Beispiel #1
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\NullFilter::applyFilter
  */
 public function testApplyFilter()
 {
     $text = 'Why does my cat sleep so much?';
     $expected = $text;
     $actual = $this->sanitizer->executeFilter('nosuchfilter', $text);
     $this->assertEquals($expected, $actual);
 }
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\SyntaxHighlight::applyFilter
  * @todo   Implement testApplyFilter().
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('syntaxhighlight');
     $text = "some text";
     $actual = $this->sanitizer->executeFilter('syntaxhighlight', $text);
     $this->assertTrue(is_string($actual));
 }
 /**
  * Constructor
  *
  * @param Sanitizer $ts text sanitizer instance being extended
  */
 public function __construct(Sanitizer $ts)
 {
     $this->ts = $ts;
     $fullName = get_called_class();
     $shortName = ($pos = strrpos($fullName, '\\')) ? substr($fullName, $pos + 1) : $fullName;
     $this->config = $ts->getConfig($shortName);
     $this->shortcodes = $ts->getShortCodesInstance();
 }
 /**
  * @covers Xoops\Core\Text\Sanitizer\NullExtension::getDhtmlEditorSupport
  * @covers Xoops\Core\Text\Sanitizer\NullExtension::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $actual = $this->sanitizer->getDhtmlEditorSupport('nosuchextension');
     $this->assertEquals(['', ''], $actual);
     $expected = $this->object->registerExtensionProcessing('muck');
     $actual = call_user_func_array(array($this->object, 'registerExtensionProcessing'), $args);
     $this->assertSame($expected, $actual);
 }
Beispiel #5
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Xss::applyFilter
  * @todo   Implement testApplyFilter().
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('textfilter');
     $text = "";
     $expected = '';
     $actual = $this->sanitizer->executeFilter('textfilter', $text);
     $this->assertSame($expected, $actual);
 }
Beispiel #6
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\TextFilter::applyFilter
  * @todo   Implement testApplyFilter().
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('textfilter');
     $xoops = \Xoops::getInstance();
     $text = 'Some text';
     $expected = $text;
     $actual = $this->sanitizer->executeFilter('textfilter', $text);
     $this->assertSame($expected, $actual);
 }
Beispiel #7
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\SoundCloud::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('soundcloud');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('soundcloud'));
     $expected = '<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https://api.soundcloud.com/tracks/80365438&amp;color=ff5500&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false"></iframe>';
     $in = '[soundcloud url="https://api.soundcloud.com/tracks/80365438" params="color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false" width="100%" height="166" iframe="true" /]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #8
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Quote::applyFilter
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('quote');
     $in = '[quote]stuff[/quote]';
     $expected = 'Quote:<div class="xoopsQuote"><blockquote>stuff</blockquote></div>';
     $actual = $this->sanitizer->executeFilter('quote', $in);
     $this->assertEquals($expected, $actual);
     //var_dump($actual);
 }
Beispiel #9
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Iframe::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('iframe');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('iframe'));
     $expected = '<iframe src="url"';
     $in = '[iframe=300,200]url[/iframe]';
     $actual = trim($this->sanitizer->filterForDisplay($in));
     $this->assertTrue(is_string($actual));
     $this->assertEquals($expected, substr($actual, 0, strlen($expected)));
 }
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\UnorderedList::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('unorderedlist');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('ul'));
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('li'));
     $in = '[ul][li]item[/li][/ul]';
     $expected = '<ul><li>item</li></ul>';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #11
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\YouTube::registerExtensionProcessing
  * @todo   Implement testRegisterExtensionProcessing().
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('youtube');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('youtube'));
     $expected = '<iframe width="180" height="100" src="https://www.youtube.com/embed/12345678901" frameborder="0" allowfullscreen></iframe>';
     $in = '[youtube=180,100]12345678901[/youtube]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
     $in = '[youtube url="12345678901" width="180" height=100 /]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #12
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Mp3::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('mp3');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('mp3'));
     $expected = '<audio controls><source src="http://spot.river-styx.com/media/spot6.mp3" type="audio/mpeg"></audio>';
     $in = '[mp3]http://spot.river-styx.com/media/spot6.mp3[/mp3]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
     $in = '[mp3 url="http://spot.river-styx.com/media/spot6.mp3" /]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #13
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Image::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('image');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('img'));
     $this->markTestSkipped('invokes Xoops::theme() provoking multiple failure on a real system');
     $in = '[img]url[/img]';
     $expected = trim($this->sanitizer->filterForDisplay($in));
     $this->assertTrue(is_string($expected));
     $in = '[img url="url" /]';
     $actual = trim($this->sanitizer->filterForDisplay($in));
     $this->assertEquals($expected, $actual);
 }
Beispiel #14
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Clickable::applyFilter
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('clickable');
     $in = 'http://xoops.org';
     $expected = '<a href="http://xoops.org" title="http://xoops.org"rel="external">http://xoops.org</a>';
     $actual = $this->sanitizer->executeFilter('clickable', $in);
     $this->assertEquals($expected, $actual);
     $in = '*****@*****.**';
     $expected = '<a href="mailto:fred@example.com" title="*****@*****.**">fred@example.com</a>';
     $actual = $this->sanitizer->executeFilter('clickable', $in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #15
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Embed::applyFilter
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Embed::decorateUrl
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Embed::mediaBox
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('embed');
     $in = 'http://xoops.org';
     $value = $this->sanitizer->executeFilter('embed', $in);
     $this->assertTrue(is_string($value));
     $this->assertNotFalse(strpos($value, '<div class="media">'));
     $this->assertNotFalse(strpos($value, 'href="http://xoops.org/"'));
     $in = 'https://www.youtube.com/watch?v=-vBqazs3j3A';
     //        <iframe width="480" height="270" src="https://www.youtube.com/embed/-vBqazs3j3A?feature=oembed" frameborder="0" allowfullscreen></iframe>
     $value = $this->sanitizer->executeFilter('embed', $in);
     $this->assertTrue(is_string($value));
     $this->assertNotFalse(strpos($value, '<iframe '));
     $this->assertNotFalse(strpos($value, 'src="https://www.youtube.com/embed/'));
 }
 /**
  * Ask each sanitizer extension for default configuration
  *
  * @return array
  */
 public function buildDefaultConfiguration()
 {
     $this->registerComponent(\Xoops\Core\Text\Sanitizer::getDefaultConfig());
     $extensions = File::getList(__DIR__ . '/Extensions');
     foreach ($extensions as $extensionFile) {
         if (substr($extensionFile, -4) === '.php') {
             $class = __NAMESPACE__ . '\\Extensions\\' . substr($extensionFile, 0, -4);
             if (is_a($class, 'Xoops\\Core\\Text\\Sanitizer\\SanitizerConfigurable', true)) {
                 $this->registerComponent($class::getDefaultConfig());
             }
         }
     }
     /**
      * Register any 3rd party extensions
      *
      * Listeners will be passed a Configuration object as the single argument, and should
      * call $arg->registerComponent() to register extensions
      *
      * All extensions must implement SanitizerConfigurable, extending either ExtensionAbstract
      * or FilterAbstract, and MUST autoload
      *
      * NB: Extensions and Filters all share the same configuration space, so a 3rd party
      * extension that has the same short name as system extension will override the system
      * supplied one.
      */
     \Xoops::getInstance()->events()->triggerEvent('core.sanitizer.configuration.defaults', $this);
     return (array) $this;
 }
Beispiel #17
0
 /**
  * purifyText
  *
  * @param string  $text    text to clean
  * @param boolean $keyword replace some punctuation with white space
  *
  * @return string cleaned text
  */
 public static function purifyText($text, $keyword = false)
 {
     $myts = \Xoops\Core\Text\Sanitizer::getInstance();
     $text = str_replace('&nbsp;', ' ', $text);
     $text = str_replace('<br />', ' ', $text);
     $text = str_replace('<br/>', ' ', $text);
     $text = str_replace('<br', ' ', $text);
     $text = strip_tags($text);
     $text = html_entity_decode($text);
     $text = $myts->undoHtmlSpecialChars($text);
     $text = str_replace(')', ' ', $text);
     $text = str_replace('(', ' ', $text);
     $text = str_replace(':', ' ', $text);
     $text = str_replace('&euro', ' euro ', $text);
     $text = str_replace('&hellip', '...', $text);
     $text = str_replace('&rsquo', ' ', $text);
     $text = str_replace('!', ' ', $text);
     $text = str_replace('?', ' ', $text);
     $text = str_replace('"', ' ', $text);
     $text = str_replace('-', ' ', $text);
     $text = str_replace('\\n', ' ', $text);
     $text = str_replace('&#8213;', ' ', $text);
     if ($keyword) {
         $text = str_replace('.', ' ', $text);
         $text = str_replace(',', ' ', $text);
         $text = str_replace('\'', ' ', $text);
     }
     $text = str_replace(';', ' ', $text);
     return $text;
 }
Beispiel #18
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Censor::applyFilter
  */
 public function testApplyFilter()
 {
     $this->sanitizer->enableComponentForTesting('censor');
     $xoops = \Xoops::getInstance();
     $xoops->setConfig('censor_enable', true);
     $xoops->setConfig('censor_words', ['naughty', 'bits']);
     $xoops->setConfig('censor_replace', '%#$@!');
     $text = 'Xoops is cool!';
     $expected = $text;
     $actual = $this->sanitizer->executeFilter('censor', $text);
     $this->assertSame($expected, $actual);
     $text = 'naughty it!';
     $expected = '%#$@! it!';
     $actual = $this->sanitizer->executeFilter('censor', $text);
     $this->assertSame($expected, $actual);
 }
function smarty_outputfilter_shortcodes($output, Smarty_Internal_Template $template)
{
    $shortcodes = \Xoops\Core\Text\Sanitizer::getInstance()->getShortCodes();
    $shortcodes->addShortcode('nosc42', function ($attributes, $content, $tagName) {
        return $content;
    });
    // break out the body content
    $bodyPattern = '/<body[^>]*>(.*?)<\\/body>/is';
    // breaks out form elements
    $scPattern = '/((<textarea[\\S\\s]*\\/textarea>)|(<input[\\S\\s]*>)|(<select[\\S\\s]*\\/select>)|(<script[\\S\\s]*\\/script>)|(<style[\\S\\s]*\\/style>))/U';
    $text = preg_replace_callback($bodyPattern, function ($matches) use($scPattern, $shortcodes) {
        $element = preg_replace_callback($scPattern, function ($innerMatches) {
            return '[nosc42]' . $innerMatches[0] . '[/nosc42]';
        }, $matches[1]);
        if ($element === null) {
            trigger_error('preg_last_error=' . preg_last_error(), E_USER_WARNING);
            return $matches[1];
        }
        return $element;
    }, $output);
    if ($text === null) {
        trigger_error('preg_last_error=' . preg_last_error(), E_USER_WARNING);
        return $output;
    }
    $text = $shortcodes->process($text);
    return $text;
}
Beispiel #20
0
 /**
  * search - search
  *
  * @param string[] $queryArray search terms
  * @param string   $andor      and/or how to treat search terms
  * @param integer  $limit      max number to return
  * @param integer  $offset     offset of first row to return
  * @param integer  $userid     a specific user id to limit the query
  *
  * @return array of result items
  *           'title' => the item title
  *           'content' => brief content or summary
  *           'link' => link to visit item
  *           'time' => time modified (unix timestamp)
  *           'uid' => author uid
  *           'image' => icon for search display
  *
  */
 public function search($queryArray, $andor, $limit, $offset, $userid)
 {
     $andor = strtolower($andor) === 'and' ? 'and' : 'or';
     $qb = \Xoops::getInstance()->db()->createXoopsQueryBuilder();
     $eb = $qb->expr();
     $qb->select('DISTINCT *')->fromPrefix('page_content')->where($eb->neq('content_status', '0'))->orderBy('content_create', 'DESC')->setFirstResult($offset)->setMaxResults($limit);
     if (is_array($queryArray) && !empty($queryArray)) {
         $queryParts = array();
         foreach ($queryArray as $i => $q) {
             $qterm = ':qterm' . $i;
             $qb->setParameter($qterm, '%' . $q . '%', \PDO::PARAM_STR);
             $queryParts[] = $eb->orX($eb->like('content_title', $qterm), $eb->like('content_text', $qterm), $eb->like('content_shorttext', $qterm));
         }
         if ($andor === 'and') {
             $qb->andWhere(call_user_func_array(array($eb, "andX"), $queryParts));
         } else {
             $qb->andWhere(call_user_func_array(array($eb, "orX"), $queryParts));
         }
     } else {
         $qb->setParameter(':uid', (int) $userid, \PDO::PARAM_INT);
         $qb->andWhere($eb->eq('content_author', ':uid'));
     }
     $myts = \Xoops\Core\Text\Sanitizer::getInstance();
     $items = array();
     $result = $qb->execute();
     while ($myrow = $result->fetch(\PDO::FETCH_ASSOC)) {
         $content = $myrow["content_shorttext"] . "<br /><br />" . $myrow["content_text"];
         $content = $myts->displayTarea($content);
         $items[] = array('title' => $myrow['content_title'], 'content' => Metagen::getSearchSummary($content, $queryArray), 'link' => "viewpage.php?id=" . $myrow["content_id"], 'time' => $myrow['content_create'], 'uid' => $myrow['content_author'], 'image' => 'images/logo_small.png');
     }
     return $items;
 }
Beispiel #21
0
function publisher_date_to_date_show($options)
{
    $myts = \Xoops\Core\Text\Sanitizer::getInstance();
    $publisher = Publisher::getInstance();
    $block = array();
    $criteria = new CriteriaCompo();
    $criteria->add(new Criteria('datesub', strtotime($options[0]), '>'));
    $criteria->add(new Criteria('datesub', strtotime($options[1]), '<'));
    $criteria->setSort('datesub');
    $criteria->setOrder('DESC');
    // creating the ITEM objects that belong to the selected category
    $itemsObj = $publisher->getItemHandler()->getItemObjects($criteria);
    $totalItems = count($itemsObj);
    if ($itemsObj) {
        for ($i = 0; $i < $totalItems; ++$i) {
            $newItems['itemid'] = $itemsObj[$i]->getVar('itemid');
            $newItems['title'] = $itemsObj[$i]->title();
            $newItems['categoryname'] = $itemsObj[$i]->getCategoryName();
            $newItems['categoryid'] = $itemsObj[$i]->getVar('categoryid');
            $newItems['date'] = $itemsObj[$i]->datesub();
            $newItems['poster'] = $itemsObj[$i]->linkedPosterName();
            $newItems['itemlink'] = $itemsObj[$i]->getItemLink(false, isset($options[3]) ? $options[3] : 65);
            $newItems['categorylink'] = $itemsObj[$i]->getCategoryLink();
            $block['items'][] = $newItems;
        }
        $block['lang_title'] = _MB_PUBLISHER_ITEMS;
        $block['lang_category'] = _MB_PUBLISHER_CATEGORY;
        $block['lang_poster'] = _MB_PUBLISHER_POSTEDBY;
        $block['lang_date'] = _MB_PUBLISHER_DATE;
        $modulename = $myts->displayTarea($publisher->getModule()->getVar('name'));
        $block['lang_visitItem'] = _MB_PUBLISHER_VISITITEM . " " . $modulename;
        $block['lang_articles_from_to'] = sprintf(_MB_PUBLISHER_ARTICLES_FROM_TO, $options[0], $options[1]);
    }
    return $block;
}
Beispiel #22
0
 /**
  * @param string  $text
  * @param boolean $keyword
  *
  * @return string
  */
 public function purifyText($text, $keyword = false)
 {
     $text = str_replace('&nbsp;', ' ', $text);
     $text = str_replace('<br />', ' ', $text);
     $text = strip_tags($text);
     $text = html_entity_decode($text);
     $text = $this->_myts->undoHtmlSpecialChars($text);
     $text = str_replace(')', ' ', $text);
     $text = str_replace('(', ' ', $text);
     $text = str_replace(':', ' ', $text);
     $text = str_replace('&euro', ' euro ', $text);
     $text = str_replace('&hellip', '...', $text);
     $text = str_replace('&rsquo', ' ', $text);
     $text = str_replace('!', ' ', $text);
     $text = str_replace('?', ' ', $text);
     $text = str_replace('"', ' ', $text);
     $text = str_replace('-', ' ', $text);
     $text = str_replace('\\n', ' ', $text);
     if ($keyword) {
         $text = str_replace('.', ' ', $text);
         $text = str_replace(',', ' ', $text);
         $text = str_replace('\'', ' ', $text);
     }
     $text = str_replace(';', ' ', $text);
     return $text;
 }
function smarty_block_noshortcodes($params, $content, $template, &$repeat)
{
    // only output on the closing tag
    if (!$repeat) {
        if (isset($content)) {
            $ts = \Xoops\Core\Text\Sanitizer::getInstance();
            return $ts->escapeShortCodes($content);
        }
    }
}
Beispiel #24
0
 /**
  * Output a dump of a variable
  *
  * @param mixed $var  variable to dump
  * @param bool  $echo true to echo dump, false to return dump as string
  *
  * @return string
  */
 public static function dumpVar($var, $echo = true)
 {
     $myts = \Xoops\Core\Text\Sanitizer::getInstance();
     $msg = $myts->displayTarea(var_export($var, true));
     $msg = "<div style='padding: 5px; font-weight: bold'>{$msg}</div>";
     if ($echo) {
         echo $msg;
     }
     return $msg;
 }
Beispiel #25
0
 /**
  * Get an array with all the options
  *
  * @param integer $encode encode special characters, potential values:
  *                        0 - skip
  *                        1 - only for value
  *                        2 - for both value and name
  *
  * @return array Associative array of value->name pairs
  */
 public function getOptions($encode = 0)
 {
     $options = $this->get('option', []);
     if (!$encode) {
         return $options;
     }
     $myts = Sanitizer::getInstance();
     $value = array();
     foreach ($options as $val => $name) {
         $value[(bool) $encode ? $myts->htmlSpecialChars($val) : $val] = $encode > 1 ? $myts->htmlSpecialChars($name) : $name;
     }
     return $value;
 }
Beispiel #26
0
function publisher_items_recent_show($options)
{
    $publisher = Publisher::getInstance();
    $myts = \Xoops\Core\Text\Sanitizer::getInstance();
    $block = array();
    $selectedcatids = explode(',', $options[0]);
    if (in_array(0, $selectedcatids)) {
        $allcats = true;
    } else {
        $allcats = false;
    }
    $sort = $options[1];
    $order = PublisherUtils::getOrderBy($sort);
    $limit = $options[2];
    $start = 0;
    // creating the ITEM objects that belong to the selected category
    if ($allcats) {
        $criteria = null;
    } else {
        $criteria = new CriteriaCompo();
        $criteria->add(new Criteria('categoryid', '(' . $options[0] . ')', 'IN'));
    }
    $itemsObj = $publisher->getItemHandler()->getItems($limit, $start, array(_PUBLISHER_STATUS_PUBLISHED), -1, $sort, $order, '', true, $criteria, true);
    $totalItems = count($itemsObj);
    if ($itemsObj) {
        for ($i = 0; $i < $totalItems; ++$i) {
            $newItems['itemid'] = $itemsObj[$i]->getVar('itemid');
            $newItems['title'] = $itemsObj[$i]->title();
            $newItems['categoryname'] = $itemsObj[$i]->getCategoryName();
            $newItems['categoryid'] = $itemsObj[$i]->getVar('categoryid');
            $newItems['date'] = $itemsObj[$i]->datesub();
            $newItems['poster'] = $itemsObj[$i]->linkedPosterName();
            $newItems['itemlink'] = $itemsObj[$i]->getItemLink(false, isset($options[3]) ? $options[3] : 65);
            $newItems['categorylink'] = $itemsObj[$i]->getCategoryLink();
            $block['items'][] = $newItems;
        }
        $block['lang_title'] = _MB_PUBLISHER_ITEMS;
        $block['lang_category'] = _MB_PUBLISHER_CATEGORY;
        $block['lang_poster'] = _MB_PUBLISHER_POSTEDBY;
        $block['lang_date'] = _MB_PUBLISHER_DATE;
        $modulename = $myts->displayTarea($publisher->getModule()->getVar('name'));
        $block['lang_visitItem'] = _MB_PUBLISHER_VISITITEM . " " . $modulename;
    }
    return $block;
}
Beispiel #27
0
 /**
  * @covers Xoops\Core\Text\Sanitizer\Extensions\Flash::registerExtensionProcessing
  */
 public function testRegisterExtensionProcessing()
 {
     $this->sanitizer->enableComponentForTesting('flash');
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('flash'));
     $this->assertTrue($this->sanitizer->getShortCodes()->hasShortcode('swf'));
     $expected = '<object type="application/x-shockwave-flash" data="http://spot.river-styx.com/media/hello.swf" width="300" height="200"></object>';
     $in = '[flash=300,200]http://spot.river-styx.com/media/hello.swf[/flash]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
     $in = '[flash url="http://spot.river-styx.com/media/hello.swf" width="300" height=200 /]';
     $actual = $this->sanitizer->filterForDisplay($in);
     $this->assertEquals($expected, $actual);
 }
Beispiel #28
0
/**
 * Blocks functions
 *
 * @copyright   XOOPS Project (http://xoops.org)
 * @license     GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 * @author      Kazumi Ono (AKA onokazu)
 * @package     system
 * @version     $Id$
 */
function b_system_info_show($options)
{
    $xoops = Xoops::getInstance();
    $xoops->db();
    $myts = \Xoops\Core\Text\Sanitizer::getInstance();
    $block = array();
    if (!empty($options[3])) {
        $block['showgroups'] = true;
        $qb = $xoops->db()->createXoopsQueryBuilder();
        $eb = $qb->expr();
        $sql = $qb->select('u.uid')->addSelect('u.uname')->addSelect('u.email')->addSelect('u.user_viewemail')->addSelect('u.user_avatar')->addSelect('g.name AS groupname')->fromPrefix('system_usergroup', 'l')->leftJoinPrefix('l', 'system_user', 'u', 'l.uid=u.uid')->leftJoinPrefix('l', 'system_group', 'g', 'l.groupid=g.groupid')->where($eb->eq('g.group_type', ':gtype'))->orderBy('l.groupid')->addOrderBy('u.uid')->setParameter(':gtype', 'Admin', \PDO::PARAM_STR);
        $result = $sql->execute();
        if ($result->errorCode() < 2000) {
            // return 00000 is ok, 01nnn is warning
            $prev_caption = "";
            $i = 0;
            while ($userinfo = $result->fetch(PDO::FETCH_ASSOC)) {
                $response = $xoops->service("Avatar")->getAvatarUrl($userinfo);
                $avatar = $response->getValue();
                $avatar = empty($avatar) ? \XoopsBaseConfig::get('uploads-url') . '/blank.gif' : $avatar;
                if ($prev_caption != $userinfo['groupname']) {
                    $prev_caption = $userinfo['groupname'];
                    $block['groups'][$i]['name'] = $myts->htmlSpecialChars($userinfo['groupname']);
                }
                if ($xoops->isUser()) {
                    $block['groups'][$i]['users'][] = array('id' => $userinfo['uid'], 'name' => $myts->htmlSpecialChars($userinfo['uname']), 'pm_link' => \XoopsBaseConfig::get('url') . "/pmlite.php?send2=1&amp;to_userid=" . $userinfo['uid'], 'avatar' => $avatar);
                } else {
                    if ($userinfo['user_viewemail']) {
                        $block['groups'][$i]['users'][] = array('id' => $userinfo['uid'], 'name' => $myts->htmlSpecialChars($userinfo['uname']), 'msg_link' => $userinfo['email'], 'avatar' => $avatar);
                    } else {
                        $block['groups'][$i]['users'][] = array('id' => $userinfo['uid'], 'name' => $myts->htmlSpecialChars($userinfo['uname']));
                    }
                }
                ++$i;
            }
        }
    } else {
        $block['showgroups'] = false;
    }
    $block['logourl'] = \XoopsBaseConfig::get('url') . '/images/' . $options[2];
    $block['recommendlink'] = "<a href=\"javascript:openWithSelfMain('" . \XoopsBaseConfig::get('url') . "/misc.php?action=showpopups&amp;type=friend&amp;op=sendform&amp;t=" . time() . "','friend'," . $options[0] . "," . $options[1] . ")\">" . SystemLocale::RECOMMEND_US . "</a>";
    return $block;
}
Beispiel #29
0
if (!isset($_POST['submit'])) {
    $xoops->theme()->addScript(null, array('type' => 'application/x-javascript'), $zxcvbn);
    //show change password form
    $form = new Xoops\Form\ThemeForm(_PROFILE_MA_CHANGEPASSWORD, 'form', $_SERVER['REQUEST_URI'], 'post', true);
    $form->addElement(new Xoops\Form\Password(_PROFILE_MA_OLDPASSWORD, 'oldpass'), true);
    $password = new Xoops\Form\Password(_PROFILE_MA_NEWPASSWORD, 'newpass', null, null, '', 'off', 'New Password');
    $password->setPattern('^.{8,}$', 'You need at least 8 characters');
    $form->addElement($password, true);
    $form->addElement(new Xoops\Form\Label(XoopsLocale::PASSWORD_STRENGTH, '', 'crack_time'));
    $form->addElement(new Xoops\Form\Password(XoopsLocale::VERIFY_PASSWORD, 'vpass'), true);
    $form->addElement(new Xoops\Form\Button('', 'submit', XoopsLocale::A_SUBMIT, 'submit'));
    $form->assign($xoops->tpl());
    $xoops->appendConfig('profile_breadcrumbs', array('caption' => _PROFILE_MA_CHANGEPASSWORD));
} else {
    $xoops->getConfigs();
    $myts = \Xoops\Core\Text\Sanitizer::getInstance();
    $oldpass = trim($_POST['oldpass']);
    $password = trim($_POST['newpass']);
    $vpass = trim($_POST['vpass']);
    $errors = array();
    if (!password_verify($oldpass, $xoops->user->getVar('pass', 'n'))) {
        $errors[] = _PROFILE_MA_WRONGPASSWORD;
    }
    if (mb_strlen($password) < $xoops->getConfig('minpass')) {
        $errors[] = sprintf(XoopsLocale::EF_PASSWORD_MUST_BE_GREATER_THAN, $xoops->getConfig('minpass'));
    }
    if ($password != $vpass) {
        $errors[] = XoopsLocale::E_PASSWORDS_MUST_MATCH;
    }
    if ($errors) {
        $msg = implode('<br />', $errors);
Beispiel #30
0
 /**
  * Updated by Catzwolf 11 Jan 2004
  * find the username for a given ID
  *
  * @param int $userid  ID of the user to find
  * @param int $usereal switch for usename or realname
  *
  * @return string name of the user. name for 'anonymous' if not found.
  */
 public static function getUnameFromId($userid, $usereal = 0)
 {
     $xoops = \Xoops::getInstance();
     $userid = (int) $userid;
     $usereal = (int) $usereal;
     if ($userid > 0) {
         $member_handler = $xoops->getHandlerMember();
         $user = $member_handler->getUser($userid);
         if (is_object($user)) {
             $ts = \Xoops\Core\Text\Sanitizer::getInstance();
             if ($usereal) {
                 $name = $user->getVar('name');
                 if ($name != '') {
                     return $ts->htmlSpecialChars($name);
                 } else {
                     return $ts->htmlSpecialChars($user->getVar('uname'));
                 }
             } else {
                 return $ts->htmlSpecialChars($user->getVar('uname'));
             }
         }
     }
     return $xoops->getConfig('anonymous');
 }