return $err;
header('Location: ' . serverVar('HTTP_REFERER'));
break;
- }
+ }
exit;
}
/* Internal helper functions for dealing with external file retrieval */
function retrieveUrl ($url) {
-//mod by cles
- $ua = ini_set('user_agent', 'NP_TrackBack/'. $this->getVersion());
+//mod by cles\r $ua = ini_set('user_agent', 'NP_TrackBack/'. $this->getVersion());
//mod by cles end
if (function_exists('curl_init') && $this->useCurl > 0)
{
return $string;
}
-function _strip_controlchar($string){
- $string = preg_replace("/[\x01-\x08\x0b\x0c\x0e-\x1f\x7f]+/","",$string);
+function _strip_controlchar($string){\r $string = preg_replace("/[\x01-\x08\x0b\x0c\x0e-\x1f\x7f]+/","",$string);
$string = str_replace("\0","",$string);
return $string;
}
exit;
}
+ // Actions
+ $action = requestVar('action');
+ $aActionsNotToCheck = array(
+ '',
+ );
+ if (!in_array($action, $aActionsNotToCheck)) {
+ if (!$manager->checkTicket()) doError(_ERROR_BADTICKET);
+ }
$oPluginAdmin->start();
//modify start+++++++++
$oTemplate = new Trackback_Template();
$oTemplate->set ('CONF', $CONF);
- // Actions
- $action = requestVar('action');
-
switch($action) {
//modify start+++++++++
<ul>
<li>Version 2.0.3jp7 : (2006/*/*)</li>
<li>¡¡[Changed] SpamChek¤Ë¤Ä¤¤¤ÆÈùÄ´À°</li>
- <li>¡¡[Fixed] ¥»¥¥å¥ê¥Æ¥£¤Î¸þ¾å(ticket½èÍý¤ÎÄɲá£CSRFÂкö)</li>
+ <li>¡¡[Added] Ticket½èÍý¤òÄɲÃ(CSRFÂкö)</li>
<li>Version 2.0.3jp6 : (2006/09/30)</li>
<li>¡¡[Fixed] ¥»¥¥å¥ê¥Æ¥£¤Î¸þ¾å</li>
+<?php global $manager; ?>
<h2>
All trackbacks
<?php if ($count > $amount): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
</tr>
</table>
<?php endif; ?>
-<?php endif; ?>
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
¥Ö¥í¥Ã¥¯¤µ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯
<?php if ($count > $amount): ?>
</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_clear&next=blocked'>¥Ö¥í¥Ã¥¯¤µ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤Î¥¯¥ê¥¢</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_spamclear&next=blocked'>spamȽÄꤵ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤Î¥¯¥ê¥¢</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_clear&next=blocked'),ENT_QUOTES); ?>">¥Ö¥í¥Ã¥¯¤µ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤Î¥¯¥ê¥¢</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_spamclear&next=blocked'),ENT_QUOTES); ?>">spamȽÄꤵ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤Î¥¯¥ê¥¢</a></li>
</ul>
<?php if(count($items)): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
'<span style="color: darkred;">No</span>';?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=unblock&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Unblock</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=unblock&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Unblock</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="plugin" />
<input type="hidden" name="name" value="TrackBack" />
<input type="hidden" name="type" value="ping" />
-
+
<table>
<tr>
<td>¤¢¤Ê¤¿¤Îµ»ö¤Îurl</td>
+<?php global $manager; ?>
<h2>Overview of all items</h2>
<?php if(count($blogs)): ?>
<?php echo htmlspecialchars($item['total']);?>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=list&id=<?php echo $item['inumber'];?>'>Trackbacks</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=list&id='.$item['inumber']),ENT_QUOTES);?>">Trackbacks</a>
</td>
</tr>
<?php endwhile; ?>
<?php endif; ?>
<?php endwhile; ?>
</table>
-<?php endif; ?>
-
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
All trackbacks for "<?php echo $story['title'];?>"
<?php if ($count > $amount): ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
-
+<?php global $manager; ?>
<h2>Trackback</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=index'>Overview of all items</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=all'>¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤ÎÁ´¥Ç¡¼¥¿</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked'>¥Ö¥í¥Ã¥¯¤µ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=ping'>¼êÆ°ping</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=help'>¥Ø¥ë¥×</a></li>
- <li><a href='<?php echo $CONF['AdminURL'];?>index.php?action=pluginoptions&plugid=<?php echo $plugid;?>'>¥×¥é¥°¥¤¥ó¥ª¥×¥·¥ç¥óÀßÄê</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=index'),ENT_QUOTES);?>">Overview of all items</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=all'),ENT_QUOTES);?>">¥È¥é¥Ã¥¯¥Ð¥Ã¥¯¤ÎÁ´¥Ç¡¼¥¿</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked'),ENT_QUOTES);?>">¥Ö¥í¥Ã¥¯¤µ¤ì¤¿¥È¥é¥Ã¥¯¥Ð¥Ã¥¯</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=ping'),ENT_QUOTES);?>">¼êÆ°ping</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=help'),ENT_QUOTES);?>">¥Ø¥ë¥×</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['AdminURL'].'index.php?action=pluginoptions&plugid='.$plugid),ENT_QUOTES);?>">¥×¥é¥°¥¤¥ó¥ª¥×¥·¥ç¥óÀßÄê</a></li>
</ul>
\ No newline at end of file
+<?php global $manager; ?>
<h2>¼êÆ°ping¥Õ¥©¡¼¥à</h2>
<form method="post" action="<?php echo $CONF['PluginURL'];?>trackback/index.php">
<input type="hidden" name="action" value="sendping" />
<input type="hidden" name="next" value="ping" />
-
+ <?php $manager->addTicketHidden(); ?>
+
<table>
<tr>
<th colspan='2'>¼êÆ°ping</th>
+<?php global $manager; ?>
<blockquote style="color: red;border:1px solid red;padding:1em;"><b>¥¢¥Ã¥×¥Ç¡¼¥È¤¬É¬ÍפǤ¹:</b><br />
¤³¤Î¥Ð¡¼¥¸¥ç¥ó¤Ç±¿ÍѤ¹¤ë¤¿¤á¤Ë¤ÏDBÆâ¤Î¥Æ¡¼¥Ö¥ë¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤¬É¬ÍפǤ¹¡£<br />
º£¤Þ¤Ç¤Î¥Ç¡¼¥¿¤¬ºï½ü¤µ¤ì¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£
<form method="post"><div>
<input type="hidden" name="action" value="tableUpgrade" />
<input type="submit" tabindex="10" value="upgrade table" />
+ <?php $manager->addTicketHidden(); ?>
</div></form>
</blockquote>
+<?php global $manager; ?>
<blockquote style="color: red;border:1px solid red;padding:1em;">
¥Æ¡¼¥Ö¥ë¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ï´°Î»¤·¤Þ¤·¤¿¡£
</blockquote>
<ul>
<li>Version 2.0.3jp7 : (2006/*/*)</li>
<li> [Changed] SpamChekについて微調整</li>
- <li> [Fixed] セキュリティの向上(ticket処理の追加。CSRF対策)</li>
+ <li> [Added] Ticket処理を追加(CSRF対策)</li>
<li>Version 2.0.3jp6 : (2006/09/30)</li>
<li> [Fixed] セキュリティの向上</li>
+<?php global $manager; ?>
<h2>
All trackbacks
<?php if ($count > $amount): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
</tr>
</table>
<?php endif; ?>
-<?php endif; ?>
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
ブロックされたトラックバック
<?php if ($count > $amount): ?>
</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_clear&next=blocked'>ブロックされたトラックバックのクリア</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_spamclear&next=blocked'>spam判定されたトラックバックのクリア</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_clear&next=blocked'),ENT_QUOTES); ?>">ブロックされたトラックバックのクリア</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_spamclear&next=blocked'),ENT_QUOTES); ?>">spam判定されたトラックバックのクリア</a></li>
</ul>
<?php if(count($items)): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
'<span style="color: darkred;">No</span>';?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=unblock&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Unblock</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=unblock&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Unblock</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="plugin" />
<input type="hidden" name="name" value="TrackBack" />
<input type="hidden" name="type" value="ping" />
-
+
<table>
<tr>
<td>あなたの記事のurl</td>
+<?php global $manager; ?>
<h2>Overview of all items</h2>
<?php if(count($blogs)): ?>
<?php echo htmlspecialchars($item['total']);?>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=list&id=<?php echo $item['inumber'];?>'>Trackbacks</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=list&id='.$item['inumber']),ENT_QUOTES);?>">Trackbacks</a>
</td>
</tr>
<?php endwhile; ?>
<?php endif; ?>
<?php endwhile; ?>
</table>
-<?php endif; ?>
-
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
All trackbacks for "<?php echo $story['title'];?>"
<?php if ($count > $amount): ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
-
+<?php global $manager; ?>
<h2>Trackback</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=index'>Overview of all items</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=all'>トラックバックの全データ</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked'>ブロックされたトラックバック</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=ping'>手動ping</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=help'>ヘルプ</a></li>
- <li><a href='<?php echo $CONF['AdminURL'];?>index.php?action=pluginoptions&plugid=<?php echo $plugid;?>'>プラグインオプション設定</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=index'),ENT_QUOTES);?>">Overview of all items</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=all'),ENT_QUOTES);?>">トラックバックの全データ</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked'),ENT_QUOTES);?>">ブロックされたトラックバック</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=ping'),ENT_QUOTES);?>">手動ping</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=help'),ENT_QUOTES);?>">ヘルプ</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['AdminURL'].'index.php?action=pluginoptions&plugid='.$plugid),ENT_QUOTES);?>">プラグインオプション設定</a></li>
</ul>
\ No newline at end of file
+<?php global $manager; ?>
<h2>手動pingフォーム</h2>
<form method="post" action="<?php echo $CONF['PluginURL'];?>trackback/index.php">
<input type="hidden" name="action" value="sendping" />
<input type="hidden" name="next" value="ping" />
-
+ <?php $manager->addTicketHidden(); ?>
+
<table>
<tr>
<th colspan='2'>手動ping</th>
+<?php global $manager; ?>
<blockquote style="color: red;border:1px solid red;padding:1em;"><b>アップデートが必要です:</b><br />
このバージョンで運用するためにはDB内のテーブルのアップデートが必要です。<br />
今までのデータが削除されることはありません。
<form method="post"><div>
<input type="hidden" name="action" value="tableUpgrade" />
<input type="submit" tabindex="10" value="upgrade table" />
+ <?php $manager->addTicketHidden(); ?>
</div></form>
</blockquote>
+<?php global $manager; ?>
<blockquote style="color: red;border:1px solid red;padding:1em;">
テーブルのアップデートは完了しました。
</blockquote>
+<?php global $manager; ?>
<h2>
All trackbacks
<?php if ($count > $amount): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=all&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=all&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="all" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
</tr>
</table>
<?php endif; ?>
-<?php endif; ?>
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
Blocked trackbacks
<?php if ($count > $amount): ?>
</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_clear&next=blocked'>Clear blocked trackbacks</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked_spamclear&next=blocked'>Clear spam trackbacks</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_clear&next=blocked'),ENT_QUOTES); ?>">ブロックされたトラックバックのクリア</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked_spamclear&next=blocked'),ENT_QUOTES); ?>">spam判定されたトラックバックのクリア</a></li>
</ul>
<?php if(count($items)): ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
'<span style="color: darkred;">No</span>';?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=unblock&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Unblock</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=unblock&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Unblock</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=blocked&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=blocked&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="submit" value="<< Previous" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="submit" value="Next > >" />
<input type="hidden" name="action" value="blocked" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="plugin" />
<input type="hidden" name="name" value="TrackBack" />
<input type="hidden" name="type" value="ping" />
-
+
<table>
<tr>
<td>Article URL</td>
+<?php global $manager; ?>
<h2>Overview of all items</h2>
<?php if(count($blogs)): ?>
<?php echo htmlspecialchars($item['total']);?>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=list&id=<?php echo $item['inumber'];?>'>Trackbacks</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=list&id='.$item['inumber']),ENT_QUOTES);?>">Trackbacks</a>
</td>
</tr>
<?php endwhile; ?>
<?php endif; ?>
<?php endwhile; ?>
</table>
-<?php endif; ?>
-
-
+<?php endif; ?>
\ No newline at end of file
+<?php global $manager; ?>
<h2>
All trackbacks for "<?php echo $story['title'];?>"
<?php if ($count > $amount): ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<?php echo str_replace(' ', ' ', date("Y-m-d @ H:i",$item['timestamp']));?>
</td>
<td>
- <a href='<?php echo $item['url'];?>'>Visit</a>
+ <a href="<?php echo $item['url'];?>">Visit</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=block&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Block</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=block&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Block</a>
</td>
<td>
- <a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=delete&tb=<?php echo $item['id'];?>&next=list&id=<?php echo $story['id'];?>&start=<?php echo $start;?>'>Delete</a>
+ <a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=delete&tb='.$item['id'].'&next=list&id='.$story['id'].'&start='.$start),ENT_QUOTES);?>">Delete</a>
</td>
</tr>
<?php endwhile; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo max(0,$start - $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
<input type="hidden" name="action" value="list" />
<input type="hidden" name="id" value="<?php echo $story['id'];?>" />
<input type="hidden" name="start" value="<?php echo ($start + $amount);?>" />
+ <?php $manager->addTicketHidden(); ?>
</div>
</form>
<?php endif; ?>
-
+<?php global $manager; ?>
<h2>Trackback</h2>
<ul>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=index'>Overview of all items</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=all'>All trackbacks</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=blocked'>Blocked trackbacks</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=ping'>Manually ping another weblog</a></li>
- <li><a href='<?php echo $CONF['PluginURL'];?>trackback/index.php?action=help'>Help</a></li>
- <li><a href='<?php echo $CONF['AdminURL'];?>index.php?action=pluginoptions&plugid=<?php echo $plugid;?>'>Plugin Options</a></li>
-</ul>
-
-<p> </p>
-
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=index'),ENT_QUOTES);?>">Overview of all items</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=all'),ENT_QUOTES);?>">All trackbacks</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=blocked'),ENT_QUOTES);?>">Blocked trackbacks</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=ping'),ENT_QUOTES);?>">Manually ping another weblog</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'].'trackback/index.php?action=help'),ENT_QUOTES);?>">Help</a></li>
+ <li><a href="<?php echo htmlspecialchars($manager->addTicketToUrl($CONF['AdminURL'].'index.php?action=pluginoptions&plugid='.$plugid);?>">Plugin Options</a></li>
+</ul>
\ No newline at end of file
-
+<?php global $manager; ?>
<h2>Manually ping another weblog</h2>
<form method="post" action="<?php echo $CONF['PluginURL'];?>trackback/index.php">
- <input type="hidden" name="action" value="sendping" />
- <input type="hidden" name="next" value="ping" />
+ <input type="hidden" name="action" value="sendping" />
+ <input type="hidden" name="next" value="ping" />
+ <?php $manager->addTicketHidden(); ?>
- <table>
- <tr>
- <th colspan='2'>Manually Ping</th>
- </tr>
- <tr>
- <td>Your URL</td>
- <td>
- <input type="text" name="url" size="60" value="<?php echo htmlspecialchars($item['url']);?>" />
- </td>
- </tr>
- <tr>
- <td>Your Title</td>
- <td>
- <input type="text" value="" name="title" size="60" value="<?php echo htmlspecialchars($item['title']);?>" />
- </td>
- </tr>
- <tr>
- <td>Your Excerpt</td>
- <td>
- <textarea name="excerpt" cols="40" rows="5"><?php echo $item['excerpt'];?></textarea>
- </td>
- </tr>
- <tr>
- <td>Your Blog Name</td>
- <td>
- <input type="text" name="blog_name" size="60" value="<?php echo htmlspecialchars($item['blogname']);?>" />
- </td>
- </tr>
- <tr>
- <td>External Ping URL</td>
- <td>
- <input type="text" value="" name="ping_url" size="60" />
- </td>
- </tr>
- <tr>
- <td>Send Ping</td>
- <td><input type="submit" value="Send Ping" /></td>
- </tr>
- </table>
+ <table>
+ <tr>
+ <th colspan='2'>Manually Ping</th>
+ </tr>
+ <tr>
+ <td>Your URL</td>
+ <td>
+ <input type="text" name="url" size="60" value="<?php echo htmlspecialchars($item['url']);?>" />
+ </td>
+ </tr>
+ <tr>
+ <td>Your Title</td>
+ <td>
+ <input type="text" name="title" size="60" value="<?php echo htmlspecialchars($item['title']);?>" />
+ </td>
+ </tr>
+ <tr>
+ <td>Your Excerpt</td>
+ <td>
+ <textarea name="excerpt" cols="40" rows="5"><?php echo $item['excerpt'];?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td>Your Blog Name</td>
+ <td>
+ <input type="text" name="blog_name" size="60" value="<?php echo htmlspecialchars($item['blogname']);?>" />
+ </td>
+ </tr>
+ <tr>
+ <td>External Ping URL</td>
+ <td>
+ <input type="text" value="" name="ping_url" size="60" />
+ </td>
+ </tr>
+ <tr>
+ <td>Send Ping</td>
+ <td><input type="submit" value="Send Ping" /></td>
+ </tr>
+ </table>
</form>
\ No newline at end of file
--- /dev/null
+<?php global $manager; ?>
+<blockquote style="color: red;border:1px solid red;padding:1em;"><b>Table update:</b><br />
+ <form method="post"><div>
+ <input type="hidden" name="action" value="tableUpgrade" />
+ <input type="submit" tabindex="10" value="upgrade table" />
+ <?php $manager->addTicketHidden(); ?>
+ </div></form>
+</blockquote>
+
--- /dev/null
+<?php global $manager; ?>
+<blockquote style="color: red;border:1px solid red;padding:1em;">
+Table update done !
+</blockquote>
+