X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=c727a3bf64ffe0cd73f0e22fb022a5db79922761;hp=0d11b7f068a7c2b06f0409adfcabe0e0710e16aa;hb=258bb8c82f21617f7f90bff8023602a11b986f7e;hpb=aaf81b8f35512782d34f78c1a0dac8b42d745393

diff --git a/inc/functions.php b/inc/functions.php
index 0d11b7f068..c727a3bf64 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -184,7 +184,7 @@ function compileFinalOutput () {
 // Output the raw HTML code
 function outputRawCode ($htmlCode) {
 	// Output stripped HTML code to avoid broken JavaScript code, etc.
-	print($htmlCode);
+	print(str_replace('{BACK}', "\\", $htmlCode));
 
 	// Flush the output if only getPhpCaching() is not 'on'
 	if (getPhpCaching() != 'on') {
@@ -288,20 +288,20 @@ function loadTemplate ($template, $return = false, $content = array()) {
 				// Normal HTML output?
 				if (getOutputMode() == '0') {
 					// Add surrounding HTML comments to help finding bugs faster
-					$ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+					$ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
 
 					// Prepare eval() command
 					$eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";';
 				} elseif (substr($template, 0, 3) == 'js_') {
 					// JavaScripts don't like entities and timings
-					$eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
+					$eval = '$ret = decodeEntities("' . compileRawCode(escapeJavaScriptQuotes($GLOBALS['tpl_content'])) . '");';
 				} else {
-					// Prepare eval() command
-					$eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";';
+					// Prepare eval() command, other output doesn't like entities, maybe
+					$eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
 				}
 			} else {
 				// Add surrounding HTML comments to help finding bugs faster
-				$ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+				$ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
 				$eval = '$ret = "' . escapeQuotes($ret) . '";';
 			} // END - if
 
@@ -602,7 +602,7 @@ Message : ' . $message . '
 	}
 }
 
-// Check if legacy or PHPMailer command
+// Check to use wether legacy mail() command or PHPMailer class
 // @TODO Rewrite this to an extension 'smtp'
 // @private
 function checkPhpMailerUsage() {
@@ -611,6 +611,12 @@ function checkPhpMailerUsage() {
 
 // Send out a raw email with PHPMailer class or legacy mail() command
 function sendRawEmail ($toEmail, $subject, $message, $from) {
+	// Just compile all again, to put out all configs, etc.
+	eval('$toEmail = decodeEntities("' . compileRawCode(escapeQuotes($toEmail)) . '");');
+	eval('$subject = decodeEntities("' . compileRawCode(escapeQuotes($subject)) . '");');
+	eval('$message = decodeEntities("' . compileRawCode(escapeQuotes($message)) . '");');
+	eval('$from    = decodeEntities("' . compileRawCode(escapeQuotes($from))    . '");');
+
 	// Shall we use PHPMailer class or legacy mode?
 	if (checkPhpMailerUsage()) {
 		// Use PHPMailer class with SMTP enabled
@@ -1076,13 +1082,13 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true
 				// Replace it in the code
 				//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):key={$key},match={$match}<br />");
 				$newMatch = str_replace('[', "['", str_replace(']', "']", $match));
-				$code = str_replace($match, "\"." . $newMatch.".\"", $code);
+				$code = str_replace($match, '".' . $newMatch . '."', $code);
 				$matchesFound[$key . '_' . $matches[4][$key]] = 1;
 				$matchesFound[$match] = 1;
 			} elseif (!isset($matchesFound[$match])) {
 				// Not yet replaced!
 				//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):match={$match}<br />");
-				$code = str_replace($match, "\"." . $match.".\"", $code);
+				$code = str_replace($match, '".' . $match . '."', $code);
 				$matchesFound[$match] = 1;
 			}
 		} // END - foreach
@@ -1335,7 +1341,7 @@ function bigintval ($num, $castValue = true) {
 function generateImageOrCode ($img_code, $headerSent = true) {
 	// Is the code size oversized or shouldn't we display it?
 	if ((strlen($img_code) > 6) || (empty($img_code)) || (getConfig('code_length') == '0')) {
-		// Stop execution of function here because of over-sized code length
+		// Stop2 execution of function here because of over-sized code length
 		debug_report_bug('img_code ' . $img_code .' has invalid length. img_code()=' . strlen($img_code) . ' code_length=' . getConfig('code_length'));
 	} elseif ($headerSent === false) {
 		// Return an HTML code here
@@ -1448,35 +1454,35 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 	} else {
 		// Generate table
 		$OUT  = "<div align=\"" . $align."\">\n";
-		$OUT .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_table dashed\">\n";
+		$OUT .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"timebox_table dashed\">\n";
 		$OUT .= "<tr>\n";
 
 		if (ereg('Y', $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_YEARS--}</strong></td>\n";
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_YEARS--}</strong></td>\n";
 		}
 
 		if (ereg('M', $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_MONTHS--}</strong></td>\n";
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_MONTHS--}</strong></td>\n";
 		}
 
-		if (ereg("W", $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_WEEKS--}</strong></td>\n";
+		if (ereg('W', $display) || (empty($display))) {
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_WEEKS--}</strong></td>\n";
 		}
 
-		if (ereg("D", $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_DAYS--}</strong></td>\n";
+		if (ereg('D', $display) || (empty($display))) {
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_DAYS--}</strong></td>\n";
 		}
 
-		if (ereg("h", $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_HOURS--}</strong></td>\n";
+		if (ereg('h', $display) || (empty($display))) {
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_HOURS--}</strong></td>\n";
 		}
 
 		if (ereg('m', $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_MINUTES--}</strong></td>\n";
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_MINUTES--}</strong></td>\n";
 		}
 
-		if (ereg("s", $display) || (empty($display))) {
-			$OUT .= "  <td align=\"center\" class=\"admin_title bottom\"><div class=\"tiny\">{--_SECONDS--}</strong></td>\n";
+		if (ereg('s', $display) || (empty($display))) {
+			$OUT .= "  <td align=\"center\" class=\"timebox_column bottom2\"><div class=\"tiny\">{--_SECONDS--}</strong></td>\n";
 		}
 
 		$OUT .= "</tr>\n";
@@ -1492,7 +1498,7 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_ye\" value=\"0\" />\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_ye\" value=\"0\" />\n";
 		}
 
 		if (ereg('M', $display) || (empty($display))) {
@@ -1506,10 +1512,10 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_mo\" value=\"0\" />\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_mo\" value=\"0\" />\n";
 		}
 
-		if (ereg("W", $display) || (empty($display))) {
+		if (ereg('W', $display) || (empty($display))) {
 			// Generate week selection
 			$OUT .= "  <td align=\"center\"><select class=\"mini_select\" name=\"" . $prefix."_we\" size=\"1\">\n";
 			for ($idx = '0'; $idx <= 4; $idx++) {
@@ -1519,10 +1525,10 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_we\" value=\"0\" />\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_we\" value=\"0\" />\n";
 		}
 
-		if (ereg("D", $display) || (empty($display))) {
+		if (ereg('D', $display) || (empty($display))) {
 			// Generate day selection
 			$OUT .= "  <td align=\"center\"><select class=\"mini_select\" name=\"" . $prefix."_da\" size=\"1\">\n";
 			for ($idx = '0'; $idx <= 31; $idx++) {
@@ -1532,10 +1538,10 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_da\" value=\"0\">\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_da\" value=\"0\" />\n";
 		}
 
-		if (ereg("h", $display) || (empty($display))) {
+		if (ereg('h', $display) || (empty($display))) {
 			// Generate hour selection
 			$OUT .= "  <td align=\"center\"><select class=\"mini_select\" name=\"" . $prefix."_ho\" size=\"1\">\n";
 			for ($idx = '0'; $idx <= 23; $idx++) 	{
@@ -1545,7 +1551,7 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_ho\" value=\"0\">\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_ho\" value=\"0\" />\n";
 		}
 
 		if (ereg('m', $display) || (empty($display))) {
@@ -1558,10 +1564,10 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_mi\" value=\"0\">\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_mi\" value=\"0\" />\n";
 		}
 
-		if (ereg("s", $display) || (empty($display))) {
+		if (ereg('s', $display) || (empty($display))) {
 			// Generate second selection
 			$OUT .= "  <td align=\"center\"><select class=\"mini_select\" name=\"" . $prefix."_se\" size=\"1\">\n";
 			for ($idx = '0'; $idx <= 59; $idx++) {
@@ -1571,7 +1577,7 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align =
 			}
 			$OUT .= "  </select></td>\n";
 		} else {
-			$OUT .= "<INPUT type=\"hidden\" name=\"" . $prefix."_se\" value=\"0\">\n";
+			$OUT .= "<input type=\"hidden\" name=\"" . $prefix."_se\" value=\"0\" />\n";
 		}
 		$OUT .= "</tr>\n";
 		$OUT .= "</table>\n";
@@ -2022,7 +2028,7 @@ function generateHash ($plainText, $salt = '') {
 
 	// Do we miss an arry element here?
 	if (!isConfigEntrySet('file_hash')) {
-		// Stop here
+		// Stop2 here
 		debug_report_bug('Missing file_hash in ' . __FUNCTION__ . '.');
 	} // END - if
 
@@ -2360,7 +2366,7 @@ function getThemeId ($name) {
 
 		// Count up
 		incrementStatsEntry('cache_hits');
-	} elseif (getExtensionVersion('cache') != '0.1.8') {
+	} elseif (isExtensionInstalledAndNewer('cache', '0.1.8')) {
 		// Check if current theme is already imported or not
 		$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_themes` WHERE `theme_path`='%s' LIMIT 1",
 			array($name), __FUNCTION__, __LINE__);
@@ -3221,7 +3227,7 @@ function shutdown () {
 		addFatalMessage(__FILE__, __LINE__, getMessage('NO_DB_LINK_SHUTDOWN'));
 	}
 
-	// Stop executing here
+	// Stop2 executing here
 	exit;
 }
 
@@ -3565,7 +3571,7 @@ function linenumberCode ($code)    {
 		$r .= '</span>|';
 
 		// Add code
-		$r .= '<span class="linetext">' . secureString($c) . '</span></div>';
+		$r .= '<span class="linetext">' . htmlentities($c) . '</span></div>';
 	}
 
 	return '<div class="code">' . $r . '</div>';
@@ -3684,14 +3690,23 @@ function escapeQuotes ($str, $single = false) {
 		// Escape all (including null)
 		$str = addslashes($str);
 	} else {
-		// Escape only double-quotes
-		$str = str_replace('"', "\\\"", $str);
+		// Escape only double-quotes but prevent double-quoting
+		$str = str_replace("\\\\", "\\", str_replace('"', "\\\"", $str));
 	}
 
 	// Return the escaped string
 	return $str;
 }
 
+// Escapes the JavaScript code, prevents \r and \n becoming char 10/13
+function escapeJavaScriptQuotes ($str) {
+	// Replace all double-quotes and secure back-ticks
+	$str = str_replace('"', '\"', str_replace("\\", '{BACK}', $str));
+
+	// Return it
+	return $str;
+}
+
 //////////////////////////////////////////////////
 // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
 //////////////////////////////////////////////////
@@ -3707,7 +3722,7 @@ if (!function_exists('html_entity_decode')) {
 
 if (!function_exists('http_build_query')) {
 	// Taken from documentation on www.php.net, credits to Marco K. (Germany)
-	function http_build_query($data, $prefix='', $sep='', $key='') {
+	function http_build_query($data, $prefix = '', $sep = '', $key = '') {
 		$ret = array();
 		foreach ((array)$data as $k => $v) {
 			if (is_int($k) && $prefix != null) {
@@ -3727,7 +3742,7 @@ if (!function_exists('http_build_query')) {
 
 		return implode($sep, $ret);
 	}
-}// // END - if
+} // END - if
 
 // [EOF]
 ?>