+ AT_FORMAT_CONTENT_DIR);
$_field_formatting = array();
+$_field_formatting['assignment.title'] = AT_FORMAT_QUOTES;
+
+$_field_formatting['backups.description'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
+
+$_field_formatting['blog_posts.body'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
+$_field_formatting['blog_posts.title'] = AT_FORMAT_NONE | AT_FORMAT_QUOTES;
+$_field_formatting['blog_posts_comments.comment'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML;
$_field_formatting['content.keywords'] = AT_FORMAT_NONE;
$_field_formatting['content.title'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
$_field_formatting['course_cats.cat_name'] = AT_FORMAT_NONE;
$_field_formatting['courses.*'] = AT_FORMAT_ALL & ~AT_FORMAT_EMOTICONS & ~AT_FORMAT_ATCODES & ~AT_FORMAT_LINKS & ~AT_FORMAT_IMAGES;
+$_field_formatting['courses.banner'] = AT_FORMAT_ALL;
+
+$_field_formatting['faqs.topic'] = AT_FORMAT_NONE | AT_FORMAT_QUOTES;
+$_field_formatting['faqs.question'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
+$_field_formatting['faqs.answer'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
$_field_formatting['forums.title'] = AT_FORMAT_NONE | AT_FORMAT_QUOTES;
-$_field_formatting['forums.description'] = AT_FORMAT_ALL | AT_FORMAT_QUOTES;
+$_field_formatting['forums.description'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
$_field_formatting['forums_threads.subject'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
$_field_formatting['forums_threads.body'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
-$_field_formatting['glossary.word'] = AT_FORMAT_NONE;
-$_field_formatting['glossary.definition'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML;
+$_field_formatting['glossary.word'] = AT_FORMAT_QUOTES;
+$_field_formatting['glossary.definition'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
+
+$_field_formatting['groups.*'] = AT_FORMAT_QUOTES;
$_field_formatting['instructor_approvals.notes']= AT_FORMAT_NONE;
-$_field_formatting['members.*'] = AT_FORMAT_NONE; /* wildcards are okay */
+$_field_formatting['members.*'] = AT_FORMAT_QUOTES; /* wildcards are okay */
$_field_formatting['messages.subject'] = AT_FORMAT_EMOTICONS + AT_FORMAT_IMAGES | AT_FORMAT_QUOTES;
$_field_formatting['messages.body'] = AT_FORMAT_EMOTICONS + AT_FORMAT_LINKS + AT_FORMAT_IMAGES + AT_FORMAT_ATCODES | AT_FORMAT_QUOTES;
-$_field_formatting['news.title'] = AT_FORMAT_EMOTICONS | AT_FORMAT_LINKS & ~AT_FORMAT_HTML;
+$_field_formatting['news.title'] = AT_FORMAT_EMOTICONS | AT_FORMAT_LINKS & ~AT_FORMAT_HTML | AT_FORMAT_QUOTES;
$_field_formatting['news.body'] = AT_FORMAT_ALL;
-$_field_formatting['resource_categories.CatName']= AT_FORMAT_NONE;
+$_field_formatting['resource_categories.CatName']= AT_FORMAT_QUOTES;
$_field_formatting['resource_categories.Url'] = AT_FORMAT_NONE;
-$_field_formatting['resource_links.LinkName'] = AT_FORMAT_NONE;
+$_field_formatting['resource_links.LinkName'] = AT_FORMAT_QUOTES;
$_field_formatting['resource_links.Description']= AT_FORMAT_NONE;
-$_field_formatting['resource_links.SubmitName']= AT_FORMAT_NONE;
+$_field_formatting['resource_links.SubmitName']= AT_FORMAT_QUOTES;
+
+$_field_formatting['reading_list.*'] = AT_FORMAT_QUOTES;
$_field_formatting['tests.title'] = AT_FORMAT_ALL;
$_field_formatting['tests.instructions'] = AT_FORMAT_ALL;
$_field_formatting['tests_answers.answer'] = AT_FORMAT_NONE;
$_field_formatting['tests_answers.notes'] = AT_FORMAT_ALL;
-$_field_formatting['tests_questions.*'] = AT_FORMAT_ALL;
-
+$_field_formatting['tests_questions.*'] = AT_FORMAT_ALL | AT_FORMAT_QUOTES;
$_field_formatting['tests_questions_categories.title'] = AT_FORMAT_NONE;
-$_field_formatting['polls.*'] = AT_FORMAT_ALL;
+$_field_formatting['photo_albums.*'] = AT_FORMAT_QUOTES;
+$_field_formatting['photos.*'] = AT_FORMAT_QUOTES;
-$_field_formatting['blog_posts.body'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML;
-$_field_formatting['blog_posts.title'] = AT_FORMAT_NONE;
+$_field_formatting['polls.*'] = AT_FORMAT_QUOTES;
-$_field_formatting['blog_posts_comments.comment'] = AT_FORMAT_ALL & ~AT_FORMAT_HTML;
+$_field_formatting['social.*'] = AT_FORMAT_QUOTES;
+
+$_field_formatting['input.*'] = AT_FORMAT_QUOTES; /* All input should have '<' and quotes escaped.
-$_field_formatting['courses.banner'] = AT_FORMAT_ALL;
if (isset($_GET['cid'])) {
$cid = intval($_GET['cid']);
if (query_bit($_field_formatting[$name], AT_FORMAT_QUOTES)) {
$input = str_replace('"', '"', $input);
+ $input = str_replace('\'', ''', $input);
}
if (query_bit($_field_formatting[$name], AT_FORMAT_CONTENT_DIR)) {
if (query_bit($_field_formatting[$name], AT_FORMAT_IMAGES)) {
$input = trim(image_replace(' ' . $input . ' '));
}
-
-
return $input;
}
$v = str_replace("\n", '<br />', $v);
$v = str_replace("\r", '', $v);
- /* escape special characters */
- $k = preg_quote($k);
-
$k = str_replace('<', '<', $k);
$k = str_replace('/', '\/', $k);
$original_term = $k;
$term = $original_term;
+ if (!$html) {
+ $term = str_replace('<', '<', $term);
+ }
- $term = '(\s*'.$term.'\s*)';
+ /* escape special characters */
+ $term = preg_quote($term);
+ $term = '(\s*'.$term.'\s*)';
$term = str_replace(' ','((<br \/>)*\s*)', $term);
-
+
$def = htmlspecialchars($v, ENT_QUOTES, 'UTF-8');
if ($simple) {
$input = preg_replace
$input = preg_replace
("/(\[\?\])$term(\[\/\?\])/i",
'\\2<sup><a class="tooltip" href="'.$_base_path.'mods/_core/glossary/index.php?g_cid='.$_SESSION['s_cid'].htmlentities(SEP).'w='.urlencode($original_term).'#term" title="'.addslashes($original_term).': '.$def.'">?</a></sup>',$input);*/
-
$input = preg_replace
("/(\[\?\])$term(\[\/\?\])/i",
- '<a class="tooltip" href="'.$_base_path.'mods/_core/glossary/index.php?g_cid='.$_SESSION['s_cid'].htmlentities(SEP).'w='.urlencode($original_term).'#term" title="'.addslashes($original_term).': '.$def.'">\\2</a>',$input);
+ '<a class="tooltip" href="'.$_base_path.'mods/_core/glossary/index.php?g_cid='.$_SESSION['s_cid'].htmlentities(SEP).'w='.urlencode($original_term).'#term" title="'.htmlentities_utf8($original_term).': '.$def.'">\\2</a>',$input);
}
}
} else if (!$user_glossary) {
\r
<div class="row">\r
<label for="desc"><?php echo _AT('description'); ?></label><br />\r
- <textarea cols="30" rows="2" name="new_description" id="desc"><?php echo htmlentities_utf8($backup_row['description']); ?></textarea>\r
+ <textarea cols="30" rows="2" name="new_description" id="desc"><?php echo AT_print($backup_row['description'], 'backups.description'); ?></textarea>\r
</div>\r
\r
<div class="row buttons">\r
echo '<label for="c'.$row['backup_id'].'_'.$row['course_id'].'">'.$row['file_name'].'</label></td>';
echo '<td>'.AT_date(_AT('filemanager_date_format'), $row['date_timestamp'], AT_DATE_UNIX_TIMESTAMP).'</td>';
echo '<td align="right">'.get_human_size($row['file_size']).'</td>';
- echo '<td>'.htmlentities_utf8($row['description']).'</td>';
+ echo '<td>'.AT_print($row['description'], 'backups.description').'</td>';
echo '</tr>';
$num_backups ++;
}
$title = $row['file_name'];\r
}\r
$index['backup_id'] = $_GET['backup_id'];\r
- $msg->addConfirm(array('DELETE', htmlentities_utf8($title)), $index);\r
+ $msg->addConfirm(array('DELETE', $title), $index);\r
$msg->printConfirm();\r
\r
require (AT_INCLUDE_PATH.'footer.inc.php');\r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('edit'); ?></legend>\r
<div class="row">\r
<label for="description"><?php echo _AT('optional_description'); ?></label>\r
- <textarea cols="30" rows="2" id="description" name="new_description"><?php echo htmlentities_utf8($row['description']); ?></textarea>\r
+ <textarea cols="30" rows="2" id="description" name="new_description"><?php echo AT_print($row['description'], 'backups.description'); ?></textarea>\r
</div>\r
\r
<div class="row buttons">\r
</tr>
<?php
} else {
-
foreach ($list as $row) {
echo '<tr onmousedown="document.form[\'b'.$row['backup_id'].'\'].checked = true; rowselect(this);" id="r_'.$row['backup_id'].'">';
echo '<td class="row1"><label><input type="radio" value="'.$row['backup_id'].'" name="backup_id" id="b'.$row['backup_id'].'" />';
echo $row['file_name'].'</label></td>';
echo '<td>'.AT_date(_AT('filemanager_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME).'</td>';
echo '<td align="right">'.get_human_size($row['file_size']).'</td>';
- echo '<td>'.AT_Print(htmlentities_utf8($row['description']), 'backups.description').'</td>';
+ echo '<td>'.AT_print($row['description'], 'backups.description').'</td>';
echo '</tr>';
}
?>
if (is_array($word)) {
/* update $_POST['glossary_defs'] with any new/changed terms */
for($i=0; $i<$num_terms; $i++) {
- $word[$i] = htmlentities_utf8($word[$i]);
+// $word[$i] = htmlentities_utf8($word[$i]);
if (!isset($_POST['glossary_defs'][$word[$i]])) {
$_POST['glossary_defs'][$word[$i]] = $glossary[$word[$i]];
}
unset($_POST['glossary_defs'][$w]);
continue;
}
- echo '<input type="hidden" name="glossary_defs['.$w.']" value="'.htmlspecialchars(stripslashes($d)).'" />';
+ echo '<input type="hidden" name="glossary_defs['.AT_print($w, 'glossary.word').']" value="'.AT_print($d, 'glossary.definition').'" />';
}
if (isset($_POST['related_term'])) {
foreach($_POST['related_term'] as $w => $d) {
- echo '<input type="hidden" name="related_term['.$w.']" value="'.$d.'" />';
+ echo '<input type="hidden" name="related_term['.AT_print($w, 'glossary.word').']" value="'.AT_print($d, 'glossary.definition').'" />';
}
}
}
<tr>
<td valign="top" align="right" class="row1"><label for="body<?php echo $i; ?>"><strong><?php echo _AT('glossary_definition'); ?>:</strong></label></td>
<td class="row1">
- <textarea name="glossary_defs[<?php echo $word[$i]; ?>]" class="formfield" cols="55" rows="4" id="body<?php echo $i; ?>"><?php
+ <textarea name="glossary_defs[<?php echo AT_print($word[$i], 'glossary.word'); ?>]" class="formfield" cols="55" rows="4" id="body<?php echo $i; ?>"><?php
echo ContentManager::cleanOutput($current_defn);
?></textarea></td>
<td class="row1"><?php
if ($num_glossary > 1) {
- echo '<select name="related_term['.$word[$i].']" id="r'.$i.'">';
+ echo '<select name="related_term['.AT_print($word[$i], 'glossary.word').']" id="r'.$i.'">';
echo '<option value="0"></option>';
foreach ($glossary_ids as $id => $term) {
if ($term == $word[$i]) {
if ($_POST['related_term'][$word[$i]] == $id) {
echo ' selected="selected"';
}
- echo '>'.urldecode($term).'</option>';
+ echo '>'.AT_print(urldecode($term), 'glossary.word').'</option>';
}
echo '</select>';
} else {
$count = 0;
$glossary_key_lower = array_change_key_case($glossary);
-
foreach ($words as $k => $v) {
$original_v = $v;
- $v = $strtolower(urlencode($v)); //array_change_key_case change everything to lowercase, including encoding.
-
+ $v = $strtolower($v); //array_change_key_case change everything to lowercase, including encoding.
if (isset($glossary_key_lower[$v]) && $glossary_key_lower[$v] != '') {
-
$v_formatted = urldecode(array_search($glossary_key_lower[$v], $glossary));
- $def = htmlentities(AT_print($glossary_key_lower[$v], 'glossary.definition'), ENT_QUOTES, 'UTF-8');
+ $def = AT_print($glossary_key_lower[$v], 'glossary.definition');
$count++;
- echo '<a class="tooltip" href="'.$_base_path.'mods/_core/glossary/index.php?g_cid='.$_SESSION['s_cid'].htmlentities(SEP).'w='.urlencode($original_v).'#term" title="'.addslashes($v_formatted).': '.$def.'">';
+ echo '<a class="tooltip" href="'.$_base_path.'mods/_core/glossary/index.php?g_cid='.$_SESSION['s_cid'].htmlentities(SEP).'w='.urlencode($original_v).'#term" title="'.htmlentities_utf8($v_formatted).': '.$def.'">';
if ($strlen($original_v) > 26 ) {
$v_formatted = $substr($v_formatted, 0, 26-4).'...';
}
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
$list[] = '<a href="'.url_rewrite('mods/_core/glossary/index.php?w='.urlencode($row['word']).'#term', AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($row['word']) > SUBLINK_TEXT_LEN ? ' title="'.$row['word'].'"' : '') .'>'.
- validate_length($row['word'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ (strlen($row['word']) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($row['word'], 'glossary.word').'"' : '') .'>'.
+ AT_print(validate_length($row['word'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'glossary.word') .'</a>';
}
return $list;
?>\r
<tr onmousedown="document.form['m<?php echo $row['word_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['word_id']; ?>">\r
<td valign="top" width="10"><input type="radio" name="word_id" value="<?php echo $row['word_id']; ?>" id="m<?php echo $row['word_id']; ?>" /></td>\r
- <td valign="top"><label for="m<?php echo $row['word_id']; ?>"><?php echo AT_print(htmlentities_utf8($row['word']), 'glossary.word'); ?></label></td>\r
- <td style="whitespace:nowrap;"><?php echo AT_print(htmlentities_utf8($def_trunc), 'glossary.definition'); ?></td>\r
- <td valign="top"><?php echo AT_print(htmlentities_utf8($related_word), 'glossary.word'); ?></td>\r
+ <td valign="top"><label for="m<?php echo $row['word_id']; ?>"><?php echo AT_print($row['word'], 'glossary.word'); ?></label></td>\r
+ <td style="whitespace:nowrap;"><?php echo AT_print($def_trunc, 'glossary.definition'); ?></td>\r
+ <td valign="top"><?php echo AT_print($related_word, 'glossary.word'); ?></td>\r
</tr>\r
<?php \r
} \r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('groups_create_automatic'); ?></legend>\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="type"><?php echo _AT('groups_type'); ?></label><br />\r
- <input type="text" name="type_title" id="type" value="<?php echo htmlentities_utf8($_POST['type_title']); ?>" size="30" maxlength="60" />\r
+ <input type="text" name="type_title" id="type" value="<?php echo AT_print($_POST['type_title'], 'groups.type'); ?>" size="30" maxlength="60" />\r
</div>\r
\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="prefix"><?php echo _AT('group_prefix'); ?></label><br />\r
- <input type="text" name="prefix" id="prefix" value="<?php echo htmlentities_utf8($_POST['prefix']); ?>" size="20" maxlength="40" />\r
+ <input type="text" name="prefix" id="prefix" value="<?php echo AT_print($_POST['prefix'], 'groups.prefix'); ?>" size="20" maxlength="40" />\r
</div>\r
\r
<div class="row">\r
<label for="description"><?php echo _AT('default_description'); ?></label><br />\r
- <textarea name="description" id="description" cols="10" rows="2"><?php echo htmlentities_utf8($_POST['description']); ?></textarea>\r
+ <textarea name="description" id="description" cols="10" rows="2"><?php echo AT_print($_POST['description'], 'groups.description'); ?></textarea>\r
</div>\r
\r
<div class="row">\r
</select>\r
<strong><?php echo _AT('or'); ?></strong>\r
<?php endif; ?>\r
- <label for="new"><?php echo _AT('new_type'); ?></label> <input type="text" name="new_type" value="<?php echo htmlentities_utf8($_POST['new_type']); ?>" id="new" size="30" maxlength="40" />\r
+ <label for="new"><?php echo _AT('new_type'); ?></label> <input type="text" name="new_type" value="<?php echo AT_print($_POST['new_type'], 'groups.type'); ?>" id="new" size="30" maxlength="40" />\r
</div>\r
\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="prefix"><?php echo _AT('title'); ?></label><br />\r
- <input type="text" name="prefix" id="prefix" value="<?php echo htmlentities_utf8($_POST['prefix']); ?>" size="20" maxlength="40" />\r
+ <input type="text" name="prefix" id="prefix" value="<?php echo AT_print($_POST['prefix'], 'prefix'); ?>" size="20" maxlength="40" />\r
</div>\r
\r
<div class="row">\r
<label for="description"><?php echo _AT('description'); ?></label><br />\r
- <textarea name="description" id="description" cols="10" rows="2"><?php echo htmlentities_utf8($_POST['description']); ?></textarea>\r
+ <textarea name="description" id="description" cols="10" rows="2"><?php echo AT_print($_POST['description'], 'groups.description'); ?></textarea>\r
</div>\r
\r
<div class="row">\r
$hidden_vars['id'] = $_GET['id'];\r
$hidden_vars['type_id'] = $row['type_id'];\r
\r
-$msg->addConfirm(array('DELETE_GROUP',htmlentities_utf8($row['title'])), $hidden_vars);\r
+$msg->addConfirm(array('DELETE_GROUP',AT_print($row['title'], 'groups.title')), $hidden_vars);\r
$msg->printConfirm();\r
\r
require(AT_INCLUDE_PATH.'footer.inc.php');\r
<div class="input-form">\r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('edit'); ?></legend>\r
<div class="row">\r
- <h3><?php echo htmlentities_utf8($type_row['title']); ?></h3>\r
+ <h3><?php echo AT_print($type_row['title'], 'groups.title'); ?></h3>\r
</div>\r
\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br />\r
- <input type="text" name="title" id="title" value="<?php echo htmlspecialchars($row['title']); ?>" size="20" maxlength="40" />\r
+ <input type="text" name="title" id="title" value="<?php echo AT_print($row['title'], 'groups.title'); ?>" size="20" maxlength="40" />\r
</div>\r
\r
<div class="row">\r
<label for="description"><?php echo _AT('description'); ?>:</label><br />\r
- <textarea name="description" id="description" cols="10" rows="2"><?php echo htmlspecialchars($row['description']); ?></textarea>\r
+ <textarea name="description" id="description" cols="10" rows="2"><?php echo AT_print($row['description'], 'groups.description'); ?></textarea>\r
</div>\r
\r
<div class="row">\r
echo '<ol id="tools">';\r
\r
while ($row = mysql_fetch_assoc($result)) {\r
- echo '<li class="top-tool">'.htmlentities_utf8($row['title']) . ' ';\r
+ echo '<li class="top-tool">'.AT_print($row['title'], 'groups.title') . ' ';\r
\r
$modules = explode('|', $row['modules']);\r
asort($modules);\r
<tr onmousedown="document.form['g<?php echo $row['type_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['type_id']; ?>">\r
<th>\r
<input type="radio" id="g<?php echo $row['type_id']; ?>" name="id" value="<?php echo $row['type_id']; ?>" />\r
- <label for="g<?php echo $row['type_id']; ?>"><?php echo htmlentities_utf8($row['title']); ?></label> (<?php echo $num_groups.' '._AT('groups'); ?>)</td>\r
+ <label for="g<?php echo $row['type_id']; ?>"><?php echo AT_print($row['title'], 'groups.title'); ?></label> (<?php echo $num_groups.' '._AT('groups'); ?>)</td>\r
</th>\r
</tr>\r
<?php if ($num_groups) : ?>\r
$group_cnt = mysql_fetch_assoc($group_cnt_result);\r
?>\r
<tr onmousedown="document.form['g<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>">\r
- <td class="indent"><input type="radio" id="g<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>" name="id" value="<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>" /> <label for="g<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>"><?php echo htmlentities_utf8($group_row['title']); ?></label> (<?php echo $group_cnt['cnt'].' '._AT('members'); ?>)</td>\r
+ <td class="indent"><input type="radio" id="g<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>" name="id" value="<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>" /> <label for="g<?php echo $row['type_id'].'_'.$group_row['group_id']; ?>"><?php echo AT_print($group_row['title'], 'groups.title'); ?></label> (<?php echo $group_cnt['cnt'].' '._AT('members'); ?>)</td>\r
</tr>\r
<?php endwhile; ?>\r
<?php else: ?>\r
require(AT_INCLUDE_PATH.'header.inc.php');\r
\r
\r
-echo '<h2>'.htmlentities_utf8($type_row['title']).'</h2>';\r
+echo '<h2>'.AT_print($type_row['title'], 'groups.title').'</h2>';\r
\r
\r
if (isset($_GET['gid'])) {\r
<select name="groups[<?php echo $row['member_id']; ?>]" id="m<?php echo $row['member_id']; ?>" onchange="javascript:hirow(this, <?php echo $count; ?>);">\r
<option value="0"></option>\r
<?php foreach ($tmp_groups as $group => $title): ?>\r
- <option value="<?php echo $group; ?>" <?php if ($groups_members[$row['member_id']] == $group) { echo 'selected="selected"'; } ?>><?php echo htmlspecialchars($title); ?></option>\r
+ <option value="<?php echo $group; ?>" <?php if ($groups_members[$row['member_id']] == $group) { echo 'selected="selected"'; } ?>><?php echo AT_print($title, 'groups.title'); ?></option>\r
<?php endforeach; ?>\r
</select>\r
</td>\r
$hidden_vars['delete_news'] = TRUE;
$hidden_vars['form_news_id'] = $row['news_id'];
- $confirm = array('DELETE_NEWS', AT_print(htmlentities_utf8($row['title']), 'news.title'));
+ $confirm = array('DELETE_NEWS', AT_print($row['title'], 'news.title'));
$msg->addConfirm($confirm, $hidden_vars);
$msg->printConfirm();
<div class="input-form">
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br />
- <input type="text" name="title" id="title" value="<?php echo htmlentities_utf8(stripslashes($row['title'])); ?>" size="40">
+ <input type="text" name="title" id="title" value="<?php echo AT_print($row['title'], 'input.text'); ?>" size="40">
</div>
<div class="row">
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body_text"><?php echo _AT('body'); ?></label><br />
- <textarea name="body_text" cols="55" rows="15" id="body_text" wrap="wrap"><?php echo htmlentities_utf8($row['body']); ?></textarea>
+ <textarea name="body_text" cols="55" rows="15" id="body_text" wrap="wrap"><?php echo AT_print($row['body'], 'input.text'); ?></textarea>
</div>
<div class="row buttons">
\r
<td><input type="radio" name="aid" value="<?php echo $row['news_id']; ?>" id="n<?php echo $row['news_id']; ?>" /></td>\r
\r
- <td><label for="n<?php echo $row['news_id']; ?>"><?php echo AT_print(htmlentities_utf8($row['title']), 'news.title'); ?></label></td>\r
+ <td><label for="n<?php echo $row['news_id']; ?>"><?php echo AT_print($row['title'], 'news.title'); ?></label></td>\r
<td><?php echo AT_date(_AT('announcement_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></td>\r
</tr>\r
<?php } while ($row = mysql_fetch_assoc($result)); ?>\r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('add_assignment'); ?></legend>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br/>
- <input type="text" name="title" size="50" id="title" value="<?php echo htmlentities_utf8($title); ?>" />
+ <input type="text" name="title" size="50" id="title" value="<?php echo AT_print($title, 'assignment.title'); ?>" />
</div>
<div class="row">
\r
if ($row = mysql_fetch_assoc($result)){\r
$hidden_vars['assignment_id'] = $_GET['id'];\r
- $confirm = array('DELETE_ASSIGNMENT', htmlentities_utf8($row['title']));\r
+ $confirm = array('DELETE_ASSIGNMENT', AT_print($row['title'], 'assignment.title'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
}\r
}\r
?>/></td>\r
\r
- <td><label for="a<?php echo $row['assignment_id']; ?>"><?php echo htmlentities_utf8($row['title']); ?></label></td>\r
+ <td><label for="a<?php echo $row['assignment_id']; ?>"><?php echo AT_print($row['title'], 'assignment.title'); ?></label></td>\r
\r
<td><?php if($row['assign_to'] == '0'){echo _AT('all_students'); } else {\r
$sql = "SELECT title FROM ".TABLE_PREFIX."groups_types WHERE type_id=$row[assign_to] AND course_id=$_SESSION[course_id]";\r
}\r
\r
if (!$msg->containsErrors()) {\r
- $_POST['title'] = htmlentities_utf8($_POST['title']);\r
- $_POST['body'] = htmlentities_utf8($_POST['body']);\r
$_POST['private'] = abs($_POST['private']);\r
$sql = "INSERT INTO ".TABLE_PREFIX."blog_posts VALUES (NULL, $_SESSION[member_id], ".BLOGS_GROUP.", $_POST[oid], $_POST[private], NOW(), 0, '$_POST[title]', '$_POST[body]')";\r
mysql_query($sql, $db);\r
$result = mysql_query($sql, $db);\r
$row = mysql_fetch_assoc($result);\r
\r
-$msg->addConfirm(array('DELETE', htmlentities_utf8($row['comment'])), $hidden_vars);\r
+$msg->addConfirm(array('DELETE', AT_print($row['comment'], 'blog_posts_comments.comment')), $hidden_vars);\r
$msg->printConfirm();\r
\r
require(AT_INCLUDE_PATH.'footer.inc.php');\r
}\r
\r
if (!$msg->containsErrors()) {\r
- $_POST['title'] = htmlspecialchars($_POST['title']);\r
- $_POST['body'] = htmlspecialchars($_POST['body']);\r
$_POST['private'] = abs($_POST['private']);\r
$sql = "UPDATE ".TABLE_PREFIX."blog_posts SET private=$_POST[private], title='$_POST[title]', body='$_POST[body]', date=date WHERE owner_type=".BLOGS_GROUP." AND owner_id=$_REQUEST[oid] AND post_id=$id";\r
mysql_query($sql, $db);\r
<div class="input-form">\r
<div class="row">\r
<label for="title"><?php echo _AT('title'); ?></label><br />\r
- <input type="text" name="title" id="title" value="<?php echo $post_row['title']; ?>" size="50" />\r
+ <input type="text" name="title" id="title" value="<?php echo AT_print($post_row['title'], 'input.text'); ?>" size="50" />\r
</div>\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />\r
- <textarea name="body" id="body" cols="40" rows="10"><?php echo $post_row['body']; ?></textarea>\r
+ <textarea name="body" id="body" cols="40" rows="10"><?php echo AT_print($post_row['body'], 'input.text'); ?></textarea>\r
</div>\r
\r
<div class="row"> \r
$last_updated = '';\r
}\r
\r
- echo '<li class="top-tool" style="position:relative;"><a href="'.url_rewrite('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP. SEP .'oid='.$row['group_id']).'">'.$row['title'].$last_updated.'</a>';\r
+ echo '<li class="top-tool" style="position:relative;"><a href="'.url_rewrite('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP. SEP .'oid='.$row['group_id']).'">'.AT_print($row['title'], 'blog_posts.title').$last_updated.'</a>';\r
\r
// Check if subscribed and make appropriate button\r
if ($sub->is_subscribed('blog',$_SESSION['member_id'],$row['group_id'])){\r
* @return list of news, [timestamp]=>
*/
function blogs_news() {
- global $db, $enrolled_courses, $system_courses;
- $news = array();
+ global $db, $enrolled_courses, $system_courses;
+ $news = array();
- if ($enrolled_courses == ''){
- return $news;
- }
+ if ($enrolled_courses == ''){
+ return $news;
+ }
- $sql = "SELECT G.group_id, G.title, G.modules, T.course_id FROM ".TABLE_PREFIX."groups G INNER JOIN ".TABLE_PREFIX."groups_types T USING (type_id) WHERE T.course_id IN $enrolled_courses ORDER BY G.title";
+ $sql = "SELECT G.group_id, G.title, G.modules, T.course_id FROM ".TABLE_PREFIX."groups G INNER JOIN ".TABLE_PREFIX."groups_types T USING (type_id) WHERE T.course_id IN $enrolled_courses ORDER BY G.title";
- $result = mysql_query($sql, $db);
- if ($result){
- if (mysql_num_rows($result) > 0) {
- while ($row = mysql_fetch_assoc($result)) {
- if (strpos($row['modules'], '_standard/blogs') !== FALSE) {
- // retrieve the last posted date/time from this blog
- $sql = "SELECT MAX(date) AS date FROM ".TABLE_PREFIX."blog_posts WHERE owner_type=".BLOGS_GROUP." AND owner_id={$row['group_id']}";
- $date_result = mysql_query($sql, $db);
- $row2 = mysql_fetch_assoc($date_result);
- $last_updated = ' - ' . _AT('last_updated', AT_date(_AT('forum_date_format'), $row2['date'], AT_DATE_MYSQL_DATETIME));
-
- $link_title = $row['title'];
- $news[] = array('time'=>$row2['date'],
- 'object'=>$row,
- 'alt'=>_AT('blogs'),
- 'course'=>$system_courses[$row['course_id']]['title'],
- 'thumb'=>'images/home-blogs_sm.png',
- 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$row['group_id']).'"'.
- (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.$link_title.'"' : '') .'>'.
- validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>');
- }
- }
- }
- }
- return $news;
+ $result = mysql_query($sql, $db);
+ if ($result){
+ if (mysql_num_rows($result) > 0) {
+ while ($row = mysql_fetch_assoc($result)) {
+ if (strpos($row['modules'], '_standard/blogs') !== FALSE) {
+ // retrieve the last posted date/time from this blog
+ $sql = "SELECT MAX(date) AS date FROM ".TABLE_PREFIX."blog_posts WHERE owner_type=".BLOGS_GROUP." AND owner_id={$row['group_id']}";
+ $date_result = mysql_query($sql, $db);
+ $row2 = mysql_fetch_assoc($date_result);
+ $last_updated = ' - ' . _AT('last_updated', AT_date(_AT('forum_date_format'), $row2['date'], AT_DATE_MYSQL_DATETIME));
+
+ $link_title = $row['title'];
+ $news[] = array('time'=>$row2['date'],
+ 'object'=>$row,
+ 'alt'=>_AT('blogs'),
+ 'course'=>$system_courses[$row['course_id']]['title'],
+ 'thumb'=>'images/home-blogs_sm.png',
+ 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$row['group_id']).'"'.
+ (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($link_title, 'blog_posts.title').'"' : '') .'>'.
+ AT_print(validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'blog_posts.title') .'</a>');
+ }
+ }
+ }
+ }
+ return $news;
}
?>
exit;\r
}\r
\r
-$_pages['mods/_standard/blogs/post.php']['title'] = AT_print($post_row['title'], 'blog_posts.title') . ($post_row['private'] ? ' - '._AT('private') : '');\r
+$_pages['mods/_standard/blogs/post.php']['title'] = $post_row['title'] . ($post_row['private'] ? ' - '._AT('private') : '');\r
$_pages['mods/_standard/blogs/post.php']['parent'] = 'mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id;\r
if (query_bit($owner_status, BLOGS_AUTH_WRITE)) {\r
$_pages['mods/_standard/blogs/post.php']['children'] = array('mods/_standard/blogs/edit_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id.SEP.'id='.$id, 'mods/_standard/blogs/delete_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id.SEP.'id='.$id);\r
$link_title = $row['title'].$last_updated;
$list[] = '<a href="'.url_rewrite('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP. SEP .'oid='.$row['group_id'], AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.$link_title.'"' : '') .'>'.
- validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($link_title, 'blog_posts.title').'"' : '') .'>'.
+ AT_print(validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'blog_posts.title') .'</a>';
}
}
return $list;
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="topic"><?php echo _AT('topic'); ?></label><br />
<select name="topic_id" id="topic">
<?php while ($row = mysql_fetch_assoc($result)): ?>
- <option value="<?php echo $row['topic_id']; ?>"<?php if (isset($_POST['topic_id']) && ($row['topic_id'] == $_POST['topic_id'])) { echo ' selected="selected"'; } ?>><?php echo htmlspecialchars($row['name']); ?></option>
+ <option value="<?php echo $row['topic_id']; ?>"<?php if (isset($_POST['topic_id']) && ($row['topic_id'] == $_POST['topic_id'])) { echo ' selected="selected"'; } ?>><?php echo AT_print($row['name'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="question"><?php echo _AT('question'); ?></label><br />
- <input type="text" name="question" size="50" id="question" value="<?php if (isset($_POST['question'])) echo htmlentities_utf8($stripslashes($_POST['question'])); ?>" />
+ <input type="text" name="question" size="50" id="question" value="<?php if (isset($_POST['question'])) echo AT_print($stripslashes($_POST['question']), 'input.text'); ?>" />
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="answer"><?php echo _AT('answer'); ?></label><br />
- <textarea name="answer" cols="45" rows="3" id="answer" style="width:90%;"><?php if (isset ($_POST['answer'])) echo htmlentities_utf8($stripslashes($_POST['answer'])); ?></textarea>
+ <textarea name="answer" cols="45" rows="3" id="answer" style="width:90%;"><?php if (isset ($_POST['answer'])) echo AT_print($stripslashes($_POST['answer']), 'text.input'); ?></textarea>
</div>
$hidden_vars['topic_id'] = $row['topic_id'];\r
$hidden_vars['id'] = $_GET['id'];\r
\r
- $confirm = array('DELETE_FAQ_QUESTION', htmlentities_utf8($row['question']));\r
+ $confirm = array('DELETE_FAQ_QUESTION', AT_print($row['question'], 'faqs.question'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
} else {\r
if ($row = mysql_fetch_assoc($result)) {\r
$hidden_vars['id'] = $_GET['id'];\r
\r
- $confirm = array('DELETE_FAQ_TOPIC', htmlentities_utf8($row['name']));\r
+ $confirm = array('DELETE_FAQ_TOPIC', AT_print($row['name'], 'faqs.topic'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
} else {\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="topic"><?php echo _AT('topic'); ?></label><br />
<select name="topic_id" id="topic">
<?php while ($topic_row = mysql_fetch_assoc($result)): ?>
- <option value="<?php echo $topic_row['topic_id']; ?>"<?php if ($topic_row['topic_id'] == $row['topic_id']) { echo ' selected="selected"'; } ?>><?php echo htmlspecialchars($topic_row['name']); ?></option>
+ <option value="<?php echo $topic_row['topic_id']; ?>"<?php if ($topic_row['topic_id'] == $row['topic_id']) { echo ' selected="selected"'; } ?>><?php echo AT_print($topic_row['name'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="question"><?php echo _AT('question'); ?>:</label><br />
- <input type="text" name="question" size="50" id="question" value="<?php if (isset ($_POST['question'])) { echo htmlentities_utf8($stripslashes($_POST['question'])); } else { echo htmlentities_utf8($row['question']); } ?>" />
+ <input type="text" name="question" size="50" id="question" value="<?php if (isset ($_POST['question'])) { echo AT_print($stripslashes($_POST['question']), 'input.text'); } else { echo AT_print($row['question'], 'input.text'); } ?>" />
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="answer"><?php echo _AT('answer'); ?></label><br />
- <textarea name="answer" cols="45" rows="3" id="answer" style="width:90%;"><?php if (isset ($_POST['answer'])) { echo htmlentities_utf8($stripslashes($_POST['answer'])); } else { echo htmlentities_utf8($row['answer']); } ?></textarea>
+ <textarea name="answer" cols="45" rows="3" id="answer" style="width:90%;"><?php if (isset ($_POST['answer'])) { echo AT_print($stripslashes($_POST['answer']), 'input.text'); } else { echo AT_print($row['answer'], 'input.text'); } ?></textarea>
</div>
<div class="row buttons">
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('edit'); ?></legend>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="name"><?php echo _AT('name'); ?></label><br />
- <input type="text" name="name" size="50" id="name" value="<?php if (isset($_POST['name'])) echo htmlentities_utf8($stripslashes($_POST['name'])); ?>" />
+ <input type="text" name="name" size="50" id="name" value="<?php if (isset($_POST['name'])) echo AT_print($stripslashes($_POST['name']), 'input.text'); ?>" />
</div>
<div class="row buttons">
<ul style="list-style: none;">\r
<?php do { ?>\r
<li style="font-weight: bold; margin-bottom: 10px;">\r
- <?php echo $row['name']; ?>\r
+ <?php echo AT_print($row['name'], 'faqs.topic'); ?>\r
<?php \r
$entry_sql = "SELECT * FROM ".TABLE_PREFIX."faq_entries WHERE topic_id=$row[topic_id] ORDER BY question";\r
$entry_result = mysql_query($entry_sql, $db);\r
\r
<?php do { ?>\r
<li style="font-weight: normal">\r
- <h3><?php echo htmlentities_utf8($entry_row['question']); ?></h3>\r
- <p><?php echo htmlentities_utf8($entry_row['answer']);?></p>\r
+ <h3><?php echo AT_print($entry_row['question'], 'faqs.question'); ?></h3>\r
+ <p><?php echo AT_print($entry_row['answer'], 'faqs.answer');?></p>\r
</li>\r
<?php $counter++; ?>\r
<?php } while ($entry_row = mysql_fetch_assoc($entry_result)) ?>\r
<?php do { ?>\r
<tr onmousedown="document.form['t<?php echo $row['topic_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['topic_id']; ?>_0">\r
<th style="border-top:1pt solid #e0e0e0;"><input type="radio" name="item" id="t<?php echo $row['topic_id']; ?>" value="<?php echo $row['topic_id']; ?>" /></th>\r
- <th style="border-top:1pt solid #e0e0e0;"><?php echo htmlentities_utf8($row['name']); ?></th>\r
+ <th style="border-top:1pt solid #e0e0e0;"><?php echo AT_print($row['name'], 'faqs.topic'); ?></th>\r
</tr>\r
<?php \r
$entry_sql = "SELECT * FROM ".TABLE_PREFIX."faq_entries WHERE topic_id=$row[topic_id] ORDER BY question";\r
<?php if ($entry_row = mysql_fetch_assoc($entry_result)) : do { ?>\r
<tr onmousedown="document.form['q<?php echo $entry_row['entry_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['topic_id']; ?>_<?php echo $entry_row['entry_id']; ?>">\r
<td><input type="radio" name="item" id="q<?php echo $entry_row['entry_id']; ?>" value="<?php echo $entry_row['entry_id']; ?>q" /></td>\r
- <td><?php echo htmlentities_utf8($entry_row['question']); ?></td>\r
+ <td><?php echo AT_print($entry_row['question'], 'faqs.question'); ?></td>\r
</tr>\r
<?php } while ($entry_row = mysql_fetch_assoc($entry_result)); else: ?>\r
<tr>\r
* @return list of news, [timestamp]=>
*/
function faq_news() {
- global $db, $enrolled_courses, $system_courses;
- $news = array();
+ global $db, $enrolled_courses, $system_courses;
+ $news = array();
- if ($enrolled_courses == ''){
- return $news;
- }
+ if ($enrolled_courses == ''){
+ return $news;
+ }
- $sql = "SELECT * FROM ".TABLE_PREFIX."faq_topics T INNER JOIN ".TABLE_PREFIX."faq_entries E ON T.topic_id = E.topic_id WHERE T.course_id IN $enrolled_courses ORDER BY E.revised_date DESC";
- $result = mysql_query($sql, $db);
- if($result){
- while($row = mysql_fetch_assoc($result)){
- $news[] = array('time'=>$row['revised_date'],
- 'alt'=>_AT('faq'),'object'=>$row,
- 'course'=>$system_courses[$row['course_id']]['title'],
- 'thumb'=>'images/home-faq_sm.png',
- 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/faq/index.php#'.$row['entry_id']).'"'.
- (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.$row['question'].'"' : '') .'>'.
- validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>');
- }
- }
- return $news;
+ $sql = "SELECT * FROM ".TABLE_PREFIX."faq_topics T INNER JOIN ".TABLE_PREFIX."faq_entries E ON T.topic_id = E.topic_id WHERE T.course_id IN $enrolled_courses ORDER BY E.revised_date DESC";
+ $result = mysql_query($sql, $db);
+ if($result){
+ while($row = mysql_fetch_assoc($result)){
+ $news[] = array('time'=>$row['revised_date'],
+ 'alt'=>_AT('faq'),'object'=>$row,
+ 'course'=>$system_courses[$row['course_id']]['title'],
+ 'thumb'=>'images/home-faq_sm.png',
+ 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/faq/index.php#'.$row['entry_id']).'"'.
+ (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($row['question'], 'faqs.question').'"' : '') .'>'.
+ AT_print(validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'faqs.question') .'</a>');
+ }
+ }
+ return $news;
}
?>
\ No newline at end of file
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
$list[] = '<a href="'.url_rewrite('faq/index.php#'.$row['entry_id'], AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.$row['question'].'"' : '') .'>'.
- validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($row['question'], 'faqs.question').'"' : '') .'>'.
+ AT_print(validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'faqs.question') .'</a>';
}
return $list;
} else {
$hidden_vars['folders'] = $folders;
$rows = fs_get_folder_by_id($_GET['folders'], $owner_type, $owner_id);
foreach ($rows as $row) {
- $dir_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/folder.gif" height="18" width="20" alt="" title="" /> '.htmlentities_utf8($row['title']).'</li>';
+ $dir_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/folder.gif" height="18" width="20" alt="" title="" /> '.AT_print($row['title'], 'input.text').'</li>';
}
$msg->addConfirm(array('DIR_DELETE', $dir_list_to_print), $hidden_vars);
}
<?php if ($file_storage_groups): ?>
<optgroup label="<?php echo _AT('groups'); ?>">
<?php foreach ($file_storage_groups as $group): ?>
- <option value="<?php echo WORKSPACE_GROUP; ?>_<?php echo $group['group_id']; ?>" <?php if ($owner_type == WORKSPACE_GROUP && $owner_id == $group['group_id']) { echo 'selected="selected"'; } ?>><?php echo htmlentities_utf8($group['title']); ?></option>
+ <option value="<?php echo WORKSPACE_GROUP; ?>_<?php echo $group['group_id']; ?>" <?php if ($owner_type == WORKSPACE_GROUP && $owner_id == $group['group_id']) { echo 'selected="selected"'; } ?>><?php echo AT_print($group['title'], 'input.text'); ?></option>
<?php endforeach; ?>
</optgroup>
<?php endif; ?>
<?php if (count($my_assignments) != 0) : ?>
<optgroup label="<?php echo _AT('assignments'); ?>">
<?php foreach ($my_assignments as $my_assignment): ?>
- <option value="<?php echo WORKSPACE_ASSIGNMENT; ?>_<?php echo $my_assignment['assignment_id']; ?>_my" <?php if ($owner_type == WORKSPACE_ASSIGNMENT && $owner_id == $my_assignment['assignment_id']) { echo 'selected="selected"'; } ?>><?php echo htmlentities_utf8($my_assignment['title']); ?></option>
+ <option value="<?php echo WORKSPACE_ASSIGNMENT; ?>_<?php echo $my_assignment['assignment_id']; ?>_my" <?php if ($owner_type == WORKSPACE_ASSIGNMENT && $owner_id == $my_assignment['assignment_id']) { echo 'selected="selected"'; } ?>><?php echo AT_print($my_assignment['title'], 'input.text'); ?></option>
<?php endforeach; ?>
</optgroup>
<?php endif; ?>
<?php if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN) && count($file_storage_assignments) != 0) : ?>
<optgroup label="<?php echo _AT('assignments'); ?>">
<?php foreach ($file_storage_assignments as $assignment): ?>
- <option value="<?php echo WORKSPACE_ASSIGNMENT; ?>_<?php echo $assignment['assignment_id']; ?>" <?php if ($owner_type == WORKSPACE_ASSIGNMENT && $owner_id == $assignment['assignment_id']) { echo 'selected="selected"'; } ?>><?php echo htmlentities_utf8($assignment['title']); ?></option>
+ <option value="<?php echo WORKSPACE_ASSIGNMENT; ?>_<?php echo $assignment['assignment_id']; ?>" <?php if ($owner_type == WORKSPACE_ASSIGNMENT && $owner_id == $assignment['assignment_id']) { echo 'selected="selected"'; } ?>><?php echo AT_print($assignment['title'], 'input.text'); ?></option>
<?php endforeach; ?>
</optgroup>
<?php endif; ?>
echo url_rewrite($_SERVER['PHP_SELF'].$owner_arg_prefix.'folder='.$folder); ?>"><?php echo _AT('home'); ?></a>
<?php foreach ($folder_path as $folder_info): ?>
<?php if ($folder_info['folder_id'] == $folder_id): ?>
- » <?php echo htmlentities_utf8($folder_info['title']); ?>
+ » <?php echo AT_print($folder_info['title'], 'input.text'); ?>
<?php $parent_folder_id = $folder_info['parent_folder_id']; ?>
<?php else: ?>
- » <a href="<?php echo url_rewrite($_SERVER['PHP_SELF'].$owner_arg_prefix.'folder='.$folder_info['folder_id']); ?>"><?php echo htmlentities_utf8($folder_info['title']); ?></a>
+ » <a href="<?php echo url_rewrite($_SERVER['PHP_SELF'].$owner_arg_prefix.'folder='.$folder_info['folder_id']); ?>"><?php echo AT_print($folder_info['title'], 'input.text'); ?></a>
<?php endif; ?>
<?php endforeach; ?>
</td>
<tr onmousedown="document.form['f<?php echo $folder_info['folder_id']; ?>'].checked = !document.form['f<?php echo $folder_info['folder_id']; ?>'].checked; rowselectbox(this, document.form['f<?php echo $folder_info['folder_id']; ?>'].checked, 'checkbuttons(false)');" id="r_<?php echo $folder_info['folder_id']; ?>_1">
<td width="10"><input type="checkbox" name="folders[]" value="<?php echo $folder_info['folder_id']; ?>" id="f<?php echo $folder_info['folder_id']; ?>" onmouseup="this.checked=!this.checked" /></td>
<td><img src="images/folder.gif" height="18" width="20" alt="" /> <label for="f<?php echo $folder_info['folder_id']; ?>"><a href="<?php echo url_rewrite($_SERVER['PHP_SELF'].$owner_arg_prefix.'folder='.
- $folder_info['folder_id']); ?>"><?php echo htmlentities_utf8($folder_info['title']); ?></a></label></td>
+ $folder_info['folder_id']); ?>"><?php echo AT_print($folder_info['title'], 'input.text'); ?></a></label></td>
<td> </td>
<td> </td>
<td> </td>
}
$list[] = '<a href="'.url_rewrite('mods/_standard/file_storage/index.php?download=1'.SEP.'files[]='. $row['file_id'], AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($filetext) > SUBLINK_TEXT_LEN ? ' title="'.$filetext.'"' : '') .'>'.
- validate_length($filetext, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ (strlen($filetext) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($filetext, 'text.input').'"' : '') .'>'.
+ AT_print(validate_length($filetext, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'text.input') .'</a>';
}
return $list;
} else {
<div class="input-form">
<div class="row">
<label for="title"><span class="required" title="<?php echo _AT('required_field'); ?>">*</span><?php echo _AT('title'); ?></label><br />
- <input type="text" name="title" size="40" id="title" value="<?php echo htmlentities_utf8($forum['title']); ?>" />
+ <input type="text" name="title" size="40" id="title" value="<?php echo AT_print($forum['title'], 'input.text'); ?>" />
</div>
<div class="row">
<label for="body"><?php echo _AT('description'); ?></label><br />
- <textarea name="description" cols="45" rows="5" id="body" wrap="wrap"><?php echo htmlentities_utf8($forum['description']); ?></textarea>
+ <textarea name="description" cols="45" rows="5" id="body" wrap="wrap"><?php echo AT_print($forum['description'], 'input.text'); ?></textarea>
</div>
<div class="row">
$result = mysql_query($sql, $db);
while ($row = mysql_fetch_assoc($result)) {
if (in_array($row['course_id'], $courses) ) {
- echo '<option value="'.$row['course_id'].'" selected="selected">'.htmlentities_utf8($row['title']).'</option>';
+ echo '<option value="'.$row['course_id'].'" selected="selected">'.AT_print($row['title'], 'input.text').'</option>';
} else {
- echo '<option value="'.$row['course_id'].'">'.$row['title'].'</option>';
+ echo '<option value="'.$row['course_id'].'">'.AT_print($row['title'], 'input.text').'</option>';
}
}
?></select>
foreach ($all_forums['shared'] as $forum) {\r
echo '<tr onmousedown="document.form[\'f'.$forum['forum_id'].'\'].checked = true; rowselect(this);" id="r_'.$forum['forum_id'].'">';\r
echo '<td><input type="radio" name="id" value="'. $forum['forum_id'].'" id="f'.$forum['forum_id'].'"></td>';\r
- echo ' <td><label for="f'.$forum['forum_id'].'">' . htmlentities_utf8($forum['title']) . '</label></td>';\r
- echo ' <td>' . htmlentities_utf8($forum['description']) . '</td>';\r
+ echo ' <td><label for="f'.$forum['forum_id'].'">' . AT_print($forum['title'], 'forums.title') . '</label></td>';\r
+ echo ' <td>' . AT_print($forum['description'], 'forums.description') . '</td>';\r
echo ' <td>';\r
\r
$courses = array();\r
<?php foreach ($all_forums['nonshared'] as $forum) : ?>\r
<tr onmousedown="document.form['f<?php echo $forum['forum_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $forum['forum_id']; ?>">\r
<td><input type="radio" name="id" value="<?php echo $forum['forum_id']; ?>" id="f<?php echo $forum['forum_id']; ?>" /></td>\r
- <td><label for="f<?php echo $forum['forum_id']; ?>"><?php echo htmlentities_utf8($forum['title']); ?></label></td>\r
- <td><?php echo htmlentities_utf8($forum['description']); ?></td>\r
+ <td><label for="f<?php echo $forum['forum_id']; ?>"><?php echo AT_print($forum['title'], 'forums.title'); ?></label></td>\r
+ <td><?php echo AT_print($forum['description'], 'forums.description'); ?></td>\r
<td><?php echo $system_courses[$forum['course_id']]['title']; ?></td>\r
</tr>\r
<?php endforeach; ?>\r
<div class="row">
<label for="body"><?php echo _AT('description'); ?></label><br />
- <textarea name="body" cols="45" rows="2" id="body" wrap="wrap"><?php echo htmlentities_utf8($row['description']); ?></textarea>
+ <textarea name="body" cols="45" rows="2" id="body" wrap="wrap"><?php echo AT_print($row['description'], 'input.text'); ?></textarea>
</div>
<div class="row">
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />
- <textarea cols="65" name="body" rows="10" id="body"><?php echo htmlentities_utf8($post_row['body']); ?></textarea>
+ <textarea cols="65" name="body" rows="10" id="body"><?php echo AT_print($post_row['body'], 'text.input'); ?></textarea>
</div>
<div class="row">
$sql = "SELECT * from ".TABLE_PREFIX."forums_threads WHERE post_id = '$pid'";
$result = mysql_query($sql, $db);
-while ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['subject']);
-}
+$row = mysql_fetch_assoc($result);
+$title = AT_print($row['subject'], 'forums_threads.subject');
+
$hidden_vars['fid'] = $_GET['fid'];
$hidden_vars['pid'] = $_GET['pid'];
foreach ($forums as $row) : ?>
<tr>
- <td><a href="<?php echo url_rewrite('mods/_standard/forums/forum/index.php?fid='.$row['forum_id']); ?>"><?php echo htmlentities_utf8($row['title']); ?></a> <?php
+ <td><a href="<?php echo url_rewrite('mods/_standard/forums/forum/index.php?fid='.$row['forum_id']); ?>"><?php echo AT_print($row['title'], 'forums.title'); ?></a> <?php
// patch has added the two icons below
if ($_SESSION['enroll']) {
$sql = "SELECT 1 AS constant FROM ".TABLE_PREFIX."forums_subscriptions WHERE forum_id=$row[forum_id] AND member_id=$_SESSION[member_id]";
<br /><img border="0" src="'.AT_BASE_HREF.'images/subscribe-envelope.png" alt="" /> '._AT('subscribe1').'</a>';
}
} ?>
- <p><?php echo htmlentities_utf8($row['description']); ?></p>
+ <p><?php echo AT_print($row['description'], 'forums.description'); ?></p>
</td>
<td align="center" valign="top"><?php echo $row['num_topics']; ?></td>
<td align="center" valign="top"><?php echo $row['num_posts']; ?></td>
<ul style="list-style: none">
<?php foreach($all_forums['nonshared'] as $row): ?>
<li>
- <input type="radio" name="new_fid" value="<?php echo $row['forum_id']; ?>" id="f<?php echo $row['forum_id']; ?>" <?php if ($row['forum_id'] == $_REQUEST['fid']) { echo 'checked="checked"'; } ?> /><label for="f<?php echo $row['forum_id']; ?>"><?php echo htmlentities_utf8($row['title']); ?></label>
+ <input type="radio" name="new_fid" value="<?php echo $row['forum_id']; ?>" id="f<?php echo $row['forum_id']; ?>" <?php if ($row['forum_id'] == $_REQUEST['fid']) { echo 'checked="checked"'; } ?> /><label for="f<?php echo $row['forum_id']; ?>"><?php echo AT_print($row['title'], 'forums.title'); ?></label>
</li>
<?php endforeach; ?>
</ul>
$msg->printErrors();
if (isset($_POST['submit'])) {
- $subject = htmlentities_utf8($_POST['subject']);
- $body = htmlentities_utf8($_POST['body']);
+// $subject = htmlentities_utf8($_POST['subject']);
+// $body = htmlentities_utf8($_POST['body']);
$parent_id = $_POST['parent_id'];
$parent_name = $_POST['parent_name'];
//post reply is set when there is an error occuring.
if ($_POST['reply']!=''){
$saved_post['body'] = $_POST['replytext'];
- $reply_hidden = '<input name="reply" type="hidden" value="'.$_REQUEST['reply'].'" />';
+ $reply_hidden = '<input name="reply" type="hidden" value="'.AT_print($_REQUEST['reply'], 'input.text').'" />';
}
} else if (isset($_GET['reply']) && $_GET['reply'] != '') {
$subject = $saved_post['subject'];
- $reply_hidden = '<input name="reply" type="hidden" value="'.$_REQUEST['reply'].'" />';
+ $reply_hidden = '<input name="reply" type="hidden" value="'.AT_print($_REQUEST['reply'], 'input.text').'" />';
if (substr($subject, 0, 3) != 'Re:') {
$subject = 'Re: '.$subject;
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('post_message'); ?></legend>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="subject"><?php echo _AT('subject'); ?></label><br />
- <input type="text" maxlength="80" name="subject" size="36" value="<?php echo stripslashes(htmlspecialchars($subject)); ?>" id="subject" />
+ <input type="text" maxlength="80" name="subject" size="36" value="<?php echo AT_print($subject, 'input.text'); ?>" id="subject" />
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />
- <textarea cols="45" name="body" rows="10" id="body"><?php echo $body; ?></textarea>
+ <textarea cols="45" name="body" rows="10" id="body"><?php echo AT_print($_POST['body'], 'input.text'); ?></textarea>
<small class="spacer"><br />· <?php echo _AT('forum_links'); ?><br />
· <?php echo _AT('forum_email_links'); ?><br />
* @return list of news, [timestamp]=>
*/
function forums_news() {
- require_once(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
- global $db, $enrolled_courses, $system_courses;
- $news = array();
+ require_once(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
+ global $db, $enrolled_courses, $system_courses;
+ $news = array();
- if ($enrolled_courses == ''){
- return $news;
- }
+ if ($enrolled_courses == ''){
+ return $news;
+ }
- $sql = 'SELECT E.approved, E.last_cid, C.* FROM '.TABLE_PREFIX.'course_enrollment E, '.TABLE_PREFIX.'courses C WHERE E.member_id=1 AND E.course_id=C.course_id ORDER BY C.title';
- $result = mysql_query($sql, $db);
- if ($result) {
- while($row = mysql_fetch_assoc($result)){
- $all_forums = get_forums($row['course_id']);
- if (is_array($all_forums)){
- foreach($all_forums as $forums){
- if (is_array($forums)){
+ $sql = 'SELECT E.approved, E.last_cid, C.* FROM '.TABLE_PREFIX.'course_enrollment E, '.TABLE_PREFIX.'courses C WHERE E.member_id=1 AND E.course_id=C.course_id ORDER BY C.title';
+ $result = mysql_query($sql, $db);
+ if ($result) {
+ while($row = mysql_fetch_assoc($result)){
+ $all_forums = get_forums($row['course_id']);
+ if (is_array($all_forums)){
+ foreach($all_forums as $forums){
+ if (is_array($forums)){
- foreach ($forums as $forum_obj){
- $forum_obj['course_id'] = $row['course_id'];
- $link_title = $forum_obj['title'];
- $news[] = array('time'=>$forum_obj['last_post'],
- 'object'=>$forum_obj,
- 'alt'=>_AT('forum'),
- 'thumb'=>'images/pin.png',
- 'course'=>$system_courses[$row['course_id']]['title'],
- 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/forums/forum/index.php?fid='.$forum_obj['forum_id']).'"'.
- (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.$link_title.'"' : '') .'>'.
- validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>');
- }
- }
- }
- }
- }
- }
- return $news;
+ foreach ($forums as $forum_obj){
+ $forum_obj['course_id'] = $row['course_id'];
+ $link_title = $forum_obj['title'];
+ $news[] = array('time'=>$forum_obj['last_post'],
+ 'object'=>$forum_obj,
+ 'alt'=>_AT('forum'),
+ 'thumb'=>'images/pin.png',
+ 'course'=>$system_courses[$row['course_id']]['title'],
+ 'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/forums/forum/index.php?fid='.$forum_obj['forum_id']).'"'.
+ (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($link_title, 'forums.title').'"' : '') .'>'.
+ AT_print(validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'forums.title') .'</a>');
+ }
+ }
+ }
+ }
+ }
+ }
+ return $news;
}
?>
\ No newline at end of file
$all_forums = get_forums($_SESSION['course_id']);
foreach ($all_forums as $shared => $forums) {
- if (is_array($forums)) {
-
- foreach($forums as $row) {
- if ($cnt >= $record_limit) break 2;
- $cnt++;
-
- $link_title = $row['title'].' ('.AT_DATE('%F %j, %g:%i',$row['last_post'],AT_DATE_MYSQL_DATETIME).')';
- $list[] = '<a href="'.url_rewrite('mods/_standard/forums/forum/index.php?fid='.$row['forum_id'], AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.$link_title.'"' : '') .'>'.
- validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
- }
- }
+ if (is_array($forums)) {
+
+ foreach($forums as $row) {
+ if ($cnt >= $record_limit) break 2;
+ $cnt++;
+
+ $link_title = AT_print($row['title'], 'forums.title').' ('.AT_DATE('%F %j, %g:%i',$row['last_post'],AT_DATE_MYSQL_DATETIME).')';
+ $list[] = '<a href="'.url_rewrite('mods/_standard/forums/forum/index.php?fid='.$row['forum_id'], AT_PRETTY_URL_IS_HEADER).'"'.
+ (strlen($link_title) > SUBLINK_TEXT_LEN ? ' title="'.$link_title.'"' : '') .'>'.
+ validate_length($link_title, SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ }
+ }
}
if (count($list) > 0) {
- return $list;
+ return $list;
} else {
- return 0;
+ return 0;
}
?>
\ No newline at end of file
<div class="input-form">\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br />\r
- <input type="text" name="title" size="40" id="title" value="<?php echo htmlentities_utf8($_POST['title']); ?>"/>\r
+ <input type="text" name="title" size="40" id="title" value="<?php echo AT_print($_POST['title'], 'input.text'); ?>"/>\r
</div>\r
\r
<div class="row">\r
\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="url"><?php echo _AT('url'); ?></label><br />\r
- <input type="text" name="url" size="40" id="url" value="<?php echo htmlentities_utf8($_POST['url']); ?>" />\r
+ <input type="text" name="url" size="40" id="url" value="<?php echo AT_print($_POST['url'], 'input.text'); ?>" />\r
</div>\r
\r
<div class="row">\r
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="description"><?php echo _AT('description'); ?></label><br />\r
- <textarea name="description" cols="55" rows="2" id="description" ><?php echo htmlentities_utf8($_POST['description']); ?></textarea>\r
+ <textarea name="description" cols="55" rows="2" id="description" ><?php echo AT_print($_POST['description'], 'input.text'); ?></textarea>\r
</div>\r
\r
<div class="row buttons">\r
while ($row = mysql_fetch_assoc($result)) {
$list[] = '<a href="'.url_rewrite('mods/_standard/links/index.php?view='.$row['link_id'], AT_PRETTY_URL_IS_HEADER).'"'.
(strlen($row['LinkName']) > SUBLINK_TEXT_LEN ? ' title="'.$row['LinkName'].'"' : '') .'>'.
- validate_length($row['LinkName'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ AT_print(validate_length($row['LinkName'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'resource_links.LinkName') .'</a>';
}
return $list;
} else {
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="url"><?php echo _AT('url'); ?></label><br />
- <input type="text" name="url" size="40" id="url" value="<?php echo htmlentities_utf8($_POST['url']); ?>" />
+ <input type="text" name="url" size="40" id="url" value="<?php echo AT_print($_POST['url'], 'input.text'); ?>" />
</div>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="description"><?php echo _AT('description'); ?></label><br />
- <textarea name="description" cols="55" rows="5" id="description" style="width:90%;"><?php echo htmlentities_utf8($_POST['description']); ?></textarea>
+ <textarea name="description" cols="55" rows="5" id="description" style="width:90%;"><?php echo AT_print($_POST['description'], 'input.text'); ?></textarea>
</div>
<div class="row">
$hidden_vars['link_id'] = $link_id;\r
$hidden_vars['cat_id'] = $row['cat_id'];\r
\r
- $confirm = array('DELETE_LINK', AT_print(htmlentities_utf8($row['LinkName']), 'resource_links.LinkName'));\r
+ $confirm = array('DELETE_LINK', AT_print($row['LinkName'], 'resource_links.LinkName');\r
$msg->addConfirm($confirm, $hidden_vars);\r
\r
$msg->printConfirm();\r
<tr onmousedown="document.form['m<?php echo $row['link_id']; ?>'].checked = true;rowselect(this);" id="r_<?php echo $row['link_id'];?>">\r
<td width="10"><input type="radio" name="link_id" value="<?php echo $row['link_id'].'-'.$row['owner_type'].'-'.$row['owner_id']; ?>" id="m<?php echo $row['link_id']; ?>" /></td>\r
<td><label for="m<?php echo $row['link_id']; ?>"><?php echo AT_print($row['LinkName'], 'resource_links.LinkName'); ?></label></td>\r
- <td><?php echo AT_print(htmlentities_utf8($row['name']), 'resource_links.CatName'); ?></td>\r
+ <td><?php echo AT_print($row['name'], 'resource_links.CatName'); ?></td>\r
<td><?php echo AT_print($row['SubmitName'], 'resource_links.SubmitName'); ?></td>\r
\r
<td align="center"><?php \r
require(AT_INCLUDE_PATH.'header.inc.php');
$hidden_vars['id'] = $id;
-$msg->addConfirm(array('PA_DELETE_ALBUM', htmlentities_utf82($info['name'])), $hidden_vars);
+$msg->addConfirm(array('PA_DELETE_ALBUM', AT_print($info['name'], 'photo_albums.name')), $hidden_vars);
$msg->printConfirm();
require(AT_INCLUDE_PATH.'footer.inc.php');
* Note: Using intval for photo id, if the system is large enough, int might run out of bound.
*/
class PhotoAlbum {
- var $id;
-
- /** Constructor */
- function PhotoAlbum($id=0){
- $this->id = intval($id);
- }
-
- /**
- * Add a photo.
- * @param string filename
- * @param string description of the photo
- * @param int author of this photo
- * @return the photo id that's in the database.
- */
- function addPhoto($name, $comment, $member_id){
- global $db, $addslashes;
- $name = $addslashes($name);
- $comment = $addslashes($comment);
- $member_id = intval($member_id);
- $album_id = $this->id;
-
- //get max order
- $sql = 'SELECT MAX(ordering) AS ordering FROM '.TABLE_PREFIX."pa_photos WHERE album_id=$album_id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- $ordering = intval($row['ordering']) + 1;
- } else {
- $ordering = 1;
- }
-
- $sql = "INSERT INTO ".TABLE_PREFIX."pa_photos (name, description, member_id, album_id, ordering, created_date, last_updated) VALUES ('$name', '$comment', $member_id, $album_id, $ordering, NOW(), NOW())";
- $result = mysql_query($sql, $db);
-
- //update album last_updated
- if ($result){
- $photo_id = mysql_insert_id();
- $this->updateAlbumTimestamp();
- }
-
- return $photo_id;
- }
-
- /** */
- function getPhotoInfo($id){
- global $db, $addslashes;
- $id = intval($id);
- $row = array();
-
- $sql = "SELECT * FROM ".TABLE_PREFIX."pa_photos WHERE id=$id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- } else {
- return false;
- }
- return $row;
- }
-
- /**
- * Edit the info of the photo.
- * @param int photo id
- * @param string the caption of the photo
- * @param string alternative text of the image.
- */
- function editPhoto($id, $description, $alt_text){
- global $db, $addslashes;
- $id = intval($id);
- $description = $addslashes($description);
- $alt_text = $addslashes($alt_text);
-
- $sql = "UPDATE ".TABLE_PREFIX."pa_photos SET description='$description', alt_text='$alt_text', last_updated=NOW() WHERE id=$id";
- $result = mysql_query($sql);
-
- //update album last_updated
- if ($result){
- $this->updateAlbumTimestamp();
- }
-
- return $result;
- }
-
- /**
- * Edit the order of the photo.
- * @param int photo id
- * @param int the ordering of this photo within this album
- */
- function editPhotoOrder($id, $ordering){
- global $db, $addslashes;
- $id = intval($id);
- $ordering = intval($ordering);
-
- $sql = "UPDATE ".TABLE_PREFIX."pa_photos SET ordering=$ordering, last_updated=NOW() WHERE id=$id";
- $result = mysql_query($sql);
-
- //update album last_updated
- if ($result){
- $this->updateAlbumTimestamp();
- }
-
- return $result;
- }
-
- /**
- * Delete photo
- * @param int photo id
- */
- function deletePhoto($id){
- global $db;
- $id = intval($id);
- //delete photo file
- $sql = 'SELECT a.id AS aid, p.name AS name, p.ordering AS ordering, a.created_date AS album_date, p.created_date AS photo_date FROM '.TABLE_PREFIX.'pa_photos p, '.TABLE_PREFIX."pa_albums a WHERE a.id=p.album_id AND p.id=$id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- }
- //if the aid don't match each other, there must be something wrong.
- if($row['aid']!=$this->id){
- return false;
- }
- $albumpath = AT_PA_CONTENT_DIR.getAlbumFilePath($row['aid'], $row['album_date']);
- $filepath = $albumpath.DIRECTORY_SEPARATOR.getPhotoFilePath($id, $row['name'], $row['photo_date']); //orig
- $filepath_tn = $albumpath.'_tn'.DIRECTORY_SEPARATOR.getPhotoFilePath($id, $row['name'], $row['photo_date']); //thumbnail
- if (is_file($filepath) && is_file($filepath_tn)){
- unlink($filepath);
- unlink($filepath_tn);
- }
-
- //delete photo comments
- $sql = 'DELETE FROM '.TABLE_PREFIX."pa_photo_comments WHERE photo_id=$id";
- mysql_query($sql, $db);
-
- //reorder images
- $sql = 'UPDATE '.TABLE_PREFIX.'pa_photos SET `ordering`=`ordering`-1 WHERE album_id='.$row['aid'].' AND `ordering` > '.$row['ordering'];
- mysql_query($sql, $db);
-
- //delete the photo from db
- $sql = "DELETE FROM ".TABLE_PREFIX."pa_photos WHERE id=$id";
- mysql_query($sql, $db);
-
- //update album last_updated
- if ($result){
- $this->updateAlbumTimestamp();
- }
-
- return true;
- }
-
- /**
- * Create an album
- * @param string name of the album
- * @param string location of where this album took place
- * @param string descriptive text of this album
- * @param int check include/constants.inc.php
- * @param int permission, 0 for private, 1 for shared
- * @param int album author
- * @param int OPTIONAL, Photo cover for this album
+ var $id;
+
+ /** Constructor */
+ function PhotoAlbum($id=0){
+ $this->id = intval($id);
+ }
+
+ /**
+ * Add a photo.
+ * @param string filename
+ * @param string description of the photo
+ * @param int author of this photo
+ * @return the photo id that's in the database.
+ */
+ function addPhoto($name, $comment, $member_id){
+ global $db, $addslashes;
+ $name = $addslashes($name);
+ $comment = $addslashes($comment);
+ $member_id = intval($member_id);
+ $album_id = $this->id;
+
+ //get max order
+ $sql = 'SELECT MAX(ordering) AS ordering FROM '.TABLE_PREFIX."pa_photos WHERE album_id=$album_id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ $ordering = intval($row['ordering']) + 1;
+ } else {
+ $ordering = 1;
+ }
+
+ $sql = "INSERT INTO ".TABLE_PREFIX."pa_photos (name, description, member_id, album_id, ordering, created_date, last_updated) VALUES ('$name', '$comment', $member_id, $album_id, $ordering, NOW(), NOW())";
+ $result = mysql_query($sql, $db);
+
+ //update album last_updated
+ if ($result){
+ $photo_id = mysql_insert_id();
+ $this->updateAlbumTimestamp();
+ }
+
+ return $photo_id;
+ }
+
+ /** */
+ function getPhotoInfo($id){
+ global $db, $addslashes;
+ $id = intval($id);
+ $row = array();
+
+ $sql = "SELECT * FROM ".TABLE_PREFIX."pa_photos WHERE id=$id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ } else {
+ return false;
+ }
+ return $row;
+ }
+
+ /**
+ * Edit the info of the photo.
+ * @param int photo id
+ * @param string the caption of the photo
+ * @param string alternative text of the image.
+ */
+ function editPhoto($id, $description, $alt_text){
+ global $db, $addslashes;
+ $id = intval($id);
+ $description = $addslashes($description);
+ $alt_text = $addslashes($alt_text);
+
+ $sql = "UPDATE ".TABLE_PREFIX."pa_photos SET description='$description', alt_text='$alt_text', last_updated=NOW() WHERE id=$id";
+ $result = mysql_query($sql);
+
+ //update album last_updated
+ if ($result){
+ $this->updateAlbumTimestamp();
+ }
+
+ return $result;
+ }
+
+ /**
+ * Edit the order of the photo.
+ * @param int photo id
+ * @param int the ordering of this photo within this album
+ */
+ function editPhotoOrder($id, $ordering){
+ global $db, $addslashes;
+ $id = intval($id);
+ $ordering = intval($ordering);
+
+ $sql = "UPDATE ".TABLE_PREFIX."pa_photos SET ordering=$ordering, last_updated=NOW() WHERE id=$id";
+ $result = mysql_query($sql);
+
+ //update album last_updated
+ if ($result){
+ $this->updateAlbumTimestamp();
+ }
+
+ return $result;
+ }
+
+ /**
+ * Delete photo
+ * @param int photo id
+ */
+ function deletePhoto($id){
+ global $db;
+ $id = intval($id);
+ //delete photo file
+ $sql = 'SELECT a.id AS aid, p.name AS name, p.ordering AS ordering, a.created_date AS album_date, p.created_date AS photo_date FROM '.TABLE_PREFIX.'pa_photos p, '.TABLE_PREFIX."pa_albums a WHERE a.id=p.album_id AND p.id=$id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ }
+ //if the aid don't match each other, there must be something wrong.
+ if($row['aid']!=$this->id){
+ return false;
+ }
+ $albumpath = AT_PA_CONTENT_DIR.getAlbumFilePath($row['aid'], $row['album_date']);
+ $filepath = $albumpath.DIRECTORY_SEPARATOR.getPhotoFilePath($id, $row['name'], $row['photo_date']); //orig
+ $filepath_tn = $albumpath.'_tn'.DIRECTORY_SEPARATOR.getPhotoFilePath($id, $row['name'], $row['photo_date']); //thumbnail
+ if (is_file($filepath) && is_file($filepath_tn)){
+ unlink($filepath);
+ unlink($filepath_tn);
+ }
+
+ //delete photo comments
+ $sql = 'DELETE FROM '.TABLE_PREFIX."pa_photo_comments WHERE photo_id=$id";
+ mysql_query($sql, $db);
+
+ //reorder images
+ $sql = 'UPDATE '.TABLE_PREFIX.'pa_photos SET `ordering`=`ordering`-1 WHERE album_id='.$row['aid'].' AND `ordering` > '.$row['ordering'];
+ mysql_query($sql, $db);
+
+ //delete the photo from db
+ $sql = "DELETE FROM ".TABLE_PREFIX."pa_photos WHERE id=$id";
+ mysql_query($sql, $db);
+
+ //update album last_updated
+ if ($result){
+ $this->updateAlbumTimestamp();
+ }
+
+ return true;
+ }
+
+ /**
+ * Create an album
+ * @param string name of the album
+ * @param string location of where this album took place
+ * @param string descriptive text of this album
+ * @param int check include/constants.inc.php
+ * @param int permission, 0 for private, 1 for shared
+ * @param int album author
+ * @param int OPTIONAL, Photo cover for this album
* @return int album_id, FALSE if failed.
- */
- function createAlbum($name, $location, $description, $type, $permission, $member_id, $photo_id=0){
- global $addslashes, $db;
-
- //handle input
- $name = $addslashes($name);
- $locatoin = $addslashes($location);
- $description = $addslashes($description);
- $type = intval($type);
- $type = ($type<=0)?AT_PA_TYPE_MY_ALBUM:$type;
- $permission = intval($permission);
- $member_id = intval($member_id);
- $photo_id = intval($photo_id);
-
- $sql = "INSERT INTO ".TABLE_PREFIX."pa_albums (name, location, description, type_id, member_id, permission, photo_id, created_date, last_updated) VALUES ('$name', '$location', '$description', $type, $member_id, $permission, $photo_id, NOW(), NOW())";
- $result = mysql_query($sql, $db);
+ */
+ function createAlbum($name, $location, $description, $type, $permission, $member_id, $photo_id=0){
+ global $addslashes, $db;
+
+ //handle input
+ $name = $addslashes($name);
+ $locatoin = $addslashes($location);
+ $description = $addslashes($description);
+ $type = intval($type);
+ $type = ($type<=0)?AT_PA_TYPE_MY_ALBUM:$type;
+ $permission = intval($permission);
+ $member_id = intval($member_id);
+ $photo_id = intval($photo_id);
+
+ $sql = "INSERT INTO ".TABLE_PREFIX."pa_albums (name, location, description, type_id, member_id, permission, photo_id, created_date, last_updated) VALUES ('$name', '$location', '$description', $type, $member_id, $permission, $photo_id, NOW(), NOW())";
+ $result = mysql_query($sql, $db);
$aid = mysql_insert_id();
- //if course album, add a record.
- if ($type==AT_PA_TYPE_COURSE_ALBUM){
- $sql = "INSERT INTO ".TABLE_PREFIX."pa_course_album (course_id, album_id) VALUES ($_SESSION[course_id], $aid)";
- $result = mysql_query($sql, $db);
- }
+ //if course album, add a record.
+ if ($type==AT_PA_TYPE_COURSE_ALBUM){
+ $sql = "INSERT INTO ".TABLE_PREFIX."pa_course_album (course_id, album_id) VALUES ($_SESSION[course_id], $aid)";
+ $result = mysql_query($sql, $db);
+ }
if (!$result) {
return false;
}
- return $aid;
- }
-
- /**
- * Updating album cover.
- * @param int photo id (the album cover)
- * @precondition user has the ability to edit the album.
- */
- function editAlbumCover($pid){
- global $db;
-
- //safe guard
- $pid = intval($pid);
- $aid = $this->id;
-
- //pid and aid cannot be empty
- if ($pid<=0 || $aid<=0){
- return false;
- }
-
- $sql = "UPDATE ".TABLE_PREFIX."pa_albums SET photo_id=$pid, last_updated=NOW() WHERE id=$aid";
- $result = mysql_query($sql, $db);
- return $result;
- }
-
- /**
- * Update album
- * @param string name of the album
- * @param string location of where this album took place
- * @param string descriptive text of this album
- * @param int check include/constants.inc.php
- * @param int permission, 0 for private, 1 for shared
- */
- function editAlbum($name, $location, $description, $type, $permission){
- global $db, $addslashes;
- $id = $this->id;
- $name = $addslashes($name);
- $location = $addslashes($location);
- $description = $addslashes($description);
- $type = ($type==AT_PA_TYPE_COURSE_ALBUM)?AT_PA_TYPE_COURSE_ALBUM:AT_PA_TYPE_MY_ALBUM;
- $permission = ($permission==AT_PA_SHARED_ALBUM)?AT_PA_SHARED_ALBUM:AT_PA_PRIVATE_ALBUM;
- $info = $this->getAlbuminfo();
-
- //if type has been changed, run the query to update the course_album table
- if ($info['type_id'] != $type){
- //if course album, add a record.
- if ($type==AT_PA_TYPE_COURSE_ALBUM){
- $sql = "INSERT INTO ".TABLE_PREFIX."pa_course_album (course_id, album_id) VALUES ($_SESSION[course_id], $id)";
- $result = mysql_query($sql, $db);
- } else {
- $sql = 'DELETE FROM '.TABLE_PREFIX."pa_course_album WHERE course_id=$_SESSION[course_id] AND album_id=$id";
- $result = mysql_query($sql, $db);
- }
- }
-
- $sql = 'UPDATE '.TABLE_PREFIX."pa_albums SET name='$name', location='$location', description='$description', type_id=$type, permission=$permission, last_updated=NOW() WHERE id=$id";
- $result = mysql_query($sql, $db);
- return $result;
- }
-
- /**
- * Delete an album and all associations
- */
- function deleteAlbum(){
- //TODO Error checking on each step, if anyone fails, should report it to user
- global $db;
- $id = $this->id;
-
- //clean directory
- $sql = 'SELECT created_date FROM '.TABLE_PREFIX."pa_albums WHERE id=$id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- }
- $filepath = AT_PA_CONTENT_DIR . getAlbumFilePath($id, $row['created_date']); //orig
- $filepath_tn = $filepath.'_tn'; //thumbnails
- //delete files
- if (is_dir($filepath) && is_dir($filepath_tn)){
- clr_dir($filepath);
- clr_dir($filepath_tn);
- }
-
- //delete all photo comments
- $sql = 'DELETE c.* FROM '.TABLE_PREFIX.'pa_photo_comments c LEFT JOIN '.TABLE_PREFIX."pa_photos p ON c.photo_id=p.id WHERE p.album_id=$id";
- mysql_query($sql, $db);
-
- //delete all photos within this album
- $sql = "DELETE FROM ".TABLE_PREFIX."pa_photos WHERE album_id=$id";
- mysql_query($sql, $db);
-
- //delete all album comments
- $sql = 'DELETE FROM '.TABLE_PREFIX."pa_album_comments WHERE album_id=$id";
- mysql_query($sql, $db);
-
- //delete album
- $sql = "DELETE FROM ".TABLE_PREFIX."pa_albums WHERE id=$id";
- mysql_query($sql, $db);
- }
-
- /**
- * Update album last_updated column to the current timestamp.
- * @return null
- * @access private
- */
- private function updateAlbumTimestamp(){
- global $db;
- if($this->id <= 0){
- //quit if album id is not set.
- return;
- }
- $sql = 'UPDATE '.TABLE_PREFIX.'pa_albums SET last_updated=NOW() WHERE id='.$this->id;
- mysql_query($sql, $db);
- }
-
- /**
- * Get album photos
- */
- function getAlbumPhotos($offset=-1){
- global $db;
- $id = $this->id;
- $offset = intval($offset);
- $rows = array();
-
- $sql = "SELECT photos.* FROM " .TABLE_PREFIX."pa_photos photos LEFT JOIN ".TABLE_PREFIX."pa_albums albums ON albums.id=photos.album_id WHERE albums.id=$id ORDER BY ordering";
- if ($offset >= 0){
- $sql .= " LIMIT $offset ,".AT_PA_PHOTOS_PER_PAGE;
- }
-
- $result = mysql_query($sql, $db);
- if ($result){
- while ($row = mysql_fetch_assoc($result)){
- $rows[] = $row;
- }
- }
- return $rows;
- }
-
- /**
- * Get album information
- * @param int album id
- * @return the album row, false on error
- */
- function getAlbumInfo(){
- global $db;
- $id = $this->id;
- $sql = "SELECT * FROM ".TABLE_PREFIX."pa_albums WHERE id=$id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- return $row;
- }
- return false;
- }
-
- /**
- * Get a list of album by the given type (profile/my albums/class albums)
- * Default to be all.
- */
- function getAlbums($member_id, $type_id=-1, $offset=-1){
- global $db;
- $type_id = intval($type_id);
- $member_id = intval($member_id);
- $offset = intval($offset);
- $rows = array();
-
- $sql = "SELECT * FROM ".TABLE_PREFIX."pa_albums WHERE member_id=$member_id";
- if($type_id==AT_PA_TYPE_COURSE_ALBUM){
- //if inside the course scope, get this course's albums only
- //if in my_start_page, get all enrolled course
- $course_sql = ($_SESSION['course_id']==0)?'':'AND ca.course_id='.$_SESSION['course_id'];
-
- $sql = 'SELECT albums.* FROM '.TABLE_PREFIX.'pa_albums albums,
- (SELECT ca.* FROM '.TABLE_PREFIX.'course_enrollment enrollments
- RIGHT JOIN '.TABLE_PREFIX."pa_course_album ca
- ON enrollments.course_id=ca.course_id
- WHERE member_id=$member_id $course_id
- ) AS allowed_albums
- WHERE albums.id=allowed_albums.album_id";
- }
- elseif($type_id > 0){
- $sql .= " AND type_id=$type_id";
- }
- if ($offset > -1){
- $sql .= " LIMIT $offset ," . AT_PA_ALBUMS_PER_PAGE;
- }
- $result = mysql_query($sql, $db);
- if($result){
- while($row = mysql_fetch_assoc($result)){
- $rows[$row['id']] = $row;
- }
- }
- return $rows;
- }
-
- /**
- * Get all albums, used by Admin only.
- */
- function getAllAlbums($offset=-1){
- global $db;
- $offset = intval($offset);
-
- $sql = 'SELECT * FROM '.TABLE_PREFIX.'pa_albums';
-
- if ($offset > -1){
- $sql .= " LIMIT $offset ," . AT_PA_ADMIN_ALBUMS_PER_PAGE;
- }
-
- $result = mysql_query($sql, $db);
- if($result){
- while($row = mysql_fetch_assoc($result)){
- $rows[$row['id']] = $row;
- }
- }
- return $rows;
- }
-
-
- /**
- * Get all private/shared albums (ignore album type)
- * @param boolean True to get all shared album; false to get all private album, default: true
- * @param int Resultset's limit
- */
- function getSharedAlbums($isShared=true, $offset=-1){
- global $db;
- $offset = intval($offset);
- $permission = ($isShared)? 1 : 0;
-
- $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_albums WHERE permission=$permission";
- if ($offset > -1){
- $sql .= " LIMIT $offset ," . AT_PA_ALBUMS_PER_PAGE;
- }
- $result = mysql_query($sql, $db);
- if ($result){
- while ($row = mysql_fetch_assoc($result)){
- $rows[$row['id']] = $row;
- }
- }
- return $rows;
- }
-
- /**
- * Get album type names
- * @param int album types, check constants.inc.php
- * @return the string representation of this album type
- */
- function getAlbumTypeName($type){
- switch ($type){
- case AT_PA_TYPE_MY_ALBUM:
- return _AT('pa_my_albums');
- case AT_PA_TYPE_COURSE_ALBUM:
- return _AT('pa_course_albums');
- case AT_PA_TYPE_PERSONAL:
- return _AT('pa_profile_album');
- default:
- return false;
- }
- }
-
- /**
- * Get the owner of this album
- * @param int album_id
- * @param int member_id
- * @return True if the given user has the privilege to delete/edit.
- */
- function checkAlbumPriv($member_id){
- global $db;
- $album_id = $this->id;
- $member_id = intval($member_id);
-
- //if admin
- if (admin_authenticate(AT_ADMIN_PRIV_PHOTO_ALBUM, true)){
- return true;
- }
-
- $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_albums WHERE id=$album_id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- return ($row['member_id']==$member_id);
- }
- return false;
- }
-
- /**
- * Get the owner of this photo
- * @param int photo_id
- * @param int member_id
- * @return True if the given user has the privilege to delete/edit.
- */
- function checkPhotoPriv($photo_id, $member_id){
- global $db;
- $photo_id = intval($photo_id);
- $member_id = intval($member_id);
-
- $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_photos WHERE id=$photo_id";
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- return ($row['member_id']==$member_id);
- }
- return false;
- }
-
-
- /**
- * Get the owner of the comment
- */
- function checkCommentPriv($comment_id, $member_id, $isPhoto){
- global $db;
- $comment_id = intval($comment_id);
- $member_id = intval($member_id);
-
- if ($isPhoto){
- $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_photo_comments WHERE id=$comment_id";
- } else {
- $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_album_comments WHERE id=$comment_id";
- }
- $result = mysql_query($sql, $db);
- if ($result){
- $row = mysql_fetch_assoc($result);
- return ($row['member_id']==$member_id);
- }
- return false;
- }
-
- /**
- * Add comment
- * @param int id (can be photo_id, or album_id)
- * @param string comment
- * @param int user id
- * @param boolean true if it is photo_id, false otherwise
- */
- function addComment($id, $comment, $member_id, $isPhoto){
- global $addslashes, $db;
-
- $id = intval($id);
- $member_id = intval($member_id);
- $comment = $addslashes($comment);
-
- if(!$isPhoto){
- $sql = 'INSERT INTO '.TABLE_PREFIX."pa_album_comments (album_id, comment, member_id, created_date) VALUES ($id, '$comment', $member_id, NOW())";
- } else {
- $sql = 'INSERT INTO '.TABLE_PREFIX."pa_photo_comments (photo_id, comment, member_id, created_date) VALUES ($id, '$comment', $member_id, NOW())";
- }
- $result = mysql_query($sql, $db);
- return $result;
- }
-
- /**
- * Edit comment
- * @param int comment id
- * @param string comment
- * @param boolean true if it is photo_id, false otherwise
- * @precondition this->member_id has the privilige to edit comment.
- */
- function editComment($id, $comment, $isPhoto){
- global $addslashes, $db;
-
- $id = intval($id);
- $comment = $addslashes($comment);
- if($id<1 || $comment==''){
- return false;
- }
-
- if (!$isPhoto){
- $sql = 'UPDATE '.TABLE_PREFIX."pa_album_comments SET comment='$comment' WHERE id=$id";
- } else {
- $sql = 'UPDATE '.TABLE_PREFIX."pa_photo_comments SET comment='$comment' WHERE id=$id";
- }
- $result = mysql_query($sql, $db);
- return $result;
- }
-
-
- /**
- * Get comments
- * @param int id (can be photo_id, or album_id)
- * @param boolean true of it is photo_id, false otherwise.
- */
- function getComments($id, $isPhoto){
- global $db;
-
- $id = intval($id);
-
- if ($isPhoto){
- $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_photo_comments WHERE photo_id=$id";
- } else {
- $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_album_comments WHERE album_id=$id";
- }
- $sql .= ' ORDER BY created_date';
-
- $result = mysql_query($sql, $db);
- if($result){
- while ($row = mysql_fetch_assoc($result)){
- $rows[] = $row;
- }
- }
- return $rows;
- }
-
- /**
- * Delete photo comment
- */
- function deleteComment($id, $isPhoto){
- global $db;
- $id = intval($id);
-
- if ($isPhoto){
- $sql = "DELETE FROM ".TABLE_PREFIX."pa_photo_comments WHERE id=$id";
- } else {
- $sql = "DELETE FROM ".TABLE_PREFIX."pa_album_comments WHERE id=$id";
- }
- mysql_query($sql, $db);
- }
-
- /**
- * Search and return list of albums, and list of photos
- * Note: Speed and ranks are of priority here.
- * @param Array The unescaped array of search phrases.
- * @return [Array, Array] First array is albums, second array are matched photos
- */
- function search($words){
- global $db, $addslashes;
-
- //init
- $visible_photos = array();
- $visible_albums = array();
-
- //validate input
- if (!is_array($words) || empty($words)){
- return null;
- }
- //filter
- foreach($words as $k=>$v){
- $v = $addslashes(trim($v));
- $query .= "(description LIKE '%$v%' OR name LIKE '%$v%' OR alt_text LIKE '%$v%') OR "; //for sql
- $pattern .= $v.'|'; //regex for albums
- }
- $pattern = substr($pattern, 0, -1);
-
- //TODO: Optimize SQL, UNION is slow, but I think this is the fastest I can get, prove me wrong.
- //@harris
- /** Get all visible albums */
- $sql = 'SELECT albums.* FROM '.TABLE_PREFIX.'pa_albums albums,
- (SELECT ca.* FROM '.TABLE_PREFIX.'course_enrollment enrollments
- RIGHT JOIN '.TABLE_PREFIX."pa_course_album ca
- ON enrollments.course_id=ca.course_id
- WHERE member_id=$_SESSION[member_id]
- ) AS allowed_albums
- WHERE albums.id=allowed_albums.album_id
- UNION
- SELECT * FROM AT_pa_albums WHERE member_id=$_SESSION[member_id] OR permission=1";
- $result = mysql_query($sql, $db);
- if (!$result){
- return null;
- }
- while($row = mysql_fetch_assoc($result)){
- $visible_albums[$row['id']] = $row;
- }
- $visible_albums_ids = implode(', ', array_keys($visible_albums));
-
- /** Get all photos from these albums */
- $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_photos WHERE album_id IN ($visible_albums_ids)";
- $query = ' AND ' . substr($query, 0, -3);
- $sql = $sql . $query . ' LIMIT ' . AT_PA_PHOTO_SEARCH_LIMIT;
- $result = mysql_query($sql, $db);
- if (!$result){
- return null;
- }
- while($row = mysql_fetch_assoc($result)){
- $visible_photos[$row['id']] = $row;
- }
-
- /** Point system*/
- //photos
- if (!empty($visible_photos)){
- $album_photos = array(); //keep track of the # of photos inside an album, should match a 'count(*) group by'
- foreach($visible_photos as $photo_id=>$photo){
- $match_flag = false;
-
- if (preg_match("/$pattern/i", $photo['name'])){
- $visible_photos[$photo_id]['point'] += 1;
- $match_flag = true;
- }
- if (preg_match("/$pattern/i", $photo['alt_text'])){
- $visible_photos[$photo_id]['point'] += 1;
- $match_flag = true;
- }
- if (preg_match("/$pattern/i", $photo['description'])){
- $visible_photos[$photo_id]['point'] += 2;
- $match_flag = true;
- }
- //total photo points within an album
- if ($match_flag){
- $album_photos[$photo['album_id']] += 1;
- }
- }
- }
-
- //albums
- foreach($visible_albums as $album_id=>$album){
- if (preg_match("/$pattern/i", $album['name'])){
- $visible_albums[$album_id]['point'] += 3;
- }
- if (preg_match("/$pattern/i", $album['location'])){
- $visible_albums[$album_id]['point'] += 1;
- }
- if (preg_match("/$pattern/i", $album['description'])){
- $visible_albums[$album_id]['point'] += 1;
- }
- //every photo has a certain value to the album, and is calculated as follow
- //[# of matched photo in an album] / [total number of matched photos] *4
- //4 is the total matched photo score (ie. all album's photo score should add up to 4)
- if (isset($album_photos[$album_id])){
- $visible_albums[$album_id]['point'] += $album_photos[$album_id]/sizeof($visible_photos) * 4;
- }
- //If no point in the album, most likely it's irrelevant and not of interest, take it out
- if (!isset($visible_albums[$album_id]['point'])){
- unset($visible_albums[$album_id]);
- }
- }
-
- /** sort and return */
- usort($visible_photos, array('PhotoAlbum', 'search_cmp'));
- usort($visible_albums, array('PhotoAlbum', 'search_cmp'));
+ return $aid;
+ }
+
+ /**
+ * Updating album cover.
+ * @param int photo id (the album cover)
+ * @precondition user has the ability to edit the album.
+ */
+ function editAlbumCover($pid){
+ global $db;
+
+ //safe guard
+ $pid = intval($pid);
+ $aid = $this->id;
+
+ //pid and aid cannot be empty
+ if ($pid<=0 || $aid<=0){
+ return false;
+ }
+
+ $sql = "UPDATE ".TABLE_PREFIX."pa_albums SET photo_id=$pid, last_updated=NOW() WHERE id=$aid";
+ $result = mysql_query($sql, $db);
+ return $result;
+ }
+
+ /**
+ * Update album
+ * @param string name of the album
+ * @param string location of where this album took place
+ * @param string descriptive text of this album
+ * @param int check include/constants.inc.php
+ * @param int permission, 0 for private, 1 for shared
+ */
+ function editAlbum($name, $location, $description, $type, $permission){
+ global $db, $addslashes;
+ $id = $this->id;
+ $name = $addslashes($name);
+ $location = $addslashes($location);
+ $description = $addslashes($description);
+ $type = ($type==AT_PA_TYPE_COURSE_ALBUM)?AT_PA_TYPE_COURSE_ALBUM:AT_PA_TYPE_MY_ALBUM;
+ $permission = ($permission==AT_PA_SHARED_ALBUM)?AT_PA_SHARED_ALBUM:AT_PA_PRIVATE_ALBUM;
+ $info = $this->getAlbuminfo();
+
+ //if type has been changed, run the query to update the course_album table
+ if ($info['type_id'] != $type){
+ //if course album, add a record.
+ if ($type==AT_PA_TYPE_COURSE_ALBUM){
+ $sql = "INSERT INTO ".TABLE_PREFIX."pa_course_album (course_id, album_id) VALUES ($_SESSION[course_id], $id)";
+ $result = mysql_query($sql, $db);
+ } else {
+ $sql = 'DELETE FROM '.TABLE_PREFIX."pa_course_album WHERE course_id=$_SESSION[course_id] AND album_id=$id";
+ $result = mysql_query($sql, $db);
+ }
+ }
+
+ $sql = 'UPDATE '.TABLE_PREFIX."pa_albums SET name='$name', location='$location', description='$description', type_id=$type, permission=$permission, last_updated=NOW() WHERE id=$id";
+ $result = mysql_query($sql, $db);
+ return $result;
+ }
+
+ /**
+ * Delete an album and all associations
+ */
+ function deleteAlbum(){
+ //TODO Error checking on each step, if anyone fails, should report it to user
+ global $db;
+ $id = $this->id;
+
+ //clean directory
+ $sql = 'SELECT created_date FROM '.TABLE_PREFIX."pa_albums WHERE id=$id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ }
+ $filepath = AT_PA_CONTENT_DIR . getAlbumFilePath($id, $row['created_date']); //orig
+ $filepath_tn = $filepath.'_tn'; //thumbnails
+ //delete files
+ if (is_dir($filepath) && is_dir($filepath_tn)){
+ clr_dir($filepath);
+ clr_dir($filepath_tn);
+ }
+
+ //delete all photo comments
+ $sql = 'DELETE c.* FROM '.TABLE_PREFIX.'pa_photo_comments c LEFT JOIN '.TABLE_PREFIX."pa_photos p ON c.photo_id=p.id WHERE p.album_id=$id";
+ mysql_query($sql, $db);
+
+ //delete all photos within this album
+ $sql = "DELETE FROM ".TABLE_PREFIX."pa_photos WHERE album_id=$id";
+ mysql_query($sql, $db);
+
+ //delete all album comments
+ $sql = 'DELETE FROM '.TABLE_PREFIX."pa_album_comments WHERE album_id=$id";
+ mysql_query($sql, $db);
+
+ //delete album
+ $sql = "DELETE FROM ".TABLE_PREFIX."pa_albums WHERE id=$id";
+ mysql_query($sql, $db);
+ }
+
+ /**
+ * Update album last_updated column to the current timestamp.
+ * @return null
+ * @access private
+ */
+ private function updateAlbumTimestamp(){
+ global $db;
+ if($this->id <= 0){
+ //quit if album id is not set.
+ return;
+ }
+ $sql = 'UPDATE '.TABLE_PREFIX.'pa_albums SET last_updated=NOW() WHERE id='.$this->id;
+ mysql_query($sql, $db);
+ }
+
+ /**
+ * Get album photos
+ */
+ function getAlbumPhotos($offset=-1){
+ global $db;
+ $id = $this->id;
+ $offset = intval($offset);
+ $rows = array();
+
+ $sql = "SELECT photos.* FROM " .TABLE_PREFIX."pa_photos photos LEFT JOIN ".TABLE_PREFIX."pa_albums albums ON albums.id=photos.album_id WHERE albums.id=$id ORDER BY ordering";
+ if ($offset >= 0){
+ $sql .= " LIMIT $offset ,".AT_PA_PHOTOS_PER_PAGE;
+ }
+
+ $result = mysql_query($sql, $db);
+ if ($result){
+ while ($row = mysql_fetch_assoc($result)){
+ $rows[] = $row;
+ }
+ }
+ return $rows;
+ }
+
+ /**
+ * Get album information
+ * @param int album id
+ * @return the album row, false on error
+ */
+ function getAlbumInfo(){
+ global $db;
+ $id = $this->id;
+ $sql = "SELECT * FROM ".TABLE_PREFIX."pa_albums WHERE id=$id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ return $row;
+ }
+ return false;
+ }
+
+ /**
+ * Get a list of album by the given type (profile/my albums/class albums)
+ * Default to be all.
+ */
+ function getAlbums($member_id, $type_id=-1, $offset=-1){
+ global $db;
+ $type_id = intval($type_id);
+ $member_id = intval($member_id);
+ $offset = intval($offset);
+ $rows = array();
+
+ $sql = "SELECT * FROM ".TABLE_PREFIX."pa_albums WHERE member_id=$member_id";
+ if($type_id==AT_PA_TYPE_COURSE_ALBUM){
+ //if inside the course scope, get this course's albums only
+ //if in my_start_page, get all enrolled course
+ $course_sql = ($_SESSION['course_id']==0)?'':'AND ca.course_id='.$_SESSION['course_id'];
+
+ $sql = 'SELECT albums.* FROM '.TABLE_PREFIX.'pa_albums albums,
+ (SELECT ca.* FROM '.TABLE_PREFIX.'course_enrollment enrollments
+ RIGHT JOIN '.TABLE_PREFIX."pa_course_album ca
+ ON enrollments.course_id=ca.course_id
+ WHERE member_id=$member_id $course_id
+ ) AS allowed_albums
+ WHERE albums.id=allowed_albums.album_id";
+ }
+ elseif($type_id > 0){
+ $sql .= " AND type_id=$type_id";
+ }
+ if ($offset > -1){
+ $sql .= " LIMIT $offset ," . AT_PA_ALBUMS_PER_PAGE;
+ }
+ $result = mysql_query($sql, $db);
+ if($result){
+ while($row = mysql_fetch_assoc($result)){
+ $rows[$row['id']] = $row;
+ }
+ }
+ return $rows;
+ }
+
+ /**
+ * Get all albums, used by Admin only.
+ */
+ function getAllAlbums($offset=-1){
+ global $db;
+ $offset = intval($offset);
+
+ $sql = 'SELECT * FROM '.TABLE_PREFIX.'pa_albums';
+
+ if ($offset > -1){
+ $sql .= " LIMIT $offset ," . AT_PA_ADMIN_ALBUMS_PER_PAGE;
+ }
+
+ $result = mysql_query($sql, $db);
+ if($result){
+ while($row = mysql_fetch_assoc($result)){
+ $rows[$row['id']] = $row;
+ }
+ }
+ return $rows;
+ }
+
+
+ /**
+ * Get all private/shared albums (ignore album type)
+ * @param boolean True to get all shared album; false to get all private album, default: true
+ * @param int Resultset's limit
+ */
+ function getSharedAlbums($isShared=true, $offset=-1){
+ global $db;
+ $offset = intval($offset);
+ $permission = ($isShared)? 1 : 0;
+
+ $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_albums WHERE permission=$permission";
+ if ($offset > -1){
+ $sql .= " LIMIT $offset ," . AT_PA_ALBUMS_PER_PAGE;
+ }
+ $result = mysql_query($sql, $db);
+ if ($result){
+ while ($row = mysql_fetch_assoc($result)){
+ $rows[$row['id']] = $row;
+ }
+ }
+ return $rows;
+ }
+
+ /**
+ * Get album type names
+ * @param int album types, check constants.inc.php
+ * @return the string representation of this album type
+ */
+ function getAlbumTypeName($type){
+ switch ($type){
+ case AT_PA_TYPE_MY_ALBUM:
+ return _AT('pa_my_albums');
+ case AT_PA_TYPE_COURSE_ALBUM:
+ return _AT('pa_course_albums');
+ case AT_PA_TYPE_PERSONAL:
+ return _AT('pa_profile_album');
+ default:
+ return false;
+ }
+ }
+
+ /**
+ * Get the owner of this album
+ * @param int album_id
+ * @param int member_id
+ * @return True if the given user has the privilege to delete/edit.
+ */
+ function checkAlbumPriv($member_id){
+ global $db;
+ $album_id = $this->id;
+ $member_id = intval($member_id);
+
+ //if admin
+ if (admin_authenticate(AT_ADMIN_PRIV_PHOTO_ALBUM, true)){
+ return true;
+ }
+
+ $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_albums WHERE id=$album_id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ return ($row['member_id']==$member_id);
+ }
+ return false;
+ }
+
+ /**
+ * Get the owner of this photo
+ * @param int photo_id
+ * @param int member_id
+ * @return True if the given user has the privilege to delete/edit.
+ */
+ function checkPhotoPriv($photo_id, $member_id){
+ global $db;
+ $photo_id = intval($photo_id);
+ $member_id = intval($member_id);
+
+ $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_photos WHERE id=$photo_id";
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ return ($row['member_id']==$member_id);
+ }
+ return false;
+ }
+
+
+ /**
+ * Get the owner of the comment
+ */
+ function checkCommentPriv($comment_id, $member_id, $isPhoto){
+ global $db;
+ $comment_id = intval($comment_id);
+ $member_id = intval($member_id);
+
+ if ($isPhoto){
+ $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_photo_comments WHERE id=$comment_id";
+ } else {
+ $sql = "SELECT member_id FROM ".TABLE_PREFIX."pa_album_comments WHERE id=$comment_id";
+ }
+ $result = mysql_query($sql, $db);
+ if ($result){
+ $row = mysql_fetch_assoc($result);
+ return ($row['member_id']==$member_id);
+ }
+ return false;
+ }
+
+ /**
+ * Add comment
+ * @param int id (can be photo_id, or album_id)
+ * @param string comment
+ * @param int user id
+ * @param boolean true if it is photo_id, false otherwise
+ */
+ function addComment($id, $comment, $member_id, $isPhoto){
+ global $addslashes, $db;
+
+ $id = intval($id);
+ $member_id = intval($member_id);
+ $comment = $addslashes($comment);
+
+ if(!$isPhoto){
+ $sql = 'INSERT INTO '.TABLE_PREFIX."pa_album_comments (album_id, comment, member_id, created_date) VALUES ($id, '$comment', $member_id, NOW())";
+ } else {
+ $sql = 'INSERT INTO '.TABLE_PREFIX."pa_photo_comments (photo_id, comment, member_id, created_date) VALUES ($id, '$comment', $member_id, NOW())";
+ }
+ $result = mysql_query($sql, $db);
+ return $result;
+ }
+
+ /**
+ * Edit comment
+ * @param int comment id
+ * @param string comment
+ * @param boolean true if it is photo_id, false otherwise
+ * @precondition this->member_id has the privilige to edit comment.
+ */
+ function editComment($id, $comment, $isPhoto){
+ global $addslashes, $db;
+
+ $id = intval($id);
+ $comment = $addslashes($comment);
+ if($id<1 || $comment==''){
+ return false;
+ }
+
+ if (!$isPhoto){
+ $sql = 'UPDATE '.TABLE_PREFIX."pa_album_comments SET comment='$comment' WHERE id=$id";
+ } else {
+ $sql = 'UPDATE '.TABLE_PREFIX."pa_photo_comments SET comment='$comment' WHERE id=$id";
+ }
+ $result = mysql_query($sql, $db);
+ return $result;
+ }
+
+
+ /**
+ * Get comments
+ * @param int id (can be photo_id, or album_id)
+ * @param boolean true of it is photo_id, false otherwise.
+ */
+ function getComments($id, $isPhoto){
+ global $db;
+
+ $id = intval($id);
+
+ if ($isPhoto){
+ $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_photo_comments WHERE photo_id=$id";
+ } else {
+ $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_album_comments WHERE album_id=$id";
+ }
+ $sql .= ' ORDER BY created_date';
+
+ $result = mysql_query($sql, $db);
+ if($result){
+ while ($row = mysql_fetch_assoc($result)){
+ $rows[] = $row;
+ }
+ }
+ return $rows;
+ }
+
+ /**
+ * Delete photo comment
+ */
+ function deleteComment($id, $isPhoto){
+ global $db;
+ $id = intval($id);
+
+ if ($isPhoto){
+ $sql = "DELETE FROM ".TABLE_PREFIX."pa_photo_comments WHERE id=$id";
+ } else {
+ $sql = "DELETE FROM ".TABLE_PREFIX."pa_album_comments WHERE id=$id";
+ }
+ mysql_query($sql, $db);
+ }
+
+ /**
+ * Search and return list of albums, and list of photos
+ * Note: Speed and ranks are of priority here.
+ * @param Array The unescaped array of search phrases.
+ * @return [Array, Array] First array is albums, second array are matched photos
+ */
+ function search($words){
+ global $db, $addslashes;
+
+ //init
+ $visible_photos = array();
+ $visible_albums = array();
+
+ //validate input
+ if (!is_array($words) || empty($words)){
+ return null;
+ }
+
+ //filter
+ foreach($words as $k=>$v){
+ $v = $addslashes(trim($v));
+ $query .= "(description LIKE '%$v%' OR name LIKE '%$v%' OR alt_text LIKE '%$v%') OR "; //for sql
+ $pattern .= $v.'|'; //regex for albums
+ }
+ $pattern = str_replace (array('>', '<', '/', '\\'), "", $pattern);
+ $pattern = substr($pattern, 0, -1);
+
+ //TODO: Optimize SQL, UNION is slow, but I think this is the fastest I can get, prove me wrong.
+ //@harris
+ /** Get all visible albums */
+ $sql = 'SELECT albums.* FROM '.TABLE_PREFIX.'pa_albums albums,
+ (SELECT ca.* FROM '.TABLE_PREFIX.'course_enrollment enrollments
+ RIGHT JOIN '.TABLE_PREFIX."pa_course_album ca
+ ON enrollments.course_id=ca.course_id
+ WHERE member_id=$_SESSION[member_id]
+ ) AS allowed_albums
+ WHERE albums.id=allowed_albums.album_id
+ UNION
+ SELECT * FROM AT_pa_albums WHERE member_id=$_SESSION[member_id] OR permission=1";
+ $result = mysql_query($sql, $db);
+ if (!$result){
+ return null;
+ }
+ while($row = mysql_fetch_assoc($result)){
+ $visible_albums[$row['id']] = $row;
+ }
+ $visible_albums_ids = implode(', ', array_keys($visible_albums));
+
+ /** Get all photos from these albums */
+ $sql = 'SELECT * FROM '.TABLE_PREFIX."pa_photos WHERE album_id IN ($visible_albums_ids)";
+ $query = ' AND ' . substr($query, 0, -3);
+ $sql = $sql . $query . ' LIMIT ' . AT_PA_PHOTO_SEARCH_LIMIT;
+ $result = mysql_query($sql, $db);
+ if (!$result){
+ return null;
+ }
+ while($row = mysql_fetch_assoc($result)){
+ $visible_photos[$row['id']] = $row;
+ }
+
+ /** Point system*/
+ //photos
+ if (!empty($visible_photos)){
+ $album_photos = array(); //keep track of the # of photos inside an album, should match a 'count(*) group by'
+ foreach($visible_photos as $photo_id=>$photo){
+ $match_flag = false;
+
+ if (preg_match("/$pattern/i", $photo['name'])){
+ $visible_photos[$photo_id]['point'] += 1;
+ $match_flag = true;
+ }
+ if (preg_match("/$pattern/i", $photo['alt_text'])){
+ $visible_photos[$photo_id]['point'] += 1;
+ $match_flag = true;
+ }
+ if (preg_match("/$pattern/i", $photo['description'])){
+ $visible_photos[$photo_id]['point'] += 2;
+ $match_flag = true;
+ }
+ //total photo points within an album
+ if ($match_flag){
+ $album_photos[$photo['album_id']] += 1;
+ }
+ }
+ }
+
+ //albums
+ foreach($visible_albums as $album_id=>$album){
+ if (preg_match("/$pattern/i", $album['name'])){
+ $visible_albums[$album_id]['point'] += 3;
+ }
+ if (preg_match("/$pattern/i", $album['location'])){
+ $visible_albums[$album_id]['point'] += 1;
+ }
+ if (preg_match("/$pattern/i", $album['description'])){
+ $visible_albums[$album_id]['point'] += 1;
+ }
+ //every photo has a certain value to the album, and is calculated as follow
+ //[# of matched photo in an album] / [total number of matched photos] *4
+ //4 is the total matched photo score (ie. all album's photo score should add up to 4)
+ if (isset($album_photos[$album_id])){
+ $visible_albums[$album_id]['point'] += $album_photos[$album_id]/sizeof($visible_photos) * 4;
+ }
+ //If no point in the album, most likely it's irrelevant and not of interest, take it out
+ if (!isset($visible_albums[$album_id]['point'])){
+ unset($visible_albums[$album_id]);
+ }
+ }
+
+ /** sort and return */
+ usort($visible_photos, array('PhotoAlbum', 'search_cmp'));
+ usort($visible_albums, array('PhotoAlbum', 'search_cmp'));
// debug($visible_photos, 'visible_photos');
// debug($visible_albums, 'visible albums');
- return array($visible_albums, $visible_photos);
- }
-
- /**
- * Compare functino for usort, used by search (descending)
- */
- function search_cmp($k1, $k2){
- if(!isset($k1['point'])){
- $k1['point'] = 0;
- }
- if(!isset($k2['point'])){
- $k2['point'] = 0;
- }
-
- if ($k1['point'] == $k2['point']) return 0;
- if ($k1['point'] > $k2['point']) return -1;
- else return 1;
- }
+ return array($visible_albums, $visible_photos);
+ }
+
+ /**
+ * Compare functino for usort, used by search (descending)
+ */
+ function search_cmp($k1, $k2){
+ if(!isset($k1['point'])){
+ $k1['point'] = 0;
+ }
+ if(!isset($k2['point'])){
+ $k2['point'] = 0;
+ }
+
+ if ($k1['point'] == $k2['point']) return 0;
+ if ($k1['point'] > $k2['point']) return -1;
+ else return 1;
+ }
}
?>
/***********************************************************************/
// $Id$
-/**
- * Convert all input to htmlentities output, in UTF-8.
- * @param string input to be convert
- * @param boolean true if we wish to change all carrier returns to a <br/> tag, false otherwise.
- * TODO: use htmlentities_utf8 in social when this become a standard module.
- */
-function htmlentities_utf82($str, $use_nl2br=true){
- $return = htmlentities($str, ENT_QUOTES, 'UTF-8');
- if ($use_nl2br){
- return nl2br($return);
- }
- return $return;
-}
-
-
/**
* Generate album path padding by using album_id + album_created_date
*/
//printing out the confirmation box
$hidden_vars['aid'] = $aid;
$hidden_vars['delete'] = 'delete';
- $msg->addConfirm(array('PA_DELETE_ALBUM', htmlentities_utf82($info['name'])), $hidden_vars);
+ $msg->addConfirm(array('PA_DELETE_ALBUM', AT_print($info['name'], 'photo_albums.name')), $hidden_vars);
}
//paginator settings
$albums = $pa->getSharedAlbums(true, $offset);
include (AT_INCLUDE_PATH.'header.inc.php');
-$savant->assign('search_input', htmlentities($_POST['pa_search'], ENT_QUOTES, 'UTF-8'));
+$savant->assign('search_input', AT_print($_POST['pa_search'], 'input.text'));
$savant->assign('albums', $search_results[0]);
$savant->assign('photos', $search_results[1]);
//$savant->assign('page', $page);
//assign proper link to the comment list.
foreach($all_comments as $comment){
if (isset($comment['photo_id'])){
- $list[] = _AT('comment').': <a href="'.$_base_href.AT_PA_BASENAME.'photo.php?aid='.$comment['album_id'].SEP.'pid='.$comment['photo_id'].'">'.htmlentities_utf82($comment['comment']).'</a>';
+ $list[] = _AT('comment').': <a href="'.$_base_href.AT_PA_BASENAME.'photo.php?aid='.$comment['album_id'].SEP.'pid='.$comment['photo_id'].'">'.AT_print($comment['comment'], 'photos.comment').'</a>';
} elseif (isset($comment['album_id'])){
- $list[] = _AT('comment').': <a href="'.$_base_href.AT_PA_BASENAME.'albums.php?id='.$comment['album_id'].'">'.htmlentities_utf82($comment['comment']).'</a>';
+ $list[] = _AT('comment').': <a href="'.$_base_href.AT_PA_BASENAME.'albums.php?id='.$comment['album_id'].'">'.AT_print($comment['comment'], 'photos.comment').'</a>';
}
if (++$cnt >= $record_limit) break;
}
}
if (authenticate(AT_PRIV_POLLS, AT_PRIV_RETURN) || ($my_row = mysql_fetch_assoc($result))) {
echo '<tr>';
- echo '<td valign="top" class="dropdown-heading" align="left"><strong>' . AT_print(htmlentities_utf8($row['question']), 'polls.question') . '</strong>';
+ echo '<td valign="top" class="dropdown-heading" align="left"><strong>' . AT_print($row['question'], 'polls.question') . '</strong>';
echo '</td></tr>';
// we already voted
echo '<tr>';
echo '<td valign="top" class="dropdown" align="left">';
- echo '<small>' . AT_print(htmlentities_utf8($row['choice' . $i]), 'polls.choice') . '</small><br />';
+ echo '<small>' . AT_print($row['choice' . $i], 'polls.choice') . '</small><br />';
echo '<img src="'.$_base_path . 'images/blue.gif" height="5" width="'.$width.'" alt="" /> '.$row['count' . $i];
echo '</td></tr>';
}
} else {
// show the form to vote
echo '<tr>';
- echo '<td valign="top" class="dropdown" align="left"><strong>' . AT_print(htmlentities_utf8($row['question']), 'polls.question') . '</strong>';
+ echo '<td valign="top" class="dropdown" align="left"><strong>' . AT_print($row['question'], 'polls.question') . '</strong>';
echo '<form method="post" action="'.htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES).'"><input type="hidden" name="poll_id" value="'.$row['poll_id'].'" />';
echo '<table width="100%" border="0" cellspacing="0" cellpadding="0" summary="">';
for ($i=1; $i<= AT_NUM_POLL_CHOICES; $i++) {
if ($row['choice' . $i]) {
echo '<tr>';
echo '<td valign="top" align="left">';
- echo '<small><input type="radio" name="choice" value="'.$i.'" id="c'.$i.'" /><label for="c'.$i.'">' . AT_print(htmlentities_utf8($row['choice' . $i]), 'polls.choice') . '</label></small></td></tr>';
+ echo '<small><input type="radio" name="choice" value="'.$i.'" id="c'.$i.'" /><label for="c'.$i.'">' . AT_print($row['choice' . $i], 'polls.choice') . '</label></small></td></tr>';
}
}
echo '<form method="post" action="'.htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES).'">';\r
echo '<table width="70%" border="0" cellspacing="0" cellpadding="0" summary="" class="dropdown" align="center">';\r
echo '<tr>';\r
- echo '<td valign="top" class="dropdown-heading" nowrap="nowrap" align="left"><strong>' . AT_print(htmlentities_utf8($row['question']), 'polls.question') . '</strong>';\r
+ echo '<td valign="top" class="dropdown-heading" nowrap="nowrap" align="left"><strong>' . AT_print($row['question'], 'polls.question') . '</strong>';\r
echo '<input type="hidden" name="poll_id" value="'.$row['poll_id'].'" /></td></tr>';\r
\r
if (!authenticate(AT_PRIV_POLLS, AT_PRIV_RETURN)) {\r
\r
echo '<tr>';\r
echo '<td valign="top" class="dropdown" nowrap="nowrap" align="left">';\r
- echo '<small>' . AT_print(htmlentities_utf8($row['choice' . $i]), 'polls.choice') . '</small><br />';\r
+ echo '<small>' . AT_print($row['choice' . $i], 'polls.choice') . '</small><br />';\r
echo '<img src="'.$_base_path . 'images/blue.gif" height="5" width="'.$width.'" alt="" /> '.$row['count' . $i];\r
echo '</td></tr>';\r
}\r
if ($row['choice' . $i]) {\r
echo '<tr>';\r
echo '<td valign="top" class="dropdown" nowrap="nowrap" align="left">';\r
- echo '<small><input type="radio" name="choice" value="'.$i.'" id="xc'.$i.$row['poll_id'].'" /><label for="xc'.$i.$row['poll_id'].'">' . AT_print(htmlentities_utf8($row['choice' . $i]), 'polls.choice') . '</label></small></td></tr>';\r
+ echo '<small><input type="radio" name="choice" value="'.$i.'" id="xc'.$i.$row['poll_id'].'" /><label for="xc'.$i.$row['poll_id'].'">' . AT_print($row['choice' . $i], 'polls.choice') . '</label></small></td></tr>';\r
}\r
}\r
\r
'course'=>$system_courses[$row['course_id']]['title'],
'thumb'=>'images/home-polls_sm.png',
'link'=>'<a href="bounce.php?course='.$row['course_id'].'&p='.urlencode('mods/_standard/polls/index.php#'.$row['poll_id']).'"'.
- (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.$row['question'].'"' : '') .'>'.
- validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>');
+ (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.AT_print($row['question'], 'polls.question').'"' : '') .'>'.
+ AT_print(validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'polls.question') .'</a>');
}
}
return $news;
$result = mysql_query($sql, $db);
if (mysql_num_rows($result) > 0) {
- while ($row = mysql_fetch_assoc($result)) {
+ while ($row = mysql_fetch_assoc($result)) {
$list[] = '<a href="'.url_rewrite('mods/_standard/polls/index.php#'.$row['poll_id'], AT_PRETTY_URL_IS_HEADER).'"'.
- (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'.$row['question'].'"' : '') .'>'.
- validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY) .'</a>';
+ (strlen($row['question']) > SUBLINK_TEXT_LEN ? ' title="'. AT_print($row['question'], 'polls.question').'"' : '') .'>'.
+ AT_print(validate_length($row['question'], SUBLINK_TEXT_LEN, VALIDATE_LENGTH_FOR_DISPLAY), 'polls.question') .'</a>';
}
return $list;
} else {
$hidden_vars['delete_poll'] = TRUE;\r
$hidden_vars['pid'] = $_GET['pid'];\r
\r
- $confirm = array('DELETE_POLL', AT_print(htmlentities_utf8($row['question']), 'polls.question'));\r
+ $confirm = array('DELETE_POLL', AT_print($row['question'], 'polls.question'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
\r
<fieldset class="group_form"><legend class="group_form"><?php echo _AT('edit_poll'); ?></legend>
<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="question"><?php echo _AT('question'); ?>:</label><br />
- <textarea name="question" cols="55" rows="3" id="question"><?php if (isset ($_POST['question'])) { echo htmlentities_utf8($_POST['question']); } else { echo htmlentities_utf8($row['question']); } ?></textarea>
+ <textarea name="question" cols="55" rows="3" id="question"><?php if (isset ($_POST['question'])) { echo AT_print($_POST['question'], 'input.text'); } else { echo AT_print($row['question'], 'input.text'); } ?></textarea>
</div>
<?php
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span>
<?php } ?>
<label for="c<?php echo $i; ?>"><?php echo _AT('choice'); ?> <?php echo $i; ?>:</label><br />
- <input type="text" name="c<?php echo $i; ?>" id="c<?php echo $i; ?>" value="<?php if (isset ($_POST['c' . $i])) { echo htmlentities_utf8($_POST['c' . $i]); } else { echo htmlentities_utf8($row['choice' . $i]); }?>" size="40" />
+ <input type="text" name="c<?php echo $i; ?>" id="c<?php echo $i; ?>" value="<?php if (isset ($_POST['c' . $i])) { echo AT_print($_POST['c' . $i], 'input.text'); } else { echo AT_print($row['choice' . $i], 'input.text'); }?>" size="40" />
</div>
<?php endfor; ?>
<?php do { ?>
<tr onmousedown="document.form['p_<?php echo $row['poll_id']; ?>'].checked = true; rowselect(this);" id="r_<?php echo $row['poll_id']; ?>">
<td><input type="radio" id="p_<?php echo $row['poll_id']; ?>" name="poll" value="<?php echo $row['poll_id']; ?>" /></td>
- <td><label for="p_<?php echo $row['poll_id']; ?>"><?php echo AT_print(htmlentities_utf8($row['question']), 'polls.question'); ?></label></td>
+ <td><label for="p_<?php echo $row['poll_id']; ?>"><?php echo AT_print($row['question'], 'polls.question'); ?></label></td>
<td><?php echo AT_DATE(_AT("server_date_format"), $row['created_date']); ?></td>
<td><?php echo $row['total']; ?></td>
</tr>
$sql = "SELECT * FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['title']);
- $author = htmlentities_utf8($row['author']);
- $publisher = htmlentities_utf8($row['publisher']);
- $date = htmlentities_utf8($row['date']);
- $comments = htmlentities_utf8($row['comments']);
+ $title = AT_print($row['title'], 'input.text');
+ $author = AT_print($row['author'], 'input.text');
+ $publisher = AT_print($row['publisher'], 'input.text');
+ $date = AT_print($row['date'], 'input.text');
+ $comments = AT_print($row['comments'], 'input.text');
}
// change title of page to 'edit AV resource' (default is 'add AV resource')
$_pages['mods/_standard/reading_list/add_resource_av.php'][title_var] = 'rl_edit_resource_av';
$sql = "SELECT * FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['title']);
- $author = htmlentities_utf8($row['author']);
- $publisher = htmlentities_utf8($row['publisher']);
- $date = htmlentities_utf8($row['date']);
- $comments = htmlentities_utf8($row['comments']);
- $isbn = htmlentities_utf8($row['id']);
+ $title = AT_print($row['title'], 'input.text');
+ $author = AT_print($row['author'], 'input.text');
+ $publisher = AT_print($row['publisher'], 'input.text');
+ $date = AT_print($row['date'], 'input.text');
+ $comments = AT_print($row['comments'], 'input.text');
+ $isbn = AT_print($row['id'], 'input.text');
}
// change title of page to 'edit book resource' (default is 'add book resource')
$_pages['mods/_standard/reading_list/add_resource_book.php']['title_var'] = 'rl_edit_resource_book';
$sql = "SELECT * FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['title']);
- $author = htmlentities_utf8($row['author']);
- $publisher = htmlentities_utf8($row['publisher']);
- $date = htmlentities_utf8($row['date']);
- $comments = htmlentities_utf8($row['comments']);
- $isbn = htmlentities_utf8($row['id']);
+ $title = AT_print($row['title'], 'input.text');
+ $author = AT_print($row['author'], 'input.text');
+ $publisher = AT_print($row['publisher'], 'input.text');
+ $date = AT_print($row['date'], 'input.text');
+ $comments = AT_print($row['comments'], 'input.text');
+ $isbn = AT_print($row['id'], 'input.text');
}
// change title of page to 'edit file resource' (default is 'add file resource')
$_pages['mods/_standard/reading_list/add_resource_file.php']['title_var'] = 'rl_edit_resource_file';
$sql = "SELECT * FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['title']);
- $author = htmlentities_utf8($row['author']);
- $date = htmlentities_utf8($row['date']);
- $comments = htmlentities_utf8($row['comments']);
+ $title = AT_print($row['title'], 'input.text');
+ $author = AT_print($row['author'], 'input.text');
+ $date = AT_print($row['date'], 'input.text');
+ $comments = AT_print($row['comments'], 'input.text');
}
// change title of page to 'edit handout resource' (default is 'add handout resource')
$_pages['mods/_standard/reading_list/add_resource_handout.php']['title_var'] = 'rl_edit_resource_handout';
$sql = "SELECT * FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
- $title = htmlentities_utf8($row['title']);
- $author = htmlentities_utf8($row['author']);
- $comments = htmlentities_utf8($row['comments']);
- $url = htmlentities_utf8($row['url']);
+ $title = AT_print($row['title'], 'input.text');
+ $author = AT_print($row['author'], 'input.text');
+ $comments = AT_print($row['comments'], 'input.text');
+ $url = AT_print($row['url'], 'input.text');
}
// change title of page to 'edit URL resource' (default is 'add URL resource')
$_pages['mods/_standard/reading_list/add_resource_url.php']['title_var'] = 'rl_edit_resource_url';
$resource_result = mysql_query($sql, $db);\r
if ($resource_row = mysql_fetch_assoc($resource_result)){\r
$hidden_vars['id'] = $reading_id;\r
- $confirm = array('RL_DELETE_READING', htmlentities_utf8($resource_row['title']));\r
+ $confirm = array('RL_DELETE_READING', AT_print($resource_row['title'], 'reading_list.title'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
}\r
\r
if ($row = mysql_fetch_assoc($result)){\r
$hidden_vars['id'] = $resource_id;\r
- $confirm = array('RL_DELETE_RESOURCE', htmlentities_utf8($row['title']));\r
+ $confirm = array('RL_DELETE_RESOURCE', AT_print($row['title'], 'reading_list.title'));\r
$msg->addConfirm($confirm, $hidden_vars);\r
$msg->printConfirm();\r
}\r
}
$row['type'] = intval($row['type']);
-$row['title'] = htmlentities_utf8($row['title']);
-$row['author'] = htmlentities_utf8($row['author']);
-$row['publisher'] = htmlentities_utf8($row['publisher']);
-$row['date'] = htmlentities_utf8($row['date']);
-$row['id'] = htmlentities_utf8($row['id']);
-$row['comments'] = htmlentities_utf8($row['comments']);
+$row['title'] = AT_print($row['title'], 'readling_list.title');
+$row['author'] = AT_print($row['author'], 'readling_list.author');
+$row['publisher'] = AT_print($row['publisher'], 'readling_list.publisher');
+$row['date'] = AT_print($row['date'], 'readling_list.date');
+$row['id'] = AT_print($row['id'], 'readling_list.id');
+$row['comments'] = AT_print($row['comments'], 'readling_list.comments');
?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="get" name="form">
<td><input type="radio" id="t<?php echo $row['resource_id'];?>" name="resource_id" value="<?php echo $row['resource_id']; ?>"
<?php if ($first == true){ echo 'checked="checked"'; $first=false;} ?>/></td>
<td><?php echo _AT($_rl_types[$row['type']]); ?></td>
- <td><label for="t<?php echo $row['resource_id'];?>"><strong><?php echo htmlentities_utf8($row['title']); ?></strong></label></td>
- <td><?php echo htmlentities_utf8($row['author']); ?></td>
+ <td><label for="t<?php echo $row['resource_id'];?>"><strong><?php echo AT_print($row['title'], 'input.text'); ?></strong></label></td>
+ <td><?php echo AT_print($row['author'], 'input.text'); ?></td>
</tr>
<?php } while($row = mysql_fetch_assoc($result)); ?>
</tbody>
<label for="title"><?php echo _AT('select_av'); ?>:</label>
<select name="existing" id="title">
<?php while ($row = mysql_fetch_assoc($av_result)): ?>
- <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo htmlentities_utf8($row['title']); ?></option>
+ <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo AT_print($row['title'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
</div>
<div class="row">
- <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo htmlentities_utf8($rowreading['comment']); ?>" />
+ <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo AT_print($rowreading['comment'], 'reading_list.comment'); ?>" />
</div>
<h3><?php echo _AT('rl_read_by_date'); ?></h3>
<select name="existingbook" id="booktitle">
<?php while ($rowbook = mysql_fetch_assoc($book_result)): ?>
- <option value="<?php echo $rowbook['resource_id']; ?>"<?php if ($rowbook['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo htmlentities_utf8($rowbook['title']); ?></option>
+ <option value="<?php echo $rowbook['resource_id']; ?>"<?php if ($rowbook['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo AT_print($rowbook['title'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
<div class="row">
- <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo htmlentities_utf8($rowreading['comment']); ?>" />
+ <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo AT_print($rowreading['comment'], 'reading_list.comment'); ?>" />
</div>
<h3><?php echo _AT('rl_read_by_date'); ?></h3>
<select name="existing" id="title">
<?php while ($row = mysql_fetch_assoc($file_result)): ?>
- <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo htmlentities_utf8($row['title']); ?></option>
+ <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo AT_print($row['title'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
<div class="row">
- <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo htmlentities_utf8($rowreading['comment']); ?>" />
+ <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo AT_print($rowreading['comment'], 'reading_list.comment'); ?>" />
</div>
<h3><?php echo _AT('rl_read_by_date'); ?></h3>
<label for="title"><?php echo _AT('rl_select_handout'); ?>:</label>
<select name="existing" id="title">
<?php while ($row = mysql_fetch_assoc($handout_result)): ?>
- <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo htmlentities_utf8($row['title']); ?></option>
+ <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo AT_print($row['title'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
</div>
<div class="row">
- <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo htmlentities_utf8($rowreading['comment']); ?>" />
+ <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo AT_print($rowreading['comment'], 'reading_list.comment'); ?>" />
</div>
<h3><?php echo _AT('rl_read_by_date'); ?></h3>
<label for="title"><?php echo _AT('rl_select_url'); ?>:</label>
<select name="existing" id="title">
<?php while ($row = mysql_fetch_assoc($url_result)): ?>
- <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo htmlentities_utf8($row['title']); ?></option>
+ <option value="<?php echo $row['resource_id']; ?>"<?php if ($row['resource_id'] == $resource_id) { echo ' selected="selected"'; } ?>><?php echo AT_print($row['title'], 'input.text'); ?></option>
<?php endwhile; ?>
</select>
</div>
</div>
<div class="row">
- <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo htmlentities_utf8($rowreading['comment']); ?>" />
+ <label for="comment"><?php echo _AT('comment'); ?>:</label><input type="text" id="comment" size="75" name="comment" value="<?php echo AT_print($rowreading['comment'], 'reading_list.comment'); ?>" />
</div>
<h3><?php echo _AT('rl_read_by_date'); ?></h3>
$id = $row['resource_id'];\r
$row['date_start'] = htmlentities_utf8($row['date_start']);\r
$row['date_end'] = htmlentities_utf8($row['date_end']);\r
- $row['comment'] = htmlentities_utf8($row['comment']);\r
+ $row['comment'] = AT_print($row['comment'], 'reading_list.comment');\r
\r
$sql = "SELECT title, type, url FROM ".TABLE_PREFIX."external_resources WHERE course_id=$_SESSION[course_id] AND resource_id=$id";\r
$resource_result = mysql_query($sql, $db);\r
}?>\r
</td>\r
\r
- <td><a href="<?php echo url_rewrite('mods/_standard/reading_list/display_resource.php?id='.$id); ?>" title="<?php echo _AT('rl_view_resource_details')?>" ><?php echo htmlentities_utf8($resource_row['title']); ?></a> \r
+ <td><a href="<?php echo url_rewrite('mods/_standard/reading_list/display_resource.php?id='.$id); ?>" title="<?php echo _AT('rl_view_resource_details')?>" ><?php echo AT_print($resource_row['title'], 'reading_list.title'); ?></a> \r
</td>\r
<td><?php echo _AT ($row['required']); ?></td>\r
<td><?php echo $row['comment']; ?></td>\r
}else {\r
echo AT_Date(_AT('rl_date_format'), $row['date_end'], AT_DATE_MYSQL_DATETIME);\r
}?></td>\r
- <td><label for="t<?php echo $row['reading_id'];?>"><strong><?php echo htmlentities_utf8($resource_row['title']); ?></strong></label></td>\r
+ <td><label for="t<?php echo $row['reading_id'];?>"><strong><?php echo AT_print($resource_row['title'], 'reading_list.title'); ?></strong></label></td>\r
<td><?php echo _AT ($row['required']); ?></td>\r
- <td><?php echo htmlentities_utf8($row['comment']); ?></td>\r
+ <td><?php echo AT_print($row['comment'], 'reading_list.comment'); ?></td>\r
</tr>\r
\r
<?php } ?>\r
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)){
$row['type'] = intval($row['type']);
- $row['title'] = htmlentities_utf8($row['title']);
- $row['author'] = htmlentities_utf8($row['author']);
- $row['publisher'] = htmlentities_utf8($row['publisher']);
- $row['date'] = htmlentities_utf8($row['date']);
- $row['comments'] = htmlentities_utf8($row['comments']);
+ $row['title'] = AT_print($row['title'], 'input.text');
+ $row['author'] = AT_print($row['author'], 'input.text');
+ $row['publisher'] = AT_print($row['publisher'], 'input.text');
+ $row['date'] = AT_print($row['date'], 'input.text');
+ $row['comments'] = AT_print($row['comments'], 'input.text');
if ($row['type'] == RL_TYPE_BOOK): ?>
<div class="input-form">
break;
}
//double encode the value because the .submit() function will decode the first level.
- echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_friends\').value=\''.htmlentities(printSocialNameForConnection($member_id, true)).'\'; document.getElementById(\'search_friends_form\').submit();">'.printSocialNameForConnection($member_id, false).'</a><br/>';
+ echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_friends\').value=\''.htmlentities_utf8(printSocialNameForConnection($member_id, true)).'\'; document.getElementById(\'search_friends_form\').submit();">'.printSocialNameForConnection($member_id, false).'</a><br/>';
$counter++;
}
echo '</div>';
$row = mysql_fetch_assoc($result);
$msg = _AT("has_added_app", url_rewrite(AT_SOCIAL_BASENAME.'applications.php?app_id='.$app_id, AT_PRETTY_URL_IS_HEADER),
- htmlentities($row['title']));
+ htmlentities_utf8($row['title']));
return $msg;
}
}
if ($result){
while($row = mysql_fetch_assoc($result)){
//escape XSS
- $row['url'] = htmlentities($row['url']);
+ $row['url'] = htmlentities_utf8($row['url']);
//index row entry
$websites[] = $row;
echo '<td>';\r
echo '<input type="checkbox" value="'.$row['question_id'].'|'.$row['type'].'" name="questions['.$cat['category_id'].'][]" id="q'.$row['question_id'].'" onmouseup="this.checked=!this.checked" /></td>';\r
echo '<td>';\r
- echo '<a title="'.htmlentities($row[question], ENT_QUOTES, 'UTF-8').'">';\r
- echo AT_print(htmlentities(validate_length($row['question'], 100, VALIDATE_LENGTH_FOR_DISPLAY), ENT_QUOTES, 'UTF-8'), 'tests_questions.question');\r
+ echo '<a title="'.AT_print($row[question], 'tests_questions.question').'">';\r
+ echo AT_print((validate_length($row['question'], 100, VALIDATE_LENGTH_FOR_DISPLAY)), 'tests_questions.question');\r
echo '</a>';\r
echo '</td>';\r
echo '<td>';\r
}
echo '<td class="row1">';
- if ($strlen($row['question']) > 45) {
- echo htmlspecialchars(AT_print($substr($row['question'], 0, 43), 'tests_questions.question'), ENT_COMPAT, "UTF-8") . '...';
- } else {
- echo AT_print(htmlspecialchars($row['question'], ENT_COMPAT, "UTF-8"), 'tests_questions.question');
- }
+ echo AT_print(validate_length($row['question'], 45, VALIDATE_LENGTH_FOR_DISPLAY), 'tests_questions.question');
echo '</td>';
echo '<td nowrap="nowrap">';
<div id="subnavbacktopage">
<?php if (isset($this->back_to_page)): ?>
<a href="<?php echo $this->back_to_page['url']; ?>">
- <img border="0" width="10" height="11" alt="<?php echo _AT('back_to').' '.$this->back_to_page['title']; ?>" src="<?php echo $this->base_href; ?>images/arrowicon.gif" style="float:left;" class="img1111"/></a>
+ <img border="0" width="10" height="11" alt="<?php echo _AT('back_to').' '.htmlentities_utf8($this->back_to_page['title']); ?>" src="<?php echo $this->base_href; ?>images/arrowicon.gif" style="float:left;" class="img1111"/></a>
<?php endif; ?>
</div>
<?php foreach ($this->albums as $aid=>$row): ?>
<tr id="r_<?php echo $aid; ?>" onmousedown="jQuery('#album_<?php echo $aid; ?>').attr('checked', true); rowselect(this);">
<td><input type="radio" id="album_<?php echo $aid; ?>" name="aid" value="<?php echo $aid; ?>" /></td>
- <td><a href="<?php echo AT_PA_BASENAME."admin/edit_photos.php?aid=$aid"; ?>"><?php echo htmlentities_utf82($row['name']); ?></a></td>
+ <td><a href="<?php echo AT_PA_BASENAME."admin/edit_photos.php?aid=$aid"; ?>"><?php echo AT_print($row['name'], 'input.text'); ?></a></td>
<td><?php echo $pa->getAlbumTypeName($row['type_id']); ?></td>
- <td><?php echo htmlentities_utf82($row['description']); ?></td>
- <td><?php echo htmlentities_utf82(AT_print(get_display_name($row['member_id']), 'members.full_name')) ?></td>
- <td><?php echo AT_date(_AT('forum_date_format'), $row['last_updated'], AT_DATE_MYSQL_DATETIME) ?></td>
+ <td><?php echo AT_print($row['description'], 'photo_albums.description'); ?></td>
+ <td><?php echo AT_print(get_display_name($row['member_id']), 'members.full_name'); ?></td>
+ <td><?php echo AT_date(_AT('forum_date_format'), $row['last_updated'], AT_DATE_MYSQL_DATETIME); ?></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
<!-- loop through this -->
<?php foreach($this->photos as $key=>$photo): ?>
<div class="photo_frame">
- <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$this->album_info['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo htmlentities_utf82($photo['description'], false); ?>" alt="<?php echo htmlentities_utf82($photo['alt_text']);?>" /></a>
+ <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$this->album_info['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo AT_print($photo['description'], 'photos.description'); ?>" alt="<?php echo AT_print($photo['alt_text'], 'photos.alt_text');?>" /></a>
</div>
<?php endforeach; ?>
<!-- end loop -->
<div class="album_description">
- <p><?php if($this->album_info['location']!='') echo _AT('location').': '.htmlentities_utf82($this->album_info['location']) .'<br/>';?>
- <?php echo htmlentities_utf82($this->album_info['description']);?></p>
+ <p><?php if($this->album_info['location']!='') echo _AT('location').': '.AT_print($this->album_info['location'], 'photo_albums.location') .'<br/>';?>
+ <?php echo AT_print($this->album_info['description'], 'photo_albums.description');?></p>
</div>
<?php else: ?>
<div class="edit_photo_box">
<!-- TODO: Profile link and img -->
<?php if ($this->action_permission || $comment_array['member_id']==$_SESSION['member_id']): ?>
<div class="flc-inlineEditable">
- <strong><a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo htmlentities_utf82($comment_array['comment']);?></span>
+ <strong><a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo AT_print($comment_array['comment'], 'photo_albums.comment');?></span>
</div>
<?php else: ?>
<div>
- <strong><a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <?php echo htmlentities_utf82($comment_array['comment'], true);?>
+ <strong><a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <?php echo htmlentities_utf8($comment_array['comment'], true);?>
</div>
<?php endif; ?>
<div class="comment_actions">
<form action="" name="create_album" method="post">
<div class="row">
<div class="left_row"><span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="album_name"><?php echo _AT('pa_album_name'); ?></label></div>
- <input id="album_name" name="album_name" type="text" value="<?php echo htmlentities($this->album_info['name']);?>" />
+ <input id="album_name" name="album_name" type="text" value="<?php echo AT_print($this->album_info['name'], 'input.text');?>" />
</div>
<?php
//if the user has the privilege to create course albums, then allow them to choose
</div>
<div class="row">
<div class="left_row"<label for="album_location"><?php echo _AT('pa_album_location'); ?></label></div>
- <input id="album_location" name="album_location" type="text" value="<?php echo htmlentities_utf82($this->album_info['location']);?>"/>
+ <input id="album_location" name="album_location" type="text" value="<?php echo AT_print($this->album_info['location'], 'input.text');?>"/>
</div>
<div class="row">
<div class="left_row"<label for="album_description"><?php echo _AT('pa_album_description'); ?></label></div>
- <textarea id="album_description" name="album_description"><?php echo htmlentities_utf82($this->album_info['description'],false);?></textarea>
+ <textarea id="album_description" name="album_description"><?php echo AT_print($this->album_info['description'], 'input.text');?></textarea>
</div>
<div class="row">
<input type="hidden" name="aid" value="<?php echo $this->album_info['id']; ?>" />
<div class="edit_photo_box">
<div class="info">
<label for="description_<?php echo $photo['id']; ?>"><?php echo _AT('description');?></label><br/>
- <textarea name="description_<?php echo $photo['id']; ?>" id="description_<?php echo $photo['id']; ?>"><?php echo htmlentities_utf82($photo['description'], false);?></textarea>
+ <textarea name="description_<?php echo $photo['id']; ?>" id="description_<?php echo $photo['id']; ?>"><?php echo AT_print($photo['description'], 'input.text');?></textarea>
<p><label for="alt_text_<?php echo $photo['id']; ?>"><?php echo _AT('pa_alt_text');?></label><br/>
- <textarea name="alt_text_<?php echo $photo['id']; ?>" id="alt_text_<?php echo $photo['id']; ?>" class="alt_text"><?php echo htmlentities_utf82($photo['alt_text'], false);?></textarea></p>
+ <textarea name="alt_text_<?php echo $photo['id']; ?>" id="alt_text_<?php echo $photo['id']; ?>" class="alt_text"><?php echo AT_print($photo['alt_text'], 'input.text');?></textarea></p>
</div>
<div class="action">
- <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo htmlentities_utf82($photo['description'], false); ?>" alt="<?php echo htmlentities_utf82($photo['alt_text']);?>" /><br/>
+ <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo AT_print($photo['description'], 'input.text'); ?>" alt="<?php echo AT_print($photo['alt_text'], 'input.text');?>" /><br/>
<input name="album_cover" id="photo_<?php echo $photo['id']; ?>" type="radio" value="<?php echo $photo['id']; ?>" <?php echo ($this->album_info['photo_id']==$photo['id'])?' checked="checked"':''; ?>/>
<label for="photo_<?php echo $photo['id']; ?>"><?php echo _AT('pa_album_cover'); ?></label><br/>
$photo_info = $pa->getPhotoInfo($row['photo_id']);
if (!empty($photo_info)):
?>
- <a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$row['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$row['id'].SEP.'pid='.$row['photo_id'].SEP.'ph='.getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']);?>" title="<?php echo htmlentities_utf82($photo_info['description']); ?>" alt="<?php echo htmlentities_utf82($row['name']); ?>" /></a>
+ <a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$row['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$row['id'].SEP.'pid='.$row['photo_id'].SEP.'ph='.getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']);?>" title="<?php echo AT_print($photo_info['description'], 'input.text'); ?>" alt="<?php echo AT_print($row['name'], 'input.text'); ?>" /></a>
<?php else: ?>
<a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$row['id'];?>"><img src="" class="no-image" title="<?php echo _AT('pa_no_image'); ?>" alt="<?php echo _AT('pa_no_image'); ?>" /></a>
<?php endif; //image ?>
</div>
<div class="info">
- <h4><a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$row['id'];?>"><?php echo htmlentities_utf82($row['name']); ?></a></h4>
- <p><?php echo htmlentities_utf82($row['description']); ?></p>
- <p><?php echo _AT('location').': '.htmlentities_utf82($row['location']); ?></p>
+ <h4><a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$row['id'];?>"><?php echo AT_print($row['name'], 'photo_albums.name'); ?></a></h4>
+ <p><?php echo AT_print($row['description'], 'photo_albums.description'); ?></p>
+ <p><?php echo _AT('location').': '.AT_print($row['location'], 'photo_albums.location'); ?></p>
<!-- If this is shared album, display the author -->
<?php if (isset($this->isSharedAlbum)): ?>
<p><?php echo _AT('created_by').': '.AT_print(get_display_name($row['member_id']), 'members.full_name'); ?></p>
<?php foreach($this->photos as $key=>$photo):?>
<div class="photo_wrapper">
<a class="photo_frame">
- <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo htmlentities_utf82($photo['description'], false); ?>" alt="<?php echo htmlentities_utf82($photo['alt_text'], false); ?>>" />
+ <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo AT_print($photo['description'], 'input.text'); ?>" alt="<?php echo AT_print($photo['alt_text'], 'input.text'); ?>>" />
<input name="image_<?php echo $photo['id']; ?>" value="<?php echo $photo['ordering']; ?>" type="hidden" />
</a>
</div>
<?php endif; ?>
<div style="clear:both"></div>
- <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->aid.SEP.'pid='.$this->photo_info['id'].SEP.'size=o'.SEP.'ph='.getPhotoFilePath($this->photo_info['id'], '', $this->photo_info['created_date']);?>" title="<?php echo htmlentities_utf82($this->photo_info['description'], false); ?>" alt="<?php echo htmlentities_utf82($this->photo_info['alt_text']) ;?>" />
+ <img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->aid.SEP.'pid='.$this->photo_info['id'].SEP.'size=o'.SEP.'ph='.getPhotoFilePath($this->photo_info['id'], '', $this->photo_info['created_date']);?>" title="<?php echo AT_print($this->photo_info['description'], 'input.text'); ?>" alt="<?php echo AT_print($this->photo_info['alt_text'], 'input.text') ;?>" />
<?php if ($this->action_permission): ?>
- <div class="flc-inlineEditable"><span class="flc-inlineEdit-text"><?php echo htmlentities_utf82($this->photo_info['description']);?></span></div>
+ <div class="flc-inlineEditable"><span class="flc-inlineEdit-text"><?php echo AT_print($this->photo_info['description'], 'photos.description');?></span></div>
<?php else : ?>
- <div><span><?php echo htmlentities_utf82($this->photo_info['description'], true);?></span></div>
+ <div><span><?php echo htmlentities_utf8($this->photo_info['description'], true);?></span></div>
<?php endif; ?>
</div>
<!-- TODO: Profile link and img -->
<?php if ($this->action_permission || $comment_array['member_id']==$_SESSION['member_id']): ?>
<div class="flc-inlineEditable">
- <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo htmlentities_utf82($comment_array['comment']);?></span>
+ <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo AT_print($comment_array['comment'], 'photos.comment');?></span>
</div>
<?php else: ?>
<div>
- <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <?php echo htmlentities_utf82($comment_array['comment'], true);?>
+ <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <?php echo htmlentities_utf8($comment_array['comment'], true);?>
</div>
<?php endif; ?>
<?php if ($this->action_permission || $this->album_info['type_id']==AT_PA_TYPE_COURSE_ALBUM): ?>
<div class="add_profile_photo">
<div class="profile_photo">
- <img src="<?php echo 'get_profile_img.php?id='.$_SESSION['member_id'].SEP.'size=p';?>" title="<?php echo htmlentities_utf82(AT_print(get_display_name($_SESSION['member_id']), 'members.full_name')); ?>" alt="<?php _AT('profile_picture');?>" />
+ <img src="<?php echo 'get_profile_img.php?id='.$_SESSION['member_id'].SEP.'size=p';?>" title="<?php echo AT_print(get_display_name($_SESSION['member_id']), 'members.full_name'); ?>" alt="<?php _AT('profile_picture');?>" />
</div>
<div class="uploader">
<!-- loop through this -->
<?php foreach($this->photos as $key=>$photo): ?>
<div class="photo_frame">
- <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$this->album_info['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo htmlentities_utf82($photo['description'], false); ?>" alt="<?php echo htmlentities_utf82($photo['alt_text']);?>" /></a>
+ <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$this->album_info['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$this->album_info['id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo AT_print($photo['description'], 'photo_albums.description'); ?>" alt="<?php echo AT_print($photo['alt_text'], 'photo_albums.alt_text');?>" /></a>
</div>
<?php endforeach; ?>
<!-- end loop -->
<div class="album_description">
- <p><?php if($this->album_info['location']!='') echo _AT('location').': '.htmlentities_utf82($this->album_info['location']) .'<br/>';?>
- <?php echo htmlentities_utf82($this->album_info['description']);?></p>
+ <p><?php if($this->album_info['location']!='') echo _AT('location').': '.AT_print($this->album_info['location'], 'albums.location') .'<br/>';?>
+ <?php echo AT_print($this->album_info['description'], 'albums.description');?></p>
</div>
<?php else: ?>
<div class="edit_photo_box">
<!-- TODO: Profile link and img -->
<?php if ($this->action_permission || $comment_array['member_id']==$_SESSION['member_id']): ?>
<div class="flc-inlineEditable">
- <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo htmlentities_utf82($comment_array['comment']);?></span>
+ <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <span class="flc-inlineEdit-text" id="<?php echo $comment_array['id'];?>" ><?php echo AT_print($comment_array['comment'], 'photo_albums.comment');?></span>
</div>
<?php else: ?>
<div>
- <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo htmlentities_utf82(AT_print(get_display_name($comment_array['member_id']), 'members.full_name')); ?></a></strong>
- <?php echo htmlentities_utf82($comment_array['comment'], true);?>
+ <a href="profile.php?id=<?php echo $comment_array['member_id'];?>"><strong><?php echo AT_print(get_display_name($comment_array['member_id']), 'members.full_name'); ?></a></strong>
+ <?php echo htmlentities_utf8($comment_array['comment'], true);?>
</div>
<?php endif; ?>
<div class="comment_actions">
<li>
<div class="search_photo_frame">
<?php if (!empty($photo_info)): ?>
- <a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$album['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$album['id'].SEP.'pid='.$album['photo_id'].SEP.'ph='.getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']);?>" title="<?php echo htmlentities_utf82($photo_info['description']); ?>" alt="<?php echo htmlentities_utf82($album['name']); ?>" /></a>
+ <a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$album['id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$album['id'].SEP.'pid='.$album['photo_id'].SEP.'ph='.getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']);?>" title="<?php echo AT_print($photo_info['description'], 'input.text'); ?>" alt="<?php echo AT_print($album['name'], 'input.text'); ?>" /></a>
<?php else: ?>
<a href="<?php echo AT_PA_BASENAME.'albums.php?id='.$album['id'];?>"><img class="no-image" title="<?php echo _AT('pa_no_image'); ?>" alt="<?php echo _AT('pa_no_image'); ?>" /></a>
<?php endif; //album ?>
- <span><?php echo $album['name']; ?></span>
+ <span><?php echo AT_print($album['name'], 'photo_albums.name'); ?></span>
</div>
</li>
<?php endforeach; ?>
$loop_counter++;
?>
<div class="photo_frame">
- <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$photo['album_id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$photo['album_id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo htmlentities_utf82($photo['description'], false); ?>" alt="<?php echo htmlentities_utf82($photo['alt_text']);?>" /></a>
+ <a href="<?php echo AT_PA_BASENAME.'photo.php?pid='.$photo['id'].SEP.'aid='.$photo['album_id'];?>"><img src="<?php echo AT_PA_BASENAME.'get_photo.php?aid='.$photo['album_id'].SEP.'pid='.$photo['id'].SEP.'ph='.getPhotoFilePath($photo['id'], '', $photo['created_date']);?>" title="<?php echo AT_print($photo['description'], 'input.text'); ?>" alt="<?php echo AT_print($photo['alt_text'], 'input.text');?>" /></a>
</div>
<?php
if ($loop_counter>=AT_PA_PHOTO_SEARCH_PER_PAGE) {
foreach ($this->position as $id=>$row): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=position'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=position'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo _AT('company') . ': ' . htmlentities_utf8($row['company']); ?></div>
- <div><?php echo _AT('position') . ': ' . htmlentities_utf8($row['title']); ?></div>
- <div><?php echo _AT('from') . ': ' . htmlentities_utf8($row['from']);?></div>
- <div><?php echo _AT('to') . ': ' . htmlentities_utf8($row['to']); ?></div>
- <div><?php echo _AT('description') . ': ' . htmlentities_utf8($row['description']); ?></div>
+ <div><?php echo _AT('company') . ': ' . AT_print($row['company'], 'social.company'); ?></div>
+ <div><?php echo _AT('position') . ': ' . AT_print($row['title'], 'social.title'); ?></div>
+ <div><?php echo _AT('from') . ': ' . AT_print($row['from'], 'social.from');?></div>
+ <div><?php echo _AT('to') . ': ' . AT_print($row['to'], 'social.to'); ?></div>
+ <div><?php echo _AT('description') . ': ' . AT_print($row['description'], 'social.description'); ?></div>
</div>
<?php
endforeach;
foreach ($this->education as $id=>$row): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=education'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=education'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo _AT('university') . ': ' . htmlentities_utf8($row['university']); ?></div>
- <div><?php echo _AT('location') . ': ' . htmlentities_utf8($row['country']) . ', ' . htmlentities_utf8($row['province']); ?></div>
- <div><?php echo _AT('degree') . ': ' . htmlentities_utf8($row['degree']); ?></div>
- <div><?php echo _AT('field') . ': ' . htmlentities_utf8($row['field']); ?></div>
- <div><?php echo _AT('from') . ': ' . htmlentities_utf8($row['from']);?></div>
- <div><?php echo _AT('to') . ': ' . htmlentities_utf8($row['to']); ?></div>
- <div><?php echo _AT('description') . ': ' . htmlentities_utf8($row['description']); ?></div>
+ <div><?php echo _AT('university') . ': ' . AT_print($row['university'], 'social.university'); ?></div>
+ <div><?php echo _AT('location') . ': ' . AT_print($row['country'], 'social.country') . ', ' . AT_print($row['province'], 'social.province'); ?></div>
+ <div><?php echo _AT('degree') . ': ' . AT_print($row['degree'], 'social.degree'); ?></div>
+ <div><?php echo _AT('field') . ': ' . AT_print($row['field'], 'social.field'); ?></div>
+ <div><?php echo _AT('from') . ': ' . AT_print($row['from'], 'social.from');?></div>
+ <div><?php echo _AT('to') . ': ' . AT_print($row['to'], 'social.to'); ?></div>
+ <div><?php echo _AT('description') . ': ' . AT_print($row['description'], 'social.description'); ?></div>
</div>
<?php
endforeach;
foreach ($this->websites as $id=>$row): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=websites'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=websites'.SEP.'id='.$row['id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo _AT('site_name') . ': ' . htmlentities_utf8($row['site_name']); ?></div>
+ <div><?php echo _AT('site_name') . ': ' . AT_print($row['site_name'], 'social.site_name'); ?></div>
<div><?php echo _AT('url') . ': ' . $row['url']; ?></div>
</div>
<?php
<?php if (!empty($this->profile['interests'])): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=interests'.SEP.'id='.$_SESSION['member_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=interests'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo htmlentities_utf8($this->profile['interests']); ?></div>
+ <div><?php echo AT_print($this->profile['interests'], 'social.interests'); ?></div>
</div>
<?php else: ?>
<p><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?add=interests'); ?>"><?php echo _AT('add_new_interest'); ?></a></p>
<?php if (!empty($this->profile['associations'])): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=associations'.SEP.'id='.$_SESSION['member_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=associations'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo htmlentities_utf8($this->profile['associations']); ?></div>
+ <div><?php echo AT_print($this->profile['associations'], 'social.associations'); ?></div>
</div>
<?php else: ?>
<p><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?add=associations'); ?>"><?php echo _AT('add_new_association'); ?></a></p>
<?php if (!empty($this->profile['awards'])): ?>
<div class="profile_container">
<div class="top_right" style="border:thin #cccccc solid;"><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=awards'.SEP.'id='.$_SESSION['member_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=awards'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
- <div><?php echo htmlentities_utf8($this->profile['awards']); ?></div>
+ <div><?php echo AT_print($this->profile['awards'], 'social.awards'); ?></div>
</div>
<?php else: ?>
<p><a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?add=awards'); ?>"><?php echo _AT('add_new_award'); ?></a></p>
<a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=representation'.SEP.'id='.$value['rep_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=representation'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
<dl class="public-profile">
- <dt><?php echo _AT('name') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($value['rep_name']); ?></dd>
- <dt><?php echo _AT('title') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($value['rep_title']); ?></dd>
- <dt><?php echo _AT('phone') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($value['rep_phone']);?></dd>
- <dt><?php echo _AT('email') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($value['rep_email']); ?></dd>
- <dt><?php echo _AT('street_address') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($value['rep_address']); ?></dd>
+ <dt><?php echo _AT('name') . ':' ?></dt> <dd> <?php echo AT_print($value['rep_name'], 'social.representation_name'); ?></dd>
+ <dt><?php echo _AT('title') . ': ' ?></dt> <dd> <?php echo AT_print($value['rep_title'], 'social.representation_title'); ?></dd>
+ <dt><?php echo _AT('phone') . ':' ?></dt> <dd> <?php echo AT_print($value['rep_phone'], 'social.representation_phone');?></dd>
+ <dt><?php echo _AT('email') . ': ' ?></dt> <dd> <?php echo AT_print($value['rep_email'], 'social.representation_email'); ?></dd>
+ <dt><?php echo _AT('street_address') . ': ' ?></dt> <dd> <?php echo AT_print($value['rep_address'], 'social.representation_address'); ?></dd>
</dl>
<?php } ?>
</div>
<a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=contact'.SEP.'id='.$value['contact_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=contact'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
<dl class="public-profile">
- <dt><?php echo _AT('name') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($value['con_name']); ?></dd>
- <dt><?php echo _AT('phone') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($value['con_phone']);?></dd>
- <dt><?php echo _AT('email') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($value['con_email']); ?></dd>
- <dt><?php echo _AT('street_address') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($value['con_address']); ?></dd>
+ <dt><?php echo _AT('name') . ':' ?></dt> <dd> <?php echo AT_print($value['con_name'], 'social.contact_name'); ?></dd>
+ <dt><?php echo _AT('phone') . ':' ?></dt> <dd> <?php echo AT_print($value['con_phone'], 'social.contact_phone');?></dd>
+ <dt><?php echo _AT('email') . ': ' ?></dt> <dd> <?php echo AT_print($value['con_email'], 'social.contact_email'); ?></dd>
+ <dt><?php echo _AT('street_address') . ': ' ?></dt> <dd> <?php echo AT_print($value['con_address'], 'social.contact_address'); ?></dd>
</dl>
<?php } ?>
</div>
<a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?edit=personal'.SEP.'id='.$this->personal['per_id']); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/edit_profile.gif" alt="<?php echo _AT('edit'); ?>" title="<?php echo _AT('edit'); ?>" border="0" /></a> <a href="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php?delete=personal'); ?>"><img src="<?php echo $_base_href.AT_SOCIAL_BASENAME; ?>images/b_drop.png" alt="<?php echo _AT('remove'); ?> ?>" title="<?php echo _AT('remove'); ?>" border="0" /></a></div>
<dl class="public-profile">
- <dt><?php echo _AT('per_weight') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_weight']);?></dd>
- <dt><?php echo _AT('per_height') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_height']); ?></dd>
- <dt><?php echo _AT('per_hair') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_hair']); ?></dd>
- <dt><?php echo _AT('per_eyes') . ':' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_eyes']);?></dd>
- <dt><?php echo _AT('per_ethnicity') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_ethnicity']); ?></dd>
- <dt><?php echo _AT('per_languages') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_languages']); ?></dd>
- <dt><?php echo _AT('per_disabilities') . ': ' ?></dt> <dd> <?php echo htmlentities_utf8($this->personal['per_disabilities']); ?></dd>
+ <dt><?php echo _AT('per_weight') . ':' ?></dt> <dd> <?php echo AT_print($this->personal['per_weight'], 'social.personal_name');?></dd>
+ <dt><?php echo _AT('per_height') . ': ' ?></dt> <dd> <?php echo AT_print($this->personal['per_height'], 'social.personal_height'); ?></dd>
+ <dt><?php echo _AT('per_hair') . ': ' ?></dt> <dd> <?php echo AT_print($this->personal['per_hair'], 'social.personal_hair'); ?></dd>
+ <dt><?php echo _AT('per_eyes') . ':' ?></dt> <dd> <?php echo AT_print($this->personal['per_eyes'], 'social.personal_eyes');?></dd>
+ <dt><?php echo _AT('per_ethnicity') . ': ' ?></dt> <dd> <?php echo AT_print($this->personal['per_ethnicity'], 'social.personal_ethnicity'); ?></dd>
+ <dt><?php echo _AT('per_languages') . ': ' ?></dt> <dd> <?php echo AT_print($this->personal['per_languages'], 'social.personal_languages'); ?></dd>
+ <dt><?php echo _AT('per_disabilities') . ': ' ?></dt> <dd> <?php echo AT_print($this->personal['per_disabilities'], 'social.personal_disabilities'); ?></dd>
</dl>
</div>
<?php else: ?>
<?php
global $addslashes;
//escape all strings
- $title = htmlentities_utf8($this->title);
- $interests = htmlentities_utf8($this->interests, false);
- $associations = htmlentities_utf8($this->associations, false);
- $awards = htmlentities_utf8($this->awards, false);
+ $title = AT_print($this->title, 'input.text');
?>
<form method="post" action="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php'); ?>">
global $addslashes;
//escape all strings
- $con_name = htmlentities_utf8($this->con_name);
- $con_phone = htmlentities_utf8($this->con_phone);
- $con_email = htmlentities_utf8($this->con_email);
- $con_address = htmlentities_utf8($this->con_address);
+ $con_name = AT_print($this->con_name, 'input.text');
+ $con_phone = AT_print($this->con_phone, 'input.text');
+ $con_email = AT_print($this->con_email, 'input.text');
+ $con_address = AT_print($this->con_address, 'input.text');
?>
global $addslashes;
//escape all strings
- $university = htmlentities_utf8($this->university);
- $country = htmlentities_utf8($this->country);
- $province = htmlentities_utf8($this->province);
- $degree = htmlentities_utf8($this->degree);
- $field = htmlentities_utf8($this->field);
- $from = htmlentities_utf8($this->from);
- $to = htmlentities_utf8($this->to);
- $description = htmlentities_utf8($this->description, false);
+ $university = AT_print($this->university, 'input.text');
+ $country = AT_print($this->country, 'input.text');
+ $province = AT_print($this->province, 'input.text');
+ $degree = AT_print($this->degree, 'input.text');
+ $field = AT_print($this->field, 'input.text');
+ $from = AT_print($this->from, 'input.text');
+ $to = AT_print($this->to, 'input.text');
+ $description = AT_print($this->description, 'input.text');
?>
<script type='text/javascript' src='jscripts/lib/calendar.js'></script>
<script type="text/javascript">
<?php
- global $addslashes;
-
- //escape all strings
- $per_weight = htmlentities_utf8($this->per_weight);
- $per_height = htmlentities_utf8($this->per_height);
- $per_hair = htmlentities_utf8($this->per_hair);
- $per_eyes = htmlentities_utf8($this->per_eyes);
- $per_ethnicity = htmlentities_utf8($this->per_ethnicity);
- $per_languages = htmlentities_utf8($this->per_languages);
- $per_disabilities = htmlentities_utf8($this->per_disabilities);
-
+global $addslashes;
+
+//escape all strings
+$per_weight = AT_print($this->per_weight, 'input.text');
+$per_height = AT_print($this->per_height, 'input.text');
+$per_hair = AT_print($this->per_hair, 'input.text');
+$per_eyes = AT_print($this->per_eyes, 'input.text');
+$per_ethnicity = AT_print($this->per_ethnicity, 'input.text');
+$per_languages = AT_print($this->per_languages, 'input.text');
+$per_disabilities = AT_print($this->per_disabilities, 'input.text');
?>
<div class="headingbox"><h3><?php if($_GET['id']){echo _AT('edit_personal');}else{echo _AT('add_new_personal');}?></h3></div>
<div class="contentbox">
<form method="post" action="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php'); ?>">
- <dl id="public-profile">
-
- <dt><label for="per_weight"><?php echo _AT('per_weight'); ?></label></dt>
- <dd><input type="text" id="per_weight" name="per_weight" value="<?php echo $per_weight; ?>" /></dd>
-
- <dt><label for="per_height"><?php echo _AT('per_height'); ?></label></dt>
- <dd><input type="text" id="per_height" name="per_height" value="<?php echo $per_height; ?>" /></dd>
-
- <dt><label for="per_hair"><?php echo _AT('per_hair'); ?></label></dt>
- <dd><input type="text" id="per_hair" name="per_hair" value="<?php echo $per_hair; ?>" /></dd>
-
- <dt><label for="per_eyes"><?php echo _AT('per_eyes'); ?></label></dt>
- <dd><input type="text" id="per_eyes" name="per_eyes" value="<?php echo $per_eyes; ?>" /></dd>
-
- <dt><label for="per_ethnicity"><?php echo _AT('per_ethnicity'); ?></label></dt>
- <dd><input type="text" id="per_ethnicity" name="per_ethnicity" value="<?php echo $per_ethnicity; ?>" /></dd>
-
- <dt><label for="per_languages"><?php echo _AT('per_languages'); ?></label></dt>
- <dd><input type="text" id="per_languages" name="per_languages" value="<?php echo $per_languages; ?>" /></dd>
-
- <dt><label for="per_disabilities"><?php echo _AT('per_disabilities'); ?></label></dt>
- <dd><input type="text" id="per_disabilities" name="per_disabilities" value="<?php echo $per_disabilities; ?>" /></dd>
-
- </dl>
- <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
- <?php if($_GET['id']){ ?>
- <input type="hidden" name="edit" value="personal" />
- <?php }else { ?>
- <input type="hidden" name="add" value="personal" />
- <?php } ?>
-
- <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
- <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
-
+ <dl id="public-profile">
+
+ <dt><label for="per_weight"><?php echo _AT('per_weight'); ?></label></dt>
+ <dd><input type="text" id="per_weight" name="per_weight" value="<?php echo $per_weight; ?>" /></dd>
+
+ <dt><label for="per_height"><?php echo _AT('per_height'); ?></label></dt>
+ <dd><input type="text" id="per_height" name="per_height" value="<?php echo $per_height; ?>" /></dd>
+
+ <dt><label for="per_hair"><?php echo _AT('per_hair'); ?></label></dt>
+ <dd><input type="text" id="per_hair" name="per_hair" value="<?php echo $per_hair; ?>" /></dd>
+
+ <dt><label for="per_eyes"><?php echo _AT('per_eyes'); ?></label></dt>
+ <dd><input type="text" id="per_eyes" name="per_eyes" value="<?php echo $per_eyes; ?>" /></dd>
+
+ <dt><label for="per_ethnicity"><?php echo _AT('per_ethnicity'); ?></label></dt>
+ <dd><input type="text" id="per_ethnicity" name="per_ethnicity" value="<?php echo $per_ethnicity; ?>" /></dd>
+
+ <dt><label for="per_languages"><?php echo _AT('per_languages'); ?></label></dt>
+ <dd><input type="text" id="per_languages" name="per_languages" value="<?php echo $per_languages; ?>" /></dd>
+
+ <dt><label for="per_disabilities"><?php echo _AT('per_disabilities'); ?></label></dt>
+ <dd><input type="text" id="per_disabilities" name="per_disabilities" value="<?php echo $per_disabilities; ?>" /></dd>
+
+ </dl>
+ <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
+ <?php if($_GET['id']){ ?>
+ <input type="hidden" name="edit" value="personal" />
+ <?php }else { ?>
+ <input type="hidden" name="add" value="personal" />
+ <?php } ?>
+
+ <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
+ <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
+
</form>
</div>
\ No newline at end of file
<?php
- global $addslashes;
-
- //escape all strings
- $rep_name = htmlentities_utf8($this->rep_name);
- $rep_title = htmlentities_utf8($this->rep_title);
- $rep_phone = htmlentities_utf8($this->rep_phone);
- $rep_email = htmlentities_utf8($this->rep_email);
- $rep_address = htmlentities_utf8($this->rep_address);
+global $addslashes;
+//escape all strings
+$rep_name = AT_print($this->rep_name, 'input.text');
+$rep_title = AT_print($this->rep_title, 'input.text');
+$rep_phone = AT_print($this->rep_phone, 'input.text');
+$rep_email = AT_print($this->rep_email, 'input.text');
+$rep_address = AT_print($this->rep_address, 'input.text');
?>
<div class="headingbox"><h3><?php if($_GET['id']){echo _AT('edit_representation');}else{echo _AT('add_new_representation');}?></h3></div>
<div class="contentbox">
<form method="post" action="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php'); ?>">
- <dl id="public-profile">
- <dt><label for="rep_name"><?php echo _AT('name'); ?></label></dt>
- <dd><input type="text" id="rep_name" name="rep_name" value="<?php echo $rep_name; ?>" /></dd>
-
- <dt><label for="rep_title"><?php echo _AT('title'); ?></label></dt>
- <dd><input type="text" id="rep_title" name="rep_title" value="<?php echo $rep_title; ?>" /></dd>
-
- <dt><label for="rep_phone"><?php echo _AT('phone'); ?></label></dt>
- <dd><input type="text" id="rep_phone" name="rep_phone" value="<?php echo $rep_phone; ?>" /></dd>
-
- <dt><label for="rep_email"><?php echo _AT('email'); ?></label></dt>
- <dd><input type="text" id="rep_email" name="rep_email" value="<?php echo $rep_email; ?>" /></dd>
+ <dl id="public-profile">
+ <dt><label for="rep_name"><?php echo _AT('name'); ?></label></dt>
+ <dd><input type="text" id="rep_name" name="rep_name" value="<?php echo $rep_name; ?>" /></dd>
+
+ <dt><label for="rep_title"><?php echo _AT('title'); ?></label></dt>
+ <dd><input type="text" id="rep_title" name="rep_title" value="<?php echo $rep_title; ?>" /></dd>
+
+ <dt><label for="rep_phone"><?php echo _AT('phone'); ?></label></dt>
+ <dd><input type="text" id="rep_phone" name="rep_phone" value="<?php echo $rep_phone; ?>" /></dd>
+
+ <dt><label for="rep_email"><?php echo _AT('email'); ?></label></dt>
+ <dd><input type="text" id="rep_email" name="rep_email" value="<?php echo $rep_email; ?>" /></dd>
- <dt><label for="rep_address"><?php echo _AT('street_address'); ?></label></dt>
- <dd><textarea name="rep_address" id="rep_address" cols="40" rows="5"><?php echo $rep_address; ?></textarea></dd>
- </dl>
- <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
- <?php if($_GET['id']){ ?>
- <input type="hidden" name="edit" value="representation" />
- <?php }else { ?>
- <input type="hidden" name="add" value="representation" />
- <?php } ?>
-
- <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
- <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
-
+ <dt><label for="rep_address"><?php echo _AT('street_address'); ?></label></dt>
+ <dd><textarea name="rep_address" id="rep_address" cols="40" rows="5"><?php echo $rep_address; ?></textarea></dd>
+ </dl>
+ <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
+ <?php if($_GET['id']){ ?>
+ <input type="hidden" name="edit" value="representation" />
+ <?php }else { ?>
+ <input type="hidden" name="add" value="representation" />
+ <?php } ?>
+
+ <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
+ <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
+
</form>
</div>
\ No newline at end of file
<?php
- global $addslashes;
+global $addslashes;
- //escape all strings
- $url = htmlentities_utf8($this->url);
- $site_name = htmlentities_utf8($this->site_name);
+//escape all strings
+$url = AT_print($this->url, 'input.text');
+$site_name = AT_print($this->site_name, 'input.text');
?>
<div class="headingbox"><h3><?php if($_GET['id']){echo _AT('edit_websites');}else{echo _AT('add_new_website');}?></h3></div>
<div class="contentbox">
<form method="POST" action="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php'); ?>">
- <dl id="public-profile">
- <dt><label for="url"><?php echo _AT('url'); ?></label></dt>
- <dd><input type="text" id="url" name="url" value="<?php echo $url; ?>" /></dd>
+ <dl id="public-profile">
+ <dt><label for="url"><?php echo _AT('url'); ?></label></dt>
+ <dd><input type="text" id="url" name="url" value="<?php echo $url; ?>" /></dd>
- <dt><label for="site_name"><?php echo _AT('site_name'); ?></label></dt>
- <dd><input type="text" id="site_name" name="site_name" value="<?php echo $site_name; ?>" /></dd>
+ <dt><label for="site_name"><?php echo _AT('site_name'); ?></label></dt>
+ <dd><input type="text" id="site_name" name="site_name" value="<?php echo $site_name; ?>" /></dd>
- <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
- <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
- <?php if($_GET['id']){ ?>
- <input type="hidden" name="edit" value="websites" />
- <?php }else { ?>
- <input type="hidden" name="add" value="websites" />
- <?php } ?>
- <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
- <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
- </dl>
+ <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
+ <input type="hidden" name="id" value="<?php echo $this->id; ?>" />
+ <?php if($_GET['id']){ ?>
+ <input type="hidden" name="edit" value="websites" />
+ <?php }else { ?>
+ <input type="hidden" name="add" value="websites" />
+ <?php } ?>
+ <input type="submit" name="submit" class="button" value="<?php echo _AT('save'); ?>" />
+ <input type="submit" name="cancel" class="button" value="<?php echo _AT('cancel'); ?>" />
+ </dl>
</div>
</form>
\ No newline at end of file
<?php if($this->profile['occupation']){ ?>
<dt><?php echo _AT('occupation'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['occupation']); ?></dd>
+ <dd><?php echo AT_print($this->profile['occupation'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['expertise']){ ?>
<dt><?php echo _AT('expertise'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['expertise']); ?></dd>
+ <dd><?php echo AT_print($this->profile['expertise'], 'social.profile'); ?></dd>
<?php }?>
<?php if ($this->relationship==AT_SOCIAL_FRIENDS_VISIBILITY || $this->relationship==AT_SOCIAL_OWNER_VISIBILITY): ?>
<?php if($this->profile['email']): ?>
<dt><?php echo _AT('email'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['email']); ?></dd>
+ <dd><?php echo AT_print($this->profile['email'], 'social.profile'); ?></dd>
<?php endif; ?>
<?php endif; ?>
<?php if($this->profile['gender']!='n'){ ?>
<?php }?>
<?php if($this->profile['phone']){ ?>
<dt><?php echo _AT('phone'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['phone']); ?></dd>
+ <dd><?php echo AT_print($this->profile['phone'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['country']){ ?>
<dt><?php echo _AT('country'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['country']); ?></dd>
+ <dd><?php echo AT_print($this->profile['country'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['postal']){ ?>
<dt><?php echo _AT('street_address'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['postal']); ?></dd>
+ <dd><?php echo AT_print($this->profile['postal'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['interests']){ ?>
<dt><?php echo _AT('interests'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['interests']); ?></dd>
+ <dd><?php echo AT_print($this->profile['interests'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['associations']){ ?>
<dt><?php echo _AT('associations'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['associations']); ?></dd>
+ <dd><?php echo AT_print($this->profile['associations'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['awards']){ ?>
<dt><?php echo _AT('awards'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['awards']); ?></dd>
+ <dd><?php echo AT_print($this->profile['awards'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->profile['others']){ ?>
<dt><?php echo _AT('others'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->profile['others']); ?></dd>
+ <dd><?php echo AT_print($this->profile['others'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_weight']){ ?>
<dt><?php echo _AT('per_weight'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_weight']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_weight'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_height']){ ?>
<dt><?php echo _AT('per_height'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_height']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_height'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_hair']){ ?>
<dt><?php echo _AT('per_hair'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_hair']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_hair'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_eyes']){ ?>
<dt><?php echo _AT('per_eyes'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_eyes']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_eyes'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_ethnicity']){ ?>
<dt><?php echo _AT('per_ethnicity'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_ethnicity']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_ethnicity'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_languages']){ ?>
<dt><?php echo _AT('per_languages'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_languages']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_languages'], 'social.profile'); ?></dd>
<?php }?>
<?php if($this->personal['per_disabilities']){ ?>
<dt><?php echo _AT('per_disabilities'); ?></dt><br />
- <dd><?php echo htmlentities_utf8($this->personal['per_disabilities']); ?></dd>
+ <dd><?php echo AT_print($this->personal['per_disabilities'], 'social.profile'); ?></dd>
<?php }?>
<br /><div class="headingbox" style="margin-right:1em;"><h4><?php echo _AT('representation'); ?></h4></div>
<div class="contentbox" style="margin-right:1em;">
- <?php foreach($this->representation as $row=>$value){ ?>
+ <?php foreach($this->representation as $row=>$value){ ?>
<dl class="public-profile">
- <dt><?php echo _AT('name') . ':' ?></dt> <br /><dd> <?php echo htmlentities_utf8($value['rep_name']); ?></dd>
-
- <dt><?php echo _AT('title') . ': ' ?></dt> <br /><dd> <?php echo htmlentities_utf8($value['rep_title']); ?></dd>
- <dt><?php echo _AT('phone') . ':' ?></dt><br /> <dd> <?php echo htmlentities_utf8($value['rep_phone']);?></dd>
- <dt><?php echo _AT('email') . ': ' ?></dt><br /> <dd> <?php echo htmlentities_utf8($value['rep_email']); ?></dd>
- <dt><?php echo _AT('street_address') . ': ' ?></dt> <br /><dd> <?php echo htmlentities_utf8($value['rep_address']); ?></dd>
+ <dt><?php echo _AT('name') . ':' ?></dt> <br /><dd> <?php echo AT_print($value['rep_name'], 'social.profile'); ?></dd>
+ <dt><?php echo _AT('title') . ': ' ?></dt> <br /><dd> <?php echo AT_print($value['rep_title'], 'social.profile'); ?></dd>
+ <dt><?php echo _AT('phone') . ':' ?></dt><br /> <dd> <?php echo AT_print($value['rep_phone'], 'social.profile');?></dd>
+ <dt><?php echo _AT('email') . ': ' ?></dt><br /> <dd> <?php echo AT_print($value['rep_email'], 'social.profile'); ?></dd>
+ <dt><?php echo _AT('street_address') . ': ' ?></dt> <br /><dd> <?php echo AT_print($value['rep_address'], 'social.profile'); ?></dd>
</dl>
<?php } ?>
<?php foreach($this->contact as $row=>$value){ ?>
<dl class="public-profile">
- <dt><?php echo _AT('name') . ':' ?></dt> <br /><dd> <?php echo htmlentities_utf8($value['con_name']); ?></dd>
- <dt><?php echo _AT('phone') . ':' ?></dt> <br /><dd> <?php echo htmlentities_utf8($value['con_phone']);?></dd>
- <dt><?php echo _AT('email') . ': ' ?></dt><br /> <dd> <?php echo htmlentities_utf8($value['con_email']); ?></dd>
- <dt><?php echo _AT('street_address') . ': ' ?></dt><br /> <dd> <?php echo htmlentities_utf8($value['con_address']); ?></dd>
+ <dt><?php echo _AT('name') . ':' ?></dt> <br /><dd> <?php echo AT_print($value['con_name'], 'social.profile'); ?></dd>
+ <dt><?php echo _AT('phone') . ':' ?></dt> <br /><dd> <?php echo AT_print($value['con_phone'], 'social.profile');?></dd>
+ <dt><?php echo _AT('email') . ': ' ?></dt><br /> <dd> <?php echo AT_print($value['con_email'], 'social.profile'); ?></dd>
+ <dt><?php echo _AT('street_address') . ': ' ?></dt><br /> <dd> <?php echo AT_print($value['con_address'], 'social.profile'); ?></dd>
</dl>
<?php } ?>
<tbody>
<?php
foreach($this->education as $edu){
- echo '<tr><td>'.htmlentities_utf8($edu['university']).'</td>';
- echo '<td>'.htmlentities_utf8($edu['degree'].'/'.$edu['field']).'</td>';
- echo '<td>'.htmlentities_utf8($edu['from'].'-'.$edu['to']).'</td></tr>';
+ echo '<tr><td>'.AT_print($edu['university'], 'social.profile').'</td>';
+ echo '<td>'.AT_print($edu['degree'].'/'.$edu['field'], 'social.profile').'</td>';
+ echo '<td>'.AT_print($edu['from'].'-'.$edu['to'], 'social.profile').'</td></tr>';
}
?>
</tbody>
<tbody>
<?php
foreach($this->position as $pos){
- echo '<tr><td>'.htmlentities_utf8($pos['company']).'</td>';
- echo '<td>'.htmlentities_utf8($pos['title']).'</td>';
- echo '<td>'.htmlentities_utf8($pos['from'].'-'.$pos['to']).'</td></tr>';
+ echo '<tr><td>'.AT_print($pos['company'], 'social.profile').'</td>';
+ echo '<td>'.AT_print($pos['title'], 'social.profile').'</td>';
+ echo '<td>'.AT_print($pos['from'].'-'.$pos['to'], 'social.profile').'</td></tr>';
}
?>
</tbody>
if ($is_http==0){
$sites['url'] = 'http://' . $sites['url'];
}
- echo '<tr><td>'.htmlentities_utf8($sites['site_name']).'</td>';
+ echo '<tr><td>'.AT_print($sites['site_name'], 'social.profile').'</td>';
echo '<td><a href="'.$sites['url'].'" target="user_profile_site">'.$sites['url'].'</a></td></tr>';
}
?>
$course_icon = 'images/courses/'.$row['icon'];\r
}\r
?>\r
- <a href="<?php echo url_rewrite('bounce.php?course='.$row['course_id'], true); ?>"><img src="<?php echo $course_icon; ?>" class="headicon" alt="<?php echo htmlentities($row['title'], ENT_QUOTES, 'UTF-8'); ?>" style="float:left;margin-right:.5em;"/></a>\r
+ <a href="<?php echo url_rewrite('bounce.php?course='.$row['course_id'], true); ?>"><img src="<?php echo $course_icon; ?>" class="headicon" alt="<?php echo htmlentities_utf8($row['title']); ?>" style="float:left;margin-right:.5em;"/></a>\r
<?php } ?>\r
</td>\r
<td>\r
- <h3><a href="<?php echo url_rewrite('bounce.php?course='.$row['course_id'], true); ?>"><?php echo htmlentities($row['title'], ENT_QUOTES, 'UTF-8'); ?></a></h3>\r
+ <h3><a href="<?php echo url_rewrite('bounce.php?course='.$row['course_id'], true); ?>"><?php echo htmlentities_utf8($row['title']); ?></a></h3>\r
</td>\r
<td>\r
<?php if ($row['description']): ?>\r
- <div style="height:6.4em;" title="<?php echo htmlentities($row['description']);?>"><?php echo substr(nl2br(htmlentities($row['description'], ENT_QUOTES, 'UTF-8')),0,150); \r
+ <div style="height:6.4em;" title="<?php echo htmlentities($row['description']);?>"><?php echo substr(htmlentities_utf8($row['description'], true),0,150); \r
if(strlen($row['description']) > 150){\r
echo "...";\r
}\r
?> </div>\r
<?php else: ?>\r
- <div style="height:6.4em;clear:right;" title="<?php echo htmlentities($row['description']);?>"> </div>\r
+ <div style="height:6.4em;clear:right;" title="<?php echo htmlentities_utf8($row['description']);?>"> </div>\r
<?php endif; ?>\r
</td>\r
<td>\r
<tr class="<?php if ($counter %2) { echo 'odd'; } else { echo 'even'; } ?>">
<td>
<?php if ($row['icon'] == ''): ?>
- <img src="images/clr.gif" class="icon" border="1" width="79" height="79" alt="<?php echo htmlentities($row['title'], ENT_QUOTES, 'UTF-8'); ?>" />
+ <img src="images/clr.gif" class="icon" border="1" width="79" height="79" alt="<?php echo htmlentities_utf8($row['title']); ?>" />
<?php else:
echo $link;
$dir = "images/courses/".$row['icon'];
}
?>
- <img src="<?php echo $dir; ?>" class="icon" border="0" alt="<?php echo htmlentities($row['title'], ENT_QUOTES, 'UTF-8'); ?>" />
+ <img src="<?php echo $dir; ?>" class="icon" border="0" alt="<?php echo htmlentities_utf8($row['title']); ?>" />
<?php echo $link2; ?>
<?php endif; ?>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?p=1"><?php echo _AT('show_pages'); ?></a>
<?php }else if($newscount > 0){ ?>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?p=all"><?php echo _AT('show_all'); ?></a>
- <?php }else{
+ <?php } else {
echo _AT('none_found');
}?>
<br /><br />
<div id="subnavbacktopage">
<?php if (isset($this->back_to_page)): ?>
<a href="<?php echo $this->back_to_page['url']; ?>">
- <img border="0" width="10" height="11" alt="<?php echo _AT('back_to').' '.$this->back_to_page['title']; ?>" src="<?php echo $this->base_href; ?>images/arrowicon.gif" style="float:left;" class="img1111"/></a>
+ <img border="0" width="10" height="11" alt="<?php echo _AT('back_to').' '.htmlentities_utf8($this->back_to_page['title']); ?>" src="<?php echo $this->base_href; ?>images/arrowicon.gif" style="float:left;" class="img1111"/></a>
<?php endif; ?>
</div>
<?php
global $addslashes;
//escape all strings
- $title = htmlentities_utf8($this->title);
- $interests = htmlentities_utf8($this->interests, false);
- $associations = htmlentities_utf8($this->associations, false);
- $awards = htmlentities_utf8($this->awards, false);
+ $title = AT_print($this->title, 'input.text');
+ $interests = AT_print($this->interests, 'input.text');
+ $associations = AT_print($this->associations, 'input.text');
+ $awards = AT_print($this->awards, 'input.text');
?>
<form method="post" action="<?php echo url_rewrite(AT_SOCIAL_BASENAME.'edit_profile.php'); ?>">