175 <form action="#" onsubmit="'.$this->id.'_form(); return false;" method="get"> |
175 <form action="#" onsubmit="'.$this->id.'_form(); return false;" method="get"> |
176 <table border="0" style="margin: 0; padding: 0; width: 90%;"> |
176 <table border="0" style="margin: 0; padding: 0; width: 90%;"> |
177 <tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td> <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr> |
177 <tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td> <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr> |
178 <tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr> |
178 <tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr> |
179 <tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr> |
179 <tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr> |
180 <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr> |
180 <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post"></textarea></td></tr> |
181 <tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br /> |
181 <tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br /> |
182 <span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr> |
182 <span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr> |
183 '; |
183 '; |
184 $html .= '</table> |
184 $html .= '</table> |
185 </form>'; |
185 </form>'; |
484 } |
484 } |
485 |
485 |
486 // The client-side javascript and CSS code |
486 // The client-side javascript and CSS code |
487 |
487 |
488 if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) { |
488 if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) { |
|
489 if ( !preg_match('/^([a-z0-9_]+)$/', $_GET['id']) ) |
|
490 die('XSS'); |
489 header('Content-type: text/javascript'); |
491 header('Content-type: text/javascript'); |
490 ?> |
492 ?> |
491 // <script> |
493 // <script> |
492 var <?php echo $_GET['id']; ?>id='<?php echo $_GET['id']; ?>'; |
494 var <?php echo $_GET['id']; ?>id='<?php echo $_GET['id']; ?>'; |
493 var path='<?php echo $_GET['path']; ?>'; |
495 var path='<?php echo $_GET['path']; ?>'; |
512 link.type = 'text/css'; |
514 link.type = 'text/css'; |
513 var head = document.getElementsByTagName('head'); |
515 var head = document.getElementsByTagName('head'); |
514 head = head[0]; |
516 head = head[0]; |
515 head.appendChild(link); |
517 head.appendChild(link); |
516 |
518 |
517 if(typeof window.onload == 'function') |
519 var <?php echo $_GET['id']; ?>_onload = function(e) |
518 var __ajim_oltemp = window.onload; |
|
519 else |
|
520 var __ajim_oltemp = function(e) { }; |
|
521 window.onload = function(e) |
|
522 { |
520 { |
523 if(document.getElementById('<?php echo $_GET['id']; ?>_post')) |
521 if(document.getElementById('<?php echo $_GET['id']; ?>_post')) |
524 { |
522 { |
525 document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); }; |
523 document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = <?php echo $_GET['id']; ?>_keyhandler; |
526 } |
524 } |
527 __ajim_oltemp(e); |
525 } |
528 } |
526 addOnloadHook(<?php echo $_GET['id']; ?>_onload); |
529 |
527 |
530 function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;} |
528 function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;} |
531 function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";} |
529 function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";} |
532 function <?php echo $_GET['id']; ?>eraseCookie(name) {createCookie(name,"",-1);} |
530 function <?php echo $_GET['id']; ?>eraseCookie(name) {createCookie(name,"",-1);} |
533 |
531 |
632 } |
630 } |
633 |
631 |
634 |
632 |
635 function <?php echo $_GET['id']; ?>_keyhandler(e) |
633 function <?php echo $_GET['id']; ?>_keyhandler(e) |
636 { |
634 { |
637 if(!e) e = window.event; |
635 if ( !e ) |
638 if(e.keyCode == 13) |
636 return false; |
|
637 if ( e.keyCode == 13 ) |
639 { |
638 { |
640 val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value; |
639 val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value; |
641 if(!shift) |
640 if(!shift) |
642 { |
641 { |
643 document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = val.substr(0, val.length - 1); |
642 document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = val.substr(0, val.length - 1); |