function can_upload($session) { if ($session['authenticator']) { $auth = $session['authenticator']; $reason_session =& get_reason_session(); $username = $reason_session->get("username"); if (isset($_REQUEST['user_id']) && !empty($_REQUEST['user_id'])) { $username = $reason_session->get('username'); $param_cleanup_rules = array('user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true'))); $cleanRequest = array_merge($_REQUEST, carl_clean_vars($_REQUEST, $param_cleanup_rules)); $nametag = $cleanRequest['user_id']; $id = get_user_id($username); if (reason_user_has_privs($id, 'pose_as_other_user')) { $user = new Entity($nametag); $username = $user->get_value("name"); } } if ($auth['file']) { require_once $auth['file']; } $args = array_merge(array($username), $auth['arguments']); if (!call_user_func_array($auth['callback'], $args)) { return false; } } return true; }
function AbstractFormController() { $request =& $this->get_request(); $cleanup_rules =& $this->get_cleanup_rules(); if (empty($request) && !empty($cleanup_rules)) { $unclean_request = conditional_stripslashes($_REQUEST); $request = carl_clean_vars($unclean_request, $cleanup_rules); $this->set_request($request); } }
/** * Inits the DiscoDB form using class variables $db_conn, $table, and $id */ function init($externally_set_up = false) { if (isset($this->_inited) == false) { $cleanup_rules = $this->get_cleanup_rules(); $request = conditional_stripslashes($_REQUEST); $this->request = carl_clean_vars($request, $cleanup_rules); $this->pre_init_and_run_form(); if ($this->init_and_run_form) { parent::init(); } else { $this->init_no_form(); } } }
/** * Grab request variables - merge custom page types and modules into the instance arrays. */ function init() { $this->request = carl_clean_vars(carl_get_request(), $this->cleanup_rules); if (!empty($this->custom_recommended_page_type_mapping)) { $this->recommended_page_type_mapping = array_merge($this->recommended_page_type_mapping, $this->custom_recommended_page_type_mapping); } if (!empty($this->custom_news_modules)) { $this->news_modules = array_merge($this->news_modules, $this->custom_news_modules); } if (!empty($this->custom_publication_modules)) { $this->publication_modules = array_merge($this->publication_modules, $this->custom_publication_modules); } if (!empty($this->custom_page_type_comments)) { $this->page_type_comments = array_merge($this->page_type_comments, $this->custom_page_type_comments); } }
function clean_vars(&$vars, $rules) { $call_info = array_shift(debug_backtrace()); $code_line = $call_info['line']; $file = array_pop(explode('/', $call_info['file'])); trigger_error('deprecated function clean_vars called by ' . $file . ' on line ' . $code_line . ' - use carl_clean_vars instead', WARNING); return carl_clean_vars($vars, $rules); }
<?php /** * @package reason * @subpackage scripts * * @todo this script should probably move into lib/core/scripts, leaving just a stub here */ include_once 'reason_header.php'; reason_include_once('classes/quote_helper.php'); $site_id = !empty($_REQUEST['site_id']) ? $_REQUEST['site_id'] : ''; $page_id = !empty($_REQUEST['page_id']) ? $_REQUEST['page_id'] : '5'; $cleanup_rules = array('site_id' => array('function' => 'turn_into_int'), 'page_id' => array('function' => 'turn_into_int'), 'page_category_mode' => array('function' => 'turn_into_int'), 'prefer_short_quotes' => array('function' => 'turn_into_int'), 'cache_lifespan' => array('function' => 'turn_into_int'), 'viewed_quote_ids' => array('function' => 'populate_viewed_quote_ids')); $request = carl_clean_vars($_REQUEST, $cleanup_rules); $qh = new QuoteHelper(); if (isset($request['site_id'])) { $qh->set_site_id($request['site_id']); } if (isset($request['page_id'])) { $qh->set_page_id($request['page_id']); } if (isset($request['cache_lifespan'])) { $qh->set_cache_lifespan($request['cache_lifespan']); } if (isset($request['page_category_mode'])) { $qh->set_page_category_mode($request['page_category_mode']); } if (isset($request['viewed_quote_ids'])) { $qh->set_unavailable_quote_ids($request['viewed_quote_ids']); } // this should be able to support quotes when not in random mode as well probably
function clean_vars( &$vars, $rules ) // {{{ // Returns an array which takes the values of the keys in Vars of // the keys set in Settings, and runs the cleaning function // specified in the value of settings { return carl_clean_vars( $vars, $rules ); } // }}}
/** * Determine state and init the appropriate find replace wizard screen */ function init() { $this->request = carl_clean_vars($_REQUEST, $this->cleanup_rules); if (isset($this->request['clear_exclude'])) { $this->clear_excluded(); $redirect = carl_make_redirect(array('clear_exclude' => '')); header("Location:" . $redirect); exit; } }
function load_params() { $param_cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'cur_module' => array('function' => 'check_against_regexp', 'extra_args' => array('safechars')), 'viewer_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'entity_a' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'entity_b' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'new_entity' => array('function' => 'check_against_array', 'extra_args' => array(0, 1)), 'debugging' => array('function' => 'check_against_array', 'extra_args' => array('true', 'false')), 'state' => array('function' => 'check_against_array', 'extra_args' => array('deleted', 'pending', 'live'))); $params_to_localize = array('site_id', 'user_id', 'type_id', 'id', 'rel_id', 'cur_module', 'viewer_id', 'entity_a', 'entity_b', 'debugging'); $request = carl_get_request(); $this->request = array_merge($request, carl_clean_vars($request, $param_cleanup_rules)); foreach ($params_to_localize as $v) { if (isset($this->request[$v])) { $this->{$v} = $this->request[$v]; } } // verify that id corresponds to an entity if ($this->id > 0) { $e = new entity($this->id); $values = $e->get_values(); if (empty($values)) { trigger_error('Malformed request from ' . $_SERVER['HTTP_REFERER'] . ' (ID given does not correspond to an entity)'); $this->id = ''; } } if (isset($this->request['PHPSESSID'])) { unset($this->request['PHPSESSID']); } $old_id = !empty($this->request[CM_VAR_PREFIX . 'id']) ? $this->request[CM_VAR_PREFIX . 'id'] : false; $id = !empty($this->request['id']) ? $this->request['id'] : false; if ($old_id && $id && $id == $old_id) { $new_link = carl_construct_redirect($this->get_default_args()); header('Location: ' . $new_link); echo '<p>Attempted to redirect to <a href=' . htmlspecialchars($new_link, ENT_QUOTES) . '>here</a>, but seem to have failed.</p>'; die; } $this->select_user(); }
function grab_request() // {{{ { $request = array_diff( conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE) ); $columns = (isset($this->columns)) ? array_keys($this->columns) : array(''); $cleanup_rules = array('state' => array('function' => 'check_against_array', 'extra_args' => array('live', 'Live', 'pending', 'Pending', 'deleted', 'Deleted')), 'dir' => array('function' => 'check_against_array', 'extra_args' => array('desc', 'DESC', 'asc', 'ASC')), 'order_by' => array('function' => 'check_against_array', 'extra_args' => $columns), 'site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'type_id'=> array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'open' => array('function' => 'check_against_regexp', 'extra_args' => array('/^[0-9,]*$/')), 'lister' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_cur_module' => array('function' => 'turn_into_string'), '__old_user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'cur_module' => array('function' => 'turn_into_string'), 'textonly' => array('function' => 'turn_into_int'), 'new_entity' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'refresh_lister_state' => array('function' => 'check_against_array', 'extra_args' => array('0','1')) ); $this->append_filters($cleanup_rules); // apply the cleanup rules $this->request = carl_clean_vars($request, $cleanup_rules); $this->_consult_and_save_session_state(); // special case a few that unfortunately need localization ... if (isset($this->request['state'])) $this->state = $this->request['state'] = strtolower($this->request['state']); if (isset($this->request['dir'])) $this->dir = $this->request['dir'] = strtoupper($this->request['dir']); if (isset($this->request['order_by'])) $this->order_by = $this->request['order_by']; if (isset($this->request['page'])) $this->page = $this->request['page']; if (isset($this->request['open'])) $this->open = $this->request['open']; // setup some defaults if (!$this->page) $this->page = 1; if (!$this->state) $this->state = 'Live'; }
// we have to do a little fancy footwork to get any variables passed // on the GET string. Basically, the original REQUEST_URI has the // query string we are interested in, so we parse that URL and then // parse the query string. Then, we merge the two query strings back // into the superglobal one. $url_arr = parse_url(get_current_url()); $apparent_get = array(); if (!empty($url_arr['query'])) { parse_str($url_arr['query'], $apparent_get); } // all additional request items must be integers. // This is a simple way to prevent SQL injection // if we need to do more at a later point we can // use a cleanup rules-style method of // managing request stuff. $cleanup_rules = $feed->get_cleanup_rules(); // original request clobbers new request $full_get = array_merge($apparent_get, $_GET); foreach ($full_get as $key => $val) { if (empty($cleanup_rules[$key])) { $cleanup_rules[$key] = array('function' => 'turn_into_int'); } } $full_get = carl_clean_vars($full_get, $cleanup_rules); $feed->set_request_vars($full_get); $feed->run(); } else { http_response_code(400); echo '<html><head><title>Feed did not work</title><meta name="robots" content="none" /></head><body><h1>Feed did not work</h1><p>Use the form "?type_id=xx [ &site_id=yy ]"</p></body></html>'; } reason_log_page_generation_time(round(1000 * (get_microtime() - $start_time)));
/** * Should include only those items needed by the minisite navigation builder */ function grab_request() { $request = array_diff(conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE)); $columns = isset($this->columns) ? array_keys($this->columns) : array(''); $cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'textonly' => array('function' => 'turn_into_int'), 'editing' => array('function' => 'check_against_array', 'extra_args' => array('off', 'on'))); // apply the cleanup rules $this->request = carl_clean_vars($request, $cleanup_rules); }
/** * Handles all the internal logic for an instantiated table viewer - request variables will override any settings that correspond to a request * variable that may have been specified prior to the init ... */ function _set_params_from_request() { // alter cleanup rules $this->cleanup_rules['table_sort_field'] = array('function' => 'check_against_array', 'extra_args' => array_keys($this->_display_values)); // dynamically add $va = $this->_get_valid_actions(); $vra = $this->_get_valid_row_actions(); if (!empty($va)) { $this->cleanup_rules['table_action'] = array('function' => 'check_against_array', 'extra_args' => $va); } if (!empty($vra)) { $this->cleanup_rules['table_row_action'] = array('function' => 'check_against_array', 'extra_args' => $vra); } $this->request = carl_clean_vars(conditional_stripslashes($_REQUEST), $this->cleanup_rules); if (isset($this->request['table_action'])) { $this->set_action($this->request['table_action']); } if (isset($this->request['table_row_action'])) { $this->set_row_action($this->request['table_row_action']); } if (isset($this->request['table_action_id'])) { $this->set_action_id($this->request['table_action_id']); } if (isset($this->request['table_sort_order'])) { $this->set_sort_order($this->request['table_sort_order']); } if (isset($this->request['table_sort_field'])) { $this->set_sort_field($this->request['table_sort_field']); } if (isset($this->request['table_filters'])) { $this->set_filters($this->request['table_filters']); } if (isset($this->request['table_filter_clear'])) { $this->clear_filters($this->request['table_filters']); } }
function clean_vars(&$vars, $rules) { return carl_clean_vars($vars, $rules); }