/** * Upload Check Errors * * Checks the given tmpfile for any errors or problems with * the upload * * @access public * @param string Name of the File * @return boolean */ function upload_check_errors($file_name = '') { $errors = array(UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.', UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.', UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.', UPLOAD_ERR_NO_FILE => 'No file was uploaded.', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.', UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.'); //Get the error $error = $_FILES[$file_name]['error']; //IF the error is something OTHER than "OK" if ($error !== UPLOAD_ERR_OK) { if (isset($errors[$error])) { trigger_error($errors[$error], E_USER_WARNING); } else { trigger_error('Unknown file upload error in file: <b>' . clean_value($_FILES[$file_name]['name']) . '</b>', E_USER_WARNING); } return FALSE; } //If the file never made it to the server if (!is_uploaded_file($_FILES[$file_name]['tmp_name'])) { trigger_error('Possible file upload attack in file: ' . clean_value($_FILES[$file_name]['name']) . '</b>', E_USER_WARNING); return FALSE; } return TRUE; }
function input_text($str) { //filter of spaces $str = clean_value($str); $str = str_replace("'", "`", $str); $str = ereg_replace("[' ']+", " ", $str); $str = ereg_replace("^ ", "", $str); //at the beginning $str = ereg_replace(" \$", "", $str); //at the end $str = str_replace("\$", "$", $str); $str = addslashes($str); $str = preg_replace("/\\\\(?!&#|\\?#)/", "\", $str); $str = nl2br($str); return $str; }
print "<th>" . $sql . "</th>"; } } else { $contacts = db_loadList("SELECT contact_id, contact_first_name, contact_last_name FROM {$sql_table}"); foreach ($contacts as $contact) { $contact_list[$contact['contact_first_name'] . " " . $contact['contact_last_name']] = $contact['contact_id']; } unset($contacts); } for ($i = 0; $i < $info["count"]; $i++) { $pairs = array(); print "<tr>\n"; foreach ($sql_ldap_mapping as $ldap_name => $sql_name) { unset($val); if (isset($info[$i][$ldap_name][0])) { $val = clean_value($info[$i][$ldap_name][0]); } if (isset($val)) { //if an email address is not specified in Domino you get a crazy value for this field that looks like FOO/BAR%NAME@domain.com This'll filter those values out. if (isset($test) && $sql_name == "contact_email" && substr_count($val, "%") > 0) { ?> <td><span style="color:#880000;"><?php echo $AppUI->_('bad email address'); ?> </span></td> <?php continue; } $pairs[$sql_name] = $val; if (isset($test)) { ?>
function process_data($data, $orderid) { global $language; $data = \customer_registration\unfreeze_json($data); # collect input $input = $data; unset($input['js_userobject']); unset($input['approve']); # js_userobject contains data that Ruben already has set right, # like 'on' => title of checkbox. So they are better foreach ($data['js_userobject'] as $key => $value) { if (empty($value)) { continue; } $input[$key] = $value; } # these are not used unset($input['maz_calc_price']); unset($input['mazout_calc_price']); unset($input['antifr_calc_price']); unset($input['tank_inspection_calc_price']); unset($input['total_calc_maz_price']); unset($input['birth']); unset($input['birth']['birthday']); unset($input['birth']['birthmonth']); unset($input['birth']['birthyear']); # always set values for this one if (!empty($input['legal'])) { $input['legal'] = $language->language == 'fr' ? 'oui' : 'ja'; } else { // $input['legal'] = ( $language->language == 'fr' ) ? 'non' : 'nee'; unset($input['legal']); } # 'Tariefplan: Variabel' => 'Duurtijd: 1 jaar' verbergen if (!empty($input['indexation']) && ($input['indexation'] == 'Variabel' || $input['indexation'] == 'Variable')) { unset($input['runtime']); } # process hidden prices handle_hidden_prices($input); # remove all empty values $_input = $input; $input = array(); foreach ($_input as $key => $value) { if (empty($value) || $value == 'empty' || preg_match('{^\\s+$}', $value)) { continue; } $input[$key] = $value; } # structure 'section' > 'fields' $fields = fields(); # add values to the fields structure foreach ($input as $key => $value) { $main_key = main_key($fields, $key); $fields[$main_key][$key] = clean_value($value); } // echo '<pre>'; // print_r(trim($fields['personal_data']['salutation'])); // print_r(trim(tt('No salution'))); // exit; # remove empty block if (empty($fields['company_data']['companyname']) && empty($fields['company_data']['juridical_status'])) { unset($fields['company_data']); } // if ( empty( $fields['other'] ) ){ unset($fields['other']); // } # remove unused mazout/energy blocks if (empty($fields['system']['productchoice_mazout'])) { unset($fields['mazout']); unset($fields['mazout_paydata']); } # remove unused mazout/energy blocks if (empty($fields['system']['productchoice_elek']) && empty($fields['system']['productchoice_gas'])) { unset($fields['energy']); unset($fields['additional_data_elek']); unset($fields['additional_data_gas']); } # annual_calculation_domiciliation if (!empty($fields['energy']['annual_calculation_domiciliation'])) { $fields['energy']['annual_calculation_domiciliation'] = $language->language == 'fr' ? 'oui' : 'ja'; } # Format leveringsadres Elek and/or gas if (!empty($fields['energy']['energy_delivery_street'])) { $my_energy_address = $fields['energy']['energy_delivery_street'] . ' ' . $fields['energy']['energy_delivery_housenumber']; if ($fields['energy']['energy_delivery_housebus']) { $my_energy_address .= '/' . $fields['energy']['energy_delivery_housebus'] . ', '; } else { $my_energy_address .= ', '; } $my_energy_address .= $fields['energy']['energy_delivery_postalcode']; $fields['energy']['my_delivery_address'] = $my_energy_address; unset($fields['energy']['energy_delivery_address']); unset($fields['energy']['energy_delivery_street']); unset($fields['energy']['energy_delivery_housenumber']); unset($fields['energy']['energy_delivery_housebus']); unset($fields['energy']['energy_delivery_postalcode']); } # use correct title for the payment data of Gas and/or Electricity # only elek if (!empty($fields['system']['productchoice_elek']) && empty($fields['system']['productchoice_gas'])) { $fields['elek_cr_title'] = $fields['energy']; $fields['elek_additional'] = $fields['additional_data_elek']; // indien enkel elek moet blok extra gegevens elek weg + info verplaatsen $fields['elek_cr_title'] = array_merge($fields['elek_cr_title'], $fields['elek_additional']); unset($fields['energy']); unset($fields['additional_data_elek']); unset($fields['additional_data_gas']); unset($fields['elek_additional']); } elseif (empty($fields['system']['productchoice_elek']) && !empty($fields['system']['productchoice_gas'])) { $fields['gas_cr_title'] = $fields['energy']; $fields['gas_additional'] = $fields['additional_data_gas']; $fields['gas_additional']['indexation'] = $language->language == 'fr' ? 'Variable' : 'Variabel'; // indien enkel gas moet blok extra gegevens gas weg + info verplaatsen $fields['gas_cr_title'] = array_merge($fields['gas_cr_title'], $fields['gas_additional']); unset($fields['energy']); unset($fields['additional_data_elek']); unset($fields['additional_data_gas']); unset($fields['gas_additional']); } elseif (!empty($fields['system']['productchoice_elek']) && !empty($fields['system']['productchoice_gas'])) { $fields['gas_elek_cr_title'] = $fields['energy']; $fields['elek_additional'] = $fields['additional_data_elek']; $fields['gas_additional'] = $fields['additional_data_gas']; $fields['gas_additional']['indexation'] = $language->language == 'fr' ? 'Variable' : 'Variabel'; unset($fields['energy']); unset($fields['additional_data_elek']); unset($fields['additional_data_gas']); } # remove the system block unset($fields['system']); # remove 3 birthday fields unset($fields['other']['birthday']); unset($fields['other']['birthmonth']); unset($fields['other']['birthyear']); # ander adres ja/nee // other_addresses( $fields /* in:out */ ); # add orderid $fields['personal_data']['orderid'] = $orderid; # add info block tankkeuring mazout if tankkeuring if (!empty($data['tank_inspection']) && $data['tank_inspection'] == 'yes') { $tank_inspection_text1 = tt('cr_tank_inspection_price_text1'); $tank_inspection_text2 = tt('cr_tank_inspection_price_text2'); # add price tankkeuring in text $tank_inspection_text2 = str_replace('%PRICE_T%', $input['hidden_tank_inspection_price'], $tank_inspection_text2); $fields['tank_inspection']['tank_inspection_price_label1'] = $tank_inspection_text1; $fields['tank_inspection']['tank_inspection_price_label2'] = $tank_inspection_text2; } else { unset($fields['tank_inspection']); } # add info block voorafbetaling mazout if voorafbetaling if ($data['mazout_paymethod'] == 'mazout_pay_upfront') { $mazout_pay_upfront_text = tt('cr_mazout_pay_upfront_info'); # add orderid in text $mazout_pay_upfront_text = str_replace('%CEM_NR%', $orderid, $mazout_pay_upfront_text); $fields['mazout']['mazout_paymethod'] = $mazout_pay_upfront_text; } # Format birtdate $fields['personal_data']['birthdate'] = preg_replace('/\\//', ' ', $fields['personal_data']['birthdate']); # Zonnepanelen if (!empty($fields['elek_additional']['solar_panels'])) { $fields['elek_additional']['solar_panels'] = $language->language == 'fr' ? 'oui' : 'ja'; } # Put extra info block at bottom $fields['mail_extra_info'] = $fields['sundry']; unset($fields['sundry']); # Format leveringsadres Mazout if (!empty($fields['mazout']['mazout_delivery_street'])) { $my_mazout_address = $fields['mazout']['mazout_delivery_street'] . ' ' . $fields['mazout']['mazout_delivery_housenumber']; if ($fields['mazout']['mazout_delivery_housebus']) { $my_mazout_address .= '/' . $fields['mazout']['mazout_delivery_housebus'] . ', '; } else { $my_mazout_address .= ', '; } $my_mazout_address .= $fields['mazout']['mazout_delivery_postalcode']; $fields['mazout']['my_delivery_address'] = $my_mazout_address; unset($fields['mazout']['mazout_delivery_address']); unset($fields['mazout']['mazout_delivery_street']); unset($fields['mazout']['mazout_delivery_housenumber']); unset($fields['mazout']['mazout_delivery_housebus']); unset($fields['mazout']['mazout_delivery_postalcode']); } #if no aanspreking -> remove field if (trim($fields['personal_data']['salutation']) == tt('No salution')) { unset($fields['personal_data']['salutation']); } // echo '<pre>'; // print_r($fields); // exit; # rebuild with internationalized values $fields_i18n = array(); foreach ($fields as $key1 => $fields2) { # set tt() values around keys foreach ($fields2 as $key2 => $value2) { if (empty($value2)) { continue; } # general rule: prefix with 'cr_', but some already contain '_cr_' in the middle (Bedankt hé Ruben) $tt_key1 = tt_key($key1); $tt_key2 = tt_key($key2); # set translations $fields_i18n[tt($tt_key1)][tt($tt_key2)] = tt($value2); } } // echo '<pre>'; // print_r($fields_i18n); // exit; return $fields_i18n; }
* User level associated with an administrator */ define('NEWS_ADMIN', 3); /** * Combined array of $_POST and $_GET which have been cleaned to be made safe * @global array $VARS * @see clean_value() * @see clean_key() */ $VARS = array(); $clean_k = ''; foreach ($_GET as $k => $v) { if (is_array($v)) { $clean_k = clean_key($k); foreach ($v as $_k => $_v) { $VARS[$clean_k][clean_key($_k)] = clean_value($_v); } } else { $VARS[clean_key($k)] = clean_value($v); } } foreach ($_POST as $k => $v) { if (is_array($v)) { $clean_k = clean_key($k); foreach ($v as $_k => $_v) { $VARS[$clean_k][clean_key($_k)] = clean_value($_v); } } else { $VARS[clean_key($k)] = clean_value($v); } }