static function extract($item)
{
$keys = array();
// Only try to extract EXIF from photos
if ($item->is_photo() && $item->mime_type == "image/jpeg") {
$data = array();
require_once MODPATH . "exif/lib/exif.php";
$exif_raw = read_exif_data_raw($item->file_path(), false);
if (isset($exif_raw['ValidEXIFData'])) {
foreach (self::_keys() as $field => $exifvar) {
if (isset($exif_raw[$exifvar[0]][$exifvar[1]])) {
$value = $exif_raw[$exifvar[0]][$exifvar[1]];
if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") {
$value = utf8_encode($value);
}
$keys[$field] = utf8::clean($value);
if ($field == "DateTime") {
$time = strtotime($value);
if ($time > 0) {
$item->captured = $time;
}
} else {
if ($field == "Caption" && !$item->description) {
$item->description = $value;
}
}
}
}
}
$size = getimagesize($item->file_path(), $info);
if (is_array($info) && !empty($info["APP13"])) {
$iptc = iptcparse($info["APP13"]);
foreach (array("Keywords" => "2#025", "Caption" => "2#120") as $keyword => $iptc_key) {
if (!empty($iptc[$iptc_key])) {
$value = implode(" ", $iptc[$iptc_key]);
if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") {
$value = utf8_encode($value);
}
$keys[$keyword] = utf8::clean($value);
if ($keyword == "Caption" && !$item->description) {
$item->description = $value;
}
}
}
}
}
$item->save();
$record = ORM::factory("exif_record")->where("item_id", $item->id)->find();
if (!$record->loaded) {
$record->item_id = $item->id;
}
$record->data = serialize($keys);
$record->key_count = count($keys);
$record->dirty = 0;
$record->save();
}
error_reporting($ER);
// SERVER_UTF8 ? use mb_* functions : use non-native functions
if (extension_loaded('mbstring')) {
mb_internal_encoding('UTF-8');
define('SERVER_UTF8', TRUE);
} else {
define('SERVER_UTF8', FALSE);
}
// Convert all global variables to UTF-8.
$_GET = utf8::clean($_GET);
$_POST = utf8::clean($_POST);
$_COOKIE = utf8::clean($_COOKIE);
$_SERVER = utf8::clean($_SERVER);
if (PHP_SAPI == 'cli') {
// Convert command line arguments
$_SERVER['argv'] = utf8::clean($_SERVER['argv']);
}
final class utf8
{
// Called methods
static $called = array();
/**
* Recursively cleans arrays, objects, and strings. Removes ASCII control
* codes and converts to UTF-8 while silently discarding incompatible
* UTF-8 characters.
*
* @param string string to clean
* @return string
*/
public static function clean($str)
{
public static function guess_site_domain()
{
if (PHP_SAPI === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (($query = strpos($current_uri, '?')) !== FALSE) {
list($current_uri, $query) = explode('?', $current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = utf8::clean($_GET);
}
}
} elseif (isset($_GET['kohana_uri'])) {
// Use the URI defined in the query string
$current_uri = $_GET['kohana_uri'];
// Remove the URI from $_GET
unset($_GET['kohana_uri']);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
} elseif (isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI']) {
$current_uri = $_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
$current_uri = $_SERVER['PHP_SELF'];
} else {
kohana::log('debug', 'Quessing that the site domain is `/`');
return '/';
}
$current_uri = self::determineBaseURI($current_uri);
if ($current_uri !== '') {
// remove the index page if it is in there
$indexPage = Kohana::config('core.index_page');
if (!empty($indexPage)) {
$current_uri = str_replace($indexPage, '', $current_uri);
} else {
$current_uri = str_replace('index.php', '', $current_uri);
}
// Reduce multiple slashes into single slashes
$current_uri = preg_replace('#//+#', '/', $current_uri);
$current_uri = '/' . trim($current_uri, '/') . '/';
kohana::log('debug', 'Quessing that the site domain is `' . $current_uri . '`');
return $current_uri;
}
kohana::log('debug', 'Quessing that the site domain is `/`');
return '/';
}
/**
* Initializes the environment:
*
* - Disables register_globals and magic_quotes_gpc
* - Determines the current environment
* - Set global settings
* - Sanitizes GET, POST, and COOKIE variables
* - Converts GET, POST, and COOKIE variables to the global character set
*
* Any of the global settings can be set here:
*
* > boolean "display_errors" : display errors and exceptions
* > boolean "log_errors" : log errors and exceptions
* > boolean "cache_paths" : cache the location of files between requests
* > string "charset" : character set used for all input and output
*
* @param array global settings
* @return void
*/
public static function init(array $settings = NULL)
{
static $_init;
// This function can only be run once
if ($_init === TRUE) {
return;
}
if (isset($settings['profile'])) {
// Enable profiling
self::$profile = (bool) $settings['profile'];
}
if (self::$profile === TRUE) {
// Start a new benchmark
$benchmark = Profiler::start(__CLASS__, __FUNCTION__);
}
// The system will now be initialized
$_init = TRUE;
// Start an output buffer
ob_start();
if (version_compare(PHP_VERSION, '6.0', '<=')) {
// Disable magic quotes at runtime
set_magic_quotes_runtime(0);
}
if (ini_get('register_globals')) {
if (isset($_REQUEST['GLOBALS'])) {
// Prevent malicious GLOBALS overload attack
echo "Global variable overload attack detected! Request aborted.\n";
// Exit with an error status
exit(1);
}
// Get the variable names of all globals
$global_variables = array_keys($GLOBALS);
// Remove the standard global variables from the list
$global_variables = array_diff($global_vars, array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'));
foreach ($global_variables as $name) {
// Retrieve the global variable and make it null
global ${$name};
${$name} = NULL;
// Unset the global variable, effectively disabling register_globals
unset($GLOBALS[$name], ${$name});
}
}
// Determine if we are running in a command line environment
self::$is_cli = PHP_SAPI === 'cli';
// Determine if we are running in a Windows environment
self::$is_windows = DIRECTORY_SEPARATOR === '\\';
if (isset($settings['display_errors'])) {
// Enable or disable the display of errors
self::$display_errors = (bool) $settings['display_errors'];
}
if (isset($settings['cache_paths'])) {
// Enable or disable the caching of paths
self::$cache_paths = (bool) $settings['cache_paths'];
}
if (isset($settings['charset'])) {
// Set the system character set
self::$charset = strtolower($settings['charset']);
}
if (isset($settings['base_url'])) {
// Set the base URL
self::$base_url = rtrim($settings['base_url'], '/') . '/';
}
// Determine if the extremely evil magic quotes are enabled
self::$magic_quotes = (bool) get_magic_quotes_gpc();
// Sanitize all request variables
$_GET = self::sanitize($_GET);
$_POST = self::sanitize($_POST);
$_COOKIE = self::sanitize($_COOKIE);
// Load the logger
self::$log = Kohana_Log::instance();
// Determine if this server supports UTF-8 natively
utf8::$server_utf8 = extension_loaded('mbstring');
// Normalize all request variables to the current charset
$_GET = utf8::clean($_GET, self::$charset);
$_POST = utf8::clean($_POST, self::$charset);
$_COOKIE = utf8::clean($_COOKIE, self::$charset);
if (isset($benchmark)) {
// Stop benchmarking
Profiler::stop($benchmark);
}
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
*
* @return void
*/
public static function find_uri()
{
if (PHP_SAPI === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
Router::$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (($query = strpos(Router::$current_uri, '?')) !== FALSE) {
list(Router::$current_uri, $query) = explode('?', Router::$current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = utf8::clean($_GET);
}
}
} elseif (isset($_GET['kohana_uri'])) {
// Use the URI defined in the query string
Router::$current_uri = $_GET['kohana_uri'];
// Remove the URI from $_GET
unset($_GET['kohana_uri']);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
} elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
Router::$current_uri = $_SERVER['PATH_INFO'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
Router::$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
Router::$current_uri = $_SERVER['PHP_SELF'];
}
// The front controller directory and filename
$fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
if (($strpos_fc = strpos(Router::$current_uri, $fc)) !== FALSE) {
// Remove the front controller from the current uri
Router::$current_uri = substr(Router::$current_uri, $strpos_fc + strlen($fc));
}
// Remove slashes from the start and end of the URI
Router::$current_uri = trim(Router::$current_uri, '/');
if (Router::$current_uri !== '') {
if ($suffix = Kohana::config('core.url_suffix') and strpos(Router::$current_uri, $suffix) !== FALSE) {
// Remove the URL suffix
Router::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', Router::$current_uri);
// Set the URL suffix
Router::$url_suffix = $suffix;
}
// Reduce multiple slashes into single slashes
Router::$current_uri = preg_replace('#//+#', '/', Router::$current_uri);
}
}
/**
* Initializes the environment:
*
* - Loads hooks
* - Converts all input variables to the configured character set
*
* @return void
*/
public static function init()
{
if (self::$init === TRUE) {
return;
}
// Test if the current environment is command-line
self::$is_cli = PHP_SAPI === 'cli';
// Test if the current evironment is Windows
self::$is_windows = DIRECTORY_SEPARATOR === '\\';
// Determine if the server supports UTF-8 natively
utf8::$server_utf8 = extension_loaded('mbstring');
// Load the file path cache
self::$file_path = Kohana::cache('kohana_file_paths');
// Load the configuration loader
self::$config = new Kohana_Config_Loader();
// Import the main configuration locally
$config = self::$config->kohana;
// Set the default locale
self::$default_locale = $config->default_locale;
self::$save_cache = $config->save_cache;
self::$charset = $config->charset;
// Localize the environment
self::locale($config->locale);
// Set the enviroment time
self::timezone($config->timezone);
// Enable modules
self::modules($config->modules);
if ($hooks = self::list_files('hooks', TRUE)) {
foreach ($hooks as $hook) {
// Load each hook in the order they appear
require $hook;
}
}
// Convert global variables to current charset.
$_GET = utf8::clean($_GET, self::$charset);
$_POST = utf8::clean($_POST, self::$charset);
$_SERVER = utf8::clean($_SERVER, self::$charset);
// The system has been initialized
self::$init = TRUE;
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
*
* @return void
*/
public static function find_uri()
{
if (PHP_SAPI === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
self::$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (($query = strpos(self::$current_uri, '?')) !== FALSE) {
list(self::$current_uri, $query) = explode('?', self::$current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = utf8::clean($_GET);
}
}
} elseif (current($_GET) === '' and substr($_SERVER['QUERY_STRING'], -1) !== '=') {
// The URI is the array key, eg: ?this/is/the/uri
self::$current_uri = key($_GET);
// Remove the URI from $_GET
unset($_GET[self::$current_uri]);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = ltrim(substr($_SERVER['QUERY_STRING'], strlen(self::$current_uri)), '/&');
// Fixes really strange handling of a suffix in a GET string
if ($suffix = Kohana::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) {
self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix));
}
} elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
self::$current_uri = $_SERVER['PATH_INFO'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
self::$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
self::$current_uri = $_SERVER['PHP_SELF'];
}
// The front controller directory and filename
$fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) {
// Remove the front controller from the current uri
self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc));
}
// Remove slashes from the start and end of the URI
self::$current_uri = trim(self::$current_uri, '/');
if (self::$current_uri !== '') {
if ($suffix = Kohana::config('core.url_suffix') and strpos(self::$current_uri, $suffix) !== FALSE) {
// Remove the URL suffix
self::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', self::$current_uri);
// Set the URL suffix
self::$url_suffix = $suffix;
}
// Reduce multiple slashes into single slashes
self::$current_uri = preg_replace('#//+#', '/', self::$current_uri);
}
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
*
* @return void
*/
public static function find_uri()
{
if (PHP_SAPI === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
self::$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (($query = strpos(self::$current_uri, '?')) !== FALSE) {
list(self::$current_uri, $query) = explode('?', self::$current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = utf8::clean($_GET);
}
}
} elseif (isset($_GET['Eight_uri'])) {
// Use the URI defined in the query string
self::$current_uri = $_GET['Eight_uri'];
// Remove the URI from $_GET
unset($_GET['Eight_uri']);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = preg_replace('~\\bEight_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
// Fixes really strange handling of a suffix in a GET string
if ($suffix = Eight::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) {
self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix));
}
} elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
self::$current_uri = $_SERVER['PATH_INFO'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
self::$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
self::$current_uri = $_SERVER['PHP_SELF'];
}
// The front controller directory and filename
$fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) {
// Remove the front controller from the current URI
self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc));
}
// Remove all dot-paths from the URI, they are not valid
self::$current_uri = preg_replace('#\\.[\\s./]*/#', '', self::$current_uri);
// Reduce multiple slashes into single slashes, remove trailing slashes
self::$current_uri = trim(preg_replace('#//+#', '/', self::$current_uri), '/');
// Make sure the URL is not tainted with HTML characters
self::$current_uri = html::specialchars(self::$current_uri, FALSE);
if (!empty($_SERVER['QUERY_STRING'])) {
// Set the query string to the current query string
self::$query_string = '?' . trim($_SERVER['QUERY_STRING'], '&');
}
}
private static function filteringInput()
{
$step_report = array();
// todo: check if we can do in other way the same thing
// save login password from modification
$ldap_used = Get::sett('ldap_used');
if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
$password_login = $_POST['passIns'];
}
// Convert to Utf-8.
self::log("Convert to Utf-8.");
$_GET = utf8::clean($_GET);
$_POST = utf8::clean($_POST);
$_COOKIE = utf8::clean($_COOKIE);
$_SERVER = utf8::clean($_SERVER);
if (isset($_FILES)) {
$_FILES = utf8::clean($_FILES);
}
// Convert ' and " (quote or unquote)
self::log("Sanitize the input.");
if (Docebo::user()->getUserLevelId() == ADMIN_GROUP_GODADMIN) {
$filter_input = new FilterInput();
$filter_input->tool = 'none';
$filter_input->sanitize();
} else {
$filter_input = new FilterInput();
$filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier');
// Whitelist some tags if we're a teacher in a course:
if (isset($_SESSION['idCourse']) && $_SESSION['levelCourse'] >= 6) {
$filter_input->appendToWhitelist(array('tag' => array('object', 'param'), 'attrib' => array('object.data', 'object.type', 'object.width', 'object.height', 'param.name', 'param.value')));
}
$filter_input->sanitize();
}
if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
$_POST['passIns'] = utf8::clean(stripslashes($password_login));
}
if (!defined("IS_API") && !defined("IS_PAYPAL") && (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' || defined("IS_AJAX"))) {
// If this is a post or a ajax request then we must have a signature attached
Util::checkSignature();
}
}
/**
* Load one user.
*
* @param mixed $user user_id, username, email, User_Model or false for current session
* @return User_Model
*/
public function find_user($id = false)
{
static $session = false;
$user = null;
$cache = false;
// Try user models first (User_Model, session)
if ($id instanceof User_Model) {
// User_Model
$user = $id;
} else {
if ($id === false) {
// Current session, fetch only once
if ($session === false) {
$session = Visitor::instance()->get_user();
}
$user = $session;
}
}
// Then try others (user_id, email, username_clean)
if (!$user && $id !== true && !empty($id)) {
if (is_numeric($id) || empty($id)) {
$id = (int) $id;
} else {
if (valid::email($id)) {
$id = mb_strtolower($id);
} else {
$id = utf8::clean($id);
}
}
if (isset(self::$users[$id])) {
// Found from static cache
return self::$users[$id];
} else {
if ($user = $this->cache->get($this->cache->key('user', $id))) {
// Found from cache
$user = unserialize($user);
} else {
// Not found from caches, try db
if (is_int($id)) {
$user = $this->find($id);
} else {
$user = $this->where(valid::email($id) ? 'email' : 'username_clean', '=', $id)->find();
}
$cache = true;
}
}
}
// If user found, add to cache(s)
if ($user && $user->loaded()) {
self::$users[$user->id] = self::$users[utf8::clean($user->username)] = self::$users[mb_strtolower($user->email)] = $user;
if ($cache) {
$this->cache->set($this->cache->key('user', $user->id), serialize($user), null, self::$cache_max_age);
}
}
return $user;
}
/**
* Register with code
*
* @param Invitation_Model $invitation
*/
public function _join(Invitation_Model $invitation)
{
$this->history = false;
$user = new User_Model();
$form_values = $user->as_array();
$form_errors = array();
// handle post
if (request::method() == 'post') {
$post = $this->input->post();
$post['email'] = $invitation->email;
$post['username_clean'] = utf8::clean($post['username']);
if ($user->validate($post, false, null, null, array('rules' => 'register', 'callbacks' => 'register'))) {
$invitation->delete();
$user->add(ORM::factory('role', 'login'));
$user->save();
$this->visitor->login($user, $post->password);
url::back();
} else {
$form_errors = $post->errors();
$form_values = arr::overwrite($form_values, $post->as_array());
}
}
widget::add('main', View::factory('member/signup', array('values' => $form_values, 'errors' => $form_errors, 'invitation' => $invitation)));
}
