// Output the raw HTML code
function outputRawCode ($htmlCode) {
// Output stripped HTML code to avoid broken JavaScript code, etc.
- print($htmlCode);
+ print(str_replace('{BACK}', "\\", $htmlCode));
// Flush the output if only getPhpCaching() is not 'on'
if (getPhpCaching() != 'on') {
// Normal HTML output?
if (getOutputMode() == '0') {
// Add surrounding HTML comments to help finding bugs faster
- $ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+ $ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
// Prepare eval() command
$eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";';
} elseif (substr($template, 0, 3) == 'js_') {
// JavaScripts don't like entities and timings
- $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
+ $eval = '$ret = decodeEntities("' . compileRawCode(escapeJavaScriptQuotes($GLOBALS['tpl_content'])) . '");';
} else {
- // Prepare eval() command
- $eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";';
+ // Prepare eval() command, other output doesn't like entities, maybe
+ $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
}
} else {
// Add surrounding HTML comments to help finding bugs faster
- $ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+ $ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
$eval = '$ret = "' . escapeQuotes($ret) . '";';
} // END - if
//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):TO={$toEmail},SUBJECT={$subject}<br />");
// Compile subject line (for POINTS constant etc.)
- eval("\$subject = decodeEntities(\"".compileRawCode(escapeQuotes($subject))."\");");
+ eval("\$subject = decodeEntities(\"".compileCode(escapeQuotes($subject))."\");");
// Set from header
if ((!eregi('@', $toEmail)) && ($toEmail > 0)) {
}
// Compile "TO"
- eval("\$toEmail = \"".compileRawCode(escapeQuotes($toEmail))."\";");
+ eval("\$toEmail = \"".compileCode(escapeQuotes($toEmail))."\";");
// Compile "MSG"
- eval("\$message = \"".compileRawCode(escapeQuotes($message))."\";");
+ eval("\$message = \"".compileCode(escapeQuotes($message))."\";");
// Fix HTML parameter (default is no!)
if (empty($isHtml)) $isHtml = 'N';
// Replace it in the code
//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):key={$key},match={$match}<br />");
$newMatch = str_replace('[', "['", str_replace(']', "']", $match));
- $code = str_replace($match, "\"." . $newMatch.".\"", $code);
+ $code = str_replace($match, '".' . $newMatch . '."', $code);
$matchesFound[$key . '_' . $matches[4][$key]] = 1;
$matchesFound[$match] = 1;
} elseif (!isset($matchesFound[$match])) {
// Not yet replaced!
//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):match={$match}<br />");
- $code = str_replace($match, "\"." . $match.".\"", $code);
+ $code = str_replace($match, '".' . $match . '."', $code);
$matchesFound[$match] = 1;
}
} // END - foreach
$r .= '</span>|';
// Add code
- $r .= '<span class="linetext">' . secureString($c) . '</span></div>';
+ $r .= '<span class="linetext">' . htmlentities($c) . '</span></div>';
}
return '<div class="code">' . $r . '</div>';
// Escape all (including null)
$str = addslashes($str);
} else {
- // Escape only double-quotes
- $str = str_replace('"', "\\\"", $str);
+ // Escape only double-quotes but prevent double-quoting
+ $str = str_replace("\\\\", "\\", str_replace('"', "\\\"", $str));
}
// Return the escaped string
return $str;
}
+// Escapes the JavaScript code, prevents \r and \n becoming char 10/13
+function escapeJavaScriptQuotes ($str) {
+ // Replace all double-quotes and secure back-ticks
+ $str = str_replace('"', '\"', str_replace("\\", '{BACK}', $str));
+
+ // Return it
+ return $str;
+}
+
//////////////////////////////////////////////////
// AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
//////////////////////////////////////////////////
if (!function_exists('http_build_query')) {
// Taken from documentation on www.php.net, credits to Marco K. (Germany)
- function http_build_query($data, $prefix='', $sep='', $key='') {
+ function http_build_query($data, $prefix = '', $sep = '', $key = '') {
$ret = array();
foreach ((array)$data as $k => $v) {
if (is_int($k) && $prefix != null) {
return implode($sep, $ret);
}
-}// // END - if
+} // END - if
// [EOF]
?>