public function filterPost($name)
{
$e = array();
if (!empty($_POST)) {
// captcha verification
if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) {
if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) {
$e['result_captcha'] = 'error';
}
}
// test token validation
// if (!$this->isToken($name,$e)) {
// $e[$name.'_token'] = 'error';
// }else{
// unset($_POST[$name.'_token']);
// }
// $_POST checking
foreach ($_POST as $k => $v) {
$rest = substr($k, -8);
$restHtml = substr($k, -5);
if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') {
$_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING);
}
}
$HTMLPurifierService = new HTMLPurifierService();
// onclic submit form
if (isset($_POST[$name . '_submit'])) {
unset($_POST[$name . '_submit']);
foreach ($_POST as $k => $v) {
$rest = substr($k, -8);
$restHtml = substr($k, -5);
$k = str_replace($name . '_', '', $k);
if ($restHtml !== '_nofi') {
if ($rest === '_tinymce' || $restHtml === '_html') {
//if (!empty($this->i) && empty($e)) {
//$_POST[$k] = stripcslashes($_POST[$k]);
$v = str_replace('</textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('%3c/textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('%3c/body', '', $v);
$v = str_replace('</body', '', $v);
$this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES);
//}
} else {
$this->i[$k] = Convertag::get($v);
}
} else {
$this->i[$k] = Convertag::get($v);
}
}
}
// reset captcha
if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($e['result_captcha'])) {
unset($_POST['captcha_num1']);
unset($_POST['captcha_num2']);
unset($_POST['captcha_result']);
}
}
return $e;
}
public function getParams()
{
$HTMLPurifierService = new HTMLPurifierService();
$GET = $POST = array();
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
$GET[$k] = filter_input(INPUT_GET, $k, FILTER_SANITIZE_STRING);
}
}
$this->Params['GET'] = $GET;
if (!empty($_POST)) {
foreach ($_POST as $k => $v) {
$rest = substr($k, -8);
$restHtml = substr($k, -5);
if ($rest !== '_tinymce' && $restHtml !== '_html') {
$POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING);
//$POST[$k] = $HTMLPurifierService->purify($v);
} else {
$v = str_replace('</textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('%3c/textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('%3c/body', '', $v);
$v = str_replace('</body', '', $v);
$POST[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES);
}
}
}
$this->Params['POST'] = $POST;
// Load Uri Module
if (array_key_exists('uri', $this->Params['GET'])) {
$uri = $this->Params['GET']['uri'];
$isContent = $this->dbQS($uri, '_modules', 'uri');
if (!empty($isContent)) {
$this->Table = '_m_' . $this->getRealUri($uri);
$this->Uri = $uri;
}
}
parse_str(file_get_contents("php://input"), $outPut);
if (!empty($outPut)) {
foreach ($outPut as $k => $v) {
$rest = substr($k, -8);
$restHtml = substr($k, -5);
if ($rest !== '_tinymce' && $restHtml !== '_html') {
$outPut[$k] = filter_var($v, FILTER_SANITIZE_STRING);
//$POST[$k] = $HTMLPurifierService->purify($v);
} else {
$v = str_replace('</textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('%3c/textarea', '', $v);
$v = str_replace('</textarea', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('<body', '', $v);
$v = str_replace('%3c/body', '', $v);
$v = str_replace('</body', '', $v);
$outPut[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES);
}
}
}
$this->Params['PUT'] = $outPut;
}
public function view($nameForm)
{
$name = $nameForm;
$isView = null;
if (!empty($_POST)) {
// captcha verification
if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) {
if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) {
$this->e['result_captcha'] = 'ok';
}
}
// test token validation
if (!$this->isToken()) {
$this->e[$this->name . '_token'] = 'ok';
} else {
unset($_POST[$this->name . '_token']);
}
// $_POST checking
foreach ($_POST as $k => $v) {
$rest = substr($k, -8);
$restHtml = substr($k, -5);
if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') {
if (!is_array($v)) {
$_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING);
}
}
}
$HTMLPurifierService = new HTMLPurifierService();
// onclic submit form
if (isset($_POST[$nameForm . '_submit'])) {
unset($_POST[$nameForm . '_submit']);
foreach ($_POST as $k => $v) {
$_k = $k;
$rest = substr($k, -8);
$restHtml = substr($k, -5);
$k = str_replace($nameForm . '_', '', $k);
if ($restHtml !== '_nofi') {
if ($rest === '_tinymce' || $restHtml === '_html') {
if (!empty($this->i) && empty($this->e)) {
$_POST[$_k] = stripcslashes($_POST[$_k]);
$replace = array('</textarea', '</textarea', '%3c/textarea', '</textarea', '<body', '<body', '%3c/body', '</body');
$replaceNext = array('scr=""');
$v = str_replace($replace, '', $_POST[$_k]);
$v = str_replace('scr=""', 'scr=', $_POST[$_k]);
$v = str_replace('scr=""', 'scr=', $_POST[$_k]);
$this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES);
}
} else {
$this->i[$k] = Convertag::get($v);
}
} else {
$_POST[$_k] = stripcslashes($_POST[$_k]);
}
}
}
// reset captcha
if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($this->e['result_captcha'])) {
unset($_POST['captcha_num1']);
unset($_POST['captcha_num2']);
unset($_POST['captcha_result']);
}
}
}
