function htmlspecialchars_deep($mixed, $quote_style = ENT_QUOTES, $charset = 'UTF-8')
{
    if (is_array($mixed)) {
        foreach ($mixed as $key => $value) {
            $mixed[$key] = htmlspecialchars_deep($value, $quote_style, $charset);
        }
    } elseif (is_string($mixed)) {
        $mixed = htmlspecialchars(htmlspecialchars_decode($mixed, $quote_style), $quote_style, $charset);
    }
    return $mixed;
}
Beispiel #2
0
/** 转义html字符 htmlspecialchars 包含括号
 * @param string|array $s
 */
function htmlspecialchars_deep($s)
{
    if (!is_array($s)) {
        $s = htmlspecialchars($s, ENT_QUOTES, 'ISO-8859-1');
        return $s;
    } else {
        foreach ($s as $i => $j) {
            $s[$i] = htmlspecialchars_deep($j);
        }
        return $s;
    }
}
Beispiel #3
0
// --- empty variables for values of $_POST - begin ---
$post_var_names = array('li', 'ai', 'ld');
$li = array('file' => 'example', 'name' => 'Example');
$ai = array('name' => 'Benny Baumann', 'email' => '*****@*****.**', 'web' => 'http://qbnz.com/highlighter/');
$ld = array('cmt' => array('sl' => array(1 => array('start' => '//', 'style' => 'font-style: italic; color: #666666;'), 2 => array('start' => '#', 'style' => 'font-style: italic; color: #666666;')), 'ml' => array(1 => array('start' => '/*', 'end' => '*/', 'style' => 'font-style: italic; color: #666666;'), 2 => array('start' => '/**', 'end' => '*/', 'style' => 'font-style: italic; color: #006600;')), 'rxc' => array(1 => array('rx' => '/Hello RegExp/', 'style' => 'font-style: italic; color: #666666;'))), 'str' => array('qm' => array(1 => array('delim' => "'", 'style' => 'color: #0000FF;'), 2 => array('delim' => """, 'style' => 'color: #0000FF;')), 'ec' => array('char' => '\\', 'style' => 'font-weight: bold; color: #000080;'), 'erx' => array(1 => array('rx' => '/\\{\\\\$\\w+\\}/', 'style' => 'font-weight: bold; color: #008080;'), 2 => array('rx' => '/\\{\\\\$\\w+\\}/', 'style' => 'font-weight: bold; color: #008080;'))), 'kw_case' => 'GESHI_CAPS_NO_CHANGE', 'kw' => array(1 => array('list' => '', 'case' => '0', 'style' => 'color: #0000FF; font-weight: bold;', 'docs' => '')), 'sy' => array(0 => array('list' => '', 'style' => 'color: #0000FF; font-weight: bold;')));
$kw_case_sel = array('GESHI_CAPS_NO_CHANGE' => '', 'GESHI_CAPS_UPPER' => '', 'GESHI_CAPS_LOWER' => '');
$kw_cases_sel = array(1 => array(0 => '', 1 => ''));
// --- empty variables for values of $_POST - end ---
echo "<pre>";
//var_dump($languages);
var_dump($_GET);
var_dump($_POST);
foreach ($post_var_names as $varName) {
    // export wanted variables of $_POST array...
    if (array_key_exists($varName, $_POST)) {
        ${$varName} = htmlspecialchars_deep($_POST[$varName]);
    }
}
// determine the selected kw_case...
$kw_case_sel[$ld['kw_case']] = ' selected="selected"';
// determine the selected kw_cases...
for ($i = 1; $i <= count($kw_cases_sel); $i += 1) {
    $kw_cases_sel[$i][(int) $ld['kw'][$i]['case']] = ' selected="selected"';
}
$lang = validate_lang();
var_dump($lang);
echo "</pre>";
?>
<form action="?action=test" method="post">
<fieldset>
<legend>Generic Information</legend>
 function write_description($key, $insert_id, $name)
 {
     $sql = "insert into product_description set product_id = '?', language_id = '?', name = '?', description = '?', technical = '?',  technical_name = '?',model = '?', model_number = '?', alt_description = '?', meta_title = '?', meta_description = '?', meta_keywords = '?'";
     $this->database->query($this->database->parse($sql, $insert_id, $key, htmlspecialchars_deep($name), $this->description[$key], $this->technical[$key], htmlspecialchars_deep($this->technical_name[$key]), htmlspecialchars_deep($this->model[$key]), htmlspecialchars_deep($this->model_number[$key]), $this->alt_description[$key], strip_tags($this->meta_title[$key]), strip_tags($this->meta_description[$key]), strip_tags($this->meta_keywords[$key])));
 }
 function requestBody($products)
 {
     $language = $this->language->getCode() == 'fr' ? 'fr' : 'en';
     $shipping_address_id = $this->session->get('shipping_address_id');
     $output = "<?xml version=\"1.0\" ?>\n";
     $output .= "<eparcel>\n";
     $output .= "<language>" . $language . "</language>\n";
     $output .= "<ratesAndServicesRequest>\n";
     $output .= "<merchantCPCID>" . $this->config->get('canadapost_merchant_id') . "</merchantCPCID>\n";
     $output .= "<fromPostalCode>" . $this->config->get('canadapost_postcode') . "</fromPostalCode>\n";
     if ($this->config->get('canadapost_turnaround')) {
         $output .= "<turnAroundTime>" . $this->config->get('canadapost_turnaround') . "</turnAroundTime>\n";
     }
     $output .= "<itemsPrice>" . str_replace(',', '', $this->currency->format($this->cart->getTotal(), 'CAD', FALSE, FALSE)) . "</itemsPrice>\n";
     $output .= "<lineItems>\n";
     foreach ($products as $product) {
         $output .= "<item>\n";
         $output .= "<quantity>" . $product['quantity'] . "</quantity>\n";
         $output .= "<weight>" . str_replace(',', '.', $product['weight']) . "</weight>\n";
         $output .= "<length>" . str_replace(',', '.', $product['length']) . "</length>\n";
         $output .= "<width>" . str_replace(',', '.', $product['width']) . "</width>\n";
         $output .= "<height>" . str_replace(',', '.', $product['height']) . "</height>\n";
         $output .= "<description>" . $product['item'] . "</description>\n";
         $output .= "</item>\n";
     }
     $output .= "</lineItems>\n";
     if ($this->customer->isLogged()) {
         $output .= "<city>" . htmlspecialchars_deep($this->address->getCity($shipping_address_id)) . "</city>\n";
         $output .= "<provOrState>" . htmlspecialchars_deep($this->address->getZone($shipping_address_id)) . "</provOrState>\n";
         $output .= "<country>" . htmlspecialchars_deep($this->address->getCountry($shipping_address_id)) . "</country>\n";
         $output .= "<postalCode>" . str_replace(" ", '', $this->address->getPostCode($shipping_address_id)) . "</postalCode>\n";
     } else {
         $output .= "<provOrState>" . htmlspecialchars_deep($this->modelShipping->getZoneName($this->session->get('zone_id'))) . "</provOrState>\n";
         $output .= "<country>" . htmlspecialchars_deep($this->modelShipping->getCountryName($this->session->get('country_id'))) . "</country>\n";
         $output .= "<postalCode>" . str_replace(" ", '', $this->session->get('postcode')) . "</postalCode>\n";
     }
     $output .= "</ratesAndServicesRequest>\n";
     $output .= "</eparcel>\n";
     return $output;
 }
 function clean($key)
 {
     return htmlspecialchars_deep($this->sanitizer($key));
 }
Beispiel #7
0
 function message_send()
 {
     exit('Function ' . __FUNCTION__ . ' moved to the users API');
     if ($_POST) {
         $this->_requireLogin();
         $currentUser = CI::library('session')->userdata('user');
         $messageKey = $_POST['mk'];
         unset($_POST['mk']);
         $messageKey = base64_decode($messageKey);
         $messageKey = CI::model('core')->securityDecryptString($messageKey);
         if ($currentUser['email'] != $messageKey) {
             exit(1);
         }
         $data = $_POST;
         $data = stripFromArray($data);
         $data = htmlspecialchars_deep($data);
         /*
          * Format data array
          */
         // from user
         $data['from_user'] = intval($currentUser['id']);
         // to user
         $data['to_user'] = intval($data['receiver']);
         unset($data['receiver']);
         // parent id
         if ($data['conversation']) {
             $data['parent_id'] = $data['conversation'];
         }
         unset($data['conversation']);
         // validate 'to_user'
         if ($data['parent_id']) {
             $parentMessage = CI::model('core')->fetchDbData('firecms_messages', array(array('id', $data['parent_id'])));
             $parentMessage = $parentMessage[0];
             if (!in_array($data['to_user'], array($parentMessage['from_user'], $parentMessage['to_user']))) {
                 throw new Exception('Cheating detected.');
             }
         }
         $sent = CI::model('core')->saveData('firecms_messages', $data);
         echo $sent;
         CI::model('core')->cleanCacheGroup('messages');
     }
 }
 function check_barcode_id($value, $product_option = '')
 {
     $result = $this->database->getRow("select barcode, product_id from product where barcode = '" . htmlspecialchars_deep($value) . "' and product_id != '" . (int) $this->request->gethtml('product_id') . "'union select barcode, product_option from product_options where barcode = '" . htmlspecialchars_deep($value) . "' and product_option != '" . $product_option . "'");
     return $result;
 }
Beispiel #9
0
 function commentsSave($data)
 {
     global $cms_db_tables;
     $data = stripFromArray($data);
     $data = htmlspecialchars_deep($data);
     $table = $cms_db_tables['table_comments'];
     //$data_to_save_options ['delete_cache_groups'] = array ('comments' );
     $id = CI::model('core')->saveData($table, $data);
     if (intval($id) != 0) {
         CI::model('core')->cleanCacheGroup('comments/' . $id);
     }
     CI::model('core')->cleanCacheGroup('comments/global');
     if (trim($data['to_table']) != '' and trim($data['to_table_id']) != '') {
         $cache_group = "comments/{$data['to_table']}/{$data['to_table_id']}";
         //var_dump($cache_group);
         CI::model('core')->cleanCacheGroup($cache_group);
     }
     return $id;
 }
Beispiel #10
0
 function message_send()
 {
     require_once APPPATH . 'controllers/api/_api_require_login.php';
     if ($_POST) {
         $currentUser = CI::library('session')->userdata('user');
         $messageKey = $_POST['mk'];
         unset($_POST['mk']);
         //$messageKey =  ( $messageKey );
         $messageKey = CI::model('core')->securityDecryptString($messageKey);
         //var_dump( CI::model('core')->userId (), $messageKey);
         if (CI::model('core')->userId() != $messageKey) {
             exit('Error in $messageKey');
         }
         $data = $_POST;
         $data = stripFromArray($data);
         $data = htmlspecialchars_deep($data);
         /*
          * Format data array
          */
         // from user
         $data['from_user'] = intval(CI::model('core')->userId());
         // to user
         if (intval($data['receiver']) == 0) {
             $data['receiver'] = $data['to_user'];
         }
         $data['to_user'] = intval($data['receiver']);
         unset($data['receiver']);
         // parent id
         if ($data['conversation']) {
             $data['parent_id'] = $data['conversation'];
         }
         unset($data['conversation']);
         // validate 'to_user'
         if ($data['parent_id']) {
             $parentMessage = CI::model('core')->fetchDbData(TABLE_PREFIX . 'messages', array(array('id', $data['parent_id'])));
             $parentMessage = $parentMessage[0];
             if (!in_array($data['to_user'], array($parentMessage['from_user'], $parentMessage['to_user']))) {
                 //throw new Exception ( 'Cheating detected.' );
             }
         }
         $data['is_read'] = 'n';
         $sent = CI::model('messages')->messageSave($data);
         if (intval($data['parent_id']) != 0) {
             $data2 = array();
             $data2['is_read'] = 'n';
             $data2 = CI::model('messages')->messageSave($data2);
             $cache_group = 'users/messages/' . $data['parent_id'];
             CI::model('core')->cleanCacheGroup($cache_group);
         }
         //echo $sent;
         echo 'Message sent';
         $cache_group = 'users/messages/global/';
         CI::model('core')->cleanCacheGroup($cache_group);
     }
 }