Beispiel #1
0
/**
 * Upload Check Errors
 *
 * Checks the given tmpfile for any errors or problems with
 * the upload
 *
 * @access	public
 * @param	string	Name of the File
 * @return	boolean
 */
function upload_check_errors($file_name = '')
{
    $errors = array(UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.', UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.', UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.', UPLOAD_ERR_NO_FILE => 'No file was uploaded.', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.', UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.');
    //Get the error
    $error = $_FILES[$file_name]['error'];
    //IF the error is something OTHER than "OK"
    if ($error !== UPLOAD_ERR_OK) {
        if (isset($errors[$error])) {
            trigger_error($errors[$error], E_USER_WARNING);
        } else {
            trigger_error('Unknown file upload error in file: <b>' . clean_value($_FILES[$file_name]['name']) . '</b>', E_USER_WARNING);
        }
        return FALSE;
    }
    //If the file never made it to the server
    if (!is_uploaded_file($_FILES[$file_name]['tmp_name'])) {
        trigger_error('Possible file upload attack in file: ' . clean_value($_FILES[$file_name]['name']) . '</b>', E_USER_WARNING);
        return FALSE;
    }
    return TRUE;
}
Beispiel #2
0
 function input_text($str)
 {
     //filter of spaces
     $str = clean_value($str);
     $str = str_replace("'", "`", $str);
     $str = ereg_replace("[' ']+", " ", $str);
     $str = ereg_replace("^ ", "", $str);
     //at the beginning
     $str = ereg_replace(" \$", "", $str);
     //at the end
     $str = str_replace("\$", "&#036;", $str);
     $str = addslashes($str);
     $str = preg_replace("/\\\\(?!&amp;#|\\?#)/", "&#092;", $str);
     $str = nl2br($str);
     return $str;
 }
Beispiel #3
0
                print "<th>" . $sql . "</th>";
            }
        } else {
            $contacts = db_loadList("SELECT contact_id, contact_first_name, contact_last_name FROM {$sql_table}");
            foreach ($contacts as $contact) {
                $contact_list[$contact['contact_first_name'] . " " . $contact['contact_last_name']] = $contact['contact_id'];
            }
            unset($contacts);
        }
        for ($i = 0; $i < $info["count"]; $i++) {
            $pairs = array();
            print "<tr>\n";
            foreach ($sql_ldap_mapping as $ldap_name => $sql_name) {
                unset($val);
                if (isset($info[$i][$ldap_name][0])) {
                    $val = clean_value($info[$i][$ldap_name][0]);
                }
                if (isset($val)) {
                    //if an email address is not specified in Domino you get a crazy value for this field that looks like FOO/BAR%NAME@domain.com  This'll filter those values out.
                    if (isset($test) && $sql_name == "contact_email" && substr_count($val, "%") > 0) {
                        ?>
						<td><span style="color:#880000;"><?php 
                        echo $AppUI->_('bad email address');
                        ?>
</span></td>
					<?php 
                        continue;
                    }
                    $pairs[$sql_name] = $val;
                    if (isset($test)) {
                        ?>
function process_data($data, $orderid)
{
    global $language;
    $data = \customer_registration\unfreeze_json($data);
    # collect input
    $input = $data;
    unset($input['js_userobject']);
    unset($input['approve']);
    # js_userobject contains data that Ruben already has set right,
    # like 'on' => title of checkbox. So they are better
    foreach ($data['js_userobject'] as $key => $value) {
        if (empty($value)) {
            continue;
        }
        $input[$key] = $value;
    }
    # these are not used
    unset($input['maz_calc_price']);
    unset($input['mazout_calc_price']);
    unset($input['antifr_calc_price']);
    unset($input['tank_inspection_calc_price']);
    unset($input['total_calc_maz_price']);
    unset($input['birth']);
    unset($input['birth']['birthday']);
    unset($input['birth']['birthmonth']);
    unset($input['birth']['birthyear']);
    # always set values for this one
    if (!empty($input['legal'])) {
        $input['legal'] = $language->language == 'fr' ? 'oui' : 'ja';
    } else {
        // $input['legal'] = ( $language->language == 'fr' ) ? 'non' : 'nee';
        unset($input['legal']);
    }
    # 'Tariefplan: Variabel' => 'Duurtijd: 1 jaar' verbergen
    if (!empty($input['indexation']) && ($input['indexation'] == 'Variabel' || $input['indexation'] == 'Variable')) {
        unset($input['runtime']);
    }
    # process hidden prices
    handle_hidden_prices($input);
    # remove all empty values
    $_input = $input;
    $input = array();
    foreach ($_input as $key => $value) {
        if (empty($value) || $value == 'empty' || preg_match('{^\\s+$}', $value)) {
            continue;
        }
        $input[$key] = $value;
    }
    # structure 'section' > 'fields'
    $fields = fields();
    # add values to the fields structure
    foreach ($input as $key => $value) {
        $main_key = main_key($fields, $key);
        $fields[$main_key][$key] = clean_value($value);
    }
    // echo '<pre>';
    // print_r(trim($fields['personal_data']['salutation']));
    // print_r(trim(tt('No salution')));
    // exit;
    # remove empty block
    if (empty($fields['company_data']['companyname']) && empty($fields['company_data']['juridical_status'])) {
        unset($fields['company_data']);
    }
    // if ( empty( $fields['other'] ) ){
    unset($fields['other']);
    //  }
    # remove unused mazout/energy blocks
    if (empty($fields['system']['productchoice_mazout'])) {
        unset($fields['mazout']);
        unset($fields['mazout_paydata']);
    }
    # remove unused mazout/energy blocks
    if (empty($fields['system']['productchoice_elek']) && empty($fields['system']['productchoice_gas'])) {
        unset($fields['energy']);
        unset($fields['additional_data_elek']);
        unset($fields['additional_data_gas']);
    }
    # annual_calculation_domiciliation
    if (!empty($fields['energy']['annual_calculation_domiciliation'])) {
        $fields['energy']['annual_calculation_domiciliation'] = $language->language == 'fr' ? 'oui' : 'ja';
    }
    # Format leveringsadres Elek and/or gas
    if (!empty($fields['energy']['energy_delivery_street'])) {
        $my_energy_address = $fields['energy']['energy_delivery_street'] . ' ' . $fields['energy']['energy_delivery_housenumber'];
        if ($fields['energy']['energy_delivery_housebus']) {
            $my_energy_address .= '/' . $fields['energy']['energy_delivery_housebus'] . ', ';
        } else {
            $my_energy_address .= ', ';
        }
        $my_energy_address .= $fields['energy']['energy_delivery_postalcode'];
        $fields['energy']['my_delivery_address'] = $my_energy_address;
        unset($fields['energy']['energy_delivery_address']);
        unset($fields['energy']['energy_delivery_street']);
        unset($fields['energy']['energy_delivery_housenumber']);
        unset($fields['energy']['energy_delivery_housebus']);
        unset($fields['energy']['energy_delivery_postalcode']);
    }
    # use correct title for the payment data of Gas and/or Electricity
    # only elek
    if (!empty($fields['system']['productchoice_elek']) && empty($fields['system']['productchoice_gas'])) {
        $fields['elek_cr_title'] = $fields['energy'];
        $fields['elek_additional'] = $fields['additional_data_elek'];
        // indien enkel elek moet blok extra gegevens elek weg + info verplaatsen
        $fields['elek_cr_title'] = array_merge($fields['elek_cr_title'], $fields['elek_additional']);
        unset($fields['energy']);
        unset($fields['additional_data_elek']);
        unset($fields['additional_data_gas']);
        unset($fields['elek_additional']);
    } elseif (empty($fields['system']['productchoice_elek']) && !empty($fields['system']['productchoice_gas'])) {
        $fields['gas_cr_title'] = $fields['energy'];
        $fields['gas_additional'] = $fields['additional_data_gas'];
        $fields['gas_additional']['indexation'] = $language->language == 'fr' ? 'Variable' : 'Variabel';
        // indien enkel gas moet blok extra gegevens gas weg + info verplaatsen
        $fields['gas_cr_title'] = array_merge($fields['gas_cr_title'], $fields['gas_additional']);
        unset($fields['energy']);
        unset($fields['additional_data_elek']);
        unset($fields['additional_data_gas']);
        unset($fields['gas_additional']);
    } elseif (!empty($fields['system']['productchoice_elek']) && !empty($fields['system']['productchoice_gas'])) {
        $fields['gas_elek_cr_title'] = $fields['energy'];
        $fields['elek_additional'] = $fields['additional_data_elek'];
        $fields['gas_additional'] = $fields['additional_data_gas'];
        $fields['gas_additional']['indexation'] = $language->language == 'fr' ? 'Variable' : 'Variabel';
        unset($fields['energy']);
        unset($fields['additional_data_elek']);
        unset($fields['additional_data_gas']);
    }
    # remove the system block
    unset($fields['system']);
    # remove 3 birthday fields
    unset($fields['other']['birthday']);
    unset($fields['other']['birthmonth']);
    unset($fields['other']['birthyear']);
    # ander adres ja/nee
    // other_addresses( $fields /* in:out */ );
    # add orderid
    $fields['personal_data']['orderid'] = $orderid;
    # add info block tankkeuring mazout if tankkeuring
    if (!empty($data['tank_inspection']) && $data['tank_inspection'] == 'yes') {
        $tank_inspection_text1 = tt('cr_tank_inspection_price_text1');
        $tank_inspection_text2 = tt('cr_tank_inspection_price_text2');
        # add price tankkeuring in text
        $tank_inspection_text2 = str_replace('%PRICE_T%', $input['hidden_tank_inspection_price'], $tank_inspection_text2);
        $fields['tank_inspection']['tank_inspection_price_label1'] = $tank_inspection_text1;
        $fields['tank_inspection']['tank_inspection_price_label2'] = $tank_inspection_text2;
    } else {
        unset($fields['tank_inspection']);
    }
    # add info block voorafbetaling mazout if voorafbetaling
    if ($data['mazout_paymethod'] == 'mazout_pay_upfront') {
        $mazout_pay_upfront_text = tt('cr_mazout_pay_upfront_info');
        # add orderid in text
        $mazout_pay_upfront_text = str_replace('%CEM_NR%', $orderid, $mazout_pay_upfront_text);
        $fields['mazout']['mazout_paymethod'] = $mazout_pay_upfront_text;
    }
    # Format birtdate
    $fields['personal_data']['birthdate'] = preg_replace('/\\//', ' ', $fields['personal_data']['birthdate']);
    # Zonnepanelen
    if (!empty($fields['elek_additional']['solar_panels'])) {
        $fields['elek_additional']['solar_panels'] = $language->language == 'fr' ? 'oui' : 'ja';
    }
    # Put extra info block at bottom
    $fields['mail_extra_info'] = $fields['sundry'];
    unset($fields['sundry']);
    # Format leveringsadres Mazout
    if (!empty($fields['mazout']['mazout_delivery_street'])) {
        $my_mazout_address = $fields['mazout']['mazout_delivery_street'] . ' ' . $fields['mazout']['mazout_delivery_housenumber'];
        if ($fields['mazout']['mazout_delivery_housebus']) {
            $my_mazout_address .= '/' . $fields['mazout']['mazout_delivery_housebus'] . ', ';
        } else {
            $my_mazout_address .= ', ';
        }
        $my_mazout_address .= $fields['mazout']['mazout_delivery_postalcode'];
        $fields['mazout']['my_delivery_address'] = $my_mazout_address;
        unset($fields['mazout']['mazout_delivery_address']);
        unset($fields['mazout']['mazout_delivery_street']);
        unset($fields['mazout']['mazout_delivery_housenumber']);
        unset($fields['mazout']['mazout_delivery_housebus']);
        unset($fields['mazout']['mazout_delivery_postalcode']);
    }
    #if no aanspreking -> remove field
    if (trim($fields['personal_data']['salutation']) == tt('No salution')) {
        unset($fields['personal_data']['salutation']);
    }
    // echo '<pre>';
    // print_r($fields);
    // exit;
    # rebuild with internationalized values
    $fields_i18n = array();
    foreach ($fields as $key1 => $fields2) {
        # set tt() values around keys
        foreach ($fields2 as $key2 => $value2) {
            if (empty($value2)) {
                continue;
            }
            # general rule: prefix with 'cr_', but some already contain '_cr_' in the middle (Bedankt hé Ruben)
            $tt_key1 = tt_key($key1);
            $tt_key2 = tt_key($key2);
            # set translations
            $fields_i18n[tt($tt_key1)][tt($tt_key2)] = tt($value2);
        }
    }
    // echo '<pre>';
    // print_r($fields_i18n);
    // exit;
    return $fields_i18n;
}
Beispiel #5
0
 * User level associated with an administrator
 */
define('NEWS_ADMIN', 3);
/**
 * Combined array of $_POST and $_GET which have been cleaned to be made safe
 * @global array $VARS
 * @see clean_value()
 * @see clean_key()
 */
$VARS = array();
$clean_k = '';
foreach ($_GET as $k => $v) {
    if (is_array($v)) {
        $clean_k = clean_key($k);
        foreach ($v as $_k => $_v) {
            $VARS[$clean_k][clean_key($_k)] = clean_value($_v);
        }
    } else {
        $VARS[clean_key($k)] = clean_value($v);
    }
}
foreach ($_POST as $k => $v) {
    if (is_array($v)) {
        $clean_k = clean_key($k);
        foreach ($v as $_k => $_v) {
            $VARS[$clean_k][clean_key($_k)] = clean_value($_v);
        }
    } else {
        $VARS[clean_key($k)] = clean_value($v);
    }
}