?>\r
\r
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">\r
-<input type="hidden" name="pathext" value="<?php echo $pathext; ?>" />\r
-<input type="hidden" name="framed" value="<?php echo $framed; ?>" />\r
-<input type="hidden" name="popup" value="<?php echo $popup; ?>" />\r
-<input type="hidden" name="file" value="<?php echo $file; ?>" />\r
-<input type="hidden" name="_course_id" value="<?php echo $_course_id; ?>" />\r
+<input type="hidden" name="pathext" value="<?php echo AT_print($pathext, 'input.hidden'); ?>" />\r
+<input type="hidden" name="framed" value="<?php echo AT_print($framed, 'input.hidden'); ?>" />\r
+<input type="hidden" name="popup" value="<?php echo AT_print($popup, 'input.hidden'); ?>" />\r
+<input type="hidden" name="file" value="<?php echo AT_print($file, 'input.hidden'); ?>" />\r
+<input type="hidden" name="_course_id" value="<?php echo AT_print($_course_id, 'input.hidden'); ?>" />\r
<input type="submit" name="submit" style="display:none;"/>\r
<div class="input-form">\r
<div class="row">\r
- <h3><?php echo $file; ?></h3>\r
+ <h3><?php echo AT_print($file, 'input.h3'); ?></h3>\r
</div>\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><?php echo _AT('type'); ?><br />\r
</div>
</div>
-<input type="hidden" name="pathext" value="<?php echo $pathext; ?>" />
-<input type="hidden" name="framed" value="<?php echo $framed; ?>" />
-<input type="hidden" name="popup" value="<?php echo $popup; ?>" />
-<input type="hidden" name="cp" value="<?php echo $cp; ?>" />
-<input type="hidden" name="cid" value="<?php echo $cid; ?>" />
-<input type="hidden" name="pid" value="<?php echo $pid; ?>" />
-<input type="hidden" name="a_type" value="<?php echo $a_type; ?>" />
-<input type="hidden" name="_course_id" value="<?php echo $_course_id; ?>" />
+<input type="hidden" name="pathext" value="<?php echo AT_print($pathext, 'input.hidden'); ?>" />
+<input type="hidden" name="framed" value="<?php echo AT_print($framed, 'input.hidden'); ?>" />
+<input type="hidden" name="popup" value="<?php echo AT_print($popup, 'input.hidden'); ?>" />
+<input type="hidden" name="cp" value="<?php echo AT_print($cp, 'input.hidden'); ?>" />
+<input type="hidden" name="cid" value="<?php echo AT_print($cid, 'input.hidden'); ?>" />
+<input type="hidden" name="pid" value="<?php echo AT_print($pid, 'input.hidden'); ?>" />
+<input type="hidden" name="a_type" value="<?php echo AT_print($a_type, 'input.hidden'); ?>" />
+<input type="hidden" name="_course_id" value="<?php echo AT_print($_course_id, 'input.hidden'); ?>" />
<?php
echo $hidden_dirs;
echo $hidden_files;
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('create_new_file'); ?></legend>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="ctitle"><?php echo _AT('file_name'); ?></label><br />
- <input type="text" name="filename" id="ctitle" size="40" <?php if (isset($_POST['filename'])) echo 'value="'.$_POST['filename'].'"'?> />
+ <input type="text" name="filename" id="ctitle" size="40" <?php if (isset($_POST['filename'])) echo 'value="'.AT_print($_POST['filename'], 'input.text').'"'?> />
</div>
<div class="row">
require(TR_INCLUDE_PATH.'header.inc.php');
?>
<form name="rename" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-<input type="hidden" name="pathext" value="<?php echo $_REQUEST['pathext']; ?>" />
-<input type="hidden" name="oldname" value="<?php echo $_REQUEST['oldname']; ?>" />
-<input type="hidden" name="framed" value="<?php echo $_REQUEST['framed']; ?>" />
-<input type="hidden" name="popup" value="<?php echo $_REQUEST['popup']; ?>" />
+<input type="hidden" name="pathext" value="<?php echo AT_print($_REQUEST['pathext'], 'input.hidden'); ?>" />
+<input type="hidden" name="oldname" value="<?php echo AT_print($_REQUEST['oldname'], 'input.hidden'); ?>" />
+<input type="hidden" name="framed" value="<?php echo AT_print($_REQUEST['framed'], 'input.hidden'); ?>" />
+<input type="hidden" name="popup" value="<?php echo AT_print($_REQUEST['popup'], 'input.hidden'); ?>" />
<input type="hidden" name="_course_id" value="<?php echo $_course_id; ?>" />
<div class="input-form">
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span>
<label for="new"><?php echo _AT('new_name'); ?></label><br />
- <?php echo $_GET['pathext']; ?><input type="text" name="new_name" id="new" value="<?php echo $_REQUEST['oldname']; ?>" size="30" />
+ <?php echo $_GET['pathext']; ?><input type="text" name="new_name" id="new" value="<?php echo AT_print($_REQUEST['oldname'], 'input.text'); ?>" size="30" />
</div>
<div class="row buttons">
} else {
?>
<form method="post" action="file_manager/zip.php">
- <input type="hidden" name="pathext" value="<?php echo $_GET['pathext']; ?>" />
- <input type="hidden" name="file" value="<?php echo $_GET['file']; ?>" />
- <input type="hidden" name="popup" value="<?php echo $_GET['popup']; ?>" />
- <input type="hidden" name="framed" value="<?php echo $_GET['framed']; ?>" />
+ <input type="hidden" name="pathext" value="<?php echo AT_print($_GET['pathext'], 'input.hidden'); ?>" />
+ <input type="hidden" name="file" value="<?php echo AT_print($_GET['file'], 'input.hidden'); ?>" />
+ <input type="hidden" name="popup" value="<?php echo AT_print($_GET['popup'], 'input.hidden'); ?>" />
+ <input type="hidden" name="framed" value="<?php echo AT_print($_GET['framed'], 'input.hidden'); ?>" />
<input type="hidden" name="_course_id" value="<?php echo $_course_id; ?>" />
<div class="input-form">
<div class="row">
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><?php echo _AT('directory_name'); ?><br />
- <input type="text" name="custom_path" value="<?php echo $temp_name; ?>" />
+ <input type="text" name="custom_path" value="<?php echo AT_print($temp_name, 'input.text'); ?>" />
</div>
<div class="row buttons">
echo '<input type="hidden" name="weblink_text" value="'.htmlspecialchars($stripslashes($_POST['weblink_text'])).'" />';
echo '<input type="hidden" name="head" value="'.htmlspecialchars($stripslashes($_POST['head'])).'" />';
echo '<input type="hidden" name="use_customized_head" value="'.(($_POST['use_customized_head']=="") ? 0 : $_POST['use_customized_head']).'" />';
- echo '<input type="hidden" name="displayhead" id="displayhead" value="'.$_POST['displayhead'].'" />';
- echo '<input type="hidden" name="complexeditor" id="complexeditor" value="'.$_POST['complexeditor'].'" />';
- echo '<input type="hidden" name="formatting" value="'.$_POST['formatting'].'" />';
+ echo '<input type="hidden" name="displayhead" id="displayhead" value="'.AT_print($_POST['displayhead'], 'input.hidden').'" />';
+ echo '<input type="hidden" name="complexeditor" id="complexeditor" value="'.AT_print($_POST['complexeditor'], 'input.hidden').'" />';
+ echo '<input type="hidden" name="formatting" value="'.AT_print($_POST['formatting'], 'input.hidden').'" />';
}
- echo '<input type="hidden" name="ordering" value="'.$_POST['ordering'].'" />';
+ echo '<input type="hidden" name="ordering" value="'.AT_print($_POST['ordering'], 'input.hidden').'" />';
echo '<input type="hidden" name="pid" value="'.$pid.'" />';
// echo '<input type="hidden" name="day" value="'.$_POST['day'].'" />';
// echo '<input type="hidden" name="minute" value="'.$_POST['minute'].'" />';
// echo '<input type="hidden" name="min" value="'.$_POST['min'].'" />';
- echo '<input type="hidden" name="alternatives" value="'.$_POST['alternatives'].'" />';
+ echo '<input type="hidden" name="alternatives" value="'.AT_print($_POST['alternatives'], 'input.hidden').'" />';
echo '<input type="hidden" name="current_tab" value="'.$current_tab.'" />';
echo '<input type="hidden" name="keywords" value="'.htmlspecialchars(stripslashes($_POST['keywords'])).'" />';
//content test association
- echo '<input type="hidden" name="test_message" value="'.$_POST['test_message'].'" />';
+ echo '<input type="hidden" name="test_message" value="'.AT_print($_POST['test_message'], 'input.hidden').'" />';
/* get glossary terms */
// $matches = find_terms(stripslashes($_POST['body_text']));
echo '<input type="hidden" name="visited_tests" value="1" />'."\n";
if (is_array($_POST['tid'])) {
foreach ($_POST['tid'] as $i=>$tid){
- echo '<input type="hidden" name="tid['.$i.']" value="'.$tid.'" />';
+ echo '<input type="hidden" name="tid['.$i.']" value="'.AT_print($tid, 'input.hidden').'" />';
}
}
} else {
/* relative uri */
$_rel_url = '/'.implode('/', array_slice($url_parts, count($url_parts) - $dir_deep-1));
+/* control how user inputs get formatted on output: */
+/* note: v131 not all formatting options are available on each section. */
+
+define('TR_FORMAT_NONE', 0); /* LEQ to ~AT_FORMAT_ALL */
+define('TR_FORMAT_EMOTICONS', 1);
+define('TR_FORMAT_LINKS', 2);
+define('TR_FORMAT_IMAGES', 4);
+define('TR_FORMAT_HTML', 8);
+define('TR_FORMAT_GLOSSARY', 16);
+define('TR_FORMAT_ATCODES', 32);
+define('TR_FORMAT_CONTENT_DIR', 64); /* remove CONTENT_DIR */
+define('TR_FORMAT_QUOTES', 128); /* remove double quotes (does this get used?) */
+define('TR_FORMAT_ALL', TR_FORMAT_EMOTICONS
+ + TR_FORMAT_LINKS
+ + TR_FORMAT_IMAGES
+ + TR_FORMAT_HTML
+ + TR_FORMAT_GLOSSARY
+ + TR_FORMAT_ATCODES
+ + TR_FORMAT_CONTENT_DIR);
+
+$_field_formatting = array();
+$_field_formatting['input.*'] = TR_FORMAT_QUOTES; /* All input should have '<' and quotes escaped.*/
+
?>
return str_replace('&', '&', $input);
}
+function query_bit( $bitfield, $bit ) {
+ if (!is_int($bitfield)) {
+ $bitfield = intval($bitfield);
+ }
+ if (!is_int($bit)) {
+ $bit = intval($bit);
+ }
+ return ( $bitfield & $bit ) ? true : false;
+}
?>
</tr>\r
<tr>\r
<td colspan="2" valign="top" align="center" class="row1">\r
- <input type="button" name="paste" value="<?php echo _AT('paste'); ?>" class="button" onclick="javascript:insertTo('<?php echo $area; ?>');" />\r
+ <input type="button" name="paste" value="<?php echo _AT('paste'); ?>" class="button" onclick="javascript:insertTo('<?php echo AT_print($area, 'input.text'); ?>');" />\r
</td>\r
</tr>\r
</table>\r
echo '<input type="submit" class="" name="submit_yes" value="'._AT('yes').'"/>';
echo '<input type="submit" class="" name="submit_no" value="'._AT('no').'"/>';
echo '<input type="hidden" name="submit_import" value="submit_import" />';
- ECHO '<input type="hidden" name="url" value="'.$_POST['url'].'" />';
+ ECHO '<input type="hidden" name="url" value="'.AT_print($_POST['url'], 'input.hidden').'" />';
echo '</div></div>';
echo '</form>';
require (TR_INCLUDE_PATH.'footer.inc.php');
echo '<input type="submit" class="" name="submit_yes" value="'._AT('yes').'"/>';
echo '<input type="submit" class="" name="submit_no" value="'._AT('no').'"/>';
echo '<input type="hidden" name="submit_import" value="submit_import" />';
- ECHO '<input type="hidden" name="url" value="'.$_POST['url'].'" />';
+ echo '<input type="hidden" name="url" value="'.AT_print($_POST['url'], 'input.hidden').'" />';
echo '</div></div>';
echo '</form>';
require (TR_INCLUDE_PATH.'footer.inc.php');
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('edit_test'); ?></legend>\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br />\r
- <input type="text" name="title" id="title" size="40" value="<?php if (isset($_POST['title'])) echo stripslashes(htmlspecialchars($_POST['title'])); else echo $this->row['title']; ?>" />\r
+ <input type="text" name="title" id="title" size="40" value="<?php if (isset($_POST['title'])) echo stripslashes(htmlspecialchars($_POST['title'])); else echo AT_print($this->row['title'], 'input.text'); ?>" />\r
</div>\r
\r
<div class="row">\r
?>
<br />
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#anchor">
- <input type="hidden" name="selected_term" value="<?php echo $_REQUEST['selected_term']; ?>" />
- <input type="hidden" name="lang_code" value="<?php echo $_REQUEST['lang_code']; ?>" />
- <input type="hidden" name="new_or_translated" value="<?php echo $_REQUEST['new_or_translated']; ?>" />
- <input type="hidden" name="term_type" value="<?php echo $_REQUEST['term_type']; ?>" />
+ <input type="hidden" name="selected_term" value="<?php echo AT_print($_REQUEST['selected_term'], 'input.hidden'); ?>" />
+ <input type="hidden" name="lang_code" value="<?php echo AT_print($_REQUEST['lang_code'], 'input.hidden'); ?>" />
+ <input type="hidden" name="new_or_translated" value="<?php echo AT_print($_REQUEST['new_or_translated'], 'input.hidden'); ?>" />
+ <input type="hidden" name="term_type" value="<?php echo AT_print($_REQUEST['term_type']., 'input.hidden'); ?>" />
<input type="hidden" name="search_phase" value="<?php echo htmlspecialchars(stripslashes($_REQUEST['search_phase'])); ?>" />
<input type="hidden" name="variable" value="<?php echo $row_english['variable']; ?>" />
- <input type="hidden" name="term" value="<?php echo $row_english['term']; ?>" />
+ <input type="hidden" name="term" value="<?php echo AT_print($row_english['term'], 'input.hidden'); ?>" />
<?php if (isset($_REQUEST["submit"])) { ?>
<input type="hidden" name="submit" value="1" />
<?php } ?>