/** * Get input from user; using secure method; * * @param string $input Name of input; * @params integer $noencode If you don't want to encode to html entities then add 1 as second arg in function. * * @last edit: $arsalanshah * @reason: fix docs; * @return false|string */ function input($input, $noencode = '') { $str = false; if (isset($_REQUEST[$input]) && empty($noencode)) { $data = htmlentities($_REQUEST[$input], ENT_QUOTES, 'UTF-8'); $str = $data; } elseif ($noencode == 1) { $str = ossn_input_escape($data); } if ($str) { return ossn_input_escape($str); } return false; }
/** * Send message * * @params $from: User 1 guid * $to User 2 guid * $message Message * * @return bool; */ public function send($from, $to, $message) { if (empty($message)) { return false; } //send valid text to database only no html tags //missing reconversion of html escaped characters in messages #118 $message = html_entity_decode($message, ENT_QUOTES, "UTF-8"); $message = strip_tags($message); $message = ossn_restore_new_lines($message); $message = ossn_input_escape($message, false); $params['into'] = 'ossn_messages'; $params['names'] = array('message_from', 'message_to', 'message', 'time', 'viewed'); $params['values'] = array((int) $from, (int) $to, $message, time(), '0'); if ($this->insert($params)) { $this->lastMessage = $this->getLastEntry(); return true; } return false; }
/** * Send message * * @params $from: User 1 guid * $to User 2 guid * $message Message * * @return bool; */ public function send($from, $to, $message) { $message = html_entity_decode($message, ENT_QUOTES, "UTF-8"); $message = strip_tags($message); $message = ossn_restore_new_lines($message); $message = ossn_input_escape($message, false); $params['into'] = 'ossn_messages'; $params['names'] = array('message_from', 'message_to', 'message', 'time', 'viewed'); $params['values'] = array((int) $from, (int) $to, $message, time(), '0'); if ($this->insert($params)) { return true; } return false; }