();
|
||||
$page['ct.company.name'] = topage($settings['title']);
|
||||
$page['ct.company.chatLogoURL'] = topage($settings['logo']);
|
||||
$page['webimHost'] = topage($settings['hosturl']);
|
||||
$page['ct.company.name'] = htmlspecialchars(topage($settings['title']));
|
||||
$page['ct.company.chatLogoURL'] = htmlspecialchars(topage($settings['logo']));
|
||||
$page['webimHost'] = htmlspecialchars(topage($settings['hosturl']));
|
||||
}
|
||||
|
||||
function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info, $referrer, $canshowcaptcha)
|
||||
@ -337,7 +337,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer, $canshowcaptcha
|
||||
$groupname .= " (offline)";
|
||||
}
|
||||
$isselected = $k['groupid'] == $groupid;
|
||||
$val .= "<option value=\"" . $k['groupid'] . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">$groupname</option>";
|
||||
$val .= "<option value=\"" . htmlspecialchars($k['groupid']) . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">" . htmlspecialchars($groupname) . "</option>";
|
||||
}
|
||||
$page['groups'] = $val;
|
||||
}
|
||||
@ -359,11 +359,11 @@ function setup_chatview_for_user($thread, $level)
|
||||
$page['displ1'] = $nameisset ? "none" : "inline";
|
||||
$page['displ2'] = $nameisset ? "inline" : "none";
|
||||
$page['level'] = $level;
|
||||
$page['ct.chatThreadId'] = $thread['threadid'];
|
||||
$page['ct.token'] = $thread['ltoken'];
|
||||
$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
|
||||
$page['ct.token'] = htmlspecialchars($thread['ltoken']);
|
||||
$page['ct.user.name'] = htmlspecialchars(topage($thread['userName']));
|
||||
$page['canChangeName'] = $settings['usercanchangename'] == "1";
|
||||
$page['chat.title'] = topage($settings['chattitle']);
|
||||
$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
|
||||
|
||||
setup_logo();
|
||||
if ($settings['sendmessagekey'] == 'enter') {
|
||||
@ -374,11 +374,11 @@ function setup_chatview_for_user($thread, $level)
|
||||
$page['ignorectrl'] = 0;
|
||||
}
|
||||
|
||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||
$page['mailLink'] = "$webimroot/client.php?" . $params . "&level=$level&act=mailthread";
|
||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||
$page['mailLink'] = htmlspecialchars("$webimroot/client.php?" . $params . "&level=$level&act=mailthread");
|
||||
|
||||
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
||||
$page['sslLink'] = get_app_location(true, true) . "/client.php?" . $params . "&level=$level";
|
||||
$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/client.php?" . $params . "&level=$level");
|
||||
}
|
||||
|
||||
$page['isOpera95'] = is_agent_opera95();
|
||||
@ -420,10 +420,10 @@ function setup_chatview_for_operator($thread, $operator)
|
||||
$page['agent'] = true;
|
||||
$page['user'] = false;
|
||||
$page['canpost'] = $thread['agentId'] == $operator['operatorid'];
|
||||
$page['ct.chatThreadId'] = $thread['threadid'];
|
||||
$page['ct.token'] = $thread['ltoken'];
|
||||
$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
|
||||
$page['ct.token'] = htmlspecialchars($thread['ltoken']);
|
||||
$page['ct.user.name'] = htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
|
||||
$page['chat.title'] = topage($settings['chattitle']);
|
||||
$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
|
||||
|
||||
setup_logo();
|
||||
if ($settings['sendmessagekey'] == 'enter') {
|
||||
@ -435,20 +435,20 @@ function setup_chatview_for_operator($thread, $operator)
|
||||
}
|
||||
|
||||
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
||||
$page['sslLink'] = get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||
$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken']);
|
||||
}
|
||||
$page['isOpera95'] = is_agent_opera95();
|
||||
$page['neediframesrc'] = needsFramesrc();
|
||||
$page['historyParams'] = array("userid" => "" . $thread['userid']);
|
||||
$page['historyParamsLink'] = add_params($webimroot . "/operator/userhistory.php", $page['historyParams']);
|
||||
$page['historyParamsLink'] = htmlspecialchars(add_params($webimroot . "/operator/userhistory.php", $page['historyParams']));
|
||||
$predefinedres = "";
|
||||
$canned_messages = load_canned_messages($thread['locale'], $thread['groupid']);
|
||||
foreach ($canned_messages as $answer) {
|
||||
$predefinedres .= "<option>" . htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
|
||||
}
|
||||
$page['predefinedAnswers'] = $predefinedres;
|
||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||
$page['redirectLink'] = "$webimroot/operator/agent.php?" . $params . "&act=redirect";
|
||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||
$page['redirectLink'] = htmlspecialchars("$webimroot/operator/agent.php?" . $params . "&act=redirect");
|
||||
|
||||
$page['namePostfix'] = "";
|
||||
$page['frequency'] = $settings['updatefrequency_chat'];
|
||||
@ -527,7 +527,7 @@ function rename_user($thread, $newname)
|
||||
|
||||
if ($thread['userName'] != $newname) {
|
||||
post_message_($thread['threadid'], $kind_events,
|
||||
getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale']), $link);
|
||||
getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale'], true), $link);
|
||||
}
|
||||
mysql_close($link);
|
||||
}
|
||||
@ -542,8 +542,8 @@ function close_thread($thread, $isuser)
|
||||
'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link);
|
||||
}
|
||||
|
||||
$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'])
|
||||
: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale']);
|
||||
$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true)
|
||||
: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale'], true);
|
||||
post_message_($thread['threadid'], $kind_events, $message, $link);
|
||||
mysql_close($link);
|
||||
}
|
||||
@ -642,7 +642,7 @@ function reopen_thread($threadid)
|
||||
array("istate" => $state_waiting, "nextagent" => 0), $link);
|
||||
}
|
||||
|
||||
post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale']), $link);
|
||||
post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link);
|
||||
mysql_close($link);
|
||||
return $thread;
|
||||
}
|
||||
@ -662,17 +662,17 @@ function take_thread($thread, $operator)
|
||||
|
||||
if ($state == $state_waiting) {
|
||||
if ($operatorName != $thread['agentName']) {
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||
} else {
|
||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
|
||||
}
|
||||
} else {
|
||||
$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale'], true);
|
||||
}
|
||||
} else if ($state == $state_chatting) {
|
||||
if ($operator['operatorid'] != $thread['agentId']) {
|
||||
do_take_thread($threadid, $operator['operatorid'], $operatorName);
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||
}
|
||||
} else {
|
||||
die("cannot take thread");
|
||||
@ -693,9 +693,9 @@ function check_for_reassign($thread, $operator)
|
||||
|| $thread['agentId'] == $operator['operatorid'])) {
|
||||
do_take_thread($thread['threadid'], $operator['operatorid'], $operatorName);
|
||||
if ($operatorName != $thread['agentName']) {
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||
} else {
|
||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
|
||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
|
||||
}
|
||||
|
||||
post_message($thread['threadid'], $kind_events, $message_to_post);
|
||||
@ -719,13 +719,13 @@ function notify_operators($thread, $firstmessage, $link)
|
||||
$text = getstring2_("notify.new.text", array(
|
||||
get_app_location(true, $settings['enablessl'] == '1' && $settings['forcessl'] == '1') . "/operator/agent.php?thread=" . $thread['threadid'],
|
||||
$thread['userName']
|
||||
), $thread['locale']);
|
||||
), $thread['locale'], true);
|
||||
if ($firstmessage) {
|
||||
$text .= "\n$firstmessage";
|
||||
}
|
||||
foreach ($result as $op) {
|
||||
if ($op['time'] < $settings['online_timeout'] && is_valid_email($op['vcjabbername'])) {
|
||||
webim_xmpp($op['vcjabbername'], getstring2("notify.new.subject", array($thread['userName'])), $text, $link);
|
||||
webim_xmpp($op['vcjabbername'], getstring2("notify.new.subject", array($thread['userName']), true), $text, $link);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,7 +59,7 @@ function verifyparam($name, $regexp, $default = null)
|
||||
if (isset($default))
|
||||
return $default;
|
||||
}
|
||||
echo "<html><head></head><body>Wrong parameter used or absent: " . $name . "</body></html>";
|
||||
echo "<html><head></head><body>Wrong parameter used or absent: " . htmlspecialchars($name) . "</body></html>";
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -197,7 +197,7 @@ function getoutputenc()
|
||||
return isset($output_encoding[$current_locale]) ? $output_encoding[$current_locale] : $webim_encoding;
|
||||
}
|
||||
|
||||
function getstring_($text, $locale)
|
||||
function getstring_($text, $locale, $raw = false)
|
||||
{
|
||||
global $messages;
|
||||
if (!isset($messages[$locale]))
|
||||
@ -205,30 +205,33 @@ function getstring_($text, $locale)
|
||||
|
||||
$localized = $messages[$locale];
|
||||
if (isset($localized[$text]))
|
||||
return $localized[$text];
|
||||
return $raw ? $localized[$text] : sanitize_string($localized[$text], 'low', 'moderate');
|
||||
if ($locale != 'en') {
|
||||
return getstring_($text, 'en');
|
||||
return getstring_($text, 'en', $raw);
|
||||
}
|
||||
|
||||
return "!" . $text;
|
||||
return "!" . ($raw ? $text : sanitize_string($text, 'low', 'moderate'));
|
||||
}
|
||||
|
||||
function getstring($text)
|
||||
function getstring($text, $raw = false)
|
||||
{
|
||||
global $current_locale;
|
||||
return getstring_($text, $current_locale);
|
||||
$string = getstring_($text, $current_locale, true);
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
function getlocal($text)
|
||||
function getlocal($text, $raw = false)
|
||||
{
|
||||
global $current_locale, $webim_encoding;
|
||||
return myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale), true);
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
function getlocal_($text, $locale)
|
||||
function getlocal_($text, $locale, $raw = false)
|
||||
{
|
||||
global $webim_encoding;
|
||||
return myiconv($webim_encoding, getoutputenc(), getstring_($text, $locale));
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $locale), true);
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
function topage($text)
|
||||
@ -237,41 +240,42 @@ function topage($text)
|
||||
return myiconv($webim_encoding, getoutputenc(), $text);
|
||||
}
|
||||
|
||||
function getstring2_($text, $params, $locale)
|
||||
function getstring2_($text, $params, $locale, $raw = false)
|
||||
{
|
||||
$string = getstring_($text, $locale);
|
||||
$string = getstring_($text, $locale, true);
|
||||
for ($i = 0; $i < count($params); $i++) {
|
||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||
}
|
||||
return $string;
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
function getstring2($text, $params)
|
||||
function getstring2($text, $params, $raw = false)
|
||||
{
|
||||
global $current_locale;
|
||||
return getstring2_($text, $params, $current_locale);
|
||||
$string = getstring2_($text, $params, $current_locale, true);
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
function getlocal2($text, $params)
|
||||
function getlocal2($text, $params, $raw = false)
|
||||
{
|
||||
global $current_locale, $webim_encoding;
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale, true));
|
||||
for ($i = 0; $i < count($params); $i++) {
|
||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||
}
|
||||
return $string;
|
||||
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
/* prepares for Javascript string */
|
||||
function getlocalforJS($text, $params)
|
||||
{
|
||||
global $current_locale, $webim_encoding;
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale, true));
|
||||
$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string));
|
||||
for ($i = 0; $i < count($params); $i++) {
|
||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||
}
|
||||
return $string;
|
||||
return sanitize_string($string, 'low', 'moderate');
|
||||
}
|
||||
|
||||
/* ajax server actions use utf-8 */
|
||||
@ -450,7 +454,7 @@ function no_field($key)
|
||||
function failed_uploading_file($filename, $key)
|
||||
{
|
||||
return getlocal2("errors.failed.uploading.file",
|
||||
array($filename, getlocal($key)));
|
||||
array(htmlspecialchars($filename), getlocal($key)));
|
||||
}
|
||||
|
||||
function wrong_field($key)
|
||||
@ -469,8 +473,8 @@ function get_popup($href, $jshref, $message, $title, $wndName, $options)
|
||||
function get_image($href, $width, $height)
|
||||
{
|
||||
if ($width != 0 && $height != 0)
|
||||
return "<img src=\"$href\" border=\"0\" width=\"$width\" height=\"$height\" alt=\"\"/>";
|
||||
return "<img src=\"$href\" border=\"0\" alt=\"\"/>";
|
||||
return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" width=\"" . htmlspecialchars($width) . "\" height=\"" . htmlspecialchars($height) . "\" alt=\"\"/>";
|
||||
return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" alt=\"\"/>";
|
||||
}
|
||||
|
||||
function get_gifimage_size($filename)
|
||||
@ -730,4 +734,82 @@ function setcsrftoken()
|
||||
}
|
||||
}
|
||||
|
||||
/* simple HTML sanitation
|
||||
*
|
||||
* includes some code from the PHP Strip Attributes Class For XML and HTML
|
||||
* Copyright 2009 David (semlabs.co.uk)
|
||||
* Available under the MIT License.
|
||||
*
|
||||
* http://semlabs.co.uk/journal/php-strip-attributes-class-for-xml-and-html
|
||||
*
|
||||
*/
|
||||
|
||||
function sanitize_string($string, $tags_level = 'high', $attr_level = 'high')
|
||||
{
|
||||
$sanitize_tags = array(
|
||||
'high' => '',
|
||||
'moderate' => '<span><em><strong><b><i><br>',
|
||||
'low' => '<span><em><strong><b><i><br><p><ul><ol><li><a><font><style>'
|
||||
);
|
||||
|
||||
$sanitize_attributes = array(
|
||||
'high' => array(),
|
||||
'moderate' => array('class', 'style', 'href', 'rel', 'id'),
|
||||
'low' => false
|
||||
);
|
||||
|
||||
$tags_level = array_key_exists($tags_level, $sanitize_tags) ? $tags_level : 'high';
|
||||
$string = strip_tags($string, $sanitize_tags[$tags_level]);
|
||||
|
||||
$attr_level = array_key_exists($attr_level, $sanitize_attributes) ? $attr_level : 'high';
|
||||
if ($sanitize_attributes[$attr_level]) {
|
||||
|
||||
preg_match_all("/<([^ !\/\>\n]+)([^>]*)>/i", $string, $elements);
|
||||
foreach ($elements[1] as $key => $element) {
|
||||
if ($elements[2][$key]) {
|
||||
|
||||
$new_attributes = '';
|
||||
preg_match_all("/([^ =]+)\s*=\s*[\"|']{0,1}([^\"']*)[\"|']{0,1}/i", $elements[2][$key], $attributes );
|
||||
|
||||
if ($attributes[1]) {
|
||||
foreach ($attributes[1] as $attr_key => $attr) {
|
||||
if (in_array($attributes[1][$attr_key], $sanitize_attributes[$attr_level])) {
|
||||
$new_attributes .= ' ' . $attributes[1][$attr_key] . '="' . $attributes[2][$attr_key] . '"';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$replacement = '<' . $elements[1][$key] . $new_attributes . '>';
|
||||
$string = preg_replace( '/' . reg_escape($elements[0][$key]) . '/', $replacement, $string );
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
||||
function reg_escape ($string) {
|
||||
|
||||
$conversions = array( "^" => "\^",
|
||||
"[" => "\[",
|
||||
"." => "\.",
|
||||
"$" => "\$",
|
||||
"{" => "\{",
|
||||
"*" => "\*",
|
||||
"(" => "\(",
|
||||
"\\" => "\\\\",
|
||||
"/" => "\/",
|
||||
"+" => "\+",
|
||||
")" => "\)",
|
||||
"|" => "\|",
|
||||
"?" => "\?",
|
||||
"<" => "\<",
|
||||
">" => "\>"
|
||||
);
|
||||
|
||||
return strtr($string, $conversions);
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@ -53,19 +53,19 @@ function demo_process_thread($act, $outformat, $lastid, $isuser, $canpost, $isty
|
||||
if ($lastid == 1) {
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_for_agent, 'created' => time() - 15, 'tname' => '',
|
||||
'tmessage' => getstring2('chat.came.from', array("http://google.com"))), $outformat);
|
||||
'tmessage' => getstring2('chat.came.from', array("http://google.com"), true)), $outformat);
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_info, 'created' => time() - 15, 'tname' => '',
|
||||
'tmessage' => getstring('chat.wait')), $outformat);
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_events, 'created' => time() - 10, 'tname' => '',
|
||||
'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"))), $outformat);
|
||||
'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"), true)), $outformat);
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_agent, 'created' => time() - 9, 'tname' => 'Administrator',
|
||||
'tmessage' => getstring("demo.chat.welcome")), $outformat);
|
||||
'tmessage' => getstring("demo.chat.welcome"), true), $outformat);
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_user, 'created' => time() - 5, 'tname' => getstring("chat.default.username"),
|
||||
'tmessage' => getstring("demo.chat.question")), $outformat);
|
||||
'tmessage' => getstring("demo.chat.question", true)), $outformat);
|
||||
if ($canpost && $outformat == 'xml') {
|
||||
demo_print_message(
|
||||
array('ikind' => $kind_info, 'created' => time() - 5, 'tname' => '',
|
||||
|
||||
@ -36,9 +36,9 @@ function generate_button($title, $locale, $style, $group, $inner, $showhost, $fo
|
||||
$link = append_query($link, "group=$group");
|
||||
|
||||
$modsecfix = $modsecurity ? ".replace('http://','').replace('https://','')" : "";
|
||||
$jslink = append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)");
|
||||
$temp = get_popup($link, "$jslink",
|
||||
$inner, $title, "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
|
||||
$jslink = htmlspecialchars(append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)"));
|
||||
$temp = get_popup(htmlspecialchars($link), "$jslink",
|
||||
$inner, htmlspecialchars($title), "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
|
||||
return "<!-- mibew button -->" . $temp . "<!-- / mibew button -->";
|
||||
}
|
||||
|
||||
|
||||
@ -203,7 +203,7 @@ function append_query($link, $pv)
|
||||
{
|
||||
$infix = '?';
|
||||
if (strstr($link, $infix) !== FALSE)
|
||||
$infix = '&';
|
||||
$infix = '&';
|
||||
return "$link$infix$pv";
|
||||
}
|
||||
|
||||
@ -305,8 +305,8 @@ function setup_redirect_links($threadid, $token)
|
||||
)
|
||||
: "";
|
||||
$agent_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
||||
"\" title=\"" . topage(get_operator_name($agent)) . "\">" .
|
||||
topage(get_operator_name($agent)) .
|
||||
"\" title=\"" . htmlspecialchars(topage(get_operator_name($agent))) . "\">" .
|
||||
htmlspecialchars(topage(get_operator_name($agent))) .
|
||||
"</a> $status</li>";
|
||||
}
|
||||
$page['redirectToAgent'] = $agent_list;
|
||||
@ -322,8 +322,8 @@ function setup_redirect_links($threadid, $token)
|
||||
? getlocal("char.redirect.operator.away_suff")
|
||||
: "");
|
||||
$group_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
||||
"\" title=\"" . topage(get_group_name($group)) . "\">" .
|
||||
topage(get_group_name($group)) .
|
||||
"\" title=\"" . htmlspecialchars(topage(get_group_name($group))) . "\">" .
|
||||
htmlspecialchars(topage(get_group_name($group))) .
|
||||
"</a> $status</li>";
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,12 +18,12 @@
|
||||
$pagination_spacing = " ";
|
||||
$links_on_page = 5;
|
||||
|
||||
function generate_pagination_link($page, $title)
|
||||
function generate_pagination_link($page, $title, $raw = false)
|
||||
{
|
||||
$lnk = $_SERVER['REQUEST_URI'];
|
||||
$href = preg_replace("/\?page=\d+\&/", "?", preg_replace("/\&page=\d+/", "", $lnk));
|
||||
$href .= strstr($href, "?") ? "&page=$page" : "?page=$page";
|
||||
return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">$title</a>";
|
||||
return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">" . ($raw ? $title : htmlspecialchars($title)) . "</a>";
|
||||
}
|
||||
|
||||
function generate_pagination_image($id, $alt)
|
||||
@ -112,7 +112,7 @@ function generate_pagination($pagination, $bottom = true)
|
||||
$maxPage = min($curr_page + $links_on_page, $pagination['total']);
|
||||
|
||||
if ($curr_page > 1) {
|
||||
$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous"))) . $pagination_spacing;
|
||||
$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous")), true) . $pagination_spacing;
|
||||
}
|
||||
|
||||
for ($i = $minPage; $i <= $maxPage; $i++) {
|
||||
@ -126,7 +126,7 @@ function generate_pagination($pagination, $bottom = true)
|
||||
}
|
||||
|
||||
if ($curr_page < $pagination['total']) {
|
||||
$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")));
|
||||
$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")), true);
|
||||
}
|
||||
$result .= "</div>";
|
||||
}
|
||||
|
||||
@ -50,7 +50,7 @@ function get_user_addr($addr)
|
||||
global $settings;
|
||||
if ($settings['geolink'] && preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $addr, $matches)) {
|
||||
$userip = $matches[1];
|
||||
return get_popup(str_replace("{ip}", $userip, $settings['geolink']), '', htmlspecialchars($addr), "GeoLocation", "ip$userip", $settings['geolinkparams']);
|
||||
return get_popup(htmlspecialchars(str_replace("{ip}", $userip, $settings['geolink'])), '', htmlspecialchars($addr), "GeoLocation", htmlspecialchars("ip$userip"), htmlspecialchars($settings['geolinkparams']));
|
||||
}
|
||||
return htmlspecialchars($addr);
|
||||
}
|
||||
|
||||
@ -57,8 +57,8 @@ foreach( $output as $msg ) {
|
||||
$history .= $msg;
|
||||
}
|
||||
|
||||
$subject = getstring("mail.user.history.subject");
|
||||
$body = getstring2("mail.user.history.body", array($thread['userName'],$history) );
|
||||
$subject = getstring("mail.user.history.subject", true);
|
||||
$body = getstring2("mail.user.history.body", array($thread['userName'],$history), true);
|
||||
|
||||
$link = connect();
|
||||
webim_mail($email, $webim_mailbox, $subject, $body, $link);
|
||||
|
||||
@ -52,7 +52,7 @@ if (isset($_POST['address'])) {
|
||||
|
||||
if ((!$banId && $existing_ban) ||
|
||||
($banId && $existing_ban && $banId != $existing_ban['banid'])) {
|
||||
$errors[] = getlocal2("ban.error.duplicate", array($address, $existing_ban['banid']));
|
||||
$errors[] = getlocal2("ban.error.duplicate", array(htmlspecialchars($address), htmlspecialchars($existing_ban['banid'])));
|
||||
}
|
||||
|
||||
if (count($errors) == 0) {
|
||||
|
||||
@ -78,7 +78,7 @@ if (!$group) {
|
||||
}
|
||||
|
||||
$page['formop'] = array();
|
||||
$page['currentgroup'] = $group ? topage(htmlspecialchars($group['vclocalname'])) : "";
|
||||
$page['currentgroup'] = $group ? topage($group['vclocalname']) : "";
|
||||
|
||||
foreach (get_group_members($groupid) as $rel) {
|
||||
$page['formop'][] = $rel['operatorid'];
|
||||
|
||||
@ -30,7 +30,7 @@ $page = array(
|
||||
'localeLinks' => get_locale_links("$webimroot/operator/index.php"),
|
||||
'needUpdate' => $settings['dbversion'] != $dbversion,
|
||||
'needChangePassword' => $operator['vcpassword'] == md5(''),
|
||||
'profilePage' => "$webimroot/operator/operator.php?op=".$operator['operatorid'],
|
||||
'profilePage' => "$webimroot/operator/operator.php?op=".htmlspecialchars($operator['operatorid']),
|
||||
'updateWizard' => "$webimroot/install/",
|
||||
'newFeatures' => $settings['featuresversion'] != $featuresversion,
|
||||
'featuresPage' => "$webimroot/operator/features.php",
|
||||
|
||||
@ -39,14 +39,14 @@ if (isset($_GET['nextGroup'])) {
|
||||
$nextGroup = group_by_id($nextid);
|
||||
|
||||
if ($nextGroup) {
|
||||
$page['message'] = getlocal2("chat.redirected.group.content", array(topage(get_group_name($nextGroup))));
|
||||
$page['message'] = getlocal2("chat.redirected.group.content", array(htmlspecialchars(topage(get_group_name($nextGroup)))));
|
||||
if ($thread['istate'] == $state_chatting) {
|
||||
$link = connect();
|
||||
commit_thread($threadid,
|
||||
array("istate" => $state_waiting, "nextagent" => 0, "groupid" => $nextid, "agentId" => 0, "agentName" => "''"), $link);
|
||||
post_message_($thread['threadid'], $kind_events,
|
||||
getstring2_("chat.status.operator.redirect",
|
||||
array(get_operator_name($operator)), $thread['locale']), $link);
|
||||
array(get_operator_name($operator)), $thread['locale'], true), $link);
|
||||
mysql_close($link);
|
||||
} else {
|
||||
$errors[] = getlocal("chat.redirect.cannot");
|
||||
@ -60,7 +60,7 @@ if (isset($_GET['nextGroup'])) {
|
||||
$nextOperator = operator_by_id($nextid);
|
||||
|
||||
if ($nextOperator) {
|
||||
$page['message'] = getlocal2("chat.redirected.content", array(topage(get_operator_name($nextOperator))));
|
||||
$page['message'] = getlocal2("chat.redirected.content", array(htmlspecialchars(topage(get_operator_name($nextOperator)))));
|
||||
if ($thread['istate'] == $state_chatting) {
|
||||
$link = connect();
|
||||
$threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0);
|
||||
@ -72,7 +72,7 @@ if (isset($_GET['nextGroup'])) {
|
||||
commit_thread($threadid, $threadupdate, $link);
|
||||
post_message_($thread['threadid'], $kind_events,
|
||||
getstring2_("chat.status.operator.redirect",
|
||||
array(get_operator_name($operator)), $thread['locale']), $link);
|
||||
array(get_operator_name($operator)), $thread['locale'], true), $link);
|
||||
mysql_close($link);
|
||||
} else {
|
||||
$errors[] = getlocal("chat.redirect.cannot");
|
||||
|
||||
@ -69,7 +69,7 @@ if (isset($_POST['email']) && isset($_POST['title']) && isset($_POST['logo'])) {
|
||||
if ($params['geolinkparams']) {
|
||||
foreach (preg_split("/,/", $params['geolinkparams']) as $oneparam) {
|
||||
if (!preg_match("/^\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\d{1,4}$/", $oneparam)) {
|
||||
$errors[] = "Wrong link parameter: \"$oneparam\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
|
||||
$errors[] = "Wrong link parameter: \"" . htmlspecialchars($oneparam) . "\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,7 +24,7 @@ require_once('../libs/groups.php');
|
||||
$operator = get_logged_in();
|
||||
if (!$operator) {
|
||||
start_xml_output();
|
||||
echo "<error><descr>" . myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))) . "</descr></error>";
|
||||
echo "<error><descr>" . htmlspecialchars(htmlspecialchars(myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))))) . "</descr></error>";
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ function thread_to_xml($thread, $link)
|
||||
$webim_encoding, $operator, $settings,
|
||||
$can_viewthreads, $can_takeover, $mysqlprefix;
|
||||
$state = $threadstate_to_string[$thread['istate']];
|
||||
$result = "<thread id=\"" . $thread['threadid'] . "\" stateid=\"$state\"";
|
||||
$result = "<thread id=\"" . htmlspecialchars(htmlspecialchars($thread['threadid'])) . "\" stateid=\"$state\"";
|
||||
if ($state == "closed")
|
||||
return $result . "/>";
|
||||
|
||||
@ -77,10 +77,10 @@ $can_viewthreads, $can_takeover, $mysqlprefix;
|
||||
|
||||
$banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false;
|
||||
if ($banForThread) {
|
||||
$result .= " ban=\"blocked\" banid=\"" . $banForThread['banid'] . "\"";
|
||||
$result .= " ban=\"blocked\" banid=\"" . htmlspecialchars(htmlspecialchars($banForThread['banid'])) . "\"";
|
||||
}
|
||||
|
||||
$result .= " state=\"$state\" typing=\"" . $thread['userTyping'] . "\">";
|
||||
$result .= " state=\"$state\" typing=\"" . htmlspecialchars(htmlspecialchars($thread['userTyping'])) . "\">";
|
||||
$result .= "<name>";
|
||||
if ($banForThread) {
|
||||
$result .= htmlspecialchars(getstring('chat.client.spam.prefix'));
|
||||
@ -88,15 +88,15 @@ $can_viewthreads, $can_takeover, $mysqlprefix;
|
||||
$result .= htmlspecialchars(htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
|
||||
$result .= "<addr>" . htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
|
||||
$result .= "<agent>" . htmlspecialchars(htmlspecialchars($threadoperator)) . "</agent>";
|
||||
$result .= "<time>" . $thread['unix_timestamp(dtmcreated)'] . "000</time>";
|
||||
$result .= "<modified>" . $thread['unix_timestamp(dtmmodified)'] . "000</modified>";
|
||||
$result .= "<time>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>";
|
||||
$result .= "<modified>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>";
|
||||
|
||||
if ($banForThread) {
|
||||
$result .= "<reason>" . $banForThread['comment'] . "</reason>";
|
||||
$result .= "<reason>" . htmlspecialchars(htmlspecialchars($banForThread['comment'])) . "</reason>";
|
||||
}
|
||||
|
||||
$userAgent = get_useragent_version($thread['userAgent']);
|
||||
$result .= "<useragent>" . $userAgent . "</useragent>";
|
||||
$result .= "<useragent>" . htmlspecialchars(htmlspecialchars($userAgent)) . "</useragent>";
|
||||
if ($thread["shownmessageid"] != 0) {
|
||||
$query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . $thread["shownmessageid"];
|
||||
$line = select_one_row($query, $link);
|
||||
|
||||
@ -32,7 +32,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php } ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['needChangePassword'] ) { ?>
|
||||
@ -47,7 +47,7 @@ require_once('inc_errors.php');
|
||||
<?php if( $page['opid'] || $page['canmodify'] ) { ?>
|
||||
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
|
||||
<input type="hidden" name="opid" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||
<?php if(!$page['showjabber']) { ?>
|
||||
<input type="hidden" name="jabber" value="<?php echo form_value('jabber') ?>"/>
|
||||
<?php if(form_value_cb('jabbernotify')) { ?><input type="hidden" name="jabbernotify" value="on"/><?php } ?>
|
||||
@ -133,7 +133,7 @@ require_once('inc_errors.php');
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
@ -147,7 +147,7 @@ require_once('inc_errors.php');
|
||||
|
||||
</form>
|
||||
<?php } ?>
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -31,14 +31,14 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page_agents.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="tabletool">
|
||||
<img src='<?php echo $webimroot ?>/images/buttons/createagent.gif' border="0" alt="" />
|
||||
<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo getlocal("page_agents.new_agent") ?>">
|
||||
<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo htmlspecialchars(getlocal("page_agents.new_agent")) ?>">
|
||||
<?php echo getlocal("page_agents.new_agent") ?>
|
||||
</a>
|
||||
</div>
|
||||
@ -64,7 +64,7 @@ require_once('inc_errors.php');
|
||||
<?php foreach( $page['allowedAgents'] as $a ) { ?>
|
||||
<tr>
|
||||
<td class="notlast">
|
||||
<a id="ti<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
|
||||
<a id="ti<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($a['operatorid']) ?>" class="man">
|
||||
<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
|
||||
</a>
|
||||
</td>
|
||||
@ -82,11 +82,11 @@ require_once('inc_errors.php');
|
||||
</td>
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<td>
|
||||
<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&id=<?php echo $a['operatorid'] ?><?php print_csrf_token_in_url() ?>">
|
||||
<a class="removelink" id="i<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&id=<?php echo urlencode($a['operatorid']) ?><?php print_csrf_token_in_url() ?>">
|
||||
remove
|
||||
</a>
|
||||
</td>
|
||||
<?php } ?>
|
||||
<?php } ?>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
</tbody>
|
||||
@ -98,7 +98,7 @@ $('a.removelink').click(function(){
|
||||
});
|
||||
//--></script>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -27,19 +27,19 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page_avatar.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
||||
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||
<div>
|
||||
<?php print_tabbar(); ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<p>
|
||||
<b><?php echo $page['currentop'] ?>‎</b>
|
||||
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||
</p>
|
||||
|
||||
<div class="fieldForm">
|
||||
@ -48,9 +48,9 @@ require_once('inc_errors.php');
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div>
|
||||
<div class="fvalue">
|
||||
<img src="<?php echo $page['avatar'] ?>" alt="cannot load avatar"/><br/>
|
||||
<img src="<?php echo htmlspecialchars($page['avatar']) ?>" alt="cannot load avatar"/><br/>
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<a class="formauth" href='<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo $page['opid'] ?>&delete=true'>
|
||||
<a class="formauth" href="<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo urlencode($page['opid']) ?>&delete=true">
|
||||
<?php echo getlocal("page_agent.clear_avatar") ?>
|
||||
</a>
|
||||
<?php } ?>
|
||||
@ -77,20 +77,20 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="asterisk">
|
||||
<?php echo getlocal("common.asterisk_explanation") ?>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -21,7 +21,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
?>
|
||||
|
||||
<?php if( $page['saved'] ) { ?>
|
||||
<?php echo getlocal2("page_ban.sent",array($page['address'])) ?>
|
||||
<?php echo getlocal2("page_ban.sent",array(htmlspecialchars($page['address']))) ?>
|
||||
|
||||
<script type="text/javascript"><!--
|
||||
setTimeout( (function() { window.close(); }), 1500 );
|
||||
@ -42,9 +42,9 @@ require_once('inc_errors.php');
|
||||
<?php } ?>
|
||||
|
||||
<form name="banForm" method="post" action="<?php echo $webimroot ?>/operator/ban.php">
|
||||
<input type="hidden" name="banId" value="<?php echo $page['banId'] ?>"/>
|
||||
<input type="hidden" name="banId" value="<?php echo htmlspecialchars($page['banId']) ?>"/>
|
||||
<?php if( $page['threadid'] ) { ?>
|
||||
<input type="hidden" name="threadid" value="<?php echo $page['threadid'] ?>"/>
|
||||
<input type="hidden" name="threadid" value="<?php echo htmlspecialchars($page['threadid']) ?>"/>
|
||||
<?php } ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
@ -77,7 +77,7 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ require_once('inc_errors.php');
|
||||
|
||||
<div class="tabletool">
|
||||
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
||||
<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo getlocal("page_bans.add") ?>">
|
||||
<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo htmlspecialchars(getlocal("page_bans.add")) ?>">
|
||||
<?php echo getlocal("page_bans.add") ?>
|
||||
</a>
|
||||
</div>
|
||||
@ -64,7 +64,7 @@ if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $b ) { ?>
|
||||
<tr>
|
||||
<td class="notlast">
|
||||
<a href="ban.php?id=<?php echo $b['banid'] ?>" class="man" id="ti<?php echo $b['banid'] ?>">
|
||||
<a href="ban.php?id=<?php echo urlencode($b['banid']) ?>" class="man" id="ti<?php echo htmlspecialchars($b['banid']) ?>">
|
||||
<?php echo htmlspecialchars($b['address']) ?>
|
||||
</a>
|
||||
</td>
|
||||
@ -81,7 +81,7 @@ if( $page['pagination.items'] ) {
|
||||
?>
|
||||
</td>
|
||||
<td>
|
||||
<a class="removelink" id="i<?php echo $b['banid'] ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&id=<?php echo $b['banid'] ?>">
|
||||
<a class="removelink" id="i<?php echo htmlspecialchars($b['banid']) ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&id=<?php echo urlencode($b['banid']) ?>">
|
||||
remove
|
||||
</a>
|
||||
</td>
|
||||
|
||||
@ -25,32 +25,32 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("canned.descr") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<form name="cannedForm" method="get" action="<?php echo $webimroot ?>/operator/canned.php">
|
||||
|
||||
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<div class="packedFormField">
|
||||
<?php echo getlocal("canned.locale") ?><br/>
|
||||
<select name="lang" onchange="this.form.submit();"><?php
|
||||
foreach($page['locales'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
|
||||
<?php if($page['showgroups']) { ?>
|
||||
<div class="packedFormField">
|
||||
<?php echo getlocal("canned.group") ?><br/>
|
||||
<select name="group" onchange="this.form.submit();"><?php
|
||||
foreach($page['groups'] as $k) {
|
||||
echo "<option value=\"".$k["groupid"]."\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">".$k["vclocalname"]."</option>";
|
||||
<select name="group" onchange="this.form.submit();"><?php
|
||||
foreach($page['groups'] as $k) {
|
||||
echo "<option value=\"" . htmlspecialchars($k["groupid"]) . "\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["vclocalname"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
|
||||
<br clear="all"/>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
@ -59,8 +59,8 @@ require_once('inc_errors.php');
|
||||
|
||||
<div class="tabletool">
|
||||
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?>" target="_blank"
|
||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">
|
||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?>" target="_blank"
|
||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">
|
||||
<?php echo getlocal("canned.add") ?>
|
||||
</a>
|
||||
</div>
|
||||
@ -77,21 +77,21 @@ require_once('inc_errors.php');
|
||||
</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $localstr ) { ?>
|
||||
<tr>
|
||||
<td>
|
||||
<?php echo str_replace("\n", "<br/>",htmlspecialchars(topage($localstr['vcvalue']))) ?>
|
||||
</td>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>" target="_blank"
|
||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo getlocal("canned.actions.edit") ?></a>,
|
||||
<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&key=<?php echo $localstr['id'] ?>&lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?><?php print_csrf_token_in_url() ?>"><?php echo getlocal("canned.actions.del") ?></a>
|
||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo urlencode($localstr['id']) ?>" target="_blank"
|
||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo getlocal("canned.actions.edit") ?></a>,
|
||||
<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&key=<?php echo urlencode($localstr['id']) ?>&lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?><?php print_csrf_token_in_url() ?>"><?php echo getlocal("canned.actions.del") ?></a>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
<tr>
|
||||
@ -99,20 +99,20 @@ if( $page['pagination.items'] ) {
|
||||
<?php echo getlocal("tag.pagination.no_items.elements") ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
if( $page['pagination.items'] ) {
|
||||
echo "<br/>";
|
||||
echo generate_pagination($page['pagination']);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -35,16 +35,16 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo $page['key'] ? getlocal("cannededit.descr") : getlocal("cannednew.descr") ?>
|
||||
<br/>
|
||||
<br/>
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
|
||||
<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
|
||||
<?php if(!$page['key']) { ?>
|
||||
<input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>
|
||||
<input type="hidden" name="group" value="<?php echo $page['groupid'] ?>"/>
|
||||
<input type="hidden" name="lang" value="<?php echo htmlspecialchars($page['locale']) ?>"/>
|
||||
<input type="hidden" name="group" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
|
||||
<?php } ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
@ -55,18 +55,18 @@ require_once('inc_errors.php');
|
||||
<textarea name="message" cols="20" rows="5" class="wide"><?php echo form_value('message') ?></textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</form>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -23,16 +23,16 @@ function tpl_content() { global $page, $webimroot;
|
||||
<div id="confirmpane">
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<?php echo getlocal2("confirm.take.message",array($page['user'], $page['agent'])) ?><br/><br/>
|
||||
<?php echo getlocal2("confirm.take.message",array(htmlspecialchars($page['user']), htmlspecialchars($page['agent']))) ?><br/><br/>
|
||||
<br/>
|
||||
|
||||
<div>
|
||||
<table class="nicebutton"><tr>
|
||||
<td><a href="<?php echo $page['link'] ?>">
|
||||
<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||
<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
|
||||
<td class="submit"><a href="<?php echo $page['link'] ?>">
|
||||
<td class="submit"><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||
<?php echo getlocal("confirm.take.yes") ?></a></td>
|
||||
<td><a href="<?php echo $page['link'] ?>">
|
||||
<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||
<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
|
||||
</tr></table>
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ $page['title'] = getlocal("settings.title");
|
||||
$page['menuid'] = "settings";
|
||||
|
||||
function tpl_header() { global $page, $webimroot;
|
||||
?>
|
||||
?>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.4.2.min.js"></script>
|
||||
<script type="text/javascript" language="javascript">
|
||||
function updateSurvey() {
|
||||
@ -61,7 +61,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page_settings.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -84,7 +84,7 @@ require_once('inc_errors.php');
|
||||
<div class="fdescr"> — <?php echo getlocal('settings.usercanchangename.description') ?></div>
|
||||
<br clear="all"/>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo getlocal('settings.enablessl') ?></div>
|
||||
<div class="fvalue">
|
||||
@ -164,7 +164,7 @@ require_once('inc_errors.php');
|
||||
<div class="fdescr"> — <?php echo getlocal('settings.survey.askgroup.description') ?></div>
|
||||
<br clear="all"/>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="subfield undersurvey">
|
||||
<div class="flabel"><?php echo getlocal('settings.survey.askmessage') ?></div>
|
||||
<div class="fvalue">
|
||||
@ -213,16 +213,16 @@ require_once('inc_errors.php');
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -41,7 +41,7 @@ require_once('inc_errors.php');
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"" . ($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -49,7 +49,7 @@ require_once('inc_errors.php');
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"".$k['groupid']."\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">".$k['vclocalname']."</option>"; } ?></select>
|
||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
@ -58,14 +58,14 @@ require_once('inc_errors.php');
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_image") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("image") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("image") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("style") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<br clear="all"/>
|
||||
@ -113,7 +113,7 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
|
||||
@ -27,7 +27,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page.gen_button.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
@ -37,11 +37,11 @@ require_once('inc_errors.php');
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<div class="fieldForm">
|
||||
|
||||
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -49,7 +49,7 @@ require_once('inc_errors.php');
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"".$k['groupid']."\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">".$k['vclocalname']."</option>"; } ?></select>
|
||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
@ -58,7 +58,7 @@ require_once('inc_errors.php');
|
||||
<div class="fieldinrow">
|
||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("style") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<br clear="all"/>
|
||||
@ -106,10 +106,10 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -32,7 +32,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php } ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -40,7 +40,7 @@ require_once('inc_errors.php');
|
||||
<?php } ?>
|
||||
|
||||
<form name="groupForm" method="post" action="<?php echo $webimroot ?>/operator/group.php">
|
||||
<input type="hidden" name="gid" value="<?php echo $page['grid'] ?>"/>
|
||||
<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['grid']) ?>"/>
|
||||
<div>
|
||||
<?php print_tabbar(); ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
@ -92,20 +92,20 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="asterisk">
|
||||
<?php echo getlocal("common.asterisk_explanation") ?>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -24,44 +24,45 @@ $page['menuid'] = "groups";
|
||||
function tpl_content() { global $page, $webimroot, $errors;
|
||||
?>
|
||||
|
||||
<?php echo getlocal("page.groupmembers.intro") ?>
|
||||
<?php echo htmlspecialchars(getlocal("page.groupmembers.intro")) ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
<div id="formmessage"><?php echo getlocal("data.saved") ?></div>
|
||||
<div id="formmessage"><?php echo htmlspecialchars(getlocal("data.saved")) ?></div>
|
||||
<?php } ?>
|
||||
|
||||
<form name="membersForm" method="post" action="<?php echo $webimroot ?>/operator/groupmembers.php">
|
||||
<input type="hidden" name="gid" value="<?php echo $page['groupid'] ?>"/>
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
|
||||
<div>
|
||||
<?php print_tabbar(); ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<p>
|
||||
<b><?php echo $page['currentgroup'] ?></b>
|
||||
<b><?php echo htmlspecialchars($page['currentgroup']) ?></b>
|
||||
</p>
|
||||
<?php foreach( $page['operators'] as $pm ) { ?>
|
||||
<div class="field">
|
||||
<div class="fvaluenodesc">
|
||||
<input type="checkbox" name="op<?php echo $pm['operatorid'] ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
|
||||
<?php echo htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo $pm['operatorid'] ?>"
|
||||
<input type="checkbox" name="op<?php echo htmlspecialchars($pm['operatorid']) ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
|
||||
<?php echo htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo urlencode($pm['operatorid']) ?>"
|
||||
><?php echo htmlspecialchars(topage($pm['vclogin'])) ?></a>)
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -20,7 +20,7 @@ $page['title'] = getlocal("page.groups.title");
|
||||
$page['menuid'] = "groups";
|
||||
|
||||
function tpl_header() { global $page, $webimroot;
|
||||
?>
|
||||
?>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.4.2.min.js"></script>
|
||||
<?php
|
||||
}
|
||||
@ -31,14 +31,14 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page.groups.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="tabletool">
|
||||
<img src='<?php echo $webimroot ?>/images/buttons/createdep.gif' border="0" alt="" />
|
||||
<a href='<?php echo $webimroot ?>/operator/group.php' title="<?php echo getlocal("page.groups.new") ?>">
|
||||
<img src="<?php echo $webimroot ?>/images/buttons/createdep.gif" border="0" alt="" />
|
||||
<a href="<?php echo $webimroot ?>/operator/group.php" title="<?php echo getlocal("page.groups.new") ?>">
|
||||
<?php echo getlocal("page.groups.new") ?>
|
||||
</a>
|
||||
</div>
|
||||
@ -64,16 +64,16 @@ require_once('inc_errors.php');
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
if(count($page['groups']) > 0) {
|
||||
if(count($page['groups']) > 0) {
|
||||
foreach( $page['groups'] as $grp ) { ?>
|
||||
<tr>
|
||||
<td class="notlast">
|
||||
<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" id="ti<?php echo $grp['groupid'] ?>" class="man">
|
||||
<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
|
||||
</a>
|
||||
<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo urlencode($grp['groupid']) ?>" id="ti<?php echo htmlspecialchars($grp['groupid']) ?>" class="man">
|
||||
<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
|
||||
</a>
|
||||
</td>
|
||||
<td class="notlast">
|
||||
<?php echo $grp['vclocaldescription'] ? htmlspecialchars(topage($grp['vclocaldescription'])) : "<none>" ?>
|
||||
<?php echo $grp['vclocaldescription'] ? htmlspecialchars(topage($grp['vclocaldescription'])) : "<none>" ?>
|
||||
</td>
|
||||
<td class="notlast">
|
||||
<?php if(is_online($grp)) { ?>
|
||||
@ -85,19 +85,19 @@ if(count($page['groups']) > 0) {
|
||||
<?php } ?>
|
||||
</td>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/groupmembers.php?gid=<?php echo $grp['groupid'] ?>">
|
||||
<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
|
||||
</a>
|
||||
<a href="<?php echo $webimroot ?>/operator/groupmembers.php?gid=<?php echo urlencode($grp['groupid']) ?>">
|
||||
<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
|
||||
</a>
|
||||
</td>
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&gid=<?php echo $grp['groupid'] ?>" id="i<?php echo $grp['groupid'] ?>" class="removelink">
|
||||
<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&gid=<?php echo urlencode($grp['groupid']) ?>" id="i<?php echo htmlspecialchars($grp['groupid']) ?>" class="removelink">
|
||||
remove
|
||||
</a>
|
||||
</td>
|
||||
<?php } ?>
|
||||
</tr>
|
||||
<?php
|
||||
<?php
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
@ -106,8 +106,8 @@ if(count($page['groups']) > 0) {
|
||||
<?php echo getlocal("tag.pagination.no_items.elements") ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -28,10 +28,10 @@ function tpl_menu() { global $page, $webimroot, $errors, $current_locale;
|
||||
<h2><b><?php echo getlocal("lang.choose") ?></b></h2>
|
||||
<ul class="locales">
|
||||
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
||||
<li<?php menuloc($id)?> ><a href='?locale=<?php echo $id ?>'><?php echo $title ?></a></li>
|
||||
<li<?php menuloc($id)?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
</li>
|
||||
<?php
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
@ -24,10 +24,10 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
||||
<link rel="shortcut icon" href="<?php echo $webimroot ?>/images/favicon.ico" type="image/x-icon"/>
|
||||
<?php
|
||||
if(function_exists('tpl_header'))
|
||||
tpl_header();
|
||||
tpl_header();
|
||||
?>
|
||||
<title>
|
||||
<?php echo $page['title'] ?> - <?php echo getlocal("app.title") ?>
|
||||
<?php echo htmlspecialchars($page['title']) ?> - <?php echo getlocal("app.title") ?>
|
||||
</title>
|
||||
<link href="<?php echo $webimroot ?>/default.css" rel="stylesheet" type="text/css" />
|
||||
<!--[if lte IE 6]><script language="JavaScript" type="text/javascript" src="<?php echo $webimroot ?>/<?php echo jspath() ?>/ie.js"></script><![endif]-->
|
||||
@ -37,10 +37,10 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
||||
<div id="header">
|
||||
<div id="title">
|
||||
<h1><img src="<?php echo $webimroot ?>/images/logo.gif" alt="" width="32" height="32" class="left" />
|
||||
<a href="#"><?php echo isset($page['headertitle']) ? $page['headertitle'] : $page['title'] ?></a></h1>
|
||||
<a href="#"><?php echo isset($page['headertitle']) ? htmlspecialchars($page['headertitle']) : htmlspecialchars($page['title']) ?></a></h1>
|
||||
</div>
|
||||
<?php if(isset($page) && isset($page['operator'])) { ?>
|
||||
<div id="path"><p><?php echo getlocal2("menu.operator",array($page['operator'])) ?></p></div>
|
||||
<div id="path"><p><?php echo getlocal2("menu.operator",array(htmlspecialchars($page['operator']))) ?></p></div>
|
||||
<?php } else if(isset($page) && isset($page['show_small_login'])) { ?>
|
||||
<div id="loginsmallpane">
|
||||
<form name="smallLogin" method="post" action="<?php echo $webimroot ?>/operator/login.php">
|
||||
@ -50,13 +50,13 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
||||
<input type="hidden" name="isRemember" value=""/>
|
||||
<input type="submit" value=">>" class="butt"/>
|
||||
</form>
|
||||
|
||||
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
||||
|
||||
<br clear="all"/>
|
||||
|
||||
|
||||
<div class="contentdiv">
|
||||
<?php if(function_exists('tpl_menu')) { ?>
|
||||
<div id="wcontent" class="contentinner">
|
||||
@ -65,25 +65,25 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
||||
<?php } ?>
|
||||
<?php
|
||||
tpl_content();
|
||||
?>
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php if(function_exists('tpl_menu')) { ?>
|
||||
<?php if(function_exists('tpl_menu')) { ?>
|
||||
<div id="sidebar">
|
||||
<ul>
|
||||
<?php
|
||||
<?php
|
||||
tpl_menu();
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
<?php } ?>
|
||||
<div style="clear: both;"> </div>
|
||||
|
||||
<div class="empty_inner" style=""> </div>
|
||||
|
||||
<div class="empty_inner" style=""> </div>
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo $version ?> | (c) 2011-2013 mibew.org</p>
|
||||
<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo htmlspecialchars($version) ?> | (c) 2011-2013 mibew.org</p>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
function print_tabbar($maxwidth = 4) {
|
||||
global $page;
|
||||
|
||||
|
||||
if($page['tabs']) {
|
||||
$tabbar = $page['tabs'];
|
||||
$len = count($tabbar);
|
||||
@ -25,17 +25,17 @@ function print_tabbar($maxwidth = 4) {
|
||||
$tabbar2 = array();
|
||||
for($i = 0; $i < $len; $i++) {
|
||||
$tabbar2[] = $i != $selected
|
||||
? "<li><a href=\"".$tabbar[$i]['link']."\">".$tabbar[$i]['title']."</a></li>\n"
|
||||
: "<li class=\"active\"><a href=\"#\">".$tabbar[$i]['title']."</a></li>\n";
|
||||
? "<li><a href=\"" . htmlspecialchars($tabbar[$i]['link']) . "\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n"
|
||||
: "<li class=\"active\"><a href=\"#\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n";
|
||||
}
|
||||
|
||||
|
||||
if($len > $maxwidth) { // && $len - $selected > $maxwidth
|
||||
if($selected < $maxwidth) {
|
||||
$tabbar = array_splice($tabbar2, 0, $maxwidth);
|
||||
array_splice($tabbar2, count($tabbar2),0, $tabbar);
|
||||
} // else 3 rows menu
|
||||
}
|
||||
|
||||
|
||||
echo "<ul class=\"tabs\">\n";
|
||||
$i = 0;
|
||||
foreach($tabbar2 as $v) {
|
||||
@ -43,7 +43,7 @@ function print_tabbar($maxwidth = 4) {
|
||||
echo "</ul><br clear=\"all\"><ul class=\"tabs\">\n";
|
||||
}
|
||||
echo $v;
|
||||
$i++;
|
||||
$i++;
|
||||
}
|
||||
echo "</ul>";
|
||||
}
|
||||
|
||||
@ -33,18 +33,18 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<form name="loginForm" method="post" action="<?php echo $webimroot ?>/operator/login.php">
|
||||
<div id="loginpane">
|
||||
|
||||
<div class="header">
|
||||
<div class="header">
|
||||
<h2><?php echo getlocal("page_login.title") ?></h2>
|
||||
</div>
|
||||
|
||||
<div class="fieldForm">
|
||||
|
||||
|
||||
<?php echo getlocal("page_login.intro") ?><br/><br/>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
|
||||
<div class="field">
|
||||
<div class="fleftlabel"><?php echo getlocal("page_login.login") ?></div>
|
||||
<div class="fvalue">
|
||||
@ -72,7 +72,7 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="login" src='<?php echo $webimroot.getlocal("image.button.login") ?>' alt='<?php echo getlocal("button.enter") ?>'/>
|
||||
<input type="image" name="login" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.login")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.enter")) ?>"/>
|
||||
|
||||
<div class="links">
|
||||
<a href="restore.php"><?php echo getlocal("restore.pwd.message") ?></a><br/>
|
||||
@ -81,10 +81,10 @@ require_once('inc_errors.php');
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -21,7 +21,7 @@ $page['menuid'] = "main";
|
||||
|
||||
function tpl_header() { global $page, $webimroot, $jsver;
|
||||
if(isset($page) && isset($page['localeLinks'])) {
|
||||
?>
|
||||
?>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.4.2.min.js"></script>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/locale.js"></script>
|
||||
<?php
|
||||
@ -40,13 +40,13 @@ function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCo
|
||||
<br/>
|
||||
|
||||
<?php if( $page['needChangePassword'] ) { ?>
|
||||
<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array($page['profilePage'])) ?></div>
|
||||
<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array(htmlspecialchars($page['profilePage']))) ?></div>
|
||||
<br/>
|
||||
<?php } else if( $page['needUpdate'] ) { ?>
|
||||
<div id="formmessage"><?php echo getlocal2("install.updatedb",array($page['updateWizard'])) ?></div>
|
||||
<div id="formmessage"><?php echo getlocal2("install.updatedb",array(htmlspecialchars($page['updateWizard']))) ?></div>
|
||||
<br/>
|
||||
<?php } else if($page['newFeatures']) { ?>
|
||||
<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array($page['featuresPage'], $version)) ?></div></div>
|
||||
<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array(htmlspecialchars($page['featuresPage'], $version))) ?></div></div>
|
||||
<br/>
|
||||
<?php } ?>
|
||||
|
||||
@ -54,35 +54,35 @@ function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCo
|
||||
<tr>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/visitors.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/users.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/users.php">
|
||||
<?php echo getlocal('topMenu.users') ?></a>
|
||||
<?php echo getlocal('page_client.pending_users') ?>
|
||||
</td>
|
||||
</td>
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/history.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/history.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/history.php">
|
||||
<?php echo getlocal('page_analysis.search.title') ?></a>
|
||||
<?php echo getlocal('content.history') ?>
|
||||
</td>
|
||||
<?php
|
||||
<?php
|
||||
$menuItemsCount = 2;
|
||||
?>
|
||||
|
||||
<?php if($page['showstat']) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/stat.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/statistics.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/statistics.php">
|
||||
<?php echo getlocal('statistics.title') ?></a>
|
||||
<?php echo getlocal('statistics.description') ?>
|
||||
</td>
|
||||
<?php menuseparator(); ?>
|
||||
<?php } ?>
|
||||
|
||||
<?php if( $page['showban'] ) { ?>
|
||||
<?php if( $page['showban'] ) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/blocked.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/blocked.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/blocked.php">
|
||||
<?php echo getlocal('menu.blocked') ?></a>
|
||||
<?php echo getlocal('content.blocked') ?>
|
||||
</td>
|
||||
@ -91,7 +91,7 @@ $menuItemsCount = 2;
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/canned.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/canned.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/canned.php">
|
||||
<?php echo getlocal('menu.canned') ?></a>
|
||||
<?php echo getlocal('canned.descr') ?>
|
||||
</td>
|
||||
@ -100,15 +100,15 @@ $menuItemsCount = 2;
|
||||
<?php if( $page['showadmin'] ) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/getcode.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/getcode.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/getcode.php">
|
||||
<?php echo getlocal('leftMenu.client_gen_button') ?></a>
|
||||
<?php echo getlocal('admin.content.client_gen_button') ?>
|
||||
</td>
|
||||
<?php menuseparator(); ?>
|
||||
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/operators.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/operators.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/operators.php">
|
||||
<?php echo getlocal('leftMenu.client_agents') ?></a>
|
||||
<?php echo getlocal('admin.content.client_agents') ?>
|
||||
</td>
|
||||
@ -117,16 +117,16 @@ $menuItemsCount = 2;
|
||||
<?php if($page['showgroups']) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/dep.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/groups.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/groups.php">
|
||||
<?php echo getlocal('menu.groups') ?></a>
|
||||
<?php echo getlocal('menu.groups.content') ?>
|
||||
</td>
|
||||
<?php menuseparator(); ?>
|
||||
<?php } ?>
|
||||
<?php } ?>
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/settings.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/settings.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/settings.php">
|
||||
<?php echo getlocal('leftMenu.client_settings') ?></a>
|
||||
<?php echo getlocal('admin.content.client_settings') ?>
|
||||
</td>
|
||||
@ -135,8 +135,8 @@ $menuItemsCount = 2;
|
||||
|
||||
<?php if(isset($page['currentopid']) && $page['currentopid']) {?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/profile.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $page['currentopid'] ?>'>
|
||||
<img src="<?php echo $webimroot ?>/images/dash/profile.gif" alt=""/>
|
||||
<a href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($page['currentopid']) ?>">
|
||||
<?php echo getlocal('menu.profile') ?></a>
|
||||
<?php echo getlocal('menu.profile.content') ?>
|
||||
</td>
|
||||
@ -145,8 +145,8 @@ $menuItemsCount = 2;
|
||||
|
||||
<?php if(isset($page) && isset($page['localeLinks'])) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/locale.gif" alt=""/>
|
||||
<a href='#' id="changelang">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/locale.gif" alt=""/>
|
||||
<a href="#" id="changelang">
|
||||
<?php echo getlocal('menu.locale') ?></a>
|
||||
<?php echo getlocal('menu.locale.content') ?>
|
||||
</td>
|
||||
@ -156,7 +156,7 @@ $menuItemsCount = 2;
|
||||
<?php if( $page['showadmin'] ) { ?>
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/updates.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/updates.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/updates.php">
|
||||
<?php echo getlocal('menu.updates') ?></a>
|
||||
<?php echo getlocal('menu.updates.content') ?>
|
||||
</td>
|
||||
@ -164,7 +164,7 @@ $menuItemsCount = 2;
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/notifications.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/notifications.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/notifications.php">
|
||||
<?php echo getlocal('menu.notifications') ?></a>
|
||||
<?php echo getlocal('menu.notifications.content') ?>
|
||||
</td>
|
||||
@ -173,7 +173,7 @@ $menuItemsCount = 2;
|
||||
|
||||
<td class="dashitem">
|
||||
<img src="<?php echo $webimroot ?>/images/dash/exit.gif" alt=""/>
|
||||
<a href='<?php echo $webimroot ?>/operator/logout.php'>
|
||||
<a href="<?php echo $webimroot ?>/operator/logout.php">
|
||||
<?php echo getlocal('topMenu.logoff') ?></a>
|
||||
<?php echo getlocal('content.logoff') ?>
|
||||
</td>
|
||||
@ -188,14 +188,14 @@ $menuItemsCount = 2;
|
||||
<b><?php echo getlocal("lang.choose") ?></b></h2>
|
||||
<ul class="locales">
|
||||
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
||||
<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href='?locale=<?php echo $id ?>'><?php echo $title ?></a></li>
|
||||
<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
</div>
|
||||
<div id="backgroundPopup"></div>
|
||||
<div id="backgroundPopup"></div>
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -54,7 +54,7 @@ $notification = $page['notification'];
|
||||
</div>
|
||||
|
||||
<div class="message">
|
||||
<?php echo topage(prepare_html_message(htmlspecialchars($notification['tmessage']))) ?>
|
||||
<?php echo topage(prepare_html_message($notification['tmessage'])) ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -64,7 +64,7 @@ $notification = $page['notification'];
|
||||
<br />
|
||||
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -37,19 +37,19 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page.notifications.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<form name="notifyFilterForm" method="get" action="<?php echo $webimroot ?>/operator/notifications.php">
|
||||
|
||||
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<div class="packedFormField">
|
||||
<?php echo getlocal("notifications.kind") ?><br/>
|
||||
<select name="kind" onchange="this.form.submit();"><?php
|
||||
foreach($page['allkinds'] as $k) {
|
||||
echo "<option value=\"".$k."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
|
||||
<select name="kind" onchange="this.form.submit();"><?php
|
||||
foreach($page['allkinds'] as $k) {
|
||||
echo "<option value=\"".htmlspecialchars($k)."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
@ -57,12 +57,12 @@ require_once('inc_errors.php');
|
||||
<?php echo getlocal("notifications.locale") ?><br/>
|
||||
<select name="lang" onchange="this.form.submit();"><?php
|
||||
foreach($page['locales'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
|
||||
<br clear="all"/>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</form>
|
||||
<br/>
|
||||
@ -84,14 +84,14 @@ require_once('inc_errors.php');
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $b ) { ?>
|
||||
<tr>
|
||||
<td class="notlast">
|
||||
<a href="<?php echo $webimroot ?>/operator/notification.php?id=<?php echo $b['id'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/notification.php?id=<?php echo $b['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;" class="<?php echo $b['vckind'] == 'xmpp' ? 'xmpp' : 'mail' ?>">
|
||||
<?php echo htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
|
||||
</a>
|
||||
<a href="<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;" class="<?php echo $b['vckind'] == 'xmpp' ? 'xmpp' : 'mail' ?>">
|
||||
<?php echo htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
|
||||
</a>
|
||||
</td>
|
||||
<td class="notlast">
|
||||
<?php echo htmlspecialchars(shorten(topage($b['vcsubject']),30)) ?>
|
||||
@ -100,11 +100,11 @@ if( $page['pagination.items'] ) {
|
||||
<?php echo htmlspecialchars(shorten(topage($b['tmessage']),30)) ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo date_to_text($b['created']) ?>
|
||||
<?php echo date_to_text($b['created']) ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
<tr>
|
||||
@ -113,19 +113,19 @@ if( $page['pagination.items'] ) {
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
if( $page['pagination.items'] ) {
|
||||
echo "<br/>";
|
||||
echo generate_pagination($page['pagination']);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -27,7 +27,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("operator.groups.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -35,19 +35,20 @@ require_once('inc_errors.php');
|
||||
<?php } ?>
|
||||
|
||||
<form name="opgroupsForm" method="post" action="<?php echo $webimroot ?>/operator/opgroups.php">
|
||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||
<div>
|
||||
<?php print_tabbar(); ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<p>
|
||||
<b><?php echo $page['currentop'] ?>‎</b>
|
||||
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||
</p>
|
||||
<?php foreach( $page['groups'] as $pm ) { ?>
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div>
|
||||
<div class="fvalue">
|
||||
<input type="checkbox" name="group<?php echo $pm['groupid'] ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
|
||||
<input type="checkbox" name="group<?php echo htmlspecialchars($pm['groupid']) ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
|
||||
</div>
|
||||
<div class="fdescr"> — <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
|
||||
<br clear="all"/>
|
||||
@ -56,14 +57,14 @@ require_once('inc_errors.php');
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -21,21 +21,21 @@ $page['menuid'] = "users";
|
||||
|
||||
|
||||
function tpl_header() { global $page, $webimroot, $jsver;
|
||||
?>
|
||||
?>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/common.js"></script>
|
||||
<script type="text/javascript" language="javascript"><!--
|
||||
var localized = new Array(
|
||||
"<?php echo getlocal("pending.table.speak") ?>",
|
||||
"<?php echo getlocal("pending.table.view") ?>",
|
||||
"<?php echo getlocal("pending.table.ban") ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.table.speak")) ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.table.view")) ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.table.ban")) ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.menu.show")) ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.menu.hide")) ?>",
|
||||
"<?php echo htmlspecialchars(getlocal("pending.popup_notification")) ?>"
|
||||
);
|
||||
var updaterOptions = {
|
||||
url:"<?php echo $webimroot ?>/operator/update.php",wroot:"<?php echo $webimroot ?>",
|
||||
agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo $page['frequency'] ?>, istatus:<?php echo $page['istatus'] ?>,
|
||||
noclients:"<?php echo getlocal("clients.no_clients") ?>", havemenu: <?php echo $page['havemenu'] ?>, showpopup: <?php echo $page['showpopup'] ?>, showonline: <?php echo $page['showonline'] ?> };
|
||||
agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo htmlspecialchars($page['frequency']) ?>, istatus:<?php echo htmlspecialchars($page['istatus']) ?>,
|
||||
noclients:"<?php echo htmlspecialchars(getlocal("clients.no_clients")) ?>", havemenu: <?php echo htmlspecialchars($page['havemenu']) ?>, showpopup: <?php echo htmlspecialchars($page['showpopup']) ?>, showonline: <?php echo htmlspecialchars($page['showonline']) ?> };
|
||||
//--></script>
|
||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/users.js"></script>
|
||||
<?php
|
||||
@ -59,11 +59,11 @@ function tpl_content() { global $page, $webimroot;
|
||||
<tr>
|
||||
<th class="first"><?php echo getlocal("pending.table.head.name") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.contactid") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.state") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.operator") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.total") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.waittime") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.etc") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.state") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.operator") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.total") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.waittime") ?></th>
|
||||
<th><?php echo getlocal("pending.table.head.etc") ?></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
@ -97,7 +97,7 @@ function tpl_content() { global $page, $webimroot;
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -27,7 +27,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page_settings.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -96,21 +96,21 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="asterisk">
|
||||
<?php echo getlocal("common.asterisk_explanation") ?>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -27,7 +27,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("permissions.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -36,31 +36,31 @@ require_once('inc_errors.php');
|
||||
|
||||
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
||||
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||
<div>
|
||||
<?php print_tabbar(); ?>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<p>
|
||||
<b><?php echo $page['currentop'] ?>‎</b>
|
||||
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||
</p>
|
||||
<?php foreach( $page['permissionsList'] as $pm ) { ?>
|
||||
<label>
|
||||
<input type="checkbox" name="permissions<?php echo $pm['id'] ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo $pm['descr'] ?>
|
||||
<input type="checkbox" name="permissions<?php echo htmlspecialchars($pm['id']) ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo htmlspecialchars($pm['descr']) ?>
|
||||
</label>
|
||||
<br/>
|
||||
<?php } ?>
|
||||
|
||||
<?php if($page['canmodify']) { ?>
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -23,13 +23,13 @@ $page['headertitle'] = getlocal("app.title");
|
||||
$page['show_small_login'] = true;
|
||||
$page['fixedwrap'] = true;
|
||||
|
||||
function tpl_content() {
|
||||
function tpl_content() {
|
||||
global $page, $webimroot, $errors;
|
||||
|
||||
if($page['isdone']) {
|
||||
?>
|
||||
<div id="loginpane">
|
||||
<div class="header">
|
||||
<div class="header">
|
||||
<h2><?php echo getlocal("resetpwd.changed.title") ?></h2>
|
||||
</div>
|
||||
|
||||
@ -37,32 +37,32 @@ function tpl_content() {
|
||||
<?php echo getlocal("resetpwd.changed") ?>
|
||||
<br/>
|
||||
<br/>
|
||||
<a href="login.php?login=<?php echo $page['loginname'] ?>"><?php echo getlocal("resetpwd.login") ?></a>
|
||||
<a href="login.php?login=<?php echo urlencode($page['loginname']) ?>"><?php echo getlocal("resetpwd.login") ?></a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
</div>
|
||||
|
||||
<?php
|
||||
} else {
|
||||
?>
|
||||
|
||||
<form name="resetForm" method="post" action="<?php echo $webimroot ?>/operator/resetpwd.php">
|
||||
<input type="hidden" name="id" value="<?php echo $page['id'] ?>"/>
|
||||
<input type="hidden" name="token" value="<?php echo $page['token'] ?>"/>
|
||||
<input type="hidden" name="id" value="<?php echo htmlspecialchars($page['id']) ?>"/>
|
||||
<input type="hidden" name="token" value="<?php echo htmlspecialchars($page['token']) ?>"/>
|
||||
|
||||
<div id="loginpane">
|
||||
|
||||
<div class="header">
|
||||
<div class="header">
|
||||
<h2><?php echo getlocal("resetpwd.title") ?></h2>
|
||||
</div>
|
||||
|
||||
<div class="fieldForm">
|
||||
|
||||
|
||||
<?php echo getlocal("resetpwd.intro") ?><br/><br/>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
|
||||
<?php if($page['showform']) { ?>
|
||||
<div class="field">
|
||||
<div class="fleftlabel"><?php echo getlocal('form.field.password') ?></div>
|
||||
@ -83,11 +83,11 @@ require_once('inc_errors.php');
|
||||
<div class="fbutton">
|
||||
<table class="submitbutton"><tr>
|
||||
<td><a href="javascript:document.resetForm.submit();">
|
||||
<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
|
||||
<img src="<?php echo $webimroot ?>/images/submit.gif" width="40" height="35" border="0" alt="" /></a></td>
|
||||
<td class="submit"><a href="javascript:document.resetForm.submit();">
|
||||
<?php echo getlocal("resetpwd.submit") ?></a></td>
|
||||
<td><a href="javascript:document.resetForm.submit();">
|
||||
<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
|
||||
<img src="<?php echo $webimroot ?>/images/submitrest.gif" width="10" height="35" border="0" alt="" /></a></td>
|
||||
</tr></table>
|
||||
|
||||
<div class="links">
|
||||
@ -99,10 +99,10 @@ require_once('inc_errors.php');
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
}
|
||||
} /* content */
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page_settings.intro") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
<?php if( $page['stored'] ) { ?>
|
||||
@ -116,7 +116,7 @@ require_once('inc_errors.php');
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo getlocal('settings.chatstyle') ?></div>
|
||||
<div class="fvalue">
|
||||
<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
<div class="fdescr"> — <?php echo getlocal('settings.chatstyle.description') ?></div>
|
||||
<br clear="all"/>
|
||||
@ -133,21 +133,21 @@ require_once('inc_errors.php');
|
||||
</div>
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="asterisk">
|
||||
<?php echo getlocal("common.asterisk_explanation") ?>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -25,7 +25,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("statistics.description") ?>
|
||||
<br />
|
||||
<br />
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
@ -39,18 +39,18 @@ require_once('inc_errors.php');
|
||||
<div class="fvaluenodesc">
|
||||
<div class="searchctrl">
|
||||
<?php echo getlocal("statistics.from") ?>
|
||||
<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
|
||||
<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
||||
<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
|
||||
<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||
</div>
|
||||
<div class="searchctrl">
|
||||
<?php echo getlocal("statistics.till") ?>
|
||||
<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
|
||||
<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
||||
<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
|
||||
<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||
</div>
|
||||
<div id="searchbutton">
|
||||
<input type="image" name="search" src='<?php echo $webimroot.getlocal("image.button.search") ?>' alt='<?php echo getlocal("button.search") ?>'/>
|
||||
<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
<br clear="all"/>
|
||||
@ -84,17 +84,17 @@ require_once('inc_errors.php');
|
||||
<?php if( $page['reportByDate'] ) { ?>
|
||||
<?php foreach( $page['reportByDate'] as $row ) { ?>
|
||||
<tr>
|
||||
<td><?php echo $row['date'] ?></td>
|
||||
<td><?php echo $row['threads'] ?></td>
|
||||
<td><?php echo $row['agents'] ?></td>
|
||||
<td><?php echo $row['users'] ?></td>
|
||||
<td><?php echo htmlspecialchars($row['date']) ?></td>
|
||||
<td><?php echo htmlspecialchars($row['threads']) ?></td>
|
||||
<td><?php echo htmlspecialchars($row['agents']) ?></td>
|
||||
<td><?php echo htmlspecialchars($row['users']) ?></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
<tr>
|
||||
<td><b><?php echo getlocal("report.total") ?></b></td>
|
||||
<td><?php echo $page['reportByDateTotal']['threads'] ?></td>
|
||||
<td><?php echo $page['reportByDateTotal']['agents'] ?></td>
|
||||
<td><?php echo $page['reportByDateTotal']['users'] ?></td>
|
||||
<td><?php echo htmlspecialchars($page['reportByDateTotal']['threads']) ?></td>
|
||||
<td><?php echo htmlspecialchars($page['reportByDateTotal']['agents']) ?></td>
|
||||
<td><?php echo htmlspecialchars($page['reportByDateTotal']['users']) ?></td>
|
||||
</tr>
|
||||
<?php } else { ?>
|
||||
<tr>
|
||||
@ -122,14 +122,14 @@ require_once('inc_errors.php');
|
||||
<?php echo getlocal("report.byoperator.4") ?>
|
||||
</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tbody>
|
||||
<?php if( $page['reportByAgent'] ) { ?>
|
||||
<?php foreach( $page['reportByAgent'] as $row ) { ?>
|
||||
<tr>
|
||||
<td><?php echo topage(htmlspecialchars($row['name'])) ?></td>
|
||||
<td><?php echo $row['threads'] ?></td>
|
||||
<td><?php echo $row['msgs'] ?></td>
|
||||
<td><?php echo $row['avglen'] ?></td>
|
||||
<td><?php echo htmlspecialchars($row['threads']) ?></td>
|
||||
<td><?php echo htmlspecialchars($row['msgs']) ?></td>
|
||||
<td><?php echo htmlspecialchars($row['avglen']) ?></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
<?php } else { ?>
|
||||
@ -144,7 +144,7 @@ require_once('inc_errors.php');
|
||||
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -37,13 +37,13 @@ function tpl_content() { global $page, $webimroot;
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo getlocal("page.preview.choose") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo getlocal("page.preview.choosetpl") ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("template") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
||||
<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("template") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||
</div>
|
||||
</div>
|
||||
<?php if( $page['canshowerrors'] ) { ?>
|
||||
@ -58,10 +58,10 @@ function tpl_content() { global $page, $webimroot;
|
||||
<div class="field">
|
||||
<div class="flabel">
|
||||
<?php echo htmlspecialchars($pp['label']) ?>
|
||||
<a href="<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>', '<?php echo $pp['id'] ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo $pp['w'] ?>,height=<?php echo $pp['h'] ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
|
||||
<a href="<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>', '<?php echo htmlspecialchars($pp['id']) ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo htmlspecialchars($pp['w']) ?>,height=<?php echo htmlspecialchars($pp['h']) ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
|
||||
</div>
|
||||
<div class="fvalueframe">
|
||||
<iframe id="sample<?php echo $pp['id'] ?>" width="<?php echo $pp['w'] ?>" height="<?php echo $pp['h'] ?>" src="<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>" frameborder="0" scrolling="no">
|
||||
<iframe id="sample<?php echo htmlspecialchars($pp['id']) ?>" width="<?php echo htmlspecialchars($pp['w']) ?>" height="<?php echo htmlspecialchars($pp['h']) ?>" src="<?php echo $page['showlink'] ?><?php echo htmlspecialchars($pp['id']) ?>" frameborder="0" scrolling="no">
|
||||
No iframes
|
||||
</iframe>
|
||||
</div>
|
||||
@ -70,10 +70,10 @@ function tpl_content() { global $page, $webimroot;
|
||||
</div>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -37,13 +37,13 @@ function tpl_content() { global $page, $webimroot;
|
||||
<input type="text" name="q" size="80" value="<?php echo form_value('q') ?>" class="formauth"/>
|
||||
</div>
|
||||
<div id="searchbutton">
|
||||
<input type="image" name="search" src='<?php echo $webimroot.getlocal("image.button.search") ?>' alt='<?php echo getlocal("button.search") ?>'/>
|
||||
<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
<br clear="all"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</form>
|
||||
<br/>
|
||||
@ -67,33 +67,33 @@ function tpl_content() { global $page, $webimroot;
|
||||
</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php if( $chatthread['agentName'] ) {
|
||||
echo topage(htmlspecialchars($chatthread['agentName']));
|
||||
} else if($chatthread['groupid'] && $chatthread['groupid'] != 0 && isset($page['groupName'][$chatthread['groupid']])) {
|
||||
echo "- ".topage(htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
|
||||
}
|
||||
?>
|
||||
<?php if( $chatthread['agentName'] ) {
|
||||
echo topage(htmlspecialchars($chatthread['agentName']));
|
||||
} else if($chatthread['groupid'] && $chatthread['groupid'] != 0 && isset($page['groupName'][$chatthread['groupid']])) {
|
||||
echo "- ".topage(htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo topage(htmlspecialchars($chatthread['size'])) ?>
|
||||
<?php echo topage(htmlspecialchars($chatthread['size'])) ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
<tr>
|
||||
@ -101,20 +101,20 @@ if( $page['pagination.items'] ) {
|
||||
<?php echo getlocal("tag.pagination.no_items") ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
if( $page['pagination.items'] ) {
|
||||
echo "<br/>";
|
||||
echo generate_pagination($page['pagination']);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -35,43 +35,44 @@ function tpl_content() { global $page, $webimroot, $errors;
|
||||
<?php echo getlocal("page.translate.one") ?>
|
||||
<br/>
|
||||
<br/>
|
||||
<?php
|
||||
<?php
|
||||
require_once('inc_errors.php');
|
||||
?>
|
||||
|
||||
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
|
||||
<?php print_csrf_token_input() ?>
|
||||
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
|
||||
<input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
|
||||
<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
|
||||
<input type="hidden" name="target" value="<?php echo htmlspecialchars($page['target']) ?>"/>
|
||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||
|
||||
<div class="fieldForm">
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo $page['title1'] ?></div>
|
||||
<div class="flabel"><?php echo htmlspecialchars($page['title1']) ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<textarea name="original" disabled="disabled" cols="20" rows="5" class="wide"><?php echo form_value('original') ?></textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="field">
|
||||
<div class="flabel"><?php echo $page['title2'] ?></div>
|
||||
<div class="flabel"><?php echo htmlspecialchars($page['title2']) ?></div>
|
||||
<div class="fvaluenodesc">
|
||||
<textarea name="translation" cols="20" rows="5" class="wide"><?php echo form_value('translation') ?></textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="fbutton">
|
||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
||||
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</form>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
?>
|
||||
|
||||
|
||||
@ -34,41 +34,41 @@ function tpl_content() { global $page, $webimroot;
|
||||
<?php echo getlocal("translate.direction") ?><br/>
|
||||
<select name="source" onchange="this.form.submit();"><?php
|
||||
foreach($page['availableLocales'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
=>
|
||||
<select name="target" onchange="this.form.submit();"><?php
|
||||
<select name="target" onchange="this.form.submit();"><?php
|
||||
foreach($page['availableLocales'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="packedFormField">
|
||||
<?php echo getlocal("translate.sort") ?><br/>
|
||||
<select name="sort" onchange="this.form.submit();"><?php
|
||||
foreach($page['availableOrders'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="packedFormField">
|
||||
<?php echo getlocal("translate.show") ?><br/>
|
||||
<select name="show" onchange="this.form.submit();"><?php
|
||||
foreach($page['showOptions'] as $k) {
|
||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
||||
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||
} ?></select>
|
||||
</div>
|
||||
|
||||
|
||||
<br clear="all"/>
|
||||
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</form>
|
||||
<br/>
|
||||
|
||||
|
||||
<?php
|
||||
if( $page['pagination'] ) {
|
||||
if( $page['pagination.items'] ) {
|
||||
<?php
|
||||
if( $page['pagination'] ) {
|
||||
if( $page['pagination.items'] ) {
|
||||
echo generate_pagination($page['pagination'], false);
|
||||
}
|
||||
?>
|
||||
@ -78,18 +78,18 @@ if( $page['pagination'] ) {
|
||||
<tr class="header"><th>
|
||||
Key
|
||||
</th><th>
|
||||
<?php echo topage($page['title1']) ?>
|
||||
<?php echo htmlspecialchars(topage($page['title1'])) ?>
|
||||
</th><th>
|
||||
<?php echo topage($page['title2']) ?>
|
||||
<?php echo htmlspecialchars(topage($page['title2'])) ?>
|
||||
</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
<?php
|
||||
if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $localstr ) { ?>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo $page['lang1'] ?>&target=<?php echo $page['lang2'] ?>&key=<?php echo $localstr['id'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo $page['lang1'] ?>&target=<?php echo $page['lang2'] ?>&key=<?php echo $localstr['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage($localstr['id']) ?></a>
|
||||
<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&target=<?php echo urlencode($page['lang2']) ?>&key=<?php echo urlencode($localstr['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&target=<?php echo urlencode($page['lang2']) ?>&key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo htmlspecialchars(topage($localstr['id'])) ?></a>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo topage($localstr['l1']) ?>
|
||||
@ -99,7 +99,7 @@ if( $page['pagination.items'] ) {
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
<tr>
|
||||
@ -107,8 +107,8 @@ if( $page['pagination.items'] ) {
|
||||
<?php echo getlocal("tag.pagination.no_items") ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -117,10 +117,10 @@ if( $page['pagination.items'] ) {
|
||||
echo "<br/>";
|
||||
echo generate_pagination($page['pagination']);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -41,29 +41,29 @@ function tpl_content() { global $page, $webimroot;
|
||||
</div>
|
||||
|
||||
<?php echo getlocal("updates.current")?><br/>
|
||||
<div id="cver"><?php echo $page['version'] ?></div>
|
||||
|
||||
<div id="cver"><?php echo htmlspecialchars($page['version']) ?></div>
|
||||
|
||||
<br/>
|
||||
|
||||
<?php echo getlocal("updates.latest")?>
|
||||
<div id="lver"></div>
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
<?php echo getlocal("updates.installed_locales")?><br/>
|
||||
<?php foreach( $page['localizations'] as $loc ) { ?>
|
||||
<?php echo $loc ?>
|
||||
<?php echo htmlspecialchars($loc) ?>
|
||||
<?php } ?>
|
||||
|
||||
<br/><br/>
|
||||
|
||||
|
||||
<br/><br/>
|
||||
|
||||
<?php echo getlocal("updates.env")?><br/>
|
||||
PHP <?php echo $page['phpVersion'] ?>
|
||||
PHP <?php echo htmlspecialchars($page['phpVersion']) ?>
|
||||
|
||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
@ -46,20 +46,20 @@ if( $page['pagination.items'] ) {
|
||||
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php if( $chatthread['agentName'] ) { ?><?php echo topage(htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
|
||||
<?php if( $chatthread['agentName'] ) { ?><?php echo topage(htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
} else {
|
||||
?>
|
||||
<tr>
|
||||
@ -67,8 +67,8 @@ if( $page['pagination.items'] ) {
|
||||
<?php echo getlocal("tag.pagination.no_items") ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -77,10 +77,10 @@ if( $page['pagination.items'] ) {
|
||||
echo "<br/>";
|
||||
echo generate_pagination($page['pagination']);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
<?php
|
||||
} /* content */
|
||||
|
||||
require_once('inc_main.php');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user