function can_upload($session)
{
if ($session['authenticator']) {
$auth = $session['authenticator'];
$reason_session =& get_reason_session();
$username = $reason_session->get("username");
if (isset($_REQUEST['user_id']) && !empty($_REQUEST['user_id'])) {
$username = $reason_session->get('username');
$param_cleanup_rules = array('user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')));
$cleanRequest = array_merge($_REQUEST, carl_clean_vars($_REQUEST, $param_cleanup_rules));
$nametag = $cleanRequest['user_id'];
$id = get_user_id($username);
if (reason_user_has_privs($id, 'pose_as_other_user')) {
$user = new Entity($nametag);
$username = $user->get_value("name");
}
}
if ($auth['file']) {
require_once $auth['file'];
}
$args = array_merge(array($username), $auth['arguments']);
if (!call_user_func_array($auth['callback'], $args)) {
return false;
}
}
return true;
}
function AbstractFormController()
{
$request =& $this->get_request();
$cleanup_rules =& $this->get_cleanup_rules();
if (empty($request) && !empty($cleanup_rules)) {
$unclean_request = conditional_stripslashes($_REQUEST);
$request = carl_clean_vars($unclean_request, $cleanup_rules);
$this->set_request($request);
}
}
/**
* Inits the DiscoDB form using class variables $db_conn, $table, and $id
*/
function init($externally_set_up = false)
{
if (isset($this->_inited) == false) {
$cleanup_rules = $this->get_cleanup_rules();
$request = conditional_stripslashes($_REQUEST);
$this->request = carl_clean_vars($request, $cleanup_rules);
$this->pre_init_and_run_form();
if ($this->init_and_run_form) {
parent::init();
} else {
$this->init_no_form();
}
}
}
/**
* Grab request variables - merge custom page types and modules into the instance arrays.
*/
function init()
{
$this->request = carl_clean_vars(carl_get_request(), $this->cleanup_rules);
if (!empty($this->custom_recommended_page_type_mapping)) {
$this->recommended_page_type_mapping = array_merge($this->recommended_page_type_mapping, $this->custom_recommended_page_type_mapping);
}
if (!empty($this->custom_news_modules)) {
$this->news_modules = array_merge($this->news_modules, $this->custom_news_modules);
}
if (!empty($this->custom_publication_modules)) {
$this->publication_modules = array_merge($this->publication_modules, $this->custom_publication_modules);
}
if (!empty($this->custom_page_type_comments)) {
$this->page_type_comments = array_merge($this->page_type_comments, $this->custom_page_type_comments);
}
}
function clean_vars(&$vars, $rules)
{
$call_info = array_shift(debug_backtrace());
$code_line = $call_info['line'];
$file = array_pop(explode('/', $call_info['file']));
trigger_error('deprecated function clean_vars called by ' . $file . ' on line ' . $code_line . ' - use carl_clean_vars instead', WARNING);
return carl_clean_vars($vars, $rules);
}
<?php
/**
* @package reason
* @subpackage scripts
*
* @todo this script should probably move into lib/core/scripts, leaving just a stub here
*/
include_once 'reason_header.php';
reason_include_once('classes/quote_helper.php');
$site_id = !empty($_REQUEST['site_id']) ? $_REQUEST['site_id'] : '';
$page_id = !empty($_REQUEST['page_id']) ? $_REQUEST['page_id'] : '5';
$cleanup_rules = array('site_id' => array('function' => 'turn_into_int'), 'page_id' => array('function' => 'turn_into_int'), 'page_category_mode' => array('function' => 'turn_into_int'), 'prefer_short_quotes' => array('function' => 'turn_into_int'), 'cache_lifespan' => array('function' => 'turn_into_int'), 'viewed_quote_ids' => array('function' => 'populate_viewed_quote_ids'));
$request = carl_clean_vars($_REQUEST, $cleanup_rules);
$qh = new QuoteHelper();
if (isset($request['site_id'])) {
$qh->set_site_id($request['site_id']);
}
if (isset($request['page_id'])) {
$qh->set_page_id($request['page_id']);
}
if (isset($request['cache_lifespan'])) {
$qh->set_cache_lifespan($request['cache_lifespan']);
}
if (isset($request['page_category_mode'])) {
$qh->set_page_category_mode($request['page_category_mode']);
}
if (isset($request['viewed_quote_ids'])) {
$qh->set_unavailable_quote_ids($request['viewed_quote_ids']);
}
// this should be able to support quotes when not in random mode as well probably
function clean_vars( &$vars, $rules ) // {{{
// Returns an array which takes the values of the keys in Vars of
// the keys set in Settings, and runs the cleaning function
// specified in the value of settings
{
return carl_clean_vars( $vars, $rules );
} // }}}
/**
* Determine state and init the appropriate find replace wizard screen
*/
function init()
{
$this->request = carl_clean_vars($_REQUEST, $this->cleanup_rules);
if (isset($this->request['clear_exclude'])) {
$this->clear_excluded();
$redirect = carl_make_redirect(array('clear_exclude' => ''));
header("Location:" . $redirect);
exit;
}
}
function load_params()
{
$param_cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'cur_module' => array('function' => 'check_against_regexp', 'extra_args' => array('safechars')), 'viewer_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'entity_a' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'entity_b' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true')), 'new_entity' => array('function' => 'check_against_array', 'extra_args' => array(0, 1)), 'debugging' => array('function' => 'check_against_array', 'extra_args' => array('true', 'false')), 'state' => array('function' => 'check_against_array', 'extra_args' => array('deleted', 'pending', 'live')));
$params_to_localize = array('site_id', 'user_id', 'type_id', 'id', 'rel_id', 'cur_module', 'viewer_id', 'entity_a', 'entity_b', 'debugging');
$request = carl_get_request();
$this->request = array_merge($request, carl_clean_vars($request, $param_cleanup_rules));
foreach ($params_to_localize as $v) {
if (isset($this->request[$v])) {
$this->{$v} = $this->request[$v];
}
}
// verify that id corresponds to an entity
if ($this->id > 0) {
$e = new entity($this->id);
$values = $e->get_values();
if (empty($values)) {
trigger_error('Malformed request from ' . $_SERVER['HTTP_REFERER'] . ' (ID given does not correspond to an entity)');
$this->id = '';
}
}
if (isset($this->request['PHPSESSID'])) {
unset($this->request['PHPSESSID']);
}
$old_id = !empty($this->request[CM_VAR_PREFIX . 'id']) ? $this->request[CM_VAR_PREFIX . 'id'] : false;
$id = !empty($this->request['id']) ? $this->request['id'] : false;
if ($old_id && $id && $id == $old_id) {
$new_link = carl_construct_redirect($this->get_default_args());
header('Location: ' . $new_link);
echo '<p>Attempted to redirect to <a href=' . htmlspecialchars($new_link, ENT_QUOTES) . '>here</a>, but seem to have failed.</p>';
die;
}
$this->select_user();
}
function grab_request() // {{{
{
$request = array_diff( conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE) );
$columns = (isset($this->columns)) ? array_keys($this->columns) : array('');
$cleanup_rules = array('state' => array('function' => 'check_against_array', 'extra_args' => array('live', 'Live', 'pending', 'Pending', 'deleted', 'Deleted')),
'dir' => array('function' => 'check_against_array', 'extra_args' => array('desc', 'DESC', 'asc', 'ASC')),
'order_by' => array('function' => 'check_against_array', 'extra_args' => $columns),
'site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'type_id'=> array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'open' => array('function' => 'check_against_regexp', 'extra_args' => array('/^[0-9,]*$/')),
'lister' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'__old_site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'__old_type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'__old_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'__old_rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'__old_cur_module' => array('function' => 'turn_into_string'),
'__old_user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'page' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'cur_module' => array('function' => 'turn_into_string'),
'textonly' => array('function' => 'turn_into_int'),
'new_entity' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
'refresh_lister_state' => array('function' => 'check_against_array', 'extra_args' => array('0','1'))
);
$this->append_filters($cleanup_rules);
// apply the cleanup rules
$this->request = carl_clean_vars($request, $cleanup_rules);
$this->_consult_and_save_session_state();
// special case a few that unfortunately need localization ...
if (isset($this->request['state'])) $this->state = $this->request['state'] = strtolower($this->request['state']);
if (isset($this->request['dir'])) $this->dir = $this->request['dir'] = strtoupper($this->request['dir']);
if (isset($this->request['order_by'])) $this->order_by = $this->request['order_by'];
if (isset($this->request['page'])) $this->page = $this->request['page'];
if (isset($this->request['open'])) $this->open = $this->request['open'];
// setup some defaults
if (!$this->page) $this->page = 1;
if (!$this->state) $this->state = 'Live';
}
// we have to do a little fancy footwork to get any variables passed
// on the GET string. Basically, the original REQUEST_URI has the
// query string we are interested in, so we parse that URL and then
// parse the query string. Then, we merge the two query strings back
// into the superglobal one.
$url_arr = parse_url(get_current_url());
$apparent_get = array();
if (!empty($url_arr['query'])) {
parse_str($url_arr['query'], $apparent_get);
}
// all additional request items must be integers.
// This is a simple way to prevent SQL injection
// if we need to do more at a later point we can
// use a cleanup rules-style method of
// managing request stuff.
$cleanup_rules = $feed->get_cleanup_rules();
// original request clobbers new request
$full_get = array_merge($apparent_get, $_GET);
foreach ($full_get as $key => $val) {
if (empty($cleanup_rules[$key])) {
$cleanup_rules[$key] = array('function' => 'turn_into_int');
}
}
$full_get = carl_clean_vars($full_get, $cleanup_rules);
$feed->set_request_vars($full_get);
$feed->run();
} else {
http_response_code(400);
echo '<html><head><title>Feed did not work</title><meta name="robots" content="none" /></head><body><h1>Feed did not work</h1><p>Use the form "?type_id=xx [ &site_id=yy ]"</p></body></html>';
}
reason_log_page_generation_time(round(1000 * (get_microtime() - $start_time)));
/**
* Should include only those items needed by the minisite navigation builder
*/
function grab_request()
{
$request = array_diff(conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE));
$columns = isset($this->columns) ? array_keys($this->columns) : array('');
$cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'textonly' => array('function' => 'turn_into_int'), 'editing' => array('function' => 'check_against_array', 'extra_args' => array('off', 'on')));
// apply the cleanup rules
$this->request = carl_clean_vars($request, $cleanup_rules);
}
/**
* Handles all the internal logic for an instantiated table viewer - request variables will override any settings that correspond to a request
* variable that may have been specified prior to the init ...
*/
function _set_params_from_request()
{
// alter cleanup rules
$this->cleanup_rules['table_sort_field'] = array('function' => 'check_against_array', 'extra_args' => array_keys($this->_display_values));
// dynamically add
$va = $this->_get_valid_actions();
$vra = $this->_get_valid_row_actions();
if (!empty($va)) {
$this->cleanup_rules['table_action'] = array('function' => 'check_against_array', 'extra_args' => $va);
}
if (!empty($vra)) {
$this->cleanup_rules['table_row_action'] = array('function' => 'check_against_array', 'extra_args' => $vra);
}
$this->request = carl_clean_vars(conditional_stripslashes($_REQUEST), $this->cleanup_rules);
if (isset($this->request['table_action'])) {
$this->set_action($this->request['table_action']);
}
if (isset($this->request['table_row_action'])) {
$this->set_row_action($this->request['table_row_action']);
}
if (isset($this->request['table_action_id'])) {
$this->set_action_id($this->request['table_action_id']);
}
if (isset($this->request['table_sort_order'])) {
$this->set_sort_order($this->request['table_sort_order']);
}
if (isset($this->request['table_sort_field'])) {
$this->set_sort_field($this->request['table_sort_field']);
}
if (isset($this->request['table_filters'])) {
$this->set_filters($this->request['table_filters']);
}
if (isset($this->request['table_filter_clear'])) {
$this->clear_filters($this->request['table_filters']);
}
}
function clean_vars(&$vars, $rules)
{
return carl_clean_vars($vars, $rules);
}
