public function filterPost($name) { $e = array(); if (!empty($_POST)) { // captcha verification if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) { if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) { $e['result_captcha'] = 'error'; } } // test token validation // if (!$this->isToken($name,$e)) { // $e[$name.'_token'] = 'error'; // }else{ // unset($_POST[$name.'_token']); // } // $_POST checking foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') { $_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING); } } $HTMLPurifierService = new HTMLPurifierService(); // onclic submit form if (isset($_POST[$name . '_submit'])) { unset($_POST[$name . '_submit']); foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); $k = str_replace($name . '_', '', $k); if ($restHtml !== '_nofi') { if ($rest === '_tinymce' || $restHtml === '_html') { //if (!empty($this->i) && empty($e)) { //$_POST[$k] = stripcslashes($_POST[$k]); $v = str_replace('</textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('%3c/textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('%3c/body', '', $v); $v = str_replace('</body', '', $v); $this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); //} } else { $this->i[$k] = Convertag::get($v); } } else { $this->i[$k] = Convertag::get($v); } } } // reset captcha if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($e['result_captcha'])) { unset($_POST['captcha_num1']); unset($_POST['captcha_num2']); unset($_POST['captcha_result']); } } return $e; }
public function getParams() { $HTMLPurifierService = new HTMLPurifierService(); $GET = $POST = array(); if (!empty($_GET)) { foreach ($_GET as $k => $v) { $GET[$k] = filter_input(INPUT_GET, $k, FILTER_SANITIZE_STRING); } } $this->Params['GET'] = $GET; if (!empty($_POST)) { foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html') { $POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING); //$POST[$k] = $HTMLPurifierService->purify($v); } else { $v = str_replace('</textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('%3c/textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('%3c/body', '', $v); $v = str_replace('</body', '', $v); $POST[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); } } } $this->Params['POST'] = $POST; // Load Uri Module if (array_key_exists('uri', $this->Params['GET'])) { $uri = $this->Params['GET']['uri']; $isContent = $this->dbQS($uri, '_modules', 'uri'); if (!empty($isContent)) { $this->Table = '_m_' . $this->getRealUri($uri); $this->Uri = $uri; } } parse_str(file_get_contents("php://input"), $outPut); if (!empty($outPut)) { foreach ($outPut as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html') { $outPut[$k] = filter_var($v, FILTER_SANITIZE_STRING); //$POST[$k] = $HTMLPurifierService->purify($v); } else { $v = str_replace('</textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('%3c/textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('%3c/body', '', $v); $v = str_replace('</body', '', $v); $outPut[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); } } } $this->Params['PUT'] = $outPut; }
public function view($nameForm) { $name = $nameForm; $isView = null; if (!empty($_POST)) { // captcha verification if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) { if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) { $this->e['result_captcha'] = 'ok'; } } // test token validation if (!$this->isToken()) { $this->e[$this->name . '_token'] = 'ok'; } else { unset($_POST[$this->name . '_token']); } // $_POST checking foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') { if (!is_array($v)) { $_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING); } } } $HTMLPurifierService = new HTMLPurifierService(); // onclic submit form if (isset($_POST[$nameForm . '_submit'])) { unset($_POST[$nameForm . '_submit']); foreach ($_POST as $k => $v) { $_k = $k; $rest = substr($k, -8); $restHtml = substr($k, -5); $k = str_replace($nameForm . '_', '', $k); if ($restHtml !== '_nofi') { if ($rest === '_tinymce' || $restHtml === '_html') { if (!empty($this->i) && empty($this->e)) { $_POST[$_k] = stripcslashes($_POST[$_k]); $replace = array('</textarea', '</textarea', '%3c/textarea', '</textarea', '<body', '<body', '%3c/body', '</body'); $replaceNext = array('scr=""'); $v = str_replace($replace, '', $_POST[$_k]); $v = str_replace('scr=""', 'scr=', $_POST[$_k]); $v = str_replace('scr=""', 'scr=', $_POST[$_k]); $this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); } } else { $this->i[$k] = Convertag::get($v); } } else { $_POST[$_k] = stripcslashes($_POST[$_k]); } } } // reset captcha if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($this->e['result_captcha'])) { unset($_POST['captcha_num1']); unset($_POST['captcha_num2']); unset($_POST['captcha_result']); } } }