/**
* Clean markup
*
* @param string $markup
* @param string $config
* @return string
*/
public function clean($markup, $config = null)
{
if (empty($config) && !empty($this->settings['config'])) {
$config = $this->settings['config'];
}
return Purifier::clean($markup, $config);
}
public static function UpdatePage($id, $data)
{
$content = Purifier::clean($data['content']);
$description = Purifier::clean($data['content'], 'noHtml');
$update_content = DB::table('pages')->where('id', $id)->update(array('title' => $data['title'], 'slug' => $data['slug'], 'content' => $content, 'description' => $description));
return $update_content;
}
/**
* setUp method
*
* @return void
*/
public function setUp()
{
parent::setUp();
$this->View = $this->getMock('View', array('append'), array(new Controller()));
$this->Purifier = new HtmlPurifierHelper($this->View);
Purifier::config('default', array('HTML.AllowedElements' => 'a, em, blockquote, p, strong, pre, code, span,ul,ol,li,img', 'HTML.AllowedAttributes' => 'a.href, a.title, img.src, img.alt', 'HTML.AllowedAttributes' => "*.style", 'CSS.AllowedProperties' => 'text-decoration', 'HTML.TidyLevel' => 'heavy', 'HTML.Doctype' => 'XHTML 1.0 Transitional'));
}
public function beforeSave($options = array())
{
if (isset($this->data['UserPage']['body'])) {
$this->data['UserPage']['body'] = Purifier::clean($this->data['UserPage']['body'], 'UserPageInfo');
}
if (isset($this->data['UserPage']['calendar_iframe'])) {
$this->data['UserPage']['calendar_iframe'] = Purifier::clean($this->data['UserPage']['calendar_iframe'], 'UserPageCalendar');
}
if (!$this->id) {
$this->data['UserPage']['hash'] = Security::hash(uniqid());
} else {
if ($this->calendar_iframe != null) {
$this->__modifyCalendarIframe();
}
}
if (isset($this->data['UserPage']['phone_number'])) {
$tmp = implode('', $this->data['UserPage']['phone_number']);
if (!empty($tmp)) {
$this->data['UserPage']['phone_number'] = implode('-', $this->data['UserPage']['phone_number']);
} else {
$this->data['UserPage']['phone_number'] = '';
}
}
return true;
}
public function store($data, $type = null)
{
$this->user_id = Auth::id();
$this->question_id = $data['question'];
$this->slug = Tools::slug($data['title']);
$this->title = $data['title'];
$this->type = $data['post_type'];
$this->selected_option = $data['option'];
switch ($type) {
case 'text':
$this->content = Purifier::clean($data['content']);
$description = $data['content'];
break;
case 'link':
case 'video':
case 'vine':
$this->content = Purifier::clean($data['link'], 'noHtml');
$description = $data['description'];
break;
case 'audio':
case 'photo':
$file = Input::file('post_file');
$this->post_file_ext = $file->getClientOriginalExtension();
$this->post_file = $this->savePostFile($file, $type, Auth::id());
$description = $data['content'];
break;
}
$this->description = str_limit(Purifier::clean($description, 'noHtml'), 255, '');
$this->save();
return ['id' => $this->id, 'slug' => $this->slug];
}
public function send(ResponseSchedule $schedule)
{
//Check for any new email/phone/in-person type types for this contact and reschedule responses based on the Note
// return $schedule->most_recent_note_id;
$note = $schedule->contact->notes()->where(function ($q) {
$q->where('note_type', 'Email');
$q->orWhere('note_type', 'Phone');
$q->orWhere('note_type', 'In-Person');
})->whereRaw('note_date > IFNULL((SELECT note_date FROM notes WHERE id = ' . $schedule->most_recent_note_id . " ),'" . $schedule->created_at . "')")->orderBy('note_date', 'desc')->first();
//If a notes exists, call a reschedule of all items in this Response Template using the Note Date and log Note ID to the scheduled response.
// return $note;
if ($note) {
//If a New Note exists, Reschedule Responses and Exit
$schedules = $this->reschedule($schedule, $note);
return $schedules;
}
// Else Send the scheduled response using the response detail template
// Log a Note to Contact containing copy of the message
// return $schedule->load('detail');
$note = view('emails.templates.' . $schedule->detail->template_file_name, ['contact' => $schedule->contact]);
$note_entry = $schedule->contact->notes()->create(['note_date' => Carbon::now(), 'title' => 'Sent: ' . $schedule->detail->template . ": " . $schedule->detail->subject, 'note_type' => 'Scheduled Response', 'create_user_id' => \App\User::where('email', '*****@*****.**')->first()->id, 'note' => \Purifier::clean($note)]);
// Send the email
\Mail::send('emails.templates.' . $schedule->detail->template_file_name, ['contact' => $schedule->contact], function ($m) use($schedule) {
$m->to('*****@*****.**', 'Chris Rundlett')->cc('*****@*****.**', 'Tim Bradshaw')->from('*****@*****.**', 'LTD Sailing')->subject($schedule->detail->subject);
});
//Mark the Scheduled Response as SENT
$schedule->sent_date = Carbon::now();
$schedule->save();
return $schedule;
// return $note_entry->note;
}
/**
* Generate a preview
*
* @param array $input
* @param $user
* @return \Illuminate\View\View
*/
public function generatePost($input, $user)
{
// Generate preview post
$post = $this->postRepo->getEmptyPost();
$post->author = $user;
$post->markdown = $input['content'];
$post->html = \Purifier::clean(\Markdown::text($input['content']));
return $post;
}
/**
* Create post
*
* @param array $input
* @param $topic
* @param $user
* @param bool $add
* @return \Illuminate\Http\RedirectResponse|object
*/
public function create($input, $topic, $user, $add = true)
{
// Create post
$data = ['markdown' => $input['content'], 'html' => \Purifier::clean(\Markdown::text($input['content'])), 'topic_id' => $topic->id, 'user_id' => $user->id];
if (\Bouncer::hasPermission('devresponse') and \Input::get('devresponse') == 1) {
$data['developer_response'] = true;
}
$post = $this->postRepo->create($data);
return $post;
}
public function store(CreateMessageRequest $request)
{
$input = $request->all();
$input['body'] = \Purifier::clean($input['body']);
$input['body'] = \Html::entities($input['body']);
$message = new Message($input);
Auth::user()->messages()->save($message);
\Session::flash('flash_message', 'Your message has been posted!');
return redirect('messages');
}
/**
* Search page, using google's.
*/
public function search()
{
$query = Purifier::clean(Input::get('q'));
$limit = 20;
$latest_page = Input::get('page') ?: 1;
\Paginator::setCurrentPage($latest_page);
$topics = $this->topic->where('title', 'like', '%' . $query . '%')->with('user', 'node', 'lastReplyUser')->paginate($limit);
$nodes = Node::allLevelUp();
$links = Link::remember(1440)->get();
return View::make('topics.index', compact('topics', 'nodes', 'links'));
//return Redirect::away('https://www.baidu.com/search?q=site:phphub.org ' . $query, 301);
}
public function postCreate()
{
if (Auth::guest()) {
return Redirect::secure('user/login');
}
// do not use layout for this
$this->layout = null;
// add to db
Input::get('isPrivate') == 1 ? $isPrivate = 1 : ($isPrivate = 0);
Album::insert(array('user_id' => Input::get('userId'), 'categories_id' => Input::get('category'), 'name' => strip_tags(Purifier::clean(Input::get('name'))), 'isPrivate' => $isPrivate));
// redirect to albums
return Redirect::secure('user/albums');
}
public function update($id)
{
$post = Post::findOrFail($id);
$this->authorOrAdminPermissioinRequire($post->user_id);
$validator = Validator::make($data = Input::all(), Post::$rules);
if ($validator->fails()) {
return Redirect::back()->withErrors($validator)->withInput();
}
$data['body'] = Purifier::clean($data['body'], 'ugc_body');
$post->update($data);
$post->retag(Input::get('tags'));
Flash::success(lang('Operation succeeded.'));
return Redirect::route('posts.show', $post->id);
}
public function validarTema($foro_id)
{
$validador = $this->tema->valida();
if ($validador->passes()) {
$mensaje = \Input::get('mensaje');
$mensaje = \Purifier::clean($mensaje);
$mensaje = \Utilidades::fluzo_nl2br($mensaje);
if (\Input::get('boton') === 'Vista previa') {
return \Redirect::to(\Request::path() . '#vista-previa')->withInput()->with(array('mensaje' => $mensaje, 'vista_previa' => true, 'path' => \Session::get('path')));
} elseif (\Input::get('boton') === 'Enviar') {
// Guardamos el tema
$this->tema->saveTema($mensaje, $foro_id);
return \Redirect::to(\Session::get('path'))->with('confirmacion', 'Tu tema será publicado en cuanto lo revisemos, gracias.');
}
} else {
return \Redirect::to(\Request::path())->withErrors($validador)->withInput()->with(array('foro' => \Session::get('foro'), 'path' => \Session::get('path')));
}
}
public function validaComentario()
{
$validador = Comentario::valida();
if ($validador->passes()) {
$mensaje = Input::get('mensaje');
//$mensaje = str_replace(array("<pre>", "</pre>"), array("<pre><![CDATA[", "]]></pre>"), $mensaje);
$mensaje = Purifier::clean($mensaje);
$mensaje = Utilidades::fluzo_nl2br($mensaje);
if (Input::get('boton') === 'Vista previa') {
return Redirect::to(Request::path() . '#vista-previa')->withInput()->with(array('mensaje' => $mensaje, 'vista_previa' => true));
} elseif (Input::get('boton') === 'Enviar') {
$comentario = new Comentario();
$comentario->autor = Input::get('nombre');
$comentario->cuerpo = $mensaje;
$comentario->articulo_id = Input::get('articulo_id');
$comentario->save();
return Redirect::to(Request::path() . '#confirmacion')->with('confirmacion', 'Comentario enviado, se publicara cuando sea revisado, gracias.');
}
} else {
return Redirect::to(Request::path() . '#error')->withErrors($validador)->withInput();
}
}
public function postCreate()
{
if (Auth::guest()) {
return Redirect::secure('user/login');
}
// do not use layout for this
$this->layout = null;
// check image size (must be < 10MB)
if (Input::file('image')->getSize() > 10000000) {
return Redirect::secure('picture/upload');
}
// check image type (must be (jpg, png, gif or jpeg))
if (Input::file('image')->getClientOriginalExtension() == "jpg" || Input::file('image')->getClientOriginalExtension() == "jpeg" || Input::file('image')->getClientOriginalExtension() == "png" || Input::file('image')->getClientOriginalExtension() == "gif") {
// add record to db
Input::get('isPrivate') == 1 ? $isPrivate = 1 : ($isPrivate = 0);
$id = Picture::insertGetId(array('user_id' => Input::get('userId'), 'album_id' => Input::get('albumId'), 'filename' => Input::file('image')->getClientOriginalName(), 'size' => Input::file('image')->getSize(), 'title' => strip_tags(Purifier::clean(Input::get('title'))), 'isPrivate' => $isPrivate));
// move to albums folder
$destinationPath = public_path() . "/files/" . Input::get('userId') . "/" . Input::get('albumId');
Input::file('image')->move($destinationPath, Input::file('image')->getClientOriginalName());
// redirect to uploaded picture
return Redirect::secure('picture/' . $id);
}
return Redirect::secure('picture/upload');
}
/**
* Clean page's title and content and insert it into SearchableDataObjects
* @param Page $p
*/
public static function insertPage(Page $p)
{
$Content = Purifier::PurifyTXT($p->Content);
$Content = Purifier::RemoveEmbed($Content);
self::storeData($p->ID, $p->ClassName, $p->Title, $Content);
}
public function setContentAttribute($value)
{
$this->attributes['content'] = Purifier::clean($value, 'nofollow');
}
function validatePost($table)
{
// $str = SiteHelpers::columnTable($table);
$str = $this->info['config']['forms'];
$data = array();
foreach ($str as $f) {
$field = $f['field'];
if ($f['view'] == 1) {
if ($f['type'] == 'textarea_editor' || $f['type'] == 'textarea') {
$content = isset($_POST[$field]) ? $_POST[$field] : '';
$data[$field] = Purifier::clean($content);
} else {
SiteHelpers::globalXssClean();
if (!is_null(Input::get($field))) {
$data[$field] = Input::get($field);
}
// if post is file or image
if ($f['type'] == 'file') {
if (!is_null(Input::file($field))) {
$file = Input::file($field);
$destinationPath = './' . str_replace('.', '', $f['option']['path_to_upload']);
$filename = $file->getClientOriginalName();
$extension = $file->getClientOriginalExtension();
//if you need extension of the file
$uploadSuccess = Input::file($field)->move($destinationPath, $filename);
if ($f['option']['resize_width'] != '0' && $f['option']['resize_width'] != '') {
if ($f['option']['resize_height'] == 0) {
$f['option']['resize_height'] = $f['option']['resize_width'];
}
$orgFile = $destinationPath . '/' . $filename;
SiteHelpers::cropImage($f['option']['resize_width'], $f['option']['resize_height'], $orgFile, $extension, $orgFile);
}
if ($uploadSuccess) {
$data[$field] = $filename;
}
}
}
// if post is checkbox
if ($f['type'] == 'checkbox') {
if (!is_null(Input::get($field))) {
$data[$field] = implode(",", Input::get($field));
}
}
// if post is date
if ($f['type'] == 'date') {
$data[$field] = date("Y-m-d", strtotime(Input::get($field)));
}
// if post is seelct multiple
if ($f['type'] == 'select') {
if (isset($f['option']['is_multiple']) && $f['option']['is_multiple'] == 1) {
$data[$field] = implode(",", Input::get($field));
}
}
}
}
}
$global = isset($this->access['is_global']) ? $this->access['is_global'] : 0;
if ($global == 0) {
$data['entry_by'] = Session::get('uid');
}
return $data;
}
<?php
/**
* Created by PhpStorm.
* User: jdiaz
* Date: 7/30/15
* Time: 9:16 AM
*/
require_once 'classes/Purifier.php';
$purifier = new Purifier();
$inputPass = '******';
$saltedPass = $purifier->encryptPassword($inputPass);
echo "<strong>Input pass:</strong> {$inputPass} <br />";
echo "<strong>Salted pass:</strong> {$saltedPass} \n";
/**
* Gets a HtmlPurifier instance based on a configuration name.
*
* @param string $config
* @return \HtmlPurifier
*/
public function getHtmlPurifier($config = 'default')
{
return Purifier::config($config);
}
function purifierHtml(&$content)
{
$oPurifier = Purifier::getInstance();
$oPurifier->purify($content);
}
function strip_xss($value)
{
return Purifier::clean($value, 'ugc_body');
}
/**
* Cleans markup
*
* @param Model $Model
* @param string $markup
* @param string $config
*/
public function purifyHtml(Model $Model, $markup, $config)
{
return Purifier::clean($markup, $config);
}
public function step_2()
{
if (Auth::user()->authenticated != 2) {
return Redirect::action('TaskController@step_1');
}
if (isset($_POST['hire'])) {
$hired_user = User::where('id', $_POST['hire'])->first();
} else {
if (Session::has('hire')) {
$hired_user = User::where('id', Session::get('hire'))->first();
} else {
$hired_user = NULL;
}
}
// dd(Input::all());
$task = Session::get('task');
// $userInput = [];
if (Request::method() == "POST") {
$userInput = ['title' => Purifier::clean(Input::get('title'), 'titles'), 'detail' => Input::get('detail'), 'hire' => Input::get('hire'), 'file_name' => Input::get('file_name'), 'amount' => '', 'expiration' => '', 'category_id' => '', 'type' => 1];
// echo '<pre>';
// dd(var_dump($task));
// echo '</pre>';
} else {
// dd('dd');
// $userInput = [
// 'title' => e(Session::get('title')),
// 'detail' => Session::get('detail'),
// 'hire' => Session::get('hire'),
// 'file_name' => Session::get('file_name'),
// 'category_id' => Session::get('category_id')
// ];
$userInput = ['title' => e($task['title']), 'detail' => $task['detail'], 'amount' => $task['amount'], 'hire' => $task['hire'], 'file_name' => $task['file_name'], 'expiration' => $task['expiration'], 'category_id' => $task['category_id'], 'type' => $task['type']];
}
// $userInput = [
// 'title' => e($task['title']),
// 'detail' => $task['detail'],
// 'hire' => $task['hire'],
// 'file_name' => $task['file_name'],
// 'expiration' => $task['expiration'],
// 'category_id' => $task['category_id'],
// ];
// dd(var_dump($userInput));
$rules = ['title' => 'required', 'detail' => 'required'];
$validator = Validator::make($userInput, $rules);
if ($validator->passes()) {
// Session::set('title' , $userInput['title']);
// Session::set('detail', $userInput['detail']);
// Session::set('type', $userInput['type']);
// Session::set('hire', $userInput['hire']);
// Session::set('file_name', $userInput['file_name']);
// Session::set('category_id', $userInput['category_id']);
// $task = array(
// 'title' => $userInput['title'],
// 'detail' => $userInput['detail'],
// // 'type' => $userInput['type'],
// 'hire' => $userInput['hire'],
// 'file_name' => $userInput['file_name'],
// 'expiration' => $userInput['expiration'],
// 'category_id' => $userInput['category_id'],
// );
$task['title'] = $userInput['title'];
$task['detail'] = $userInput['detail'];
$task['amount'] = $userInput['amount'];
$task['hire'] = $userInput['hire'];
$task['file_name'] = $userInput['file_name'];
$task['expiration'] = $userInput['expiration'];
$task['category_id'] = $userInput['category_id'];
$task['type'] = $userInput['type'];
// dd('dd');
Session::set('task', $task);
// echo '<pre>';
// dd(var_dump($task));
// echo '</pre>';
$categories = Category::all();
return View::make('task.publish.step_2')->with('categories', $categories)->with('hired_user', $hired_user)->with('task', $task);
} else {
return Redirect::to('/task/create')->withErrors($validator);
}
}
public function setMessageAttribute($message)
{
$this->attributes['message'] = Purifier::clean($message);
}
/**
* Cleans Markup using a given config
*
* @param string $markup
* @param string $configName
*/
public static function clean($markup, $configName = null)
{
$_this = Purifier::getInstance();
if (!isset($_this->_configs[$configName])) {
throw new \InvalidArgumentException(sprintf('Invalid configuration %s!', $configName));
}
return $_this->getPurifierInstance($configName)->purify($markup);
}
function purifierHtml(&$content)
{
require_once _XE_PATH_ . 'classes/security/Purifier.class.php';
$oPurifier = Purifier::getInstance();
$oPurifier->purify($content);
}
/**
* Search page, using google's.
*/
public function search()
{
$query = Purifier::clean(Input::get('q'));
return Redirect::away('https://www.google.com/search?q=site:phphub++.com ' . $query, 301);
}
public function postRegister()
{
// register form post request
$rules = array('firstName' => 'required|min:2|max:30', 'lastName' => 'required|min:2|max:30', 'username' => 'required|min:4|max:16', 'email' => 'required|email', 'sex' => 'required', 'password' => 'required|min:6');
$validation = Validator::make(Input::all(), $rules);
if ($validation->passes()) {
// add to db
$data = array('first_name' => strip_tags(Purifier::clean(Input::get('firstName'))), 'last_name' => strip_tags(Purifier::clean(Input::get('lastName'))), 'username' => strip_tags(Purifier::clean(Input::get('username'))), 'password' => Hash::make(Input::get('password')), 'email' => strip_tags(Input::get('email')), 'sex' => strip_tags(Purifier::clean(Input::get('sex'))));
if (User::insert($data)) {
$user = User::where('email', '=', strip_tags(Purifier::clean(Input::get('email'))))->first();
Auth::login($user, true);
return Redirect::secure('/');
}
}
return Redirect::secure('/user/register');
}
/**
* Configures default file logging options
*/
App::uses('CakeLog', 'Log');
CakeLog::config('debug', array('engine' => 'FileLog', 'types' => array('notice', 'info', 'debug'), 'file' => 'debug'));
CakeLog::config('error', array('engine' => 'FileLog', 'types' => array('warning', 'error', 'critical', 'alert', 'emergency'), 'file' => 'error'));
CakePlugin::load('HtmlPurifier', array('bootstrap' => true));
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.AllowedElements', 'a, br, em, blockquote, p, strong, pre, code, span, ul, ol, li, img, sup, sub, h1, h2, h3, h4, h5, h6, u, i, div');
$config->set('HTML.AllowedAttributes', 'a.target, a.href, a.title, img.src, img.alt, span.style, div.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('CSS.Trusted', true);
$config->set('HTML.TidyLevel', 'heavy');
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
Purifier::config('UserPageInfo', $config);
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('HTML.AllowedElements', 'iframe');
$config->set('HTML.AllowedAttributes', 'iframe.src, iframe.style, iframe.width, iframe.height, iframe.frameborder, iframe.scrolling');
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//www.google.com%');
$config->set('CSS.AllowedProperties', 'text-decoration');
$config->set('HTML.TidyLevel', 'heavy');
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
Purifier::config('UserPageCalendar', $config);
// Load Composer autoload.
require APP . 'Vendor/autoload.php';
// Remove and re-prepend CakePHP's autoloader as Composer thinks it is the
// most important.
// See: http://goo.gl/kKVJO7
spl_autoload_unregister(array('App', 'load'));
spl_autoload_register(array('App', 'load'), true, true);
