/**
* Get input from user; using secure method;
*
* @param string $input Name of input;
* @params integer $noencode If you don't want to encode to html entities then add 1 as second arg in function.
*
* @last edit: $arsalanshah
* @reason: fix docs;
* @return false|string
*/
function input($input, $noencode = '')
{
$str = false;
if (isset($_REQUEST[$input]) && empty($noencode)) {
$data = htmlentities($_REQUEST[$input], ENT_QUOTES, 'UTF-8');
$str = $data;
} elseif ($noencode == 1) {
$str = ossn_input_escape($data);
}
if ($str) {
return ossn_input_escape($str);
}
return false;
}
/**
* Send message
*
* @params $from: User 1 guid
* $to User 2 guid
* $message Message
*
* @return bool;
*/
public function send($from, $to, $message)
{
if (empty($message)) {
return false;
}
//send valid text to database only no html tags
//missing reconversion of html escaped characters in messages #118
$message = html_entity_decode($message, ENT_QUOTES, "UTF-8");
$message = strip_tags($message);
$message = ossn_restore_new_lines($message);
$message = ossn_input_escape($message, false);
$params['into'] = 'ossn_messages';
$params['names'] = array('message_from', 'message_to', 'message', 'time', 'viewed');
$params['values'] = array((int) $from, (int) $to, $message, time(), '0');
if ($this->insert($params)) {
$this->lastMessage = $this->getLastEntry();
return true;
}
return false;
}
/**
* Send message
*
* @params $from: User 1 guid
* $to User 2 guid
* $message Message
*
* @return bool;
*/
public function send($from, $to, $message)
{
$message = html_entity_decode($message, ENT_QUOTES, "UTF-8");
$message = strip_tags($message);
$message = ossn_restore_new_lines($message);
$message = ossn_input_escape($message, false);
$params['into'] = 'ossn_messages';
$params['names'] = array('message_from', 'message_to', 'message', 'time', 'viewed');
$params['values'] = array((int) $from, (int) $to, $message, time(), '0');
if ($this->insert($params)) {
return true;
}
return false;
}
