public function renderAsHtml()
{
$rendered = '';
if (preg_match('/^http/i', $this->image_reference)) {
// NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs)
$rendered = '<img id="specimen_image_' . $this->specimen_image_id . '" class="plant-image external-reference" src="' . $this->image_reference . '" />';
} else {
$rendered = '<img id="specimen_image_' . $this->specimen_image_id . '" class="plant-image" src="' . APP_ROOT_PATH . '/image_data/specimen/' . util_sanitizeFileReference($this->image_reference) . '" />';
}
return $rendered;
}
public function renderAsHtml()
{
$rendered = 'UNKNOWN TYPE';
if ($this->type == 'common name') {
$rendered = "<div class=\"field-label\">" . util_lang('common_name') . " : </div><div class=\"field-value taxonomy taxonomy-common-name\">\"" . htmlentities($this->value) . "\"</div>";
} elseif ($this->type == 'image') {
if (preg_match('/^http/i', $this->value)) {
// NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs)
$rendered = '<img class="plant-image external-reference" src="' . $this->value . '"/>';
} else {
$rendered = '<img class="plant-image" src="' . APP_ROOT_PATH . '/image_data/authoritative/' . util_sanitizeFileReference($this->value) . '"/>';
}
} elseif ($this->type == 'description') {
$rendered = "<div class=\"plant-description\">" . htmlentities($this->value) . "</div>";
}
return $rendered;
}
function testSanitizeFileReference()
{
$this->assertEqual('filename', util_sanitizeFileReference('filename'));
$this->assertEqual('file_name', util_sanitizeFileReference('file name'));
$this->assertEqual('filename', util_sanitizeFileReference('../filename'));
$this->assertEqual('foo/filename', util_sanitizeFileReference('../foo/filename'));
$this->assertEqual('/foo/filename', util_sanitizeFileReference('/../foo/filename'));
$this->assertEqual('__filename', util_sanitizeFileReference('; filename'));
}
public function renderAsHtml()
{
$rendered = '';
if ($this->type == 'text') {
$file_path = $_SERVER["DOCUMENT_ROOT"] . APP_ROOT_PATH . '/text_data/' . util_sanitizeFileReference($this->external_reference);
$text_data = file_get_contents($file_path);
$text_data = preg_replace('/\\r/', "", $text_data);
$rendered = '<div class="text_data" title="' . htmlentities($this->description) . '">' . htmlentities($text_data) . '</div>';
} elseif ($this->type == 'image') {
if (preg_match('/^http/i', $this->external_reference)) {
// NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs)
$rendered = '<img class="metadata-reference-image external-reference" src="' . $this->external_reference . '" alt="' . htmlentities($this->description) . '"/>';
} else {
$rendered = '<img class="metadata-reference-image" src="' . APP_ROOT_PATH . '/image_data/reference/' . util_sanitizeFileReference($this->external_reference) . '" alt="' . htmlentities($this->description) . '"/>';
}
} elseif ($this->type == 'link') {
// NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs)
$rendered = '<a href="' . $this->external_reference . '" title="' . htmlentities($this->description) . '">' . htmlentities($this->description) . '</a>';
}
return $rendered;
}
