/** * This method prepares the data and does appropriate checks before * calling a module action. * * @internal * @final * @access private */ function DoActionBase($name, $id, $params, $returnid = '') { $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name); if ($returnid != '') { if (!$this->restrict_unknown_params) { // put mention into the admin log audit('', $this->GetName(), 'Module is not properly cleaning input params'); } // used to try to avert XSS flaws, this will // clean as many parameters as possible according // to a map specified with the SetParameterType metods. $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params); } if (isset($params['lang'])) { $this->curlang = $params['lang']; $this->langhash = array(); } if (!isset($params['action'])) { $params['action'] = $name; } $params['action'] = cms_htmlentities($params['action']); $returnid = cms_htmlentities($returnid); $id = cms_htmlentities($id); $name = cms_htmlentities($name); $output = $this->DoAction($name, $id, $params, $returnid); if (isset($params['assign'])) { $gCms = cmsms(); $smarty = $gCms->GetSmarty(); $smarty->assign(cms_htmlentities($params['assign']), $output); return; } return $output; }
/** * This method prepares the data and does appropriate checks before * calling a module action. * * @internal * @ignore * @final * @access private * @param string The action name * @param string The action identifier * @param array The action params * @param integer The current page id. * @return string The action output. */ public final function DoActionBase($name, $id, $params, $returnid = '') { $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name); if ($returnid != '') { if (!$this->restrict_unknown_params) { // put mention into the admin log audit('', $this->GetName(), 'Module is not properly cleaning input params'); } // used to try to avert XSS flaws, this will // clean as many parameters as possible according // to a map specified with the SetParameterType metods. $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params); } // handle the stupid input type='image' problem. foreach ($params as $key => $value) { if (endswith($key, '_x')) { $base = substr($key, 0, strlen($key) - 2); if (isset($params[$base . '_y']) && !isset($params[$base])) { $params[$base] = $base; } } } if (isset($params['lang'])) { $this->curlang = $params['lang']; $this->langhash = array(); } if (!isset($params['action'])) { $params['action'] = $name; } $params['action'] = cms_htmlentities($params['action']); $returnid = cms_htmlentities($returnid); $id = cms_htmlentities($id); $name = cms_htmlentities($name); $smarty = cmsms()->GetSmarty(); $smarty->assign('actionid', $id); $smarty->assign('actionparams', $params); $smarty->assign('returnid', $returnid); $smarty->assign('actionmodule', $this->GetName()); $output = $this->DoAction($name, $id, $params, $returnid); if (isset($params['assign'])) { $gCms = cmsms(); $smarty = $gCms->GetSmarty(); $smarty->assign(cms_htmlentities($params['assign']), $output); return; } return $output; }
/** * This method prepares the data and does appropriate checks before * calling a module action. * * @internal * @final * @access private */ function DoActionBase($name, $id, $params, $returnid = '') { $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name); if ($returnid != '') { if (!$this->restrict_unknown_params && get_site_preference('allowparamcheckwarnings', 0)) { trigger_error('WARNING: ' . $this->GetName() . ' is not properly cleaning input params.', E_USER_WARNING); } // used to try to avert XSS flaws, this will // clean as many parameters as possible according // to a map specified with the SetParameterType metods. $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params); } if (isset($params['lang'])) { $this->curlang = $params['lang']; $this->langhash = array(); } if (!isset($params['action'])) { $params['action'] = $name; } $params['action'] = cms_htmlentities($params['action']); $returnid = cms_htmlentities($returnid); $id = cms_htmlentities($id); $name = cms_htmlentities($name); $output = $this->DoAction($name, $id, $params, $returnid); if (isset($params['assign'])) { global $gCms; $smarty =& $gCms->GetSmarty(); $smarty->assign(cms_htmlentities($params['assign']), $output); return; } return $output; }