Beispiel #1
0
function ppGetData($vars, $setglobal = false, $type = '', $option = '')
{
    $return_data = array();
    if (!is_array($vars)) {
        $vars = array($vars);
    }
    #setup common reference to SuperGlobals depending which array is needed
    if ($type == 'GET' or $type == 'POST') {
        if ($type == 'GET') {
            $SG_Array =& $_GET;
        }
        if ($type == 'POST') {
            $SG_Array =& $_POST;
        }
        # loop through SuperGlobal data array and grab out data for allowed fields if found
        foreach ($vars as $key) {
            if (array_key_exists($key, $SG_Array)) {
                $return_data[$key] = $SG_Array[$key];
            }
        }
    } else {
        foreach ($vars as $key) {
            if (array_key_exists($key, $_POST)) {
                $return_data[$key] = $_POST[$key];
            } elseif (array_key_exists($key, $_GET)) {
                $return_data[$key] = $_GET[$key];
            }
        }
    }
    # loop through $vars array and apply the filter
    foreach ($vars as $value) {
        if ($option == 'text') {
            // Check if this variable is an array - maybe a checkbox or multiple select
            if (is_array($return_data[$value])) {
                $subvalues_array = array();
                foreach ($return_data[$value] as $subvalue) {
                    $subvalues_array[] = ppFilterText($subvalue);
                }
                $return_data[$value] = $subvalues_array;
            } else {
                $return_data[$value] = ppFilterText($return_data[$value]);
            }
        } else {
            // Check if this variable is an array - maybe a checkbox or multiple select
            if (is_array($return_data[$value])) {
                $subvalues_array = array();
                foreach ($return_data[$value] as $subvalue) {
                    if ($option == 'int') {
                        $subvalues_array[] = ppApplyFilter($subvalue, true, true);
                    } else {
                        $subvalues_array[] = ppApplyFilter($subvalue);
                    }
                }
                $return_data[$value] = $subvalues_array;
            } else {
                if ($option == 'int') {
                    $return_data[$value] = ppApplyFilter($return_data[$value], true);
                } else {
                    $return_data[$value] = ppApplyFilter($return_data[$value]);
                }
            }
        }
    }
    // Optionally set $GLOBALS or return the array
    if ($setglobal) {
        # loop through final data and define all the variables using the $GLOBALS array
        foreach ($return_data as $key => $value) {
            $GLOBALS[$key] = $value;
        }
    } else {
        return $return_data;
    }
}
Beispiel #2
0
// ListItem ID
$op = COM_applyFilter($_GET['op']);
// Operation
/* Need special filtering of var1 - which is can be the multiple field values separated by a comma
 * COM_applyFilter was filtering everything after the comma! ie 2,8,10:11:12:13 became 2
*/
if (!get_magic_quotes_gpc()) {
    $var1 = addslashes(htmlspecialchars($_GET['var1']));
    // Passed Var1 - usually the fieldname
    $var1 = str_replace('&', '&', $var1);
} else {
    $var1 = htmlspecialchars($_GET['var1']);
    // Passed Var1 - usually the fieldname
    $var1 = str_replace('&', '&', $var1);
}
$var2 = ppFilterText($_GET['var2']);
// Passed Var2 - usually the field value
$var3 = intval($_GET['var3']);
// Passed Var3 - field width
$var4 = intval($_GET['var4']);
// Passed Var4 - predefined_function (1 or 0)
// Check if user has edit access to this list
$GROUPS = SEC_getUserGroups($_USER['uid']);
// List of groups user is a member of
$sql = "SELECT id FROM {$_TABLES['nexlist']} WHERE edit_perms IN (" . implode(',', $GROUPS) . ") AND id={$did}";
if (DB_numRows(DB_query($sql)) != 1) {
    COM_accessLog("WARNING: nexlist Admin- Invalid access to ajaxupdate.php by user: {$_USER['uid']}");
    exit;
}
if ($CONF_LL['debug']) {
    COM_errorLog("nexlist - ajaxupdate.php: did:{$did}, rid:{$rid}, fid:{$fid}, itemid:{$itemid}");