mirror of
https://github.com/Mibew/i18n.git
synced 2025-01-23 05:40:30 +03:00
Fix multiple XSS vulnerabilities (including CVE-2012-0829)
This commit is contained in:
webadmin
parent
3ee7fca025
commit
9aef0fb2d4
@ -25,7 +25,7 @@ if($referer && isset($_SESSION['threadid'])) {
|
|||||||
$link = connect();
|
$link = connect();
|
||||||
$thread = thread_by_id_($_SESSION['threadid'], $link);
|
$thread = thread_by_id_($_SESSION['threadid'], $link);
|
||||||
if ($thread && $thread['istate'] != $state_closed) {
|
if ($thread && $thread['istate'] != $state_closed) {
|
||||||
$msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale']);
|
$msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale'], true);
|
||||||
post_message_($thread['threadid'], $kind_for_agent,$msg,$link);
|
post_message_($thread['threadid'], $kind_for_agent,$msg,$link);
|
||||||
}
|
}
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
|
|||||||
@ -131,14 +131,14 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
|
|||||||
$_SESSION['threadid'] = $thread['threadid'];
|
$_SESSION['threadid'] = $thread['threadid'];
|
||||||
|
|
||||||
if( $referrer ) {
|
if( $referrer ) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
|
||||||
}
|
}
|
||||||
post_message_($thread['threadid'],$kind_info,getstring('chat.wait'),$link);
|
post_message_($thread['threadid'],$kind_info,getstring('chat.wait', true),$link);
|
||||||
if($email) {
|
if($email) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
|
||||||
}
|
}
|
||||||
if($info) {
|
if($info) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
|
||||||
}
|
}
|
||||||
if($firstmessage) {
|
if($firstmessage) {
|
||||||
$postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']);
|
$postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']);
|
||||||
|
|||||||
@ -33,13 +33,13 @@ function store_message($name, $email, $info, $message,$groupid,$referrer) {
|
|||||||
$link = connect();
|
$link = connect();
|
||||||
$thread = create_thread($groupid,$name,$remoteHost,$referrer,$current_locale,$visitor['id'], $userbrowser,$state_left,$link);
|
$thread = create_thread($groupid,$name,$remoteHost,$referrer,$current_locale,$visitor['id'], $userbrowser,$state_left,$link);
|
||||||
if( $referrer ) {
|
if( $referrer ) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
|
||||||
}
|
}
|
||||||
if($email) {
|
if($email) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
|
||||||
}
|
}
|
||||||
if($info) {
|
if($info) {
|
||||||
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
|
post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
|
||||||
}
|
}
|
||||||
post_message_($thread['threadid'],$kind_user,$message,$link,$name);
|
post_message_($thread['threadid'],$kind_user,$message,$link,$name);
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
@ -102,8 +102,8 @@ if(!locale_exists($message_locale)) {
|
|||||||
|
|
||||||
store_message($visitor_name, $email, $info, $message, $groupid, $referrer);
|
store_message($visitor_name, $email, $info, $message, $groupid, $referrer);
|
||||||
|
|
||||||
$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale);
|
$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale,true);
|
||||||
$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale);
|
$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale,true);
|
||||||
|
|
||||||
if (isset($group) && !empty($group['vcemail'])) {
|
if (isset($group) && !empty($group['vcemail'])) {
|
||||||
$inbox_mail = $group['vcemail'];
|
$inbox_mail = $group['vcemail'];
|
||||||
|
|||||||
@ -166,7 +166,7 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
|
|||||||
$output = get_messages($threadid, "xml", $isuser, $lastid);
|
$output = get_messages($threadid, "xml", $isuser, $lastid);
|
||||||
|
|
||||||
start_xml_output();
|
start_xml_output();
|
||||||
print("<thread lastid=\"$lastid\" typing=\"" . $istyping . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
|
print("<thread lastid=\"$lastid\" typing=\"" . htmlspecialchars($istyping) . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
|
||||||
foreach ($output as $msg) {
|
foreach ($output as $msg) {
|
||||||
print $msg;
|
print $msg;
|
||||||
}
|
}
|
||||||
@ -176,13 +176,13 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
|
|||||||
$output = get_messages($threadid, "html", $isuser, $lastid);
|
$output = get_messages($threadid, "html", $isuser, $lastid);
|
||||||
|
|
||||||
start_html_output();
|
start_html_output();
|
||||||
$url = "$webimroot/thread.php?act=refresh&thread=$threadid&token=$token&html=on&user=" . ($isuser ? "true" : "false");
|
$url = "$webimroot/thread.php?act=refresh&thread=" . htmlspecialchars($threadid) . "&token=" . htmlspecialchars($token) . "&html=on&user=" . ($isuser ? "true" : "false");
|
||||||
|
|
||||||
print(
|
print(
|
||||||
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
|
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
|
||||||
"<html>\n<head>\n" .
|
"<html>\n<head>\n" .
|
||||||
"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
|
"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
|
||||||
"<meta http-equiv=\"Refresh\" content=\"" . $settings['updatefrequency_oldchat'] . "; URL=$url&sn=11\">\n" .
|
"<meta http-equiv=\"Refresh\" content=\"" . htmlspecialchars($settings['updatefrequency_oldchat']) . "; URL=$url&sn=11\">\n" .
|
||||||
"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
|
"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
|
||||||
"<title>chat</title>\n" .
|
"<title>chat</title>\n" .
|
||||||
"</head>\n" .
|
"</head>\n" .
|
||||||
@ -290,9 +290,9 @@ function setup_logo()
|
|||||||
{
|
{
|
||||||
global $page, $settings;
|
global $page, $settings;
|
||||||
loadsettings();
|
loadsettings();
|
||||||
$page['ct.company.name'] = topage($settings['title']);
|
$page['ct.company.name'] = htmlspecialchars(topage($settings['title']));
|
||||||
$page['ct.company.chatLogoURL'] = topage($settings['logo']);
|
$page['ct.company.chatLogoURL'] = htmlspecialchars(topage($settings['logo']));
|
||||||
$page['webimHost'] = topage($settings['hosturl']);
|
$page['webimHost'] = htmlspecialchars(topage($settings['hosturl']));
|
||||||
}
|
}
|
||||||
|
|
||||||
function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info, $referrer, $canshowcaptcha)
|
function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info, $referrer, $canshowcaptcha)
|
||||||
@ -337,7 +337,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer, $canshowcaptcha
|
|||||||
$groupname .= " (offline)";
|
$groupname .= " (offline)";
|
||||||
}
|
}
|
||||||
$isselected = $k['groupid'] == $groupid;
|
$isselected = $k['groupid'] == $groupid;
|
||||||
$val .= "<option value=\"" . $k['groupid'] . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">$groupname</option>";
|
$val .= "<option value=\"" . htmlspecialchars($k['groupid']) . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">" . htmlspecialchars($groupname) . "</option>";
|
||||||
}
|
}
|
||||||
$page['groups'] = $val;
|
$page['groups'] = $val;
|
||||||
}
|
}
|
||||||
@ -359,11 +359,11 @@ function setup_chatview_for_user($thread, $level)
|
|||||||
$page['displ1'] = $nameisset ? "none" : "inline";
|
$page['displ1'] = $nameisset ? "none" : "inline";
|
||||||
$page['displ2'] = $nameisset ? "inline" : "none";
|
$page['displ2'] = $nameisset ? "inline" : "none";
|
||||||
$page['level'] = $level;
|
$page['level'] = $level;
|
||||||
$page['ct.chatThreadId'] = $thread['threadid'];
|
$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
|
||||||
$page['ct.token'] = $thread['ltoken'];
|
$page['ct.token'] = htmlspecialchars($thread['ltoken']);
|
||||||
$page['ct.user.name'] = htmlspecialchars(topage($thread['userName']));
|
$page['ct.user.name'] = htmlspecialchars(topage($thread['userName']));
|
||||||
$page['canChangeName'] = $settings['usercanchangename'] == "1";
|
$page['canChangeName'] = $settings['usercanchangename'] == "1";
|
||||||
$page['chat.title'] = topage($settings['chattitle']);
|
$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
|
||||||
|
|
||||||
setup_logo();
|
setup_logo();
|
||||||
if ($settings['sendmessagekey'] == 'enter') {
|
if ($settings['sendmessagekey'] == 'enter') {
|
||||||
@ -374,11 +374,11 @@ function setup_chatview_for_user($thread, $level)
|
|||||||
$page['ignorectrl'] = 0;
|
$page['ignorectrl'] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||||
$page['mailLink'] = "$webimroot/client.php?" . $params . "&level=$level&act=mailthread";
|
$page['mailLink'] = htmlspecialchars("$webimroot/client.php?" . $params . "&level=$level&act=mailthread");
|
||||||
|
|
||||||
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
||||||
$page['sslLink'] = get_app_location(true, true) . "/client.php?" . $params . "&level=$level";
|
$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/client.php?" . $params . "&level=$level");
|
||||||
}
|
}
|
||||||
|
|
||||||
$page['isOpera95'] = is_agent_opera95();
|
$page['isOpera95'] = is_agent_opera95();
|
||||||
@ -420,10 +420,10 @@ function setup_chatview_for_operator($thread, $operator)
|
|||||||
$page['agent'] = true;
|
$page['agent'] = true;
|
||||||
$page['user'] = false;
|
$page['user'] = false;
|
||||||
$page['canpost'] = $thread['agentId'] == $operator['operatorid'];
|
$page['canpost'] = $thread['agentId'] == $operator['operatorid'];
|
||||||
$page['ct.chatThreadId'] = $thread['threadid'];
|
$page['ct.chatThreadId'] = htmlspecialchars($thread['threadid']);
|
||||||
$page['ct.token'] = $thread['ltoken'];
|
$page['ct.token'] = htmlspecialchars($thread['ltoken']);
|
||||||
$page['ct.user.name'] = htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
|
$page['ct.user.name'] = htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
|
||||||
$page['chat.title'] = topage($settings['chattitle']);
|
$page['chat.title'] = htmlspecialchars(topage($settings['chattitle']));
|
||||||
|
|
||||||
setup_logo();
|
setup_logo();
|
||||||
if ($settings['sendmessagekey'] == 'enter') {
|
if ($settings['sendmessagekey'] == 'enter') {
|
||||||
@ -435,20 +435,20 @@ function setup_chatview_for_operator($thread, $operator)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
if ($settings['enablessl'] == "1" && !is_secure_request()) {
|
||||||
$page['sslLink'] = get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
$page['sslLink'] = htmlspecialchars(get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken']);
|
||||||
}
|
}
|
||||||
$page['isOpera95'] = is_agent_opera95();
|
$page['isOpera95'] = is_agent_opera95();
|
||||||
$page['neediframesrc'] = needsFramesrc();
|
$page['neediframesrc'] = needsFramesrc();
|
||||||
$page['historyParams'] = array("userid" => "" . $thread['userid']);
|
$page['historyParams'] = array("userid" => "" . $thread['userid']);
|
||||||
$page['historyParamsLink'] = add_params($webimroot . "/operator/userhistory.php", $page['historyParams']);
|
$page['historyParamsLink'] = htmlspecialchars(add_params($webimroot . "/operator/userhistory.php", $page['historyParams']));
|
||||||
$predefinedres = "";
|
$predefinedres = "";
|
||||||
$canned_messages = load_canned_messages($thread['locale'], $thread['groupid']);
|
$canned_messages = load_canned_messages($thread['locale'], $thread['groupid']);
|
||||||
foreach ($canned_messages as $answer) {
|
foreach ($canned_messages as $answer) {
|
||||||
$predefinedres .= "<option>" . htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
|
$predefinedres .= "<option>" . htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
|
||||||
}
|
}
|
||||||
$page['predefinedAnswers'] = $predefinedres;
|
$page['predefinedAnswers'] = $predefinedres;
|
||||||
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
|
||||||
$page['redirectLink'] = "$webimroot/operator/agent.php?" . $params . "&act=redirect";
|
$page['redirectLink'] = htmlspecialchars("$webimroot/operator/agent.php?" . $params . "&act=redirect");
|
||||||
|
|
||||||
$page['namePostfix'] = "";
|
$page['namePostfix'] = "";
|
||||||
$page['frequency'] = $settings['updatefrequency_chat'];
|
$page['frequency'] = $settings['updatefrequency_chat'];
|
||||||
@ -527,7 +527,7 @@ function rename_user($thread, $newname)
|
|||||||
|
|
||||||
if ($thread['userName'] != $newname) {
|
if ($thread['userName'] != $newname) {
|
||||||
post_message_($thread['threadid'], $kind_events,
|
post_message_($thread['threadid'], $kind_events,
|
||||||
getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale']), $link);
|
getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale'], true), $link);
|
||||||
}
|
}
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
}
|
}
|
||||||
@ -542,8 +542,8 @@ function close_thread($thread, $isuser)
|
|||||||
'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link);
|
'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link);
|
||||||
}
|
}
|
||||||
|
|
||||||
$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'])
|
$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true)
|
||||||
: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale']);
|
: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale'], true);
|
||||||
post_message_($thread['threadid'], $kind_events, $message, $link);
|
post_message_($thread['threadid'], $kind_events, $message, $link);
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
}
|
}
|
||||||
@ -642,7 +642,7 @@ function reopen_thread($threadid)
|
|||||||
array("istate" => $state_waiting, "nextagent" => 0), $link);
|
array("istate" => $state_waiting, "nextagent" => 0), $link);
|
||||||
}
|
}
|
||||||
|
|
||||||
post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale']), $link);
|
post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link);
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
return $thread;
|
return $thread;
|
||||||
}
|
}
|
||||||
@ -662,17 +662,17 @@ function take_thread($thread, $operator)
|
|||||||
|
|
||||||
if ($state == $state_waiting) {
|
if ($state == $state_waiting) {
|
||||||
if ($operatorName != $thread['agentName']) {
|
if ($operatorName != $thread['agentName']) {
|
||||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||||
} else {
|
} else {
|
||||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale'], true);
|
||||||
}
|
}
|
||||||
} else if ($state == $state_chatting) {
|
} else if ($state == $state_chatting) {
|
||||||
if ($operator['operatorid'] != $thread['agentId']) {
|
if ($operator['operatorid'] != $thread['agentId']) {
|
||||||
do_take_thread($threadid, $operator['operatorid'], $operatorName);
|
do_take_thread($threadid, $operator['operatorid'], $operatorName);
|
||||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
die("cannot take thread");
|
die("cannot take thread");
|
||||||
@ -693,9 +693,9 @@ function check_for_reassign($thread, $operator)
|
|||||||
|| $thread['agentId'] == $operator['operatorid'])) {
|
|| $thread['agentId'] == $operator['operatorid'])) {
|
||||||
do_take_thread($thread['threadid'], $operator['operatorid'], $operatorName);
|
do_take_thread($thread['threadid'], $operator['operatorid'], $operatorName);
|
||||||
if ($operatorName != $thread['agentName']) {
|
if ($operatorName != $thread['agentName']) {
|
||||||
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
|
||||||
} else {
|
} else {
|
||||||
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
|
$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
|
||||||
}
|
}
|
||||||
|
|
||||||
post_message($thread['threadid'], $kind_events, $message_to_post);
|
post_message($thread['threadid'], $kind_events, $message_to_post);
|
||||||
@ -719,13 +719,13 @@ function notify_operators($thread, $firstmessage, $link)
|
|||||||
$text = getstring2_("notify.new.text", array(
|
$text = getstring2_("notify.new.text", array(
|
||||||
get_app_location(true, $settings['enablessl'] == '1' && $settings['forcessl'] == '1') . "/operator/agent.php?thread=" . $thread['threadid'],
|
get_app_location(true, $settings['enablessl'] == '1' && $settings['forcessl'] == '1') . "/operator/agent.php?thread=" . $thread['threadid'],
|
||||||
$thread['userName']
|
$thread['userName']
|
||||||
), $thread['locale']);
|
), $thread['locale'], true);
|
||||||
if ($firstmessage) {
|
if ($firstmessage) {
|
||||||
$text .= "\n$firstmessage";
|
$text .= "\n$firstmessage";
|
||||||
}
|
}
|
||||||
foreach ($result as $op) {
|
foreach ($result as $op) {
|
||||||
if ($op['time'] < $settings['online_timeout'] && is_valid_email($op['vcjabbername'])) {
|
if ($op['time'] < $settings['online_timeout'] && is_valid_email($op['vcjabbername'])) {
|
||||||
webim_xmpp($op['vcjabbername'], getstring2("notify.new.subject", array($thread['userName'])), $text, $link);
|
webim_xmpp($op['vcjabbername'], getstring2("notify.new.subject", array($thread['userName']), true), $text, $link);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -59,7 +59,7 @@ function verifyparam($name, $regexp, $default = null)
|
|||||||
if (isset($default))
|
if (isset($default))
|
||||||
return $default;
|
return $default;
|
||||||
}
|
}
|
||||||
echo "<html><head></head><body>Wrong parameter used or absent: " . $name . "</body></html>";
|
echo "<html><head></head><body>Wrong parameter used or absent: " . htmlspecialchars($name) . "</body></html>";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -197,7 +197,7 @@ function getoutputenc()
|
|||||||
return isset($output_encoding[$current_locale]) ? $output_encoding[$current_locale] : $webim_encoding;
|
return isset($output_encoding[$current_locale]) ? $output_encoding[$current_locale] : $webim_encoding;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getstring_($text, $locale)
|
function getstring_($text, $locale, $raw = false)
|
||||||
{
|
{
|
||||||
global $messages;
|
global $messages;
|
||||||
if (!isset($messages[$locale]))
|
if (!isset($messages[$locale]))
|
||||||
@ -205,30 +205,33 @@ function getstring_($text, $locale)
|
|||||||
|
|
||||||
$localized = $messages[$locale];
|
$localized = $messages[$locale];
|
||||||
if (isset($localized[$text]))
|
if (isset($localized[$text]))
|
||||||
return $localized[$text];
|
return $raw ? $localized[$text] : sanitize_string($localized[$text], 'low', 'moderate');
|
||||||
if ($locale != 'en') {
|
if ($locale != 'en') {
|
||||||
return getstring_($text, 'en');
|
return getstring_($text, 'en', $raw);
|
||||||
}
|
}
|
||||||
|
|
||||||
return "!" . $text;
|
return "!" . ($raw ? $text : sanitize_string($text, 'low', 'moderate'));
|
||||||
}
|
}
|
||||||
|
|
||||||
function getstring($text)
|
function getstring($text, $raw = false)
|
||||||
{
|
{
|
||||||
global $current_locale;
|
global $current_locale;
|
||||||
return getstring_($text, $current_locale);
|
$string = getstring_($text, $current_locale, true);
|
||||||
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function getlocal($text)
|
function getlocal($text, $raw = false)
|
||||||
{
|
{
|
||||||
global $current_locale, $webim_encoding;
|
global $current_locale, $webim_encoding;
|
||||||
return myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale), true);
|
||||||
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function getlocal_($text, $locale)
|
function getlocal_($text, $locale, $raw = false)
|
||||||
{
|
{
|
||||||
global $webim_encoding;
|
global $webim_encoding;
|
||||||
return myiconv($webim_encoding, getoutputenc(), getstring_($text, $locale));
|
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $locale), true);
|
||||||
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function topage($text)
|
function topage($text)
|
||||||
@ -237,41 +240,42 @@ function topage($text)
|
|||||||
return myiconv($webim_encoding, getoutputenc(), $text);
|
return myiconv($webim_encoding, getoutputenc(), $text);
|
||||||
}
|
}
|
||||||
|
|
||||||
function getstring2_($text, $params, $locale)
|
function getstring2_($text, $params, $locale, $raw = false)
|
||||||
{
|
{
|
||||||
$string = getstring_($text, $locale);
|
$string = getstring_($text, $locale, true);
|
||||||
for ($i = 0; $i < count($params); $i++) {
|
for ($i = 0; $i < count($params); $i++) {
|
||||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||||
}
|
}
|
||||||
return $string;
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function getstring2($text, $params)
|
function getstring2($text, $params, $raw = false)
|
||||||
{
|
{
|
||||||
global $current_locale;
|
global $current_locale;
|
||||||
return getstring2_($text, $params, $current_locale);
|
$string = getstring2_($text, $params, $current_locale, true);
|
||||||
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function getlocal2($text, $params)
|
function getlocal2($text, $params, $raw = false)
|
||||||
{
|
{
|
||||||
global $current_locale, $webim_encoding;
|
global $current_locale, $webim_encoding;
|
||||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale, true));
|
||||||
for ($i = 0; $i < count($params); $i++) {
|
for ($i = 0; $i < count($params); $i++) {
|
||||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||||
}
|
}
|
||||||
return $string;
|
return $raw ? $string : sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
/* prepares for Javascript string */
|
/* prepares for Javascript string */
|
||||||
function getlocalforJS($text, $params)
|
function getlocalforJS($text, $params)
|
||||||
{
|
{
|
||||||
global $current_locale, $webim_encoding;
|
global $current_locale, $webim_encoding;
|
||||||
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
|
$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale, true));
|
||||||
$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string));
|
$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string));
|
||||||
for ($i = 0; $i < count($params); $i++) {
|
for ($i = 0; $i < count($params); $i++) {
|
||||||
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
$string = str_replace("{" . $i . "}", $params[$i], $string);
|
||||||
}
|
}
|
||||||
return $string;
|
return sanitize_string($string, 'low', 'moderate');
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ajax server actions use utf-8 */
|
/* ajax server actions use utf-8 */
|
||||||
@ -450,7 +454,7 @@ function no_field($key)
|
|||||||
function failed_uploading_file($filename, $key)
|
function failed_uploading_file($filename, $key)
|
||||||
{
|
{
|
||||||
return getlocal2("errors.failed.uploading.file",
|
return getlocal2("errors.failed.uploading.file",
|
||||||
array($filename, getlocal($key)));
|
array(htmlspecialchars($filename), getlocal($key)));
|
||||||
}
|
}
|
||||||
|
|
||||||
function wrong_field($key)
|
function wrong_field($key)
|
||||||
@ -469,8 +473,8 @@ function get_popup($href, $jshref, $message, $title, $wndName, $options)
|
|||||||
function get_image($href, $width, $height)
|
function get_image($href, $width, $height)
|
||||||
{
|
{
|
||||||
if ($width != 0 && $height != 0)
|
if ($width != 0 && $height != 0)
|
||||||
return "<img src=\"$href\" border=\"0\" width=\"$width\" height=\"$height\" alt=\"\"/>";
|
return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" width=\"" . htmlspecialchars($width) . "\" height=\"" . htmlspecialchars($height) . "\" alt=\"\"/>";
|
||||||
return "<img src=\"$href\" border=\"0\" alt=\"\"/>";
|
return "<img src=\"" . htmlspecialchars($href) . "\" border=\"0\" alt=\"\"/>";
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_gifimage_size($filename)
|
function get_gifimage_size($filename)
|
||||||
@ -730,4 +734,82 @@ function setcsrftoken()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* simple HTML sanitation
|
||||||
|
*
|
||||||
|
* includes some code from the PHP Strip Attributes Class For XML and HTML
|
||||||
|
* Copyright 2009 David (semlabs.co.uk)
|
||||||
|
* Available under the MIT License.
|
||||||
|
*
|
||||||
|
* http://semlabs.co.uk/journal/php-strip-attributes-class-for-xml-and-html
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
function sanitize_string($string, $tags_level = 'high', $attr_level = 'high')
|
||||||
|
{
|
||||||
|
$sanitize_tags = array(
|
||||||
|
'high' => '',
|
||||||
|
'moderate' => '<span><em><strong><b><i><br>',
|
||||||
|
'low' => '<span><em><strong><b><i><br><p><ul><ol><li><a><font><style>'
|
||||||
|
);
|
||||||
|
|
||||||
|
$sanitize_attributes = array(
|
||||||
|
'high' => array(),
|
||||||
|
'moderate' => array('class', 'style', 'href', 'rel', 'id'),
|
||||||
|
'low' => false
|
||||||
|
);
|
||||||
|
|
||||||
|
$tags_level = array_key_exists($tags_level, $sanitize_tags) ? $tags_level : 'high';
|
||||||
|
$string = strip_tags($string, $sanitize_tags[$tags_level]);
|
||||||
|
|
||||||
|
$attr_level = array_key_exists($attr_level, $sanitize_attributes) ? $attr_level : 'high';
|
||||||
|
if ($sanitize_attributes[$attr_level]) {
|
||||||
|
|
||||||
|
preg_match_all("/<([^ !\/\>\n]+)([^>]*)>/i", $string, $elements);
|
||||||
|
foreach ($elements[1] as $key => $element) {
|
||||||
|
if ($elements[2][$key]) {
|
||||||
|
|
||||||
|
$new_attributes = '';
|
||||||
|
preg_match_all("/([^ =]+)\s*=\s*[\"|']{0,1}([^\"']*)[\"|']{0,1}/i", $elements[2][$key], $attributes );
|
||||||
|
|
||||||
|
if ($attributes[1]) {
|
||||||
|
foreach ($attributes[1] as $attr_key => $attr) {
|
||||||
|
if (in_array($attributes[1][$attr_key], $sanitize_attributes[$attr_level])) {
|
||||||
|
$new_attributes .= ' ' . $attributes[1][$attr_key] . '="' . $attributes[2][$attr_key] . '"';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$replacement = '<' . $elements[1][$key] . $new_attributes . '>';
|
||||||
|
$string = preg_replace( '/' . reg_escape($elements[0][$key]) . '/', $replacement, $string );
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
|
||||||
|
function reg_escape ($string) {
|
||||||
|
|
||||||
|
$conversions = array( "^" => "\^",
|
||||||
|
"[" => "\[",
|
||||||
|
"." => "\.",
|
||||||
|
"$" => "\$",
|
||||||
|
"{" => "\{",
|
||||||
|
"*" => "\*",
|
||||||
|
"(" => "\(",
|
||||||
|
"\\" => "\\\\",
|
||||||
|
"/" => "\/",
|
||||||
|
"+" => "\+",
|
||||||
|
")" => "\)",
|
||||||
|
"|" => "\|",
|
||||||
|
"?" => "\?",
|
||||||
|
"<" => "\<",
|
||||||
|
">" => "\>"
|
||||||
|
);
|
||||||
|
|
||||||
|
return strtr($string, $conversions);
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
@ -53,19 +53,19 @@ function demo_process_thread($act, $outformat, $lastid, $isuser, $canpost, $isty
|
|||||||
if ($lastid == 1) {
|
if ($lastid == 1) {
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_for_agent, 'created' => time() - 15, 'tname' => '',
|
array('ikind' => $kind_for_agent, 'created' => time() - 15, 'tname' => '',
|
||||||
'tmessage' => getstring2('chat.came.from', array("http://google.com"))), $outformat);
|
'tmessage' => getstring2('chat.came.from', array("http://google.com"), true)), $outformat);
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_info, 'created' => time() - 15, 'tname' => '',
|
array('ikind' => $kind_info, 'created' => time() - 15, 'tname' => '',
|
||||||
'tmessage' => getstring('chat.wait')), $outformat);
|
'tmessage' => getstring('chat.wait')), $outformat);
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_events, 'created' => time() - 10, 'tname' => '',
|
array('ikind' => $kind_events, 'created' => time() - 10, 'tname' => '',
|
||||||
'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"))), $outformat);
|
'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"), true)), $outformat);
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_agent, 'created' => time() - 9, 'tname' => 'Administrator',
|
array('ikind' => $kind_agent, 'created' => time() - 9, 'tname' => 'Administrator',
|
||||||
'tmessage' => getstring("demo.chat.welcome")), $outformat);
|
'tmessage' => getstring("demo.chat.welcome"), true), $outformat);
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_user, 'created' => time() - 5, 'tname' => getstring("chat.default.username"),
|
array('ikind' => $kind_user, 'created' => time() - 5, 'tname' => getstring("chat.default.username"),
|
||||||
'tmessage' => getstring("demo.chat.question")), $outformat);
|
'tmessage' => getstring("demo.chat.question", true)), $outformat);
|
||||||
if ($canpost && $outformat == 'xml') {
|
if ($canpost && $outformat == 'xml') {
|
||||||
demo_print_message(
|
demo_print_message(
|
||||||
array('ikind' => $kind_info, 'created' => time() - 5, 'tname' => '',
|
array('ikind' => $kind_info, 'created' => time() - 5, 'tname' => '',
|
||||||
|
|||||||
@ -36,9 +36,9 @@ function generate_button($title, $locale, $style, $group, $inner, $showhost, $fo
|
|||||||
$link = append_query($link, "group=$group");
|
$link = append_query($link, "group=$group");
|
||||||
|
|
||||||
$modsecfix = $modsecurity ? ".replace('http://','').replace('https://','')" : "";
|
$modsecfix = $modsecurity ? ".replace('http://','').replace('https://','')" : "";
|
||||||
$jslink = append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)");
|
$jslink = htmlspecialchars(append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)"));
|
||||||
$temp = get_popup($link, "$jslink",
|
$temp = get_popup(htmlspecialchars($link), "$jslink",
|
||||||
$inner, $title, "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
|
$inner, htmlspecialchars($title), "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
|
||||||
return "<!-- mibew button -->" . $temp . "<!-- / mibew button -->";
|
return "<!-- mibew button -->" . $temp . "<!-- / mibew button -->";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -203,7 +203,7 @@ function append_query($link, $pv)
|
|||||||
{
|
{
|
||||||
$infix = '?';
|
$infix = '?';
|
||||||
if (strstr($link, $infix) !== FALSE)
|
if (strstr($link, $infix) !== FALSE)
|
||||||
$infix = '&';
|
$infix = '&';
|
||||||
return "$link$infix$pv";
|
return "$link$infix$pv";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -305,8 +305,8 @@ function setup_redirect_links($threadid, $token)
|
|||||||
)
|
)
|
||||||
: "";
|
: "";
|
||||||
$agent_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
$agent_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
||||||
"\" title=\"" . topage(get_operator_name($agent)) . "\">" .
|
"\" title=\"" . htmlspecialchars(topage(get_operator_name($agent))) . "\">" .
|
||||||
topage(get_operator_name($agent)) .
|
htmlspecialchars(topage(get_operator_name($agent))) .
|
||||||
"</a> $status</li>";
|
"</a> $status</li>";
|
||||||
}
|
}
|
||||||
$page['redirectToAgent'] = $agent_list;
|
$page['redirectToAgent'] = $agent_list;
|
||||||
@ -322,8 +322,8 @@ function setup_redirect_links($threadid, $token)
|
|||||||
? getlocal("char.redirect.operator.away_suff")
|
? getlocal("char.redirect.operator.away_suff")
|
||||||
: "");
|
: "");
|
||||||
$group_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
$group_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
|
||||||
"\" title=\"" . topage(get_group_name($group)) . "\">" .
|
"\" title=\"" . htmlspecialchars(topage(get_group_name($group))) . "\">" .
|
||||||
topage(get_group_name($group)) .
|
htmlspecialchars(topage(get_group_name($group))) .
|
||||||
"</a> $status</li>";
|
"</a> $status</li>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,12 +18,12 @@
|
|||||||
$pagination_spacing = " ";
|
$pagination_spacing = " ";
|
||||||
$links_on_page = 5;
|
$links_on_page = 5;
|
||||||
|
|
||||||
function generate_pagination_link($page, $title)
|
function generate_pagination_link($page, $title, $raw = false)
|
||||||
{
|
{
|
||||||
$lnk = $_SERVER['REQUEST_URI'];
|
$lnk = $_SERVER['REQUEST_URI'];
|
||||||
$href = preg_replace("/\?page=\d+\&/", "?", preg_replace("/\&page=\d+/", "", $lnk));
|
$href = preg_replace("/\?page=\d+\&/", "?", preg_replace("/\&page=\d+/", "", $lnk));
|
||||||
$href .= strstr($href, "?") ? "&page=$page" : "?page=$page";
|
$href .= strstr($href, "?") ? "&page=$page" : "?page=$page";
|
||||||
return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">$title</a>";
|
return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">" . ($raw ? $title : htmlspecialchars($title)) . "</a>";
|
||||||
}
|
}
|
||||||
|
|
||||||
function generate_pagination_image($id, $alt)
|
function generate_pagination_image($id, $alt)
|
||||||
@ -112,7 +112,7 @@ function generate_pagination($pagination, $bottom = true)
|
|||||||
$maxPage = min($curr_page + $links_on_page, $pagination['total']);
|
$maxPage = min($curr_page + $links_on_page, $pagination['total']);
|
||||||
|
|
||||||
if ($curr_page > 1) {
|
if ($curr_page > 1) {
|
||||||
$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous"))) . $pagination_spacing;
|
$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous")), true) . $pagination_spacing;
|
||||||
}
|
}
|
||||||
|
|
||||||
for ($i = $minPage; $i <= $maxPage; $i++) {
|
for ($i = $minPage; $i <= $maxPage; $i++) {
|
||||||
@ -126,7 +126,7 @@ function generate_pagination($pagination, $bottom = true)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($curr_page < $pagination['total']) {
|
if ($curr_page < $pagination['total']) {
|
||||||
$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")));
|
$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")), true);
|
||||||
}
|
}
|
||||||
$result .= "</div>";
|
$result .= "</div>";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -50,7 +50,7 @@ function get_user_addr($addr)
|
|||||||
global $settings;
|
global $settings;
|
||||||
if ($settings['geolink'] && preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $addr, $matches)) {
|
if ($settings['geolink'] && preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $addr, $matches)) {
|
||||||
$userip = $matches[1];
|
$userip = $matches[1];
|
||||||
return get_popup(str_replace("{ip}", $userip, $settings['geolink']), '', htmlspecialchars($addr), "GeoLocation", "ip$userip", $settings['geolinkparams']);
|
return get_popup(htmlspecialchars(str_replace("{ip}", $userip, $settings['geolink'])), '', htmlspecialchars($addr), "GeoLocation", htmlspecialchars("ip$userip"), htmlspecialchars($settings['geolinkparams']));
|
||||||
}
|
}
|
||||||
return htmlspecialchars($addr);
|
return htmlspecialchars($addr);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -57,8 +57,8 @@ foreach( $output as $msg ) {
|
|||||||
$history .= $msg;
|
$history .= $msg;
|
||||||
}
|
}
|
||||||
|
|
||||||
$subject = getstring("mail.user.history.subject");
|
$subject = getstring("mail.user.history.subject", true);
|
||||||
$body = getstring2("mail.user.history.body", array($thread['userName'],$history) );
|
$body = getstring2("mail.user.history.body", array($thread['userName'],$history), true);
|
||||||
|
|
||||||
$link = connect();
|
$link = connect();
|
||||||
webim_mail($email, $webim_mailbox, $subject, $body, $link);
|
webim_mail($email, $webim_mailbox, $subject, $body, $link);
|
||||||
|
|||||||
@ -52,7 +52,7 @@ if (isset($_POST['address'])) {
|
|||||||
|
|
||||||
if ((!$banId && $existing_ban) ||
|
if ((!$banId && $existing_ban) ||
|
||||||
($banId && $existing_ban && $banId != $existing_ban['banid'])) {
|
($banId && $existing_ban && $banId != $existing_ban['banid'])) {
|
||||||
$errors[] = getlocal2("ban.error.duplicate", array($address, $existing_ban['banid']));
|
$errors[] = getlocal2("ban.error.duplicate", array(htmlspecialchars($address), htmlspecialchars($existing_ban['banid'])));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (count($errors) == 0) {
|
if (count($errors) == 0) {
|
||||||
|
|||||||
@ -78,7 +78,7 @@ if (!$group) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$page['formop'] = array();
|
$page['formop'] = array();
|
||||||
$page['currentgroup'] = $group ? topage(htmlspecialchars($group['vclocalname'])) : "";
|
$page['currentgroup'] = $group ? topage($group['vclocalname']) : "";
|
||||||
|
|
||||||
foreach (get_group_members($groupid) as $rel) {
|
foreach (get_group_members($groupid) as $rel) {
|
||||||
$page['formop'][] = $rel['operatorid'];
|
$page['formop'][] = $rel['operatorid'];
|
||||||
|
|||||||
@ -30,7 +30,7 @@ $page = array(
|
|||||||
'localeLinks' => get_locale_links("$webimroot/operator/index.php"),
|
'localeLinks' => get_locale_links("$webimroot/operator/index.php"),
|
||||||
'needUpdate' => $settings['dbversion'] != $dbversion,
|
'needUpdate' => $settings['dbversion'] != $dbversion,
|
||||||
'needChangePassword' => $operator['vcpassword'] == md5(''),
|
'needChangePassword' => $operator['vcpassword'] == md5(''),
|
||||||
'profilePage' => "$webimroot/operator/operator.php?op=".$operator['operatorid'],
|
'profilePage' => "$webimroot/operator/operator.php?op=".htmlspecialchars($operator['operatorid']),
|
||||||
'updateWizard' => "$webimroot/install/",
|
'updateWizard' => "$webimroot/install/",
|
||||||
'newFeatures' => $settings['featuresversion'] != $featuresversion,
|
'newFeatures' => $settings['featuresversion'] != $featuresversion,
|
||||||
'featuresPage' => "$webimroot/operator/features.php",
|
'featuresPage' => "$webimroot/operator/features.php",
|
||||||
|
|||||||
@ -39,14 +39,14 @@ if (isset($_GET['nextGroup'])) {
|
|||||||
$nextGroup = group_by_id($nextid);
|
$nextGroup = group_by_id($nextid);
|
||||||
|
|
||||||
if ($nextGroup) {
|
if ($nextGroup) {
|
||||||
$page['message'] = getlocal2("chat.redirected.group.content", array(topage(get_group_name($nextGroup))));
|
$page['message'] = getlocal2("chat.redirected.group.content", array(htmlspecialchars(topage(get_group_name($nextGroup)))));
|
||||||
if ($thread['istate'] == $state_chatting) {
|
if ($thread['istate'] == $state_chatting) {
|
||||||
$link = connect();
|
$link = connect();
|
||||||
commit_thread($threadid,
|
commit_thread($threadid,
|
||||||
array("istate" => $state_waiting, "nextagent" => 0, "groupid" => $nextid, "agentId" => 0, "agentName" => "''"), $link);
|
array("istate" => $state_waiting, "nextagent" => 0, "groupid" => $nextid, "agentId" => 0, "agentName" => "''"), $link);
|
||||||
post_message_($thread['threadid'], $kind_events,
|
post_message_($thread['threadid'], $kind_events,
|
||||||
getstring2_("chat.status.operator.redirect",
|
getstring2_("chat.status.operator.redirect",
|
||||||
array(get_operator_name($operator)), $thread['locale']), $link);
|
array(get_operator_name($operator)), $thread['locale'], true), $link);
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
} else {
|
} else {
|
||||||
$errors[] = getlocal("chat.redirect.cannot");
|
$errors[] = getlocal("chat.redirect.cannot");
|
||||||
@ -60,7 +60,7 @@ if (isset($_GET['nextGroup'])) {
|
|||||||
$nextOperator = operator_by_id($nextid);
|
$nextOperator = operator_by_id($nextid);
|
||||||
|
|
||||||
if ($nextOperator) {
|
if ($nextOperator) {
|
||||||
$page['message'] = getlocal2("chat.redirected.content", array(topage(get_operator_name($nextOperator))));
|
$page['message'] = getlocal2("chat.redirected.content", array(htmlspecialchars(topage(get_operator_name($nextOperator)))));
|
||||||
if ($thread['istate'] == $state_chatting) {
|
if ($thread['istate'] == $state_chatting) {
|
||||||
$link = connect();
|
$link = connect();
|
||||||
$threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0);
|
$threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0);
|
||||||
@ -72,7 +72,7 @@ if (isset($_GET['nextGroup'])) {
|
|||||||
commit_thread($threadid, $threadupdate, $link);
|
commit_thread($threadid, $threadupdate, $link);
|
||||||
post_message_($thread['threadid'], $kind_events,
|
post_message_($thread['threadid'], $kind_events,
|
||||||
getstring2_("chat.status.operator.redirect",
|
getstring2_("chat.status.operator.redirect",
|
||||||
array(get_operator_name($operator)), $thread['locale']), $link);
|
array(get_operator_name($operator)), $thread['locale'], true), $link);
|
||||||
mysql_close($link);
|
mysql_close($link);
|
||||||
} else {
|
} else {
|
||||||
$errors[] = getlocal("chat.redirect.cannot");
|
$errors[] = getlocal("chat.redirect.cannot");
|
||||||
|
|||||||
@ -69,7 +69,7 @@ if (isset($_POST['email']) && isset($_POST['title']) && isset($_POST['logo'])) {
|
|||||||
if ($params['geolinkparams']) {
|
if ($params['geolinkparams']) {
|
||||||
foreach (preg_split("/,/", $params['geolinkparams']) as $oneparam) {
|
foreach (preg_split("/,/", $params['geolinkparams']) as $oneparam) {
|
||||||
if (!preg_match("/^\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\d{1,4}$/", $oneparam)) {
|
if (!preg_match("/^\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\d{1,4}$/", $oneparam)) {
|
||||||
$errors[] = "Wrong link parameter: \"$oneparam\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
|
$errors[] = "Wrong link parameter: \"" . htmlspecialchars($oneparam) . "\", should be one of 'toolbar, scrollbars, location, status, menubar, width, height or resizable'";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,7 +24,7 @@ require_once('../libs/groups.php');
|
|||||||
$operator = get_logged_in();
|
$operator = get_logged_in();
|
||||||
if (!$operator) {
|
if (!$operator) {
|
||||||
start_xml_output();
|
start_xml_output();
|
||||||
echo "<error><descr>" . myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))) . "</descr></error>";
|
echo "<error><descr>" . htmlspecialchars(htmlspecialchars(myiconv($webim_encoding, "utf-8", escape_with_cdata(getstring("agent.not_logged_in"))))) . "</descr></error>";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -51,7 +51,7 @@ function thread_to_xml($thread, $link)
|
|||||||
$webim_encoding, $operator, $settings,
|
$webim_encoding, $operator, $settings,
|
||||||
$can_viewthreads, $can_takeover, $mysqlprefix;
|
$can_viewthreads, $can_takeover, $mysqlprefix;
|
||||||
$state = $threadstate_to_string[$thread['istate']];
|
$state = $threadstate_to_string[$thread['istate']];
|
||||||
$result = "<thread id=\"" . $thread['threadid'] . "\" stateid=\"$state\"";
|
$result = "<thread id=\"" . htmlspecialchars(htmlspecialchars($thread['threadid'])) . "\" stateid=\"$state\"";
|
||||||
if ($state == "closed")
|
if ($state == "closed")
|
||||||
return $result . "/>";
|
return $result . "/>";
|
||||||
|
|
||||||
@ -77,10 +77,10 @@ $can_viewthreads, $can_takeover, $mysqlprefix;
|
|||||||
|
|
||||||
$banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false;
|
$banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false;
|
||||||
if ($banForThread) {
|
if ($banForThread) {
|
||||||
$result .= " ban=\"blocked\" banid=\"" . $banForThread['banid'] . "\"";
|
$result .= " ban=\"blocked\" banid=\"" . htmlspecialchars(htmlspecialchars($banForThread['banid'])) . "\"";
|
||||||
}
|
}
|
||||||
|
|
||||||
$result .= " state=\"$state\" typing=\"" . $thread['userTyping'] . "\">";
|
$result .= " state=\"$state\" typing=\"" . htmlspecialchars(htmlspecialchars($thread['userTyping'])) . "\">";
|
||||||
$result .= "<name>";
|
$result .= "<name>";
|
||||||
if ($banForThread) {
|
if ($banForThread) {
|
||||||
$result .= htmlspecialchars(getstring('chat.client.spam.prefix'));
|
$result .= htmlspecialchars(getstring('chat.client.spam.prefix'));
|
||||||
@ -88,15 +88,15 @@ $can_viewthreads, $can_takeover, $mysqlprefix;
|
|||||||
$result .= htmlspecialchars(htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
|
$result .= htmlspecialchars(htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
|
||||||
$result .= "<addr>" . htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
|
$result .= "<addr>" . htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
|
||||||
$result .= "<agent>" . htmlspecialchars(htmlspecialchars($threadoperator)) . "</agent>";
|
$result .= "<agent>" . htmlspecialchars(htmlspecialchars($threadoperator)) . "</agent>";
|
||||||
$result .= "<time>" . $thread['unix_timestamp(dtmcreated)'] . "000</time>";
|
$result .= "<time>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>";
|
||||||
$result .= "<modified>" . $thread['unix_timestamp(dtmmodified)'] . "000</modified>";
|
$result .= "<modified>" . htmlspecialchars(htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>";
|
||||||
|
|
||||||
if ($banForThread) {
|
if ($banForThread) {
|
||||||
$result .= "<reason>" . $banForThread['comment'] . "</reason>";
|
$result .= "<reason>" . htmlspecialchars(htmlspecialchars($banForThread['comment'])) . "</reason>";
|
||||||
}
|
}
|
||||||
|
|
||||||
$userAgent = get_useragent_version($thread['userAgent']);
|
$userAgent = get_useragent_version($thread['userAgent']);
|
||||||
$result .= "<useragent>" . $userAgent . "</useragent>";
|
$result .= "<useragent>" . htmlspecialchars(htmlspecialchars($userAgent)) . "</useragent>";
|
||||||
if ($thread["shownmessageid"] != 0) {
|
if ($thread["shownmessageid"] != 0) {
|
||||||
$query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . $thread["shownmessageid"];
|
$query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . $thread["shownmessageid"];
|
||||||
$line = select_one_row($query, $link);
|
$line = select_one_row($query, $link);
|
||||||
|
|||||||
@ -47,7 +47,7 @@ require_once('inc_errors.php');
|
|||||||
<?php if( $page['opid'] || $page['canmodify'] ) { ?>
|
<?php if( $page['opid'] || $page['canmodify'] ) { ?>
|
||||||
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
|
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
|
||||||
<?php print_csrf_token_input() ?>
|
<?php print_csrf_token_input() ?>
|
||||||
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
|
<input type="hidden" name="opid" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||||
<?php if(!$page['showjabber']) { ?>
|
<?php if(!$page['showjabber']) { ?>
|
||||||
<input type="hidden" name="jabber" value="<?php echo form_value('jabber') ?>"/>
|
<input type="hidden" name="jabber" value="<?php echo form_value('jabber') ?>"/>
|
||||||
<?php if(form_value_cb('jabbernotify')) { ?><input type="hidden" name="jabbernotify" value="on"/><?php } ?>
|
<?php if(form_value_cb('jabbernotify')) { ?><input type="hidden" name="jabbernotify" value="on"/><?php } ?>
|
||||||
@ -133,7 +133,7 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -38,7 +38,7 @@ require_once('inc_errors.php');
|
|||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="tabletool">
|
<div class="tabletool">
|
||||||
<img src='<?php echo $webimroot ?>/images/buttons/createagent.gif' border="0" alt="" />
|
<img src='<?php echo $webimroot ?>/images/buttons/createagent.gif' border="0" alt="" />
|
||||||
<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo getlocal("page_agents.new_agent") ?>">
|
<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo htmlspecialchars(getlocal("page_agents.new_agent")) ?>">
|
||||||
<?php echo getlocal("page_agents.new_agent") ?>
|
<?php echo getlocal("page_agents.new_agent") ?>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -64,7 +64,7 @@ require_once('inc_errors.php');
|
|||||||
<?php foreach( $page['allowedAgents'] as $a ) { ?>
|
<?php foreach( $page['allowedAgents'] as $a ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<a id="ti<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
|
<a id="ti<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($a['operatorid']) ?>" class="man">
|
||||||
<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
|
<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
@ -82,7 +82,7 @@ require_once('inc_errors.php');
|
|||||||
</td>
|
</td>
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<td>
|
<td>
|
||||||
<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&id=<?php echo $a['operatorid'] ?><?php print_csrf_token_in_url() ?>">
|
<a class="removelink" id="i<?php echo htmlspecialchars($a['operatorid']) ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&id=<?php echo urlencode($a['operatorid']) ?><?php print_csrf_token_in_url() ?>">
|
||||||
remove
|
remove
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@ -33,13 +33,13 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
|
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
|
||||||
<?php print_csrf_token_input() ?>
|
<?php print_csrf_token_input() ?>
|
||||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||||
<div>
|
<div>
|
||||||
<?php print_tabbar(); ?>
|
<?php print_tabbar(); ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<b><?php echo $page['currentop'] ?>‎</b>
|
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<div class="fieldForm">
|
<div class="fieldForm">
|
||||||
@ -48,9 +48,9 @@ require_once('inc_errors.php');
|
|||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div>
|
<div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div>
|
||||||
<div class="fvalue">
|
<div class="fvalue">
|
||||||
<img src="<?php echo $page['avatar'] ?>" alt="cannot load avatar"/><br/>
|
<img src="<?php echo htmlspecialchars($page['avatar']) ?>" alt="cannot load avatar"/><br/>
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<a class="formauth" href='<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo $page['opid'] ?>&delete=true'>
|
<a class="formauth" href="<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo urlencode($page['opid']) ?>&delete=true">
|
||||||
<?php echo getlocal("page_agent.clear_avatar") ?>
|
<?php echo getlocal("page_agent.clear_avatar") ?>
|
||||||
</a>
|
</a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
@ -77,7 +77,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -21,7 +21,7 @@ function tpl_content() { global $page, $webimroot, $errors;
|
|||||||
?>
|
?>
|
||||||
|
|
||||||
<?php if( $page['saved'] ) { ?>
|
<?php if( $page['saved'] ) { ?>
|
||||||
<?php echo getlocal2("page_ban.sent",array($page['address'])) ?>
|
<?php echo getlocal2("page_ban.sent",array(htmlspecialchars($page['address']))) ?>
|
||||||
|
|
||||||
<script type="text/javascript"><!--
|
<script type="text/javascript"><!--
|
||||||
setTimeout( (function() { window.close(); }), 1500 );
|
setTimeout( (function() { window.close(); }), 1500 );
|
||||||
@ -42,9 +42,9 @@ require_once('inc_errors.php');
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<form name="banForm" method="post" action="<?php echo $webimroot ?>/operator/ban.php">
|
<form name="banForm" method="post" action="<?php echo $webimroot ?>/operator/ban.php">
|
||||||
<input type="hidden" name="banId" value="<?php echo $page['banId'] ?>"/>
|
<input type="hidden" name="banId" value="<?php echo htmlspecialchars($page['banId']) ?>"/>
|
||||||
<?php if( $page['threadid'] ) { ?>
|
<?php if( $page['threadid'] ) { ?>
|
||||||
<input type="hidden" name="threadid" value="<?php echo $page['threadid'] ?>"/>
|
<input type="hidden" name="threadid" value="<?php echo htmlspecialchars($page['threadid']) ?>"/>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@ -37,7 +37,7 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<div class="tabletool">
|
<div class="tabletool">
|
||||||
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
||||||
<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo getlocal("page_bans.add") ?>">
|
<a href="<?php echo $webimroot ?>/operator/ban.php" title="<?php echo htmlspecialchars(getlocal("page_bans.add")) ?>">
|
||||||
<?php echo getlocal("page_bans.add") ?>
|
<?php echo getlocal("page_bans.add") ?>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -64,7 +64,7 @@ if( $page['pagination.items'] ) {
|
|||||||
foreach( $page['pagination.items'] as $b ) { ?>
|
foreach( $page['pagination.items'] as $b ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<a href="ban.php?id=<?php echo $b['banid'] ?>" class="man" id="ti<?php echo $b['banid'] ?>">
|
<a href="ban.php?id=<?php echo urlencode($b['banid']) ?>" class="man" id="ti<?php echo htmlspecialchars($b['banid']) ?>">
|
||||||
<?php echo htmlspecialchars($b['address']) ?>
|
<?php echo htmlspecialchars($b['address']) ?>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
@ -81,7 +81,7 @@ if( $page['pagination.items'] ) {
|
|||||||
?>
|
?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="removelink" id="i<?php echo $b['banid'] ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&id=<?php echo $b['banid'] ?>">
|
<a class="removelink" id="i<?php echo htmlspecialchars($b['banid']) ?>" href="<?php echo $webimroot ?>/operator/blocked.php?act=del&id=<?php echo urlencode($b['banid']) ?>">
|
||||||
remove
|
remove
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@ -37,7 +37,7 @@ require_once('inc_errors.php');
|
|||||||
<?php echo getlocal("canned.locale") ?><br/>
|
<?php echo getlocal("canned.locale") ?><br/>
|
||||||
<select name="lang" onchange="this.form.submit();"><?php
|
<select name="lang" onchange="this.form.submit();"><?php
|
||||||
foreach($page['locales'] as $k) {
|
foreach($page['locales'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ require_once('inc_errors.php');
|
|||||||
<?php echo getlocal("canned.group") ?><br/>
|
<?php echo getlocal("canned.group") ?><br/>
|
||||||
<select name="group" onchange="this.form.submit();"><?php
|
<select name="group" onchange="this.form.submit();"><?php
|
||||||
foreach($page['groups'] as $k) {
|
foreach($page['groups'] as $k) {
|
||||||
echo "<option value=\"".$k["groupid"]."\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">".$k["vclocalname"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["groupid"]) . "\"".($k["groupid"] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["vclocalname"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
@ -59,8 +59,8 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<div class="tabletool">
|
<div class="tabletool">
|
||||||
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
|
||||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?>" target="_blank"
|
<a href="<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?>" target="_blank"
|
||||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">
|
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">
|
||||||
<?php echo getlocal("canned.add") ?>
|
<?php echo getlocal("canned.add") ?>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -85,9 +85,9 @@ if( $page['pagination.items'] ) {
|
|||||||
<?php echo str_replace("\n", "<br/>",htmlspecialchars(topage($localstr['vcvalue']))) ?>
|
<?php echo str_replace("\n", "<br/>",htmlspecialchars(topage($localstr['vcvalue']))) ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>" target="_blank"
|
<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo urlencode($localstr['id']) ?>" target="_blank"
|
||||||
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo getlocal("canned.actions.edit") ?></a>,
|
onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo getlocal("canned.actions.edit") ?></a>,
|
||||||
<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&key=<?php echo $localstr['id'] ?>&lang=<?php echo form_value("lang") ?>&group=<?php echo form_value("group")?><?php print_csrf_token_in_url() ?>"><?php echo getlocal("canned.actions.del") ?></a>
|
<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&key=<?php echo urlencode($localstr['id']) ?>&lang=<?php echo urlencode(form_value("lang")) ?>&group=<?php echo urlencode(form_value("group")) ?><?php print_csrf_token_in_url() ?>"><?php echo getlocal("canned.actions.del") ?></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
@ -41,10 +41,10 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
|
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
|
||||||
<?php print_csrf_token_input() ?>
|
<?php print_csrf_token_input() ?>
|
||||||
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
|
<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
|
||||||
<?php if(!$page['key']) { ?>
|
<?php if(!$page['key']) { ?>
|
||||||
<input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>
|
<input type="hidden" name="lang" value="<?php echo htmlspecialchars($page['locale']) ?>"/>
|
||||||
<input type="hidden" name="group" value="<?php echo $page['groupid'] ?>"/>
|
<input type="hidden" name="group" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@ -23,16 +23,16 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<div id="confirmpane">
|
<div id="confirmpane">
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<?php echo getlocal2("confirm.take.message",array($page['user'], $page['agent'])) ?><br/><br/>
|
<?php echo getlocal2("confirm.take.message",array(htmlspecialchars($page['user']), htmlspecialchars($page['agent']))) ?><br/><br/>
|
||||||
<br/>
|
<br/>
|
||||||
|
|
||||||
<div>
|
<div>
|
||||||
<table class="nicebutton"><tr>
|
<table class="nicebutton"><tr>
|
||||||
<td><a href="<?php echo $page['link'] ?>">
|
<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||||
<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
|
<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
|
||||||
<td class="submit"><a href="<?php echo $page['link'] ?>">
|
<td class="submit"><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||||
<?php echo getlocal("confirm.take.yes") ?></a></td>
|
<?php echo getlocal("confirm.take.yes") ?></a></td>
|
||||||
<td><a href="<?php echo $page['link'] ?>">
|
<td><a href="<?php echo htmlspecialchars($page['link']) ?>">
|
||||||
<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
|
<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
|
||||||
</tr></table>
|
</tr></table>
|
||||||
|
|
||||||
|
|||||||
@ -213,7 +213,7 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -41,7 +41,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"" . ($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"".$k['groupid']."\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">".$k['vclocalname']."</option>"; } ?></select>
|
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
@ -58,14 +58,14 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_image") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_image") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("image") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="i" onchange="this.form.submit();"><?php foreach($page['availableImages'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("image") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("style") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
|
|||||||
@ -41,7 +41,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_locale") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="lang" onchange="this.form.submit();"><?php foreach($page['availableLocales'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_group") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"".$k['groupid']."\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">".$k['vclocalname']."</option>"; } ?></select>
|
<select name="group" onchange="this.form.submit();"><?php foreach($page['groups'] as $k) { echo "<option value=\"" . htmlspecialchars($k['groupid']) . "\"".($k['groupid'] == form_value("group") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k['vclocalname']) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
@ -58,7 +58,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="fieldinrow">
|
<div class="fieldinrow">
|
||||||
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
<div class="flabel"><?php echo getlocal("page.gen_button.choose_style") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("style") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
<select name="style" onchange="this.form.submit();"><?php foreach($page['availableStyles'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("style") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
|
|||||||
@ -40,7 +40,7 @@ require_once('inc_errors.php');
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<form name="groupForm" method="post" action="<?php echo $webimroot ?>/operator/group.php">
|
<form name="groupForm" method="post" action="<?php echo $webimroot ?>/operator/group.php">
|
||||||
<input type="hidden" name="gid" value="<?php echo $page['grid'] ?>"/>
|
<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['grid']) ?>"/>
|
||||||
<div>
|
<div>
|
||||||
<?php print_tabbar(); ?>
|
<?php print_tabbar(); ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
@ -92,7 +92,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@ -24,37 +24,38 @@ $page['menuid'] = "groups";
|
|||||||
function tpl_content() { global $page, $webimroot, $errors;
|
function tpl_content() { global $page, $webimroot, $errors;
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php echo getlocal("page.groupmembers.intro") ?>
|
<?php echo htmlspecialchars(getlocal("page.groupmembers.intro")) ?>
|
||||||
<br />
|
<br />
|
||||||
<br />
|
<br />
|
||||||
<?php
|
<?php
|
||||||
require_once('inc_errors.php');
|
require_once('inc_errors.php');
|
||||||
?>
|
?>
|
||||||
<?php if( $page['stored'] ) { ?>
|
<?php if( $page['stored'] ) { ?>
|
||||||
<div id="formmessage"><?php echo getlocal("data.saved") ?></div>
|
<div id="formmessage"><?php echo htmlspecialchars(getlocal("data.saved")) ?></div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<form name="membersForm" method="post" action="<?php echo $webimroot ?>/operator/groupmembers.php">
|
<form name="membersForm" method="post" action="<?php echo $webimroot ?>/operator/groupmembers.php">
|
||||||
<input type="hidden" name="gid" value="<?php echo $page['groupid'] ?>"/>
|
<?php print_csrf_token_input() ?>
|
||||||
|
<input type="hidden" name="gid" value="<?php echo htmlspecialchars($page['groupid']) ?>"/>
|
||||||
<div>
|
<div>
|
||||||
<?php print_tabbar(); ?>
|
<?php print_tabbar(); ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<b><?php echo $page['currentgroup'] ?></b>
|
<b><?php echo htmlspecialchars($page['currentgroup']) ?></b>
|
||||||
</p>
|
</p>
|
||||||
<?php foreach( $page['operators'] as $pm ) { ?>
|
<?php foreach( $page['operators'] as $pm ) { ?>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<input type="checkbox" name="op<?php echo $pm['operatorid'] ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
|
<input type="checkbox" name="op<?php echo htmlspecialchars($pm['operatorid']) ?>" value="on"<?php echo form_value_mb('op',$pm['operatorid']) ? " checked=\"checked\"" : "" ?>/>
|
||||||
<?php echo htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo $pm['operatorid'] ?>"
|
<?php echo htmlspecialchars(topage($pm['vclocalename'])) ?> (<a href="operator.php?op=<?php echo urlencode($pm['operatorid']) ?>"
|
||||||
><?php echo htmlspecialchars(topage($pm['vclogin'])) ?></a>)
|
><?php echo htmlspecialchars(topage($pm['vclogin'])) ?></a>)
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||||
|
|||||||
@ -37,8 +37,8 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="tabletool">
|
<div class="tabletool">
|
||||||
<img src='<?php echo $webimroot ?>/images/buttons/createdep.gif' border="0" alt="" />
|
<img src="<?php echo $webimroot ?>/images/buttons/createdep.gif" border="0" alt="" />
|
||||||
<a href='<?php echo $webimroot ?>/operator/group.php' title="<?php echo getlocal("page.groups.new") ?>">
|
<a href="<?php echo $webimroot ?>/operator/group.php" title="<?php echo getlocal("page.groups.new") ?>">
|
||||||
<?php echo getlocal("page.groups.new") ?>
|
<?php echo getlocal("page.groups.new") ?>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -68,12 +68,12 @@ if(count($page['groups']) > 0) {
|
|||||||
foreach( $page['groups'] as $grp ) { ?>
|
foreach( $page['groups'] as $grp ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" id="ti<?php echo $grp['groupid'] ?>" class="man">
|
<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo urlencode($grp['groupid']) ?>" id="ti<?php echo htmlspecialchars($grp['groupid']) ?>" class="man">
|
||||||
<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
|
<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<?php echo $grp['vclocaldescription'] ? htmlspecialchars(topage($grp['vclocaldescription'])) : "<none>" ?>
|
<?php echo $grp['vclocaldescription'] ? htmlspecialchars(topage($grp['vclocaldescription'])) : "<none>" ?>
|
||||||
</td>
|
</td>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<?php if(is_online($grp)) { ?>
|
<?php if(is_online($grp)) { ?>
|
||||||
@ -85,13 +85,13 @@ if(count($page['groups']) > 0) {
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/groupmembers.php?gid=<?php echo $grp['groupid'] ?>">
|
<a href="<?php echo $webimroot ?>/operator/groupmembers.php?gid=<?php echo urlencode($grp['groupid']) ?>">
|
||||||
<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
|
<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&gid=<?php echo $grp['groupid'] ?>" id="i<?php echo $grp['groupid'] ?>" class="removelink">
|
<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&gid=<?php echo urlencode($grp['groupid']) ?>" id="i<?php echo htmlspecialchars($grp['groupid']) ?>" class="removelink">
|
||||||
remove
|
remove
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@ -28,7 +28,7 @@ function tpl_menu() { global $page, $webimroot, $errors, $current_locale;
|
|||||||
<h2><b><?php echo getlocal("lang.choose") ?></b></h2>
|
<h2><b><?php echo getlocal("lang.choose") ?></b></h2>
|
||||||
<ul class="locales">
|
<ul class="locales">
|
||||||
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
||||||
<li<?php menuloc($id)?> ><a href='?locale=<?php echo $id ?>'><?php echo $title ?></a></li>
|
<li<?php menuloc($id)?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
|
|||||||
@ -27,7 +27,7 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
|||||||
tpl_header();
|
tpl_header();
|
||||||
?>
|
?>
|
||||||
<title>
|
<title>
|
||||||
<?php echo $page['title'] ?> - <?php echo getlocal("app.title") ?>
|
<?php echo htmlspecialchars($page['title']) ?> - <?php echo getlocal("app.title") ?>
|
||||||
</title>
|
</title>
|
||||||
<link href="<?php echo $webimroot ?>/default.css" rel="stylesheet" type="text/css" />
|
<link href="<?php echo $webimroot ?>/default.css" rel="stylesheet" type="text/css" />
|
||||||
<!--[if lte IE 6]><script language="JavaScript" type="text/javascript" src="<?php echo $webimroot ?>/<?php echo jspath() ?>/ie.js"></script><![endif]-->
|
<!--[if lte IE 6]><script language="JavaScript" type="text/javascript" src="<?php echo $webimroot ?>/<?php echo jspath() ?>/ie.js"></script><![endif]-->
|
||||||
@ -37,10 +37,10 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
|||||||
<div id="header">
|
<div id="header">
|
||||||
<div id="title">
|
<div id="title">
|
||||||
<h1><img src="<?php echo $webimroot ?>/images/logo.gif" alt="" width="32" height="32" class="left" />
|
<h1><img src="<?php echo $webimroot ?>/images/logo.gif" alt="" width="32" height="32" class="left" />
|
||||||
<a href="#"><?php echo isset($page['headertitle']) ? $page['headertitle'] : $page['title'] ?></a></h1>
|
<a href="#"><?php echo isset($page['headertitle']) ? htmlspecialchars($page['headertitle']) : htmlspecialchars($page['title']) ?></a></h1>
|
||||||
</div>
|
</div>
|
||||||
<?php if(isset($page) && isset($page['operator'])) { ?>
|
<?php if(isset($page) && isset($page['operator'])) { ?>
|
||||||
<div id="path"><p><?php echo getlocal2("menu.operator",array($page['operator'])) ?></p></div>
|
<div id="path"><p><?php echo getlocal2("menu.operator",array(htmlspecialchars($page['operator']))) ?></p></div>
|
||||||
<?php } else if(isset($page) && isset($page['show_small_login'])) { ?>
|
<?php } else if(isset($page) && isset($page['show_small_login'])) { ?>
|
||||||
<div id="loginsmallpane">
|
<div id="loginsmallpane">
|
||||||
<form name="smallLogin" method="post" action="<?php echo $webimroot ?>/operator/login.php">
|
<form name="smallLogin" method="post" action="<?php echo $webimroot ?>/operator/login.php">
|
||||||
@ -80,10 +80,10 @@ $isrtl = getlocal("localedirection") == 'rtl';
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
<div style="clear: both;"> </div>
|
<div style="clear: both;"> </div>
|
||||||
|
|
||||||
<div class="empty_inner" style=""> </div>
|
<div class="empty_inner" style=""> </div>
|
||||||
</div>
|
</div>
|
||||||
<div id="footer">
|
<div id="footer">
|
||||||
<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo $version ?> | (c) 2011-2013 mibew.org</p>
|
<p id="legal"><a href="http://mibew.org/" target="_blank" class="flink">Mibew Messenger</a> <?php echo htmlspecialchars($version) ?> | (c) 2011-2013 mibew.org</p>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
@ -25,8 +25,8 @@ function print_tabbar($maxwidth = 4) {
|
|||||||
$tabbar2 = array();
|
$tabbar2 = array();
|
||||||
for($i = 0; $i < $len; $i++) {
|
for($i = 0; $i < $len; $i++) {
|
||||||
$tabbar2[] = $i != $selected
|
$tabbar2[] = $i != $selected
|
||||||
? "<li><a href=\"".$tabbar[$i]['link']."\">".$tabbar[$i]['title']."</a></li>\n"
|
? "<li><a href=\"" . htmlspecialchars($tabbar[$i]['link']) . "\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n"
|
||||||
: "<li class=\"active\"><a href=\"#\">".$tabbar[$i]['title']."</a></li>\n";
|
: "<li class=\"active\"><a href=\"#\">" . htmlspecialchars($tabbar[$i]['title']) . "</a></li>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
if($len > $maxwidth) { // && $len - $selected > $maxwidth
|
if($len > $maxwidth) { // && $len - $selected > $maxwidth
|
||||||
|
|||||||
@ -72,7 +72,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="login" src='<?php echo $webimroot.getlocal("image.button.login") ?>' alt='<?php echo getlocal("button.enter") ?>'/>
|
<input type="image" name="login" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.login")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.enter")) ?>"/>
|
||||||
|
|
||||||
<div class="links">
|
<div class="links">
|
||||||
<a href="restore.php"><?php echo getlocal("restore.pwd.message") ?></a><br/>
|
<a href="restore.php"><?php echo getlocal("restore.pwd.message") ?></a><br/>
|
||||||
|
|||||||
@ -40,13 +40,13 @@ function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCo
|
|||||||
<br/>
|
<br/>
|
||||||
|
|
||||||
<?php if( $page['needChangePassword'] ) { ?>
|
<?php if( $page['needChangePassword'] ) { ?>
|
||||||
<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array($page['profilePage'])) ?></div>
|
<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array(htmlspecialchars($page['profilePage']))) ?></div>
|
||||||
<br/>
|
<br/>
|
||||||
<?php } else if( $page['needUpdate'] ) { ?>
|
<?php } else if( $page['needUpdate'] ) { ?>
|
||||||
<div id="formmessage"><?php echo getlocal2("install.updatedb",array($page['updateWizard'])) ?></div>
|
<div id="formmessage"><?php echo getlocal2("install.updatedb",array(htmlspecialchars($page['updateWizard']))) ?></div>
|
||||||
<br/>
|
<br/>
|
||||||
<?php } else if($page['newFeatures']) { ?>
|
<?php } else if($page['newFeatures']) { ?>
|
||||||
<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array($page['featuresPage'], $version)) ?></div></div>
|
<div><div id="formmessage"><?php echo getlocal2("install.newfeatures",array(htmlspecialchars($page['featuresPage'], $version))) ?></div></div>
|
||||||
<br/>
|
<br/>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
@ -54,14 +54,14 @@ function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCo
|
|||||||
<tr>
|
<tr>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/visitors.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/visitors.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/users.php'>
|
<a href="<?php echo $webimroot ?>/operator/users.php">
|
||||||
<?php echo getlocal('topMenu.users') ?></a>
|
<?php echo getlocal('topMenu.users') ?></a>
|
||||||
<?php echo getlocal('page_client.pending_users') ?>
|
<?php echo getlocal('page_client.pending_users') ?>
|
||||||
</td>
|
</td>
|
||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/history.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/history.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/history.php'>
|
<a href="<?php echo $webimroot ?>/operator/history.php">
|
||||||
<?php echo getlocal('page_analysis.search.title') ?></a>
|
<?php echo getlocal('page_analysis.search.title') ?></a>
|
||||||
<?php echo getlocal('content.history') ?>
|
<?php echo getlocal('content.history') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -72,7 +72,7 @@ $menuItemsCount = 2;
|
|||||||
<?php if($page['showstat']) { ?>
|
<?php if($page['showstat']) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/stat.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/stat.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/statistics.php'>
|
<a href="<?php echo $webimroot ?>/operator/statistics.php">
|
||||||
<?php echo getlocal('statistics.title') ?></a>
|
<?php echo getlocal('statistics.title') ?></a>
|
||||||
<?php echo getlocal('statistics.description') ?>
|
<?php echo getlocal('statistics.description') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -82,7 +82,7 @@ $menuItemsCount = 2;
|
|||||||
<?php if( $page['showban'] ) { ?>
|
<?php if( $page['showban'] ) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/blocked.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/blocked.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/blocked.php'>
|
<a href="<?php echo $webimroot ?>/operator/blocked.php">
|
||||||
<?php echo getlocal('menu.blocked') ?></a>
|
<?php echo getlocal('menu.blocked') ?></a>
|
||||||
<?php echo getlocal('content.blocked') ?>
|
<?php echo getlocal('content.blocked') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -91,7 +91,7 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/canned.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/canned.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/canned.php'>
|
<a href="<?php echo $webimroot ?>/operator/canned.php">
|
||||||
<?php echo getlocal('menu.canned') ?></a>
|
<?php echo getlocal('menu.canned') ?></a>
|
||||||
<?php echo getlocal('canned.descr') ?>
|
<?php echo getlocal('canned.descr') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -100,7 +100,7 @@ $menuItemsCount = 2;
|
|||||||
<?php if( $page['showadmin'] ) { ?>
|
<?php if( $page['showadmin'] ) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/getcode.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/getcode.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/getcode.php'>
|
<a href="<?php echo $webimroot ?>/operator/getcode.php">
|
||||||
<?php echo getlocal('leftMenu.client_gen_button') ?></a>
|
<?php echo getlocal('leftMenu.client_gen_button') ?></a>
|
||||||
<?php echo getlocal('admin.content.client_gen_button') ?>
|
<?php echo getlocal('admin.content.client_gen_button') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -108,7 +108,7 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/operators.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/operators.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/operators.php'>
|
<a href="<?php echo $webimroot ?>/operator/operators.php">
|
||||||
<?php echo getlocal('leftMenu.client_agents') ?></a>
|
<?php echo getlocal('leftMenu.client_agents') ?></a>
|
||||||
<?php echo getlocal('admin.content.client_agents') ?>
|
<?php echo getlocal('admin.content.client_agents') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -117,7 +117,7 @@ $menuItemsCount = 2;
|
|||||||
<?php if($page['showgroups']) { ?>
|
<?php if($page['showgroups']) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/dep.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/dep.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/groups.php'>
|
<a href="<?php echo $webimroot ?>/operator/groups.php">
|
||||||
<?php echo getlocal('menu.groups') ?></a>
|
<?php echo getlocal('menu.groups') ?></a>
|
||||||
<?php echo getlocal('menu.groups.content') ?>
|
<?php echo getlocal('menu.groups.content') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -126,7 +126,7 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/settings.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/settings.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/settings.php'>
|
<a href="<?php echo $webimroot ?>/operator/settings.php">
|
||||||
<?php echo getlocal('leftMenu.client_settings') ?></a>
|
<?php echo getlocal('leftMenu.client_settings') ?></a>
|
||||||
<?php echo getlocal('admin.content.client_settings') ?>
|
<?php echo getlocal('admin.content.client_settings') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -135,8 +135,8 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<?php if(isset($page['currentopid']) && $page['currentopid']) {?>
|
<?php if(isset($page['currentopid']) && $page['currentopid']) {?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/profile.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/profile.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $page['currentopid'] ?>'>
|
<a href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo urlencode($page['currentopid']) ?>">
|
||||||
<?php echo getlocal('menu.profile') ?></a>
|
<?php echo getlocal('menu.profile') ?></a>
|
||||||
<?php echo getlocal('menu.profile.content') ?>
|
<?php echo getlocal('menu.profile.content') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -145,8 +145,8 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<?php if(isset($page) && isset($page['localeLinks'])) { ?>
|
<?php if(isset($page) && isset($page['localeLinks'])) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/locale.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/locale.gif" alt=""/>
|
||||||
<a href='#' id="changelang">
|
<a href="#" id="changelang">
|
||||||
<?php echo getlocal('menu.locale') ?></a>
|
<?php echo getlocal('menu.locale') ?></a>
|
||||||
<?php echo getlocal('menu.locale.content') ?>
|
<?php echo getlocal('menu.locale.content') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -156,7 +156,7 @@ $menuItemsCount = 2;
|
|||||||
<?php if( $page['showadmin'] ) { ?>
|
<?php if( $page['showadmin'] ) { ?>
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/updates.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/updates.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/updates.php'>
|
<a href="<?php echo $webimroot ?>/operator/updates.php">
|
||||||
<?php echo getlocal('menu.updates') ?></a>
|
<?php echo getlocal('menu.updates') ?></a>
|
||||||
<?php echo getlocal('menu.updates.content') ?>
|
<?php echo getlocal('menu.updates.content') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -164,7 +164,7 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/notifications.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/notifications.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/notifications.php'>
|
<a href="<?php echo $webimroot ?>/operator/notifications.php">
|
||||||
<?php echo getlocal('menu.notifications') ?></a>
|
<?php echo getlocal('menu.notifications') ?></a>
|
||||||
<?php echo getlocal('menu.notifications.content') ?>
|
<?php echo getlocal('menu.notifications.content') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -173,7 +173,7 @@ $menuItemsCount = 2;
|
|||||||
|
|
||||||
<td class="dashitem">
|
<td class="dashitem">
|
||||||
<img src="<?php echo $webimroot ?>/images/dash/exit.gif" alt=""/>
|
<img src="<?php echo $webimroot ?>/images/dash/exit.gif" alt=""/>
|
||||||
<a href='<?php echo $webimroot ?>/operator/logout.php'>
|
<a href="<?php echo $webimroot ?>/operator/logout.php">
|
||||||
<?php echo getlocal('topMenu.logoff') ?></a>
|
<?php echo getlocal('topMenu.logoff') ?></a>
|
||||||
<?php echo getlocal('content.logoff') ?>
|
<?php echo getlocal('content.logoff') ?>
|
||||||
</td>
|
</td>
|
||||||
@ -188,7 +188,7 @@ $menuItemsCount = 2;
|
|||||||
<b><?php echo getlocal("lang.choose") ?></b></h2>
|
<b><?php echo getlocal("lang.choose") ?></b></h2>
|
||||||
<ul class="locales">
|
<ul class="locales">
|
||||||
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
<?php foreach($page['localeLinks'] as $id => $title) { ?>
|
||||||
<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href='?locale=<?php echo $id ?>'><?php echo $title ?></a></li>
|
<li<?php echo $current_locale == $id ? " class=\"active\"" : "" ?> ><a href="?locale=<?php echo urlencode($id) ?>"><?php echo htmlspecialchars($title) ?></a></li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -54,7 +54,7 @@ $notification = $page['notification'];
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="message">
|
<div class="message">
|
||||||
<?php echo topage(prepare_html_message(htmlspecialchars($notification['tmessage']))) ?>
|
<?php echo topage(prepare_html_message($notification['tmessage'])) ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ require_once('inc_errors.php');
|
|||||||
<?php echo getlocal("notifications.kind") ?><br/>
|
<?php echo getlocal("notifications.kind") ?><br/>
|
||||||
<select name="kind" onchange="this.form.submit();"><?php
|
<select name="kind" onchange="this.form.submit();"><?php
|
||||||
foreach($page['allkinds'] as $k) {
|
foreach($page['allkinds'] as $k) {
|
||||||
echo "<option value=\"".$k."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
|
echo "<option value=\"".htmlspecialchars($k)."\"".($k == form_value("kind") ? " selected=\"selected\"" : "").">".getlocal("notifications.kind.".($k ? $k : "all"))."</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ require_once('inc_errors.php');
|
|||||||
<?php echo getlocal("notifications.locale") ?><br/>
|
<?php echo getlocal("notifications.locale") ?><br/>
|
||||||
<select name="lang" onchange="this.form.submit();"><?php
|
<select name="lang" onchange="this.form.submit();"><?php
|
||||||
foreach($page['locales'] as $k) {
|
foreach($page['locales'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("lang") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -89,9 +89,9 @@ if( $page['pagination.items'] ) {
|
|||||||
foreach( $page['pagination.items'] as $b ) { ?>
|
foreach( $page['pagination.items'] as $b ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<a href="<?php echo $webimroot ?>/operator/notification.php?id=<?php echo $b['id'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/notification.php?id=<?php echo $b['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;" class="<?php echo $b['vckind'] == 'xmpp' ? 'xmpp' : 'mail' ?>">
|
<a href="<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/notification.php?id=<?php echo urlencode($b['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;" class="<?php echo $b['vckind'] == 'xmpp' ? 'xmpp' : 'mail' ?>">
|
||||||
<?php echo htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
|
<?php echo htmlspecialchars(shorten(topage($b['vcto']),30)) ?>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
<td class="notlast">
|
<td class="notlast">
|
||||||
<?php echo htmlspecialchars(shorten(topage($b['vcsubject']),30)) ?>
|
<?php echo htmlspecialchars(shorten(topage($b['vcsubject']),30)) ?>
|
||||||
@ -100,7 +100,7 @@ if( $page['pagination.items'] ) {
|
|||||||
<?php echo htmlspecialchars(shorten(topage($b['tmessage']),30)) ?>
|
<?php echo htmlspecialchars(shorten(topage($b['tmessage']),30)) ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo date_to_text($b['created']) ?>
|
<?php echo date_to_text($b['created']) ?>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
@ -35,19 +35,20 @@ require_once('inc_errors.php');
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<form name="opgroupsForm" method="post" action="<?php echo $webimroot ?>/operator/opgroups.php">
|
<form name="opgroupsForm" method="post" action="<?php echo $webimroot ?>/operator/opgroups.php">
|
||||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
<?php print_csrf_token_input() ?>
|
||||||
|
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||||
<div>
|
<div>
|
||||||
<?php print_tabbar(); ?>
|
<?php print_tabbar(); ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<b><?php echo $page['currentop'] ?>‎</b>
|
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||||
</p>
|
</p>
|
||||||
<?php foreach( $page['groups'] as $pm ) { ?>
|
<?php foreach( $page['groups'] as $pm ) { ?>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div>
|
<div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div>
|
||||||
<div class="fvalue">
|
<div class="fvalue">
|
||||||
<input type="checkbox" name="group<?php echo $pm['groupid'] ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
|
<input type="checkbox" name="group<?php echo htmlspecialchars($pm['groupid']) ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
|
||||||
</div>
|
</div>
|
||||||
<div class="fdescr"> — <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
|
<div class="fdescr"> — <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
@ -56,7 +57,7 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||||
|
|||||||
@ -25,17 +25,17 @@ function tpl_header() { global $page, $webimroot, $jsver;
|
|||||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/common.js"></script>
|
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/common.js"></script>
|
||||||
<script type="text/javascript" language="javascript"><!--
|
<script type="text/javascript" language="javascript"><!--
|
||||||
var localized = new Array(
|
var localized = new Array(
|
||||||
"<?php echo getlocal("pending.table.speak") ?>",
|
"<?php echo htmlspecialchars(getlocal("pending.table.speak")) ?>",
|
||||||
"<?php echo getlocal("pending.table.view") ?>",
|
"<?php echo htmlspecialchars(getlocal("pending.table.view")) ?>",
|
||||||
"<?php echo getlocal("pending.table.ban") ?>",
|
"<?php echo htmlspecialchars(getlocal("pending.table.ban")) ?>",
|
||||||
"<?php echo htmlspecialchars(getlocal("pending.menu.show")) ?>",
|
"<?php echo htmlspecialchars(getlocal("pending.menu.show")) ?>",
|
||||||
"<?php echo htmlspecialchars(getlocal("pending.menu.hide")) ?>",
|
"<?php echo htmlspecialchars(getlocal("pending.menu.hide")) ?>",
|
||||||
"<?php echo htmlspecialchars(getlocal("pending.popup_notification")) ?>"
|
"<?php echo htmlspecialchars(getlocal("pending.popup_notification")) ?>"
|
||||||
);
|
);
|
||||||
var updaterOptions = {
|
var updaterOptions = {
|
||||||
url:"<?php echo $webimroot ?>/operator/update.php",wroot:"<?php echo $webimroot ?>",
|
url:"<?php echo $webimroot ?>/operator/update.php",wroot:"<?php echo $webimroot ?>",
|
||||||
agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo $page['frequency'] ?>, istatus:<?php echo $page['istatus'] ?>,
|
agentservl:"<?php echo $webimroot ?>/operator/agent.php", frequency:<?php echo htmlspecialchars($page['frequency']) ?>, istatus:<?php echo htmlspecialchars($page['istatus']) ?>,
|
||||||
noclients:"<?php echo getlocal("clients.no_clients") ?>", havemenu: <?php echo $page['havemenu'] ?>, showpopup: <?php echo $page['showpopup'] ?>, showonline: <?php echo $page['showonline'] ?> };
|
noclients:"<?php echo htmlspecialchars(getlocal("clients.no_clients")) ?>", havemenu: <?php echo htmlspecialchars($page['havemenu']) ?>, showpopup: <?php echo htmlspecialchars($page['showpopup']) ?>, showonline: <?php echo htmlspecialchars($page['showonline']) ?> };
|
||||||
//--></script>
|
//--></script>
|
||||||
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/users.js"></script>
|
<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/<?php echo $jsver ?>/users.js"></script>
|
||||||
<?php
|
<?php
|
||||||
@ -59,11 +59,11 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<tr>
|
<tr>
|
||||||
<th class="first"><?php echo getlocal("pending.table.head.name") ?></th>
|
<th class="first"><?php echo getlocal("pending.table.head.name") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.contactid") ?></th>
|
<th><?php echo getlocal("pending.table.head.contactid") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.state") ?></th>
|
<th><?php echo getlocal("pending.table.head.state") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.operator") ?></th>
|
<th><?php echo getlocal("pending.table.head.operator") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.total") ?></th>
|
<th><?php echo getlocal("pending.table.head.total") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.waittime") ?></th>
|
<th><?php echo getlocal("pending.table.head.waittime") ?></th>
|
||||||
<th><?php echo getlocal("pending.table.head.etc") ?></th>
|
<th><?php echo getlocal("pending.table.head.etc") ?></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
|||||||
@ -96,7 +96,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -36,24 +36,24 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
|
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
|
||||||
<?php print_csrf_token_input() ?>
|
<?php print_csrf_token_input() ?>
|
||||||
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
|
<input type="hidden" name="op" value="<?php echo htmlspecialchars($page['opid']) ?>"/>
|
||||||
<div>
|
<div>
|
||||||
<?php print_tabbar(); ?>
|
<?php print_tabbar(); ?>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<b><?php echo $page['currentop'] ?>‎</b>
|
<b><?php echo htmlspecialchars($page['currentop']) ?>‎</b>
|
||||||
</p>
|
</p>
|
||||||
<?php foreach( $page['permissionsList'] as $pm ) { ?>
|
<?php foreach( $page['permissionsList'] as $pm ) { ?>
|
||||||
<label>
|
<label>
|
||||||
<input type="checkbox" name="permissions<?php echo $pm['id'] ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo $pm['descr'] ?>
|
<input type="checkbox" name="permissions<?php echo htmlspecialchars($pm['id']) ?>" value="on"<?php echo form_value_mb('permissions',$pm['id']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/> <?php echo htmlspecialchars($pm['descr']) ?>
|
||||||
</label>
|
</label>
|
||||||
<br/>
|
<br/>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<?php if($page['canmodify']) { ?>
|
<?php if($page['canmodify']) { ?>
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||||
|
|||||||
@ -37,7 +37,7 @@ function tpl_content() {
|
|||||||
<?php echo getlocal("resetpwd.changed") ?>
|
<?php echo getlocal("resetpwd.changed") ?>
|
||||||
<br/>
|
<br/>
|
||||||
<br/>
|
<br/>
|
||||||
<a href="login.php?login=<?php echo $page['loginname'] ?>"><?php echo getlocal("resetpwd.login") ?></a>
|
<a href="login.php?login=<?php echo urlencode($page['loginname']) ?>"><?php echo getlocal("resetpwd.login") ?></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -46,8 +46,8 @@ function tpl_content() {
|
|||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="resetForm" method="post" action="<?php echo $webimroot ?>/operator/resetpwd.php">
|
<form name="resetForm" method="post" action="<?php echo $webimroot ?>/operator/resetpwd.php">
|
||||||
<input type="hidden" name="id" value="<?php echo $page['id'] ?>"/>
|
<input type="hidden" name="id" value="<?php echo htmlspecialchars($page['id']) ?>"/>
|
||||||
<input type="hidden" name="token" value="<?php echo $page['token'] ?>"/>
|
<input type="hidden" name="token" value="<?php echo htmlspecialchars($page['token']) ?>"/>
|
||||||
|
|
||||||
<div id="loginpane">
|
<div id="loginpane">
|
||||||
|
|
||||||
@ -83,11 +83,11 @@ require_once('inc_errors.php');
|
|||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<table class="submitbutton"><tr>
|
<table class="submitbutton"><tr>
|
||||||
<td><a href="javascript:document.resetForm.submit();">
|
<td><a href="javascript:document.resetForm.submit();">
|
||||||
<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
|
<img src="<?php echo $webimroot ?>/images/submit.gif" width="40" height="35" border="0" alt="" /></a></td>
|
||||||
<td class="submit"><a href="javascript:document.resetForm.submit();">
|
<td class="submit"><a href="javascript:document.resetForm.submit();">
|
||||||
<?php echo getlocal("resetpwd.submit") ?></a></td>
|
<?php echo getlocal("resetpwd.submit") ?></a></td>
|
||||||
<td><a href="javascript:document.resetForm.submit();">
|
<td><a href="javascript:document.resetForm.submit();">
|
||||||
<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
|
<img src="<?php echo $webimroot ?>/images/submitrest.gif" width="10" height="35" border="0" alt="" /></a></td>
|
||||||
</tr></table>
|
</tr></table>
|
||||||
|
|
||||||
<div class="links">
|
<div class="links">
|
||||||
|
|||||||
@ -116,7 +116,7 @@ require_once('inc_errors.php');
|
|||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo getlocal('settings.chatstyle') ?></div>
|
<div class="flabel"><?php echo getlocal('settings.chatstyle') ?></div>
|
||||||
<div class="fvalue">
|
<div class="fvalue">
|
||||||
<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="chatstyle" ><?php foreach($page['availableStyles'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("chatstyle") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
<div class="fdescr"> — <?php echo getlocal('settings.chatstyle.description') ?></div>
|
<div class="fdescr"> — <?php echo getlocal('settings.chatstyle.description') ?></div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
@ -133,7 +133,7 @@ require_once('inc_errors.php');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -39,18 +39,18 @@ require_once('inc_errors.php');
|
|||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<div class="searchctrl">
|
<div class="searchctrl">
|
||||||
<?php echo getlocal("statistics.from") ?>
|
<?php echo getlocal("statistics.from") ?>
|
||||||
<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="startday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
|
|
||||||
<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
<select name="startmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("startmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
<div class="searchctrl">
|
<div class="searchctrl">
|
||||||
<?php echo getlocal("statistics.till") ?>
|
<?php echo getlocal("statistics.till") ?>
|
||||||
<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="endday"><?php foreach($page['availableDays'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endday") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
|
|
||||||
<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"".$k."\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">".$v."</option>"; } ?></select>
|
<select name="endmonth"><?php foreach($page['availableMonth'] as $k => $v) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("endmonth") ? " selected=\"selected\"" : "").">" . htmlspecialchars($v) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
<div id="searchbutton">
|
<div id="searchbutton">
|
||||||
<input type="image" name="search" src='<?php echo $webimroot.getlocal("image.button.search") ?>' alt='<?php echo getlocal("button.search") ?>'/>
|
<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
@ -84,17 +84,17 @@ require_once('inc_errors.php');
|
|||||||
<?php if( $page['reportByDate'] ) { ?>
|
<?php if( $page['reportByDate'] ) { ?>
|
||||||
<?php foreach( $page['reportByDate'] as $row ) { ?>
|
<?php foreach( $page['reportByDate'] as $row ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td><?php echo $row['date'] ?></td>
|
<td><?php echo htmlspecialchars($row['date']) ?></td>
|
||||||
<td><?php echo $row['threads'] ?></td>
|
<td><?php echo htmlspecialchars($row['threads']) ?></td>
|
||||||
<td><?php echo $row['agents'] ?></td>
|
<td><?php echo htmlspecialchars($row['agents']) ?></td>
|
||||||
<td><?php echo $row['users'] ?></td>
|
<td><?php echo htmlspecialchars($row['users']) ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td><b><?php echo getlocal("report.total") ?></b></td>
|
<td><b><?php echo getlocal("report.total") ?></b></td>
|
||||||
<td><?php echo $page['reportByDateTotal']['threads'] ?></td>
|
<td><?php echo htmlspecialchars($page['reportByDateTotal']['threads']) ?></td>
|
||||||
<td><?php echo $page['reportByDateTotal']['agents'] ?></td>
|
<td><?php echo htmlspecialchars($page['reportByDateTotal']['agents']) ?></td>
|
||||||
<td><?php echo $page['reportByDateTotal']['users'] ?></td>
|
<td><?php echo htmlspecialchars($page['reportByDateTotal']['users']) ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
<tr>
|
<tr>
|
||||||
@ -127,9 +127,9 @@ require_once('inc_errors.php');
|
|||||||
<?php foreach( $page['reportByAgent'] as $row ) { ?>
|
<?php foreach( $page['reportByAgent'] as $row ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td><?php echo topage(htmlspecialchars($row['name'])) ?></td>
|
<td><?php echo topage(htmlspecialchars($row['name'])) ?></td>
|
||||||
<td><?php echo $row['threads'] ?></td>
|
<td><?php echo htmlspecialchars($row['threads']) ?></td>
|
||||||
<td><?php echo $row['msgs'] ?></td>
|
<td><?php echo htmlspecialchars($row['msgs']) ?></td>
|
||||||
<td><?php echo $row['avglen'] ?></td>
|
<td><?php echo htmlspecialchars($row['avglen']) ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
|
|||||||
@ -37,13 +37,13 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo getlocal("page.preview.choose") ?></div>
|
<div class="flabel"><?php echo getlocal("page.preview.choose") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="preview" onchange="this.form.submit();"><?php foreach($page['availablePreviews'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("preview") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo getlocal("page.preview.choosetpl") ?></div>
|
<div class="flabel"><?php echo getlocal("page.preview.choosetpl") ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"".$k."\"".($k == form_value("template") ? " selected=\"selected\"" : "").">".$k."</option>"; } ?></select>
|
<select name="template" onchange="this.form.submit();"><?php foreach($page['availableTemplates'] as $k) { echo "<option value=\"" . htmlspecialchars($k) . "\"".($k == form_value("template") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k) . "</option>"; } ?></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<?php if( $page['canshowerrors'] ) { ?>
|
<?php if( $page['canshowerrors'] ) { ?>
|
||||||
@ -58,10 +58,10 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel">
|
<div class="flabel">
|
||||||
<?php echo htmlspecialchars($pp['label']) ?>
|
<?php echo htmlspecialchars($pp['label']) ?>
|
||||||
<a href="<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>', '<?php echo $pp['id'] ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo $pp['w'] ?>,height=<?php echo $pp['h'] ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
|
<a href="<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>" target="_blank" title="in separate window" onclick="this.newWindow = window.open('<?php echo htmlspecialchars($page['showlink']) ?><?php echo htmlspecialchars($pp['id']) ?>', '<?php echo htmlspecialchars($pp['id']) ?>', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,width=<?php echo htmlspecialchars($pp['w']) ?>,height=<?php echo htmlspecialchars($pp['h']) ?>,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">link</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="fvalueframe">
|
<div class="fvalueframe">
|
||||||
<iframe id="sample<?php echo $pp['id'] ?>" width="<?php echo $pp['w'] ?>" height="<?php echo $pp['h'] ?>" src="<?php echo $page['showlink'] ?><?php echo $pp['id'] ?>" frameborder="0" scrolling="no">
|
<iframe id="sample<?php echo htmlspecialchars($pp['id']) ?>" width="<?php echo htmlspecialchars($pp['w']) ?>" height="<?php echo htmlspecialchars($pp['h']) ?>" src="<?php echo $page['showlink'] ?><?php echo htmlspecialchars($pp['id']) ?>" frameborder="0" scrolling="no">
|
||||||
No iframes
|
No iframes
|
||||||
</iframe>
|
</iframe>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -37,7 +37,7 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<input type="text" name="q" size="80" value="<?php echo form_value('q') ?>" class="formauth"/>
|
<input type="text" name="q" size="80" value="<?php echo form_value('q') ?>" class="formauth"/>
|
||||||
</div>
|
</div>
|
||||||
<div id="searchbutton">
|
<div id="searchbutton">
|
||||||
<input type="image" name="search" src='<?php echo $webimroot.getlocal("image.button.search") ?>' alt='<?php echo getlocal("button.search") ?>'/>
|
<input type="image" name="search" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.search")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.search")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<br clear="all"/>
|
<br clear="all"/>
|
||||||
@ -72,21 +72,21 @@ if( $page['pagination.items'] ) {
|
|||||||
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php if( $chatthread['agentName'] ) {
|
<?php if( $chatthread['agentName'] ) {
|
||||||
echo topage(htmlspecialchars($chatthread['agentName']));
|
echo topage(htmlspecialchars($chatthread['agentName']));
|
||||||
} else if($chatthread['groupid'] && $chatthread['groupid'] != 0 && isset($page['groupName'][$chatthread['groupid']])) {
|
} else if($chatthread['groupid'] && $chatthread['groupid'] != 0 && isset($page['groupName'][$chatthread['groupid']])) {
|
||||||
echo "- ".topage(htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
|
echo "- ".topage(htmlspecialchars($page['groupName'][$chatthread['groupid']]))." -";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo topage(htmlspecialchars($chatthread['size'])) ?>
|
<?php echo topage(htmlspecialchars($chatthread['size'])) ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
||||||
|
|||||||
@ -41,27 +41,27 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
|
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
|
||||||
<?php print_csrf_token_input() ?>
|
<?php print_csrf_token_input() ?>
|
||||||
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
|
<input type="hidden" name="key" value="<?php echo htmlspecialchars($page['key']) ?>"/>
|
||||||
<input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
|
<input type="hidden" name="target" value="<?php echo htmlspecialchars($page['target']) ?>"/>
|
||||||
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
|
||||||
|
|
||||||
<div class="fieldForm">
|
<div class="fieldForm">
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo $page['title1'] ?></div>
|
<div class="flabel"><?php echo htmlspecialchars($page['title1']) ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<textarea name="original" disabled="disabled" cols="20" rows="5" class="wide"><?php echo form_value('original') ?></textarea>
|
<textarea name="original" disabled="disabled" cols="20" rows="5" class="wide"><?php echo form_value('original') ?></textarea>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="flabel"><?php echo $page['title2'] ?></div>
|
<div class="flabel"><?php echo htmlspecialchars($page['title2']) ?></div>
|
||||||
<div class="fvaluenodesc">
|
<div class="fvaluenodesc">
|
||||||
<textarea name="translation" cols="20" rows="5" class="wide"><?php echo form_value('translation') ?></textarea>
|
<textarea name="translation" cols="20" rows="5" class="wide"><?php echo form_value('translation') ?></textarea>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="fbutton">
|
<div class="fbutton">
|
||||||
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
|
<input type="image" name="save" value="" src="<?php echo $webimroot . htmlspecialchars(getlocal("image.button.save")) ?>" alt="<?php echo htmlspecialchars(getlocal("button.save")) ?>"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -75,3 +75,4 @@ require_once('inc_errors.php');
|
|||||||
|
|
||||||
require_once('inc_main.php');
|
require_once('inc_main.php');
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|||||||
@ -34,12 +34,12 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<?php echo getlocal("translate.direction") ?><br/>
|
<?php echo getlocal("translate.direction") ?><br/>
|
||||||
<select name="source" onchange="this.form.submit();"><?php
|
<select name="source" onchange="this.form.submit();"><?php
|
||||||
foreach($page['availableLocales'] as $k) {
|
foreach($page['availableLocales'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("source") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
=>
|
=>
|
||||||
<select name="target" onchange="this.form.submit();"><?php
|
<select name="target" onchange="this.form.submit();"><?php
|
||||||
foreach($page['availableLocales'] as $k) {
|
foreach($page['availableLocales'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("target") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -47,7 +47,7 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<?php echo getlocal("translate.sort") ?><br/>
|
<?php echo getlocal("translate.sort") ?><br/>
|
||||||
<select name="sort" onchange="this.form.submit();"><?php
|
<select name="sort" onchange="this.form.submit();"><?php
|
||||||
foreach($page['availableOrders'] as $k) {
|
foreach($page['availableOrders'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("sort") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -55,7 +55,7 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
<?php echo getlocal("translate.show") ?><br/>
|
<?php echo getlocal("translate.show") ?><br/>
|
||||||
<select name="show" onchange="this.form.submit();"><?php
|
<select name="show" onchange="this.form.submit();"><?php
|
||||||
foreach($page['showOptions'] as $k) {
|
foreach($page['showOptions'] as $k) {
|
||||||
echo "<option value=\"".$k["id"]."\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">".$k["name"]."</option>";
|
echo "<option value=\"" . htmlspecialchars($k["id"]) . "\"".($k["id"] == form_value("show") ? " selected=\"selected\"" : "").">" . htmlspecialchars($k["name"]) . "</option>";
|
||||||
} ?></select>
|
} ?></select>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -78,9 +78,9 @@ if( $page['pagination'] ) {
|
|||||||
<tr class="header"><th>
|
<tr class="header"><th>
|
||||||
Key
|
Key
|
||||||
</th><th>
|
</th><th>
|
||||||
<?php echo topage($page['title1']) ?>
|
<?php echo htmlspecialchars(topage($page['title1'])) ?>
|
||||||
</th><th>
|
</th><th>
|
||||||
<?php echo topage($page['title2']) ?>
|
<?php echo htmlspecialchars(topage($page['title2'])) ?>
|
||||||
</th></tr>
|
</th></tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
@ -89,7 +89,7 @@ if( $page['pagination.items'] ) {
|
|||||||
foreach( $page['pagination.items'] as $localstr ) { ?>
|
foreach( $page['pagination.items'] as $localstr ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo $page['lang1'] ?>&target=<?php echo $page['lang2'] ?>&key=<?php echo $localstr['id'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo $page['lang1'] ?>&target=<?php echo $page['lang2'] ?>&key=<?php echo $localstr['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage($localstr['id']) ?></a>
|
<a href="<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&target=<?php echo urlencode($page['lang2']) ?>&key=<?php echo urlencode($localstr['id']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/translate.php?source=<?php echo urlencode($page['lang1']) ?>&target=<?php echo urlencode($page['lang2']) ?>&key=<?php echo urlencode($localstr['id']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo htmlspecialchars(topage($localstr['id'])) ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo topage($localstr['l1']) ?>
|
<?php echo topage($localstr['l1']) ?>
|
||||||
|
|||||||
@ -41,7 +41,7 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php echo getlocal("updates.current")?><br/>
|
<?php echo getlocal("updates.current")?><br/>
|
||||||
<div id="cver"><?php echo $page['version'] ?></div>
|
<div id="cver"><?php echo htmlspecialchars($page['version']) ?></div>
|
||||||
|
|
||||||
<br/>
|
<br/>
|
||||||
|
|
||||||
@ -52,13 +52,13 @@ function tpl_content() { global $page, $webimroot;
|
|||||||
|
|
||||||
<?php echo getlocal("updates.installed_locales")?><br/>
|
<?php echo getlocal("updates.installed_locales")?><br/>
|
||||||
<?php foreach( $page['localizations'] as $loc ) { ?>
|
<?php foreach( $page['localizations'] as $loc ) { ?>
|
||||||
<?php echo $loc ?>
|
<?php echo htmlspecialchars($loc) ?>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<br/><br/>
|
<br/><br/>
|
||||||
|
|
||||||
<?php echo getlocal("updates.env")?><br/>
|
<?php echo getlocal("updates.env")?><br/>
|
||||||
PHP <?php echo $page['phpVersion'] ?>
|
PHP <?php echo htmlspecialchars($page['phpVersion']) ?>
|
||||||
|
|
||||||
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
</div><div class="formbottom"><div class="formbottomi"></div></div></div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -46,13 +46,13 @@ if( $page['pagination.items'] ) {
|
|||||||
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
foreach( $page['pagination.items'] as $chatthread ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo $chatthread['threadid'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
<a href="<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>" target="_blank" onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/threadprocessor.php?threadid=<?php echo urlencode($chatthread['threadid']) ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=720,height=520,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo topage(htmlspecialchars($chatthread['userName'])) ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
<?php echo get_user_addr(topage($chatthread['remote'])) ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php if( $chatthread['agentName'] ) { ?><?php echo topage(htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
|
<?php if( $chatthread['agentName'] ) { ?><?php echo topage(htmlspecialchars($chatthread['agentName'])) ?><?php } ?>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
<?php echo date_diff_to_text($chatthread['modified']-$chatthread['created']) ?>, <?php echo date_to_text($chatthread['created']) ?>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user