Ejemplo n.º 1
0
 static function extract($item)
 {
     $keys = array();
     // Only try to extract EXIF from photos
     if ($item->is_photo() && $item->mime_type == "image/jpeg") {
         $data = array();
         require_once MODPATH . "exif/lib/exif.php";
         $exif_raw = read_exif_data_raw($item->file_path(), false);
         if (isset($exif_raw['ValidEXIFData'])) {
             foreach (self::_keys() as $field => $exifvar) {
                 if (isset($exif_raw[$exifvar[0]][$exifvar[1]])) {
                     $value = $exif_raw[$exifvar[0]][$exifvar[1]];
                     if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") {
                         $value = utf8_encode($value);
                     }
                     $keys[$field] = utf8::clean($value);
                     if ($field == "DateTime") {
                         $time = strtotime($value);
                         if ($time > 0) {
                             $item->captured = $time;
                         }
                     } else {
                         if ($field == "Caption" && !$item->description) {
                             $item->description = $value;
                         }
                     }
                 }
             }
         }
         $size = getimagesize($item->file_path(), $info);
         if (is_array($info) && !empty($info["APP13"])) {
             $iptc = iptcparse($info["APP13"]);
             foreach (array("Keywords" => "2#025", "Caption" => "2#120") as $keyword => $iptc_key) {
                 if (!empty($iptc[$iptc_key])) {
                     $value = implode(" ", $iptc[$iptc_key]);
                     if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") {
                         $value = utf8_encode($value);
                     }
                     $keys[$keyword] = utf8::clean($value);
                     if ($keyword == "Caption" && !$item->description) {
                         $item->description = $value;
                     }
                 }
             }
         }
     }
     $item->save();
     $record = ORM::factory("exif_record")->where("item_id", $item->id)->find();
     if (!$record->loaded) {
         $record->item_id = $item->id;
     }
     $record->data = serialize($keys);
     $record->key_count = count($keys);
     $record->dirty = 0;
     $record->save();
 }
Ejemplo n.º 2
0
error_reporting($ER);
// SERVER_UTF8 ? use mb_* functions : use non-native functions
if (extension_loaded('mbstring')) {
    mb_internal_encoding('UTF-8');
    define('SERVER_UTF8', TRUE);
} else {
    define('SERVER_UTF8', FALSE);
}
// Convert all global variables to UTF-8.
$_GET = utf8::clean($_GET);
$_POST = utf8::clean($_POST);
$_COOKIE = utf8::clean($_COOKIE);
$_SERVER = utf8::clean($_SERVER);
if (PHP_SAPI == 'cli') {
    // Convert command line arguments
    $_SERVER['argv'] = utf8::clean($_SERVER['argv']);
}
final class utf8
{
    // Called methods
    static $called = array();
    /**
     * Recursively cleans arrays, objects, and strings. Removes ASCII control
     * codes and converts to UTF-8 while silently discarding incompatible
     * UTF-8 characters.
     *
     * @param   string  string to clean
     * @return  string
     */
    public static function clean($str)
    {
Ejemplo n.º 3
0
 public static function guess_site_domain()
 {
     if (PHP_SAPI === 'cli') {
         // Command line requires a bit of hacking
         if (isset($_SERVER['argv'][1])) {
             $current_uri = $_SERVER['argv'][1];
             // Remove GET string from segments
             if (($query = strpos($current_uri, '?')) !== FALSE) {
                 list($current_uri, $query) = explode('?', $current_uri, 2);
                 // Parse the query string into $_GET
                 parse_str($query, $_GET);
                 // Convert $_GET to UTF-8
                 $_GET = utf8::clean($_GET);
             }
         }
     } elseif (isset($_GET['kohana_uri'])) {
         // Use the URI defined in the query string
         $current_uri = $_GET['kohana_uri'];
         // Remove the URI from $_GET
         unset($_GET['kohana_uri']);
         // Remove the URI from $_SERVER['QUERY_STRING']
         $_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
     } elseif (isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI']) {
         $current_uri = $_SERVER['REQUEST_URI'];
     } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
         $current_uri = $_SERVER['ORIG_PATH_INFO'];
     } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
         $current_uri = $_SERVER['PHP_SELF'];
     } else {
         kohana::log('debug', 'Quessing that the site domain is `/`');
         return '/';
     }
     $current_uri = self::determineBaseURI($current_uri);
     if ($current_uri !== '') {
         // remove the index page if it is in there
         $indexPage = Kohana::config('core.index_page');
         if (!empty($indexPage)) {
             $current_uri = str_replace($indexPage, '', $current_uri);
         } else {
             $current_uri = str_replace('index.php', '', $current_uri);
         }
         // Reduce multiple slashes into single slashes
         $current_uri = preg_replace('#//+#', '/', $current_uri);
         $current_uri = '/' . trim($current_uri, '/') . '/';
         kohana::log('debug', 'Quessing that the site domain is `' . $current_uri . '`');
         return $current_uri;
     }
     kohana::log('debug', 'Quessing that the site domain is `/`');
     return '/';
 }
Ejemplo n.º 4
0
 /**
  * Initializes the environment:
  *
  * - Disables register_globals and magic_quotes_gpc
  * - Determines the current environment
  * - Set global settings
  * - Sanitizes GET, POST, and COOKIE variables
  * - Converts GET, POST, and COOKIE variables to the global character set
  *
  * Any of the global settings can be set here:
  *
  * > boolean "display_errors" : display errors and exceptions
  * > boolean "log_errors"     : log errors and exceptions
  * > boolean "cache_paths"    : cache the location of files between requests
  * > string  "charset"        : character set used for all input and output
  *
  * @param   array   global settings
  * @return  void
  */
 public static function init(array $settings = NULL)
 {
     static $_init;
     // This function can only be run once
     if ($_init === TRUE) {
         return;
     }
     if (isset($settings['profile'])) {
         // Enable profiling
         self::$profile = (bool) $settings['profile'];
     }
     if (self::$profile === TRUE) {
         // Start a new benchmark
         $benchmark = Profiler::start(__CLASS__, __FUNCTION__);
     }
     // The system will now be initialized
     $_init = TRUE;
     // Start an output buffer
     ob_start();
     if (version_compare(PHP_VERSION, '6.0', '<=')) {
         // Disable magic quotes at runtime
         set_magic_quotes_runtime(0);
     }
     if (ini_get('register_globals')) {
         if (isset($_REQUEST['GLOBALS'])) {
             // Prevent malicious GLOBALS overload attack
             echo "Global variable overload attack detected! Request aborted.\n";
             // Exit with an error status
             exit(1);
         }
         // Get the variable names of all globals
         $global_variables = array_keys($GLOBALS);
         // Remove the standard global variables from the list
         $global_variables = array_diff($global_vars, array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'));
         foreach ($global_variables as $name) {
             // Retrieve the global variable and make it null
             global ${$name};
             ${$name} = NULL;
             // Unset the global variable, effectively disabling register_globals
             unset($GLOBALS[$name], ${$name});
         }
     }
     // Determine if we are running in a command line environment
     self::$is_cli = PHP_SAPI === 'cli';
     // Determine if we are running in a Windows environment
     self::$is_windows = DIRECTORY_SEPARATOR === '\\';
     if (isset($settings['display_errors'])) {
         // Enable or disable the display of errors
         self::$display_errors = (bool) $settings['display_errors'];
     }
     if (isset($settings['cache_paths'])) {
         // Enable or disable the caching of paths
         self::$cache_paths = (bool) $settings['cache_paths'];
     }
     if (isset($settings['charset'])) {
         // Set the system character set
         self::$charset = strtolower($settings['charset']);
     }
     if (isset($settings['base_url'])) {
         // Set the base URL
         self::$base_url = rtrim($settings['base_url'], '/') . '/';
     }
     // Determine if the extremely evil magic quotes are enabled
     self::$magic_quotes = (bool) get_magic_quotes_gpc();
     // Sanitize all request variables
     $_GET = self::sanitize($_GET);
     $_POST = self::sanitize($_POST);
     $_COOKIE = self::sanitize($_COOKIE);
     // Load the logger
     self::$log = Kohana_Log::instance();
     // Determine if this server supports UTF-8 natively
     utf8::$server_utf8 = extension_loaded('mbstring');
     // Normalize all request variables to the current charset
     $_GET = utf8::clean($_GET, self::$charset);
     $_POST = utf8::clean($_POST, self::$charset);
     $_COOKIE = utf8::clean($_COOKIE, self::$charset);
     if (isset($benchmark)) {
         // Stop benchmarking
         Profiler::stop($benchmark);
     }
 }
Ejemplo n.º 5
0
 /**
  * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
  *
  * @return  void
  */
 public static function find_uri()
 {
     if (PHP_SAPI === 'cli') {
         // Command line requires a bit of hacking
         if (isset($_SERVER['argv'][1])) {
             Router::$current_uri = $_SERVER['argv'][1];
             // Remove GET string from segments
             if (($query = strpos(Router::$current_uri, '?')) !== FALSE) {
                 list(Router::$current_uri, $query) = explode('?', Router::$current_uri, 2);
                 // Parse the query string into $_GET
                 parse_str($query, $_GET);
                 // Convert $_GET to UTF-8
                 $_GET = utf8::clean($_GET);
             }
         }
     } elseif (isset($_GET['kohana_uri'])) {
         // Use the URI defined in the query string
         Router::$current_uri = $_GET['kohana_uri'];
         // Remove the URI from $_GET
         unset($_GET['kohana_uri']);
         // Remove the URI from $_SERVER['QUERY_STRING']
         $_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
     } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
         Router::$current_uri = $_SERVER['PATH_INFO'];
     } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
         Router::$current_uri = $_SERVER['ORIG_PATH_INFO'];
     } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
         Router::$current_uri = $_SERVER['PHP_SELF'];
     }
     // The front controller directory and filename
     $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
     if (($strpos_fc = strpos(Router::$current_uri, $fc)) !== FALSE) {
         // Remove the front controller from the current uri
         Router::$current_uri = substr(Router::$current_uri, $strpos_fc + strlen($fc));
     }
     // Remove slashes from the start and end of the URI
     Router::$current_uri = trim(Router::$current_uri, '/');
     if (Router::$current_uri !== '') {
         if ($suffix = Kohana::config('core.url_suffix') and strpos(Router::$current_uri, $suffix) !== FALSE) {
             // Remove the URL suffix
             Router::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', Router::$current_uri);
             // Set the URL suffix
             Router::$url_suffix = $suffix;
         }
         // Reduce multiple slashes into single slashes
         Router::$current_uri = preg_replace('#//+#', '/', Router::$current_uri);
     }
 }
Ejemplo n.º 6
0
 /**
  * Initializes the environment:
  *
  * - Loads hooks
  * - Converts all input variables to the configured character set
  *
  * @return  void
  */
 public static function init()
 {
     if (self::$init === TRUE) {
         return;
     }
     // Test if the current environment is command-line
     self::$is_cli = PHP_SAPI === 'cli';
     // Test if the current evironment is Windows
     self::$is_windows = DIRECTORY_SEPARATOR === '\\';
     // Determine if the server supports UTF-8 natively
     utf8::$server_utf8 = extension_loaded('mbstring');
     // Load the file path cache
     self::$file_path = Kohana::cache('kohana_file_paths');
     // Load the configuration loader
     self::$config = new Kohana_Config_Loader();
     // Import the main configuration locally
     $config = self::$config->kohana;
     // Set the default locale
     self::$default_locale = $config->default_locale;
     self::$save_cache = $config->save_cache;
     self::$charset = $config->charset;
     // Localize the environment
     self::locale($config->locale);
     // Set the enviroment time
     self::timezone($config->timezone);
     // Enable modules
     self::modules($config->modules);
     if ($hooks = self::list_files('hooks', TRUE)) {
         foreach ($hooks as $hook) {
             // Load each hook in the order they appear
             require $hook;
         }
     }
     // Convert global variables to current charset.
     $_GET = utf8::clean($_GET, self::$charset);
     $_POST = utf8::clean($_POST, self::$charset);
     $_SERVER = utf8::clean($_SERVER, self::$charset);
     // The system has been initialized
     self::$init = TRUE;
 }
Ejemplo n.º 7
0
 /**
  * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
  *
  * @return  void
  */
 public static function find_uri()
 {
     if (PHP_SAPI === 'cli') {
         // Command line requires a bit of hacking
         if (isset($_SERVER['argv'][1])) {
             self::$current_uri = $_SERVER['argv'][1];
             // Remove GET string from segments
             if (($query = strpos(self::$current_uri, '?')) !== FALSE) {
                 list(self::$current_uri, $query) = explode('?', self::$current_uri, 2);
                 // Parse the query string into $_GET
                 parse_str($query, $_GET);
                 // Convert $_GET to UTF-8
                 $_GET = utf8::clean($_GET);
             }
         }
     } elseif (current($_GET) === '' and substr($_SERVER['QUERY_STRING'], -1) !== '=') {
         // The URI is the array key, eg: ?this/is/the/uri
         self::$current_uri = key($_GET);
         // Remove the URI from $_GET
         unset($_GET[self::$current_uri]);
         // Remove the URI from $_SERVER['QUERY_STRING']
         $_SERVER['QUERY_STRING'] = ltrim(substr($_SERVER['QUERY_STRING'], strlen(self::$current_uri)), '/&');
         // Fixes really strange handling of a suffix in a GET string
         if ($suffix = Kohana::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) {
             self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix));
         }
     } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
         self::$current_uri = $_SERVER['PATH_INFO'];
     } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
         self::$current_uri = $_SERVER['ORIG_PATH_INFO'];
     } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
         self::$current_uri = $_SERVER['PHP_SELF'];
     }
     // The front controller directory and filename
     $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
     if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) {
         // Remove the front controller from the current uri
         self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc));
     }
     // Remove slashes from the start and end of the URI
     self::$current_uri = trim(self::$current_uri, '/');
     if (self::$current_uri !== '') {
         if ($suffix = Kohana::config('core.url_suffix') and strpos(self::$current_uri, $suffix) !== FALSE) {
             // Remove the URL suffix
             self::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', self::$current_uri);
             // Set the URL suffix
             self::$url_suffix = $suffix;
         }
         // Reduce multiple slashes into single slashes
         self::$current_uri = preg_replace('#//+#', '/', self::$current_uri);
     }
 }
Ejemplo n.º 8
0
 /**
  * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
  *
  * @return  void
  */
 public static function find_uri()
 {
     if (PHP_SAPI === 'cli') {
         // Command line requires a bit of hacking
         if (isset($_SERVER['argv'][1])) {
             self::$current_uri = $_SERVER['argv'][1];
             // Remove GET string from segments
             if (($query = strpos(self::$current_uri, '?')) !== FALSE) {
                 list(self::$current_uri, $query) = explode('?', self::$current_uri, 2);
                 // Parse the query string into $_GET
                 parse_str($query, $_GET);
                 // Convert $_GET to UTF-8
                 $_GET = utf8::clean($_GET);
             }
         }
     } elseif (isset($_GET['Eight_uri'])) {
         // Use the URI defined in the query string
         self::$current_uri = $_GET['Eight_uri'];
         // Remove the URI from $_GET
         unset($_GET['Eight_uri']);
         // Remove the URI from $_SERVER['QUERY_STRING']
         $_SERVER['QUERY_STRING'] = preg_replace('~\\bEight_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
         // Fixes really strange handling of a suffix in a GET string
         if ($suffix = Eight::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) {
             self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix));
         }
     } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
         self::$current_uri = $_SERVER['PATH_INFO'];
     } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
         self::$current_uri = $_SERVER['ORIG_PATH_INFO'];
     } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
         self::$current_uri = $_SERVER['PHP_SELF'];
     }
     // The front controller directory and filename
     $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
     if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) {
         // Remove the front controller from the current URI
         self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc));
     }
     // Remove all dot-paths from the URI, they are not valid
     self::$current_uri = preg_replace('#\\.[\\s./]*/#', '', self::$current_uri);
     // Reduce multiple slashes into single slashes, remove trailing slashes
     self::$current_uri = trim(preg_replace('#//+#', '/', self::$current_uri), '/');
     // Make sure the URL is not tainted with HTML characters
     self::$current_uri = html::specialchars(self::$current_uri, FALSE);
     if (!empty($_SERVER['QUERY_STRING'])) {
         // Set the query string to the current query string
         self::$query_string = '?' . trim($_SERVER['QUERY_STRING'], '&');
     }
 }
Ejemplo n.º 9
0
 private static function filteringInput()
 {
     $step_report = array();
     // todo: check if we can do in other way the same thing
     // save login password from modification
     $ldap_used = Get::sett('ldap_used');
     if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
         $password_login = $_POST['passIns'];
     }
     // Convert to Utf-8.
     self::log("Convert to Utf-8.");
     $_GET = utf8::clean($_GET);
     $_POST = utf8::clean($_POST);
     $_COOKIE = utf8::clean($_COOKIE);
     $_SERVER = utf8::clean($_SERVER);
     if (isset($_FILES)) {
         $_FILES = utf8::clean($_FILES);
     }
     // Convert ' and " (quote or unquote)
     self::log("Sanitize the input.");
     if (Docebo::user()->getUserLevelId() == ADMIN_GROUP_GODADMIN) {
         $filter_input = new FilterInput();
         $filter_input->tool = 'none';
         $filter_input->sanitize();
     } else {
         $filter_input = new FilterInput();
         $filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier');
         // Whitelist some tags if we're a teacher in a course:
         if (isset($_SESSION['idCourse']) && $_SESSION['levelCourse'] >= 6) {
             $filter_input->appendToWhitelist(array('tag' => array('object', 'param'), 'attrib' => array('object.data', 'object.type', 'object.width', 'object.height', 'param.name', 'param.value')));
         }
         $filter_input->sanitize();
     }
     if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
         $_POST['passIns'] = utf8::clean(stripslashes($password_login));
     }
     if (!defined("IS_API") && !defined("IS_PAYPAL") && (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' || defined("IS_AJAX"))) {
         // If this is a post or a ajax request then we must have a signature attached
         Util::checkSignature();
     }
 }
Ejemplo n.º 10
0
Archivo: user.php Proyecto: anqqa/Anqh
 /**
  * Load one user.
  *
  * @param   mixed  $user  user_id, username, email, User_Model or false for current session
  * @return  User_Model
  */
 public function find_user($id = false)
 {
     static $session = false;
     $user = null;
     $cache = false;
     // Try user models first (User_Model, session)
     if ($id instanceof User_Model) {
         // User_Model
         $user = $id;
     } else {
         if ($id === false) {
             // Current session, fetch only once
             if ($session === false) {
                 $session = Visitor::instance()->get_user();
             }
             $user = $session;
         }
     }
     // Then try others (user_id, email, username_clean)
     if (!$user && $id !== true && !empty($id)) {
         if (is_numeric($id) || empty($id)) {
             $id = (int) $id;
         } else {
             if (valid::email($id)) {
                 $id = mb_strtolower($id);
             } else {
                 $id = utf8::clean($id);
             }
         }
         if (isset(self::$users[$id])) {
             // Found from static cache
             return self::$users[$id];
         } else {
             if ($user = $this->cache->get($this->cache->key('user', $id))) {
                 // Found from cache
                 $user = unserialize($user);
             } else {
                 // Not found from caches, try db
                 if (is_int($id)) {
                     $user = $this->find($id);
                 } else {
                     $user = $this->where(valid::email($id) ? 'email' : 'username_clean', '=', $id)->find();
                 }
                 $cache = true;
             }
         }
     }
     // If user found, add to cache(s)
     if ($user && $user->loaded()) {
         self::$users[$user->id] = self::$users[utf8::clean($user->username)] = self::$users[mb_strtolower($user->email)] = $user;
         if ($cache) {
             $this->cache->set($this->cache->key('user', $user->id), serialize($user), null, self::$cache_max_age);
         }
     }
     return $user;
 }
Ejemplo n.º 11
0
Archivo: sign.php Proyecto: anqqa/Anqh
 /**
  * Register with code
  *
  * @param  Invitation_Model  $invitation
  */
 public function _join(Invitation_Model $invitation)
 {
     $this->history = false;
     $user = new User_Model();
     $form_values = $user->as_array();
     $form_errors = array();
     // handle post
     if (request::method() == 'post') {
         $post = $this->input->post();
         $post['email'] = $invitation->email;
         $post['username_clean'] = utf8::clean($post['username']);
         if ($user->validate($post, false, null, null, array('rules' => 'register', 'callbacks' => 'register'))) {
             $invitation->delete();
             $user->add(ORM::factory('role', 'login'));
             $user->save();
             $this->visitor->login($user, $post->password);
             url::back();
         } else {
             $form_errors = $post->errors();
             $form_values = arr::overwrite($form_values, $post->as_array());
         }
     }
     widget::add('main', View::factory('member/signup', array('values' => $form_values, 'errors' => $form_errors, 'invitation' => $invitation)));
 }