/**
  * This method prepares the data and does appropriate checks before
  * calling a module action.
  *
  * @internal
  * @final
  * @access private
  */
 function DoActionBase($name, $id, $params, $returnid = '')
 {
     $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name);
     if ($returnid != '') {
         if (!$this->restrict_unknown_params) {
             // put mention into the admin log
             audit('', $this->GetName(), 'Module is not properly cleaning input params');
         }
         // used to try to avert XSS flaws, this will
         // clean as many parameters as possible according
         // to a map specified with the SetParameterType metods.
         $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params);
     }
     if (isset($params['lang'])) {
         $this->curlang = $params['lang'];
         $this->langhash = array();
     }
     if (!isset($params['action'])) {
         $params['action'] = $name;
     }
     $params['action'] = cms_htmlentities($params['action']);
     $returnid = cms_htmlentities($returnid);
     $id = cms_htmlentities($id);
     $name = cms_htmlentities($name);
     $output = $this->DoAction($name, $id, $params, $returnid);
     if (isset($params['assign'])) {
         $gCms = cmsms();
         $smarty = $gCms->GetSmarty();
         $smarty->assign(cms_htmlentities($params['assign']), $output);
         return;
     }
     return $output;
 }
 /**
  * This method prepares the data and does appropriate checks before
  * calling a module action.
  *
  * @internal
  * @ignore
  * @final
  * @access private
  * @param string The action name
  * @param string The action identifier
  * @param array  The action params
  * @param integer The current page id.
  * @return string The action output.
  */
 public final function DoActionBase($name, $id, $params, $returnid = '')
 {
     $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name);
     if ($returnid != '') {
         if (!$this->restrict_unknown_params) {
             // put mention into the admin log
             audit('', $this->GetName(), 'Module is not properly cleaning input params');
         }
         // used to try to avert XSS flaws, this will
         // clean as many parameters as possible according
         // to a map specified with the SetParameterType metods.
         $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params);
     }
     // handle the stupid input type='image' problem.
     foreach ($params as $key => $value) {
         if (endswith($key, '_x')) {
             $base = substr($key, 0, strlen($key) - 2);
             if (isset($params[$base . '_y']) && !isset($params[$base])) {
                 $params[$base] = $base;
             }
         }
     }
     if (isset($params['lang'])) {
         $this->curlang = $params['lang'];
         $this->langhash = array();
     }
     if (!isset($params['action'])) {
         $params['action'] = $name;
     }
     $params['action'] = cms_htmlentities($params['action']);
     $returnid = cms_htmlentities($returnid);
     $id = cms_htmlentities($id);
     $name = cms_htmlentities($name);
     $smarty = cmsms()->GetSmarty();
     $smarty->assign('actionid', $id);
     $smarty->assign('actionparams', $params);
     $smarty->assign('returnid', $returnid);
     $smarty->assign('actionmodule', $this->GetName());
     $output = $this->DoAction($name, $id, $params, $returnid);
     if (isset($params['assign'])) {
         $gCms = cmsms();
         $smarty = $gCms->GetSmarty();
         $smarty->assign(cms_htmlentities($params['assign']), $output);
         return;
     }
     return $output;
 }
Beispiel #3
0
 /**
  * This method prepares the data and does appropriate checks before
  * calling a module action.
  *
  * @internal
  * @final
  * @access private
  */
 function DoActionBase($name, $id, $params, $returnid = '')
 {
     $name = preg_replace('/[^A-Za-z0-9\\-_+]/', '', $name);
     if ($returnid != '') {
         if (!$this->restrict_unknown_params && get_site_preference('allowparamcheckwarnings', 0)) {
             trigger_error('WARNING: ' . $this->GetName() . ' is not properly cleaning input params.', E_USER_WARNING);
         }
         // used to try to avert XSS flaws, this will
         // clean as many parameters as possible according
         // to a map specified with the SetParameterType metods.
         $params = cleanParamHash($this->GetName(), $params, $this->param_map, !$this->restrict_unknown_params);
     }
     if (isset($params['lang'])) {
         $this->curlang = $params['lang'];
         $this->langhash = array();
     }
     if (!isset($params['action'])) {
         $params['action'] = $name;
     }
     $params['action'] = cms_htmlentities($params['action']);
     $returnid = cms_htmlentities($returnid);
     $id = cms_htmlentities($id);
     $name = cms_htmlentities($name);
     $output = $this->DoAction($name, $id, $params, $returnid);
     if (isset($params['assign'])) {
         global $gCms;
         $smarty =& $gCms->GetSmarty();
         $smarty->assign(cms_htmlentities($params['assign']), $output);
         return;
     }
     return $output;
 }