/** * Publish an existing article * * @return bool */ private function publishArticle() { # Validate the user is logged in if (!$this->isLoggedIn) { return false; } # Sanitize and validate the POST variables $postVars = $this->GUMP->sanitize($this->postVars); # Filter and sanitize the POST variables $this->GUMP->validation_rules(['type' => 'required|contains,post page']); $this->GUMP->filter_rules(['id' => 'sanitize_numbers', 'title' => 'trim|sanitize_string', 'category' => 'trim|sanitize_string', 'tags' => 'trim|sanitize_string', 'type' => 'trim|sanitize_string', 'excerpt' => 'trim|sanitize_string', 'category' => 'trim|sanitize_string', 'thumbnail' => 'trim|sanitize_string']); $validated_data = $this->GUMP->run($postVars); if (!$validated_data) { return false; } $validated_data['status'] = 'published'; if (isset($validated_data['id']) && (int) $validated_data['id'] > 0) { $newArticle = false; $validated_data['id'] = (int) $validated_data['id']; } else { $newArticle = true; $validated_data['id'] = 0; } $validated_data['comments_enabled'] = \Kanso\Utility\Str::bool($validated_data['comments']); $article = $newArticle ? \Kanso\Kanso::getInstance()->Bookkeeper->create() : \Kanso\Kanso::getInstance()->Bookkeeper->existing($validated_data['id']); # Get the article content directly from the _POST global # so it is not filtered in any way if (isset($_POST['content'])) { $validated_data['content'] = $_POST['content']; } foreach ($validated_data as $key => $value) { $article->{$key} = $value; } # save the article $save = $article->save(); if ($save) { return ['id' => $article->id, 'slug' => $article->slug]; } return false; }
/** * Filter and sanitize the configuration to unsure Kanso will run * * @return array */ private function filterConfig($throwError = false) { # Merge the config with the defaults $config = array_merge($this->defaults, $this->tempConfig); # Filter and sanitize the config $config['host'] = filter_var($config['host'], FILTER_SANITIZE_STRING); $config['user'] = filter_var($config['user'], FILTER_SANITIZE_STRING); $config['password'] = filter_var($config['password'], FILTER_SANITIZE_STRING); $config['dbname'] = filter_var($config['dbname'], FILTER_SANITIZE_STRING); $config['table_prefix'] = filter_var($config['table_prefix'], FILTER_SANITIZE_STRING); $config['KANSO_THEME_NAME'] = filter_var($config['KANSO_THEME_NAME'], FILTER_SANITIZE_STRING); $config['KANSO_SITE_TITLE'] = filter_var($config['KANSO_SITE_TITLE'], FILTER_SANITIZE_STRING); $config['KANSO_SITE_DESCRIPTION'] = filter_var($config['KANSO_SITE_DESCRIPTION'], FILTER_SANITIZE_STRING); $config['KANSO_SITEMAP'] = filter_var($config['KANSO_SITEMAP'], FILTER_SANITIZE_STRING); $config['KANSO_PERMALINKS'] = filter_var($config['KANSO_PERMALINKS'], FILTER_SANITIZE_STRING); $config['KANSO_PERMALINKS_ROUTE'] = filter_var($config['KANSO_PERMALINKS_ROUTE'], FILTER_SANITIZE_STRING); $config['KANSO_POSTS_PER_PAGE'] = (int) $config['KANSO_POSTS_PER_PAGE']; $config['KANSO_ROUTE_TAGS'] = \Kanso\Utility\Str::bool($config['KANSO_ROUTE_TAGS']); $config['KANSO_ROUTE_CATEGORIES'] = \Kanso\Utility\Str::bool($config['KANSO_ROUTE_CATEGORIES']); $config['KANSO_ROUTE_AUTHORS'] = \Kanso\Utility\Str::bool($config['KANSO_ROUTE_AUTHORS']); $config['KANSO_THUMBNAILS'] = $config['KANSO_THUMBNAILS']; $config['KANSO_IMG_QUALITY'] = (int) $config['KANSO_IMG_QUALITY']; $config['KANSO_USE_CDN'] = \Kanso\Utility\Str::bool($config['KANSO_USE_CDN']); $config['KASNO_CDN_URL'] = filter_var($config['KASNO_CDN_URL'], FILTER_SANITIZE_STRING); $config['KANSO_USE_CACHE'] = \Kanso\Utility\Str::bool($config['KANSO_USE_CACHE']); $config['KANSO_CACHE_LIFE'] = filter_var($config['KANSO_CACHE_LIFE'], FILTER_SANITIZE_STRING); $config['KANSO_COMMENTS_OPEN'] = \Kanso\Utility\Str::bool($config['KANSO_COMMENTS_OPEN']); $config['KANSO_OWNER_USERNAME'] = filter_var($config['KANSO_OWNER_USERNAME'], FILTER_SANITIZE_STRING); $config['KANSO_OWNER_EMAIL'] = filter_var($config['KANSO_OWNER_EMAIL'], FILTER_SANITIZE_STRING); $config['KANSO_OWNER_PASSWORD'] = filter_var($config['KANSO_OWNER_PASSWORD'], FILTER_SANITIZE_STRING); $config['KANSO_STATIC_PAGES'] = $config['KANSO_STATIC_PAGES']; $config['KANSO_AUTHOR_SLUGS'] = $config['KANSO_AUTHOR_SLUGS']; # Filter the sanitize the sitemap if (strpos($config['KANSO_SITEMAP'], '.') === false) { $config['KANSO_SITEMAP'] = $this->defaults['KANSO_SITEMAP']; } # Fiter and sanitize the permalinks $permalinks = $this->createPermalinks($config['KANSO_PERMALINKS']); if (empty($permalinks['KANSO_PERMALINKS']) || empty($permalinks['KANSO_PERMALINKS_ROUTE'])) { $config['KANSO_PERMALINKS_ROUTE'] = $this->defaults['KANSO_PERMALINKS_ROUTE']; $config['KANSO_PERMALINKS'] = $this->defaults['KANSO_PERMALINKS']; } # Fiter and sanitize the posts per page if ($config['KANSO_POSTS_PER_PAGE'] <= 0) { $config['KANSO_POSTS_PER_PAGE'] = $this->defaults['KANSO_POSTS_PER_PAGE']; } # Fiter and sanitize the thumbnail sizes if (!is_array($config['KANSO_THUMBNAILS'])) { $config['KANSO_THUMBNAILS'] = array_map('trim', explode(',', (string) $config['KANSO_THUMBNAILS'])); } foreach ($config['KANSO_THUMBNAILS'] as $i => $thumbs) { if (is_integer($thumbs) || is_array($thumbs)) { continue; } $thumbs = array_map('trim', explode(' ', $thumbs)); if (count($thumbs) === 2) { $config['KANSO_THUMBNAILS'][$i] = [intval($thumbs[0]), intval($thumbs[1])]; } else { $config['KANSO_THUMBNAILS'][$i] = intval($thumbs[0]); } } # Fiter and sanitize the image quality if ($config['KANSO_IMG_QUALITY'] <= 0 || $config['KANSO_IMG_QUALITY'] > 100) { $config['KANSO_IMG_QUALITY'] = $this->defaults['KANSO_IMG_QUALITY']; } # Filter and sanitize the CDN options if ($config['KANSO_USE_CDN'] === true && !filter_var($config['KASNO_CDN_URL'], FILTER_VALIDATE_URL)) { $config['KANSO_USE_CDN'] = false; $config['KASNO_CDN_URL'] = ''; } # Filter and sanitize the cahce options if ($config['KANSO_USE_CACHE'] === true) { $validCacheLife = $this->validateCacheLife($config['KANSO_CACHE_LIFE']); if (!$validateCacheLife) { $config['KANSO_USE_CACHE'] = false; $config['KANSO_CACHE_LIFE'] = ''; } else { $config['KANSO_CACHE_LIFE'] = $validCacheLife; } } # Filter and sanitize the static pages if (!is_array($config['KANSO_STATIC_PAGES'])) { $config['KANSO_STATIC_PAGES'] = []; } # Filter and sanitize author pages pages if (!is_array($config['KANSO_AUTHOR_SLUGS'])) { $config['KANSO_AUTHOR_SLUGS'] = []; } # Filter and santize the password if (empty($config['KANSO_OWNER_PASSWORD'])) { $config['KANSO_OWNER_PASSWORD'] = $this->defaults['KANSO_OWNER_PASSWORD']; } # Filter and santize the email if (empty($config['KANSO_OWNER_EMAIL'])) { $config['KANSO_OWNER_EMAIL'] = $this->defaults['KANSO_OWNER_EMAIL']; } # Filter and santize the username if (empty($config['KANSO_OWNER_USERNAME'])) { $config['KANSO_OWNER_USERNAME'] = $this->defaults['KANSO_OWNER_USERNAME']; } # Filter and sanitize the table prefix if (empty($config['table_prefix'])) { $config['table_prefix'] = $this->defaults['table_prefix']; } $config['table_prefix'] = preg_replace('/[^a-z_-]+/', '_', strtolower($config['table_prefix'])); # Return the config return $config; }