Ejemplo n.º 1
0
 /**
  * Generate Table HTML code
  *
  * @return string
  */
 function genTable()
 {
     // add default className to attributes
     $this->aTableAttrs['class'] = 'form_advanced_table' . (isset($this->aTableAttrs['class']) ? ' ' . $this->aTableAttrs['class'] : '');
     // add CSRF token if it's needed.
     if ($GLOBALS['MySQL']->getParam('sys_security_form_token_enable') == 'on' && !defined('BX_DOL_CRON_EXECUTE') && (!isset($this->aParams['csrf']['disable']) || isset($this->aParams['csrf']['disable']) && $this->aParams['csrf']['disable'] !== true) && ($mixedCsrfToken = BxDolForm::getCsrfToken()) !== false) {
         $this->aInputs['csrf_token'] = array('type' => 'hidden', 'name' => 'csrf_token', 'value' => $mixedCsrfToken, 'db' => array('pass' => 'Xss'));
     }
     // generate table contents
     $sTableContent = '';
     foreach ($this->aInputs as $aInput) {
         $sTableContent .= $this->genRow($aInput);
     }
     $this->addCssJs($this->_isDateControl, $this->_isDateTimeControl);
     return $this->_sCodeAdd . $GLOBALS['oSysTemplate']->parseHtmlByName('form_content.html', array('wrapper_id' => $this->id, 'table_attrs' => $this->convertArray2Attrs($this->aTableAttrs), 'content' => $sTableContent));
 }
Ejemplo n.º 2
0
    /**
     * Generate Table HTML code
     *
     * @return string
     */
    function genTable()
    {
        // add default className to attributes
        $this->aTableAttrs['class'] = 'form_advanced_table' . (isset($this->aTableAttrs['class']) ? ' ' . $this->aTableAttrs['class'] : '');
        // default cellpadding
        if (!isset($this->aTableAttrs['cellpadding'])) {
            $this->aTableAttrs['cellpadding'] = 0;
        }
        // default cellspacing
        if (!isset($this->aTableAttrs['cellspacing'])) {
            $this->aTableAttrs['cellspacing'] = 0;
        }
        $sTableAttrs = $this->convertArray2Attrs($this->aTableAttrs);
        // add CSRF token if it's needed.
        if ($GLOBALS['MySQL']->getParam('sys_security_form_token_enable') == 'on' && (!isset($this->aParams['csrf']['disable']) || isset($this->aParams['csrf']['disable']) && $this->aParams['csrf']['disable'] !== true) && ($mixedCsrfToken = BxDolForm::getCsrfToken()) !== false) {
            $this->aInputs['csrf_token'] = array('type' => 'hidden', 'name' => 'csrf_token', 'value' => $mixedCsrfToken, 'db' => array('pass' => 'Xss'));
        }
        // generate table contents
        $sTableCont = '';
        foreach ($this->aInputs as $aInput) {
            $sTableCont .= $this->genRow($aInput);
        }
        $sOpenTbody = $this->getOpenTbody();
        $sCloseTbody = $this->getCloseTbody();
        // generate table
        $sTable = <<<BLAH
            <table {$sTableAttrs}>
                {$sOpenTbody}
                    {$sTableCont}
                {$sCloseTbody}
            </table>
BLAH;
        $this->addCssJs($this->_isDateControl, $this->_isDateTimeControl);
        return $sTable;
    }
Ejemplo n.º 3
0
 function check(&$aInputs)
 {
     $oChecker = $this->_oChecker;
     $iErrors = 0;
     // check CSRF token if it's needed.
     if ($GLOBALS['MySQL']->getParam('sys_security_form_token_enable') == 'on' && !defined('BX_DOL_CRON_EXECUTE') && $this->_bFormCsrfChecking === true && ($mixedCsrfTokenSys = BxDolForm::getCsrfToken()) !== false) {
         $mixedCsrfTokenUsr = BxDolForm::getSubmittedValue('csrf_token', $this->_sFormMethod);
         unset($aInputs['csrf_token']);
         if ($mixedCsrfTokenUsr === false || $mixedCsrfTokenSys != $mixedCsrfTokenUsr) {
             return false;
         }
     }
     foreach ($aInputs as $k => $a) {
         $a['name'] = str_replace('[]', '', $a['name']);
         $val = BxDolForm::getSubmittedValue($a['name'], $this->_sFormMethod);
         if ($val === false) {
             $val = isset($_FILES[$a['name']]) ? $_FILES[$a['name']] : '';
         }
         if (!isset($a['checker'])) {
             if ($a['type'] != 'checkbox' && $a['type'] != 'submit') {
                 $aInputs[$k]['value'] = $_FILES[$a['name']] ? '' : (get_magic_quotes_gpc() ? stripslashes_adv($val) : $val);
             }
             continue;
         }
         $sCheckFunction = array($oChecker, 'check' . ucfirst($a['checker']['func']));
         if (is_callable($sCheckFunction)) {
             $bool = call_user_func_array($sCheckFunction, $a['checker']['params'] ? array_merge(array($val), $a['checker']['params']) : array($val));
         } else {
             $bool = true;
         }
         if (is_string($bool)) {
             ++$iErrors;
             $aInputs[$k]['error'] = $bool;
         } elseif (!$bool) {
             ++$iErrors;
             $aInputs[$k]['error'] = $a['checker']['error'];
         }
         $aInputs[$k]['value'] = $_FILES[$a['name']] ? '' : (get_magic_quotes_gpc() ? stripslashes_adv($val) : $val);
     }
     // check for spam
     if (!$iErrors && ('on' == getParam('sys_uridnsbl_enable') || 'on' == getParam('sys_akismet_enable'))) {
         foreach ($aInputs as $k => $a) {
             if ($a['type'] != 'textarea') {
                 continue;
             }
             $a['name'] = str_replace('[]', '', $a['name']);
             $val = BxDolForm::getSubmittedValue($a['name'], $this->_sFormMethod);
             if (!$val) {
                 continue;
             }
             if ($oChecker->checkNoSpam($val)) {
                 continue;
             }
             ++$iErrors;
             $aInputs[$k]['error'] = sprintf(_t("_sys_spam_detected"), BX_DOL_URL_ROOT . 'contact.php');
         }
     }
     return $iErrors ? false : true;
 }
Ejemplo n.º 4
0
 /**
  * Generate Table HTML code
  *
  * @return string
  */
 function genRows()
 {
     // add CSRF token if it's needed.
     if (!(isset($this->aParams['view_mode']) && $this->aParams['view_mode']) && getParam('sys_security_form_token_enable') == 'on' && (!isset($this->aParams['csrf']['disable']) || isset($this->aParams['csrf']['disable']) && $this->aParams['csrf']['disable'] !== true) && ($mixedCsrfToken = BxDolForm::getCsrfToken()) !== false) {
         $this->aInputs['csrf_token'] = array('type' => 'hidden', 'name' => 'csrf_token', 'value' => $mixedCsrfToken, 'db' => array('pass' => 'Xss'), 'visible_for_levels' => PHP_INT_MAX);
     }
     // check if we need to generate open section clause
     $sOpenSection = '';
     foreach ($this->aInputs as $aInput) {
         if (isset($aInput['type']) && 'hidden' == $aInput['type']) {
             continue;
         }
         if (isset($aInput['type']) && 'block_header' != $aInput['type']) {
             $sOpenSection = $this->{$this->_sSectionOpen}();
         }
         break;
     }
     // generate rows contents
     $sCont = '';
     $sFuncGenRow = isset($this->aParams['view_mode']) && $this->aParams['view_mode'] ? 'genViewRow' : 'genRow';
     foreach ($this->aInputs as $aInput) {
         if (!isset($aInput['visible_for_levels']) || $this->_isVisible($aInput)) {
             $sCont .= $this->{$sFuncGenRow}($aInput);
         }
     }
     $sCloseSection = $this->{$this->_sSectionClose}();
     return $sOpenSection . $sCont . $sCloseSection;
 }
Ejemplo n.º 5
0
 function check(&$aInputs)
 {
     $oChecker = $this->_oChecker;
     $iErrors = 0;
     // check CSRF token if it's needed.
     if (getParam('sys_security_form_token_enable') == 'on' && $this->_bFormCsrfChecking === true && ($mixedCsrfTokenSys = BxDolForm::getCsrfToken()) !== false) {
         $mixedCsrfTokenUsr = BxDolForm::getSubmittedValue('csrf_token', $this->_sFormMethod, $this->_aSpecificValues);
         unset($aInputs['csrf_token']);
         if ($mixedCsrfTokenUsr === false || $mixedCsrfTokenSys != $mixedCsrfTokenUsr) {
             return false;
         }
     }
     $sSubmitName = false;
     foreach ($aInputs as $k => $a) {
         if (empty($a['name']) || 'submit' == $a['type'] || 'reset' == $a['type'] || 'button' == $a['type'] || 'value' == $a['type']) {
             if (isset($a['type']) && 'submit' == $a['type']) {
                 $sSubmitName = $k;
             }
             continue;
         }
         if ('input_set' == $a['type']) {
             foreach ($a as $r) {
                 if (isset($r['type']) && 'submit' == $r['type']) {
                     $sSubmitName = $k;
                 }
             }
         }
         $a['name'] = str_replace('[]', '', $a['name']);
         $val = BxDolForm::getSubmittedValue($a['name'], $this->_sFormMethod, $this->_aSpecificValues);
         if (isset(BxDolForm::$TYPES_FILE[$a['type']])) {
             $val = isset($_FILES[$a['name']]['name']) ? $_FILES[$a['name']]['name'] : '';
         }
         if (!isset($a['checker'])) {
             if (isset(BxDolForm::$TYPES_CHECKBOX[$a['type']])) {
                 $aInputs[$k]['checked'] = isset($aInputs[$k]['value']) && $aInputs[$k]['value'] == $val;
             } elseif (!isset(BxDolForm::$TYPES_FILE[$a['type']])) {
                 $aInputs[$k]['value'] = bx_process_input($val);
             }
             continue;
         }
         $sCheckFunction = array($oChecker, 'check' . bx_gen_method_name($a['checker']['func']));
         if (is_callable($sCheckFunction)) {
             $bool = call_user_func_array($sCheckFunction, !empty($a['checker']['params']) ? array_merge(array($val), $a['checker']['params']) : array($val));
         } else {
             $bool = true;
         }
         if (is_string($bool)) {
             ++$iErrors;
             $aInputs[$k]['error'] = $bool;
         } elseif (!$bool) {
             ++$iErrors;
             $aInputs[$k]['error'] = $a['checker']['error'];
         }
         if (isset(BxDolForm::$TYPES_CHECKBOX[$a['type']])) {
             $aInputs[$k]['checked'] = $aInputs[$k]['value'] == $val;
         } elseif (!isset(BxDolForm::$TYPES_FILE[$a['type']])) {
             $aInputs[$k]['value'] = bx_process_input($val);
         }
     }
     // check for spam
     if (!$iErrors) {
         foreach ($aInputs as $k => $a) {
             if ($a['type'] != 'textarea') {
                 continue;
             }
             $a['name'] = str_replace('[]', '', $a['name']);
             $val = BxDolForm::getSubmittedValue($a['name'], $this->_sFormMethod, $this->_aSpecificValues);
             if (!$val) {
                 continue;
             }
             if (!$oChecker->checkIsSpam($val)) {
                 continue;
             }
             ++$iErrors;
             $sErr = _t('_sys_spam_detected');
             if (BxDolRequest::serviceExists('bx_contact', 'get_contact_page_url') && ($sUrl = BxDolService::call('bx_contact', 'get_contact_page_url'))) {
                 $sErr = _t('_sys_spam_detected_contact', $sUrl);
             }
             $aInputs[$k]['error'] = $sErr;
         }
     }
     // add error message near submit button
     if ($iErrors && $sSubmitName) {
         $aInputs[$sSubmitName]['error'] = _t('_sys_txt_form_submission_error');
     }
     return $iErrors ? false : true;
 }