function make_editor_form()
 {
     $form = new disco();
     $editor_name = html_editor_name($this->site_id);
     $params = html_editor_params($this->site_id);
     if (strpos($editor_name, 'loki') === 0) {
         unset($params['paths']['site_feed']);
         unset($params['paths']['finder_feed']);
         unset($params['paths']['default_site_regexp']);
         unset($params['paths']['default_type_regexp']);
         $params['widgets'] .= ' +source +debug';
     }
     $form->add_element('demo', $editor_name, $params);
     $form->set_display_name('demo', ' ');
     $form->set_actions(array('Submit'));
     $form->run();
     if ($form->get_value('demo')) {
         echo '<h3>Output</h3>' . "\n";
         echo '<p>(For security reasons, this may differ from the Raw and Tidied markup -- it has been run through <a href="http://htmlpurifier.org/">HTML Purifier</a>)</p>';
         echo '<div class="echoBack">' . "\n";
         echo carl_get_safer_html($form->get_value('demo'));
         echo '</div>' . "\n";
         echo '<h3>Tidied Markup</h3>' . "\n";
         echo '<p>This is what you submitted after being run through <a href="http://tidy.sourceforge.net/">Tidy</a></p>';
         echo '<div class="echoBack">' . "\n";
         echo nl2br(htmlspecialchars($form->get_value('demo')));
         echo '</div>' . "\n";
         echo '<h3>Raw Markup</h3>' . "\n";
         echo '<p>This is exactly what you submitted</p>';
         echo '<div class="echoBack">' . "\n";
         echo nl2br(htmlspecialchars(conditional_stripslashes($_POST['demo'])));
         echo '</div>' . "\n";
     }
 }
Example #2
0
 function AbstractFormController()
 {
     $request =& $this->get_request();
     $cleanup_rules =& $this->get_cleanup_rules();
     if (empty($request) && !empty($cleanup_rules)) {
         $unclean_request = conditional_stripslashes($_REQUEST);
         $request = carl_clean_vars($unclean_request, $cleanup_rules);
         $this->set_request($request);
     }
 }
Example #3
0
 /**
  * Inits the DiscoDB form using class variables $db_conn, $table, and $id
  */
 function init($externally_set_up = false)
 {
     if (isset($this->_inited) == false) {
         $cleanup_rules = $this->get_cleanup_rules();
         $request = conditional_stripslashes($_REQUEST);
         $this->request = carl_clean_vars($request, $cleanup_rules);
         $this->pre_init_and_run_form();
         if ($this->init_and_run_form) {
             parent::init();
         } else {
             $this->init_no_form();
         }
     }
 }
Example #4
0
function carl_construct_query_string($new_request_vars, $preserve_request_vars = array(''))
{
    if (empty($preserve_request_vars)) {
        return carl_make_link($new_request_vars, '', 'qs_only', true, false);
    } else {
        $url = get_current_url();
        $preserve_array = '';
        $parts = parse_url($url);
        if (!empty($parts['query'])) {
            parse_str($parts['query'], $cur_request_vars);
        }
        if (isset($cur_request_vars)) {
            $cur_request_vars = conditional_stripslashes($cur_request_vars);
        }
        foreach ($preserve_request_vars as $key) {
            if (isset($cur_request_vars[$key])) {
                $preserve_array[$key] = $cur_request_vars[$key];
            }
        }
        $params = isset($preserve_array) ? array_merge((array) $preserve_array, (array) $new_request_vars) : $new_request_vars;
        return carl_make_link($params, '', 'qs_only', true, false);
    }
}
Example #5
0
	function clean_external_vars($rules)
	// Cleanup rules can include a 'method'
	// parameter which indicates where the value should come from -- options are get, post, and 
	// nothing/anything else, which means the $_REQUEST array.
	{
		$request = $cleanup_params = array();
		$prepped_request = conditional_stripslashes($_REQUEST);
		$prepped_post = conditional_stripslashes($_POST);
		$prepped_get = conditional_stripslashes($_GET);
		foreach ($rules as $param => $rule)
		{
			if (isset($rule['method']))
			{
				switch ($rule['method'])
				{
					case 'get':
					case 'GET':
						$cleanup_params['prepped_get'][$param] = $rule;
						break;
					case 'post':
					case 'POST':
						$cleanup_params['prepped_post'][$param] = $rule;
						break;
					default:
						$cleanup_params['prepped_request'][$param] = $rule;
						break;
				}
			} else {
				$cleanup_params['prepped_request'][$param] = $rule;	
			}	
		}
		foreach ($cleanup_params as $source => $rules)
		{
			$cleaned = $this->clean_vars( $$source, $rules );
			$request = array_merge($request, $cleaned);
		}
		return $request;
	} // }}}
/**
 * Strip slashes *if magic quotes are turned on*
 *
 * Most of the Reason and Carl Util tools expect to work with unescaped values
 * and will double-escape values if they are written to the db that way.
 * It is good practice to run userland values through this function so that code 
 * will work whether or not magic quotes are on.
 *
 *
 * @param string $string_that_may_be_escaped
 * @return string $unescaped_string
 */
function conditional_stripslashes($value)
{
    if (!get_magic_quotes_gpc()) {
        return $value;
    } else {
        if (is_array($value)) {
            foreach ($value as $k => $v) {
                $z = is_array($v) ? array_map("conditional_stripslashes", $v) : conditional_stripslashes($v);
                $value[$k] = $z;
            }
            return $value;
        } else {
            return stripslashes($value);
        }
    }
}
Example #7
0
 function init($externally_set_up = false)
 {
     if (!$this->load_has_run) {
         if (!empty($this->table) && !empty($this->db_conn)) {
             if (!empty($this->table)) {
                 $this->_use_db_connection_string();
                 $this->load($this->db_conn, $this->table, $this->_id);
             }
         } else {
             trigger_error('the disco db form must have the class variables $table and $db_conn defined if you are running init prior to load');
         }
     }
     if (!isset($this->_inited) or empty($this->_inited)) {
         if ($this->_use_db_connection_string) {
             $this->disco_db_connect();
         }
         // are we first timing it?
         if (empty($this->_request)) {
             $this->_request = conditional_stripslashes($_REQUEST);
         }
         $HTTP_VARS = $this->_request;
         $this->_first_time = (isset($HTTP_VARS['submitted']) and !empty($HTTP_VARS['submitted'])) ? false : true;
         // tables should not be empty
         if (!isset($this->tables) or empty($this->tables)) {
             $this->_internal_error('Your Disco DB must have tables specified');
         }
         if (!isset($this->required) or !is_array($this->required)) {
             $this->required = array();
         }
         // determine action that was chosen
         foreach ($this->_request as $key => $val) {
             if (preg_match('/__button_/', $key)) {
                 $this->chosen_action = preg_replace('/__button_/', '', $key);
             }
         }
         $HTTP_VARS = $this->_request;
         $this->_first_time = (isset($HTTP_VARS['submitted']) and !empty($HTTP_VARS['submitted'])) ? false : true;
         // initialize values
         $this->_error_required = array();
         $this->_error_messages = array();
         $this->_error_flag = false;
         // run through the tables array setting everything and getting any kinds of types from the database as needed
         reset($this->tables);
         while (list($key, $val) = each($this->tables)) {
             // just a table name - this table needs to be loaded from DB
             if (is_int($key) and is_string($val)) {
                 // load elements for this table
                 $this->load_elements_from_db($this->_db, array($val));
             } else {
                 if (is_string($key)) {
                     if (empty($val)) {
                         $this->load_elements_from_db($this->_db, array($key));
                     } else {
                         // inspect elements in this array
                         reset($val);
                         while (list($el_key, $el_val) = each($val)) {
                             $element = '';
                             $type = '';
                             $args = array();
                             // probably an element with a type
                             if (is_string($el_key)) {
                                 $element = $el_key;
                                 // this element has extra args
                                 if (is_array($el_val)) {
                                     $type = $el_val['type'];
                                     $args = $el_val;
                                 } else {
                                     $type = $el_val;
                                 }
                             } else {
                                 $element = $el_val;
                             }
                             $this->add_element($element, $type, $args);
                             $this->_tables[$key][$element] = array('type' => $type, 'field' => $element);
                         }
                     }
                 } else {
                     $this->_internal_error('Your tables are malformed.');
                 }
             }
         }
         // now load values from db
         if (!isset($this->_id)) {
             $HTTP_VARS = conditional_stripslashes($_REQUEST);
             $this->_id = isset($HTTP_VARS['id']) ? $HTTP_VARS['id'] : '';
         }
         $this->load_values();
         // required should only contain defined elements & element groups
         foreach ($this->required as $name) {
             if (!$this->_is_element($name) && !$this->_is_element_group($name)) {
                 trigger_error($name . ' is present in your required fields, but it is not a defined element or element group.');
             }
         }
         $this->_inited = true;
         if ($this->_use_db_connection_string) {
             $this->disco_db_disconnect();
         }
     }
 }
Example #8
0
			function grab_request() // {{{
			{
				$request = array_diff( conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE) );
				$columns = (isset($this->columns)) ? array_keys($this->columns) : array('');
				$cleanup_rules = array('state' => array('function' => 'check_against_array', 'extra_args' => array('live', 'Live', 'pending', 'Pending', 'deleted', 'Deleted')),
									   'dir' => array('function' => 'check_against_array', 'extra_args' => array('desc', 'DESC', 'asc', 'ASC')),
									   'order_by' => array('function' => 'check_against_array', 'extra_args' => $columns),
									   'site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'type_id'=> array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'open' => array('function' => 'check_against_regexp', 'extra_args' => array('/^[0-9,]*$/')),
									   'lister' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   '__old_site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   '__old_type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   '__old_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   '__old_rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   '__old_cur_module' => array('function' => 'turn_into_string'),
									   '__old_user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'page' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'cur_module' => array('function' => 'turn_into_string'),
									   'textonly' => array('function' => 'turn_into_int'),
									   'new_entity' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)),
									   'refresh_lister_state' => array('function' => 'check_against_array', 'extra_args' => array('0','1'))
							);
				
				$this->append_filters($cleanup_rules);
								
				// apply the cleanup rules
				$this->request = carl_clean_vars($request, $cleanup_rules);
				
				$this->_consult_and_save_session_state();
				
				// special case a few that unfortunately need localization ... 
				if (isset($this->request['state'])) $this->state = $this->request['state'] = strtolower($this->request['state']);
				if (isset($this->request['dir'])) $this->dir = $this->request['dir'] = strtoupper($this->request['dir']);
				if (isset($this->request['order_by'])) $this->order_by = $this->request['order_by'];
				if (isset($this->request['page'])) $this->page = $this->request['page'];
				if (isset($this->request['open'])) $this->open = $this->request['open'];
				
				// setup some defaults
				if (!$this->page) $this->page = 1;
				if (!$this->state) $this->state = 'Live';
			}
Example #9
0
<?php

/**
 * Provides a web service for the Thor WYSIWYG editor to update the temporary XML file in the DB
 * @package thor
 */
include_once 'paths.php';
include_once SETTINGS_INC . 'thor_settings.php';
include_once CARL_UTIL_INC . 'dev/prp.php';
include_once CARL_UTIL_INC . 'db/db.php';
include_once CARL_UTIL_INC . 'db/sqler.php';
$tmp_id = $_REQUEST["tmp_id"];
$xml = $_REQUEST["xml"];
connectDB(THOR_FORM_DB_CONN);
$sqler = new SQLER();
if (!empty($xml)) {
    if (!empty($tmp_id)) {
        $sqler->update_one('thor', array('content' => conditional_stripslashes($xml)), $tmp_id);
    } else {
        $sqler->insert('thor', array('content' => conditional_stripslashes($xml)));
        $tmp_id = mysql_insert_id();
        echo $tmp_id;
    }
} else {
    die('Please provide xml content.');
}
Example #10
0
 /**
  * Should include only those items needed by the minisite navigation builder
  */
 function grab_request()
 {
     $request = array_diff(conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE));
     $columns = isset($this->columns) ? array_keys($this->columns) : array('');
     $cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'textonly' => array('function' => 'turn_into_int'), 'editing' => array('function' => 'check_against_array', 'extra_args' => array('off', 'on')));
     // apply the cleanup rules
     $this->request = carl_clean_vars($request, $cleanup_rules);
 }
Example #11
0
 /**
  * Handles the transition from the end of the form to wherever or whatever the form should go/do.
  * Called by {@link run_process_phase()}.  Available hook: {@link where_to()}.
  * @param string $kludge kludge variables to handle the old finish method
  * @access public
  */
 function handle_transition($kludge)
 {
     $where_to = $this->where_to();
     if ($callback_where_tos = $this->_run_callbacks('where_to')) {
         $where_to = array_pop($callback_where_tos);
     } elseif (!$where_to) {
         $where_to = $kludge;
     }
     if ($where_to) {
         if (!$where_to or !is_string($where_to)) {
             $where_to = conditional_stripslashes($_SERVER['REQUEST_URI']);
         }
         if (function_exists('is_developer') && is_developer()) {
             $errors = carl_util_get_error_list();
             if (!empty($errors)) {
                 echo '<h3>PHP errors were encountered during the processing of this form.</h3>' . "\n";
                 echo '<p>Because you are accessing this form from an IP address listed as a developer\'s, rather than redirecting your browser to the next step (which would hide the errors) the form is pausing to let you see the errors displayed above.</p>' . "\n";
                 echo '<p><a href="' . htmlspecialchars($where_to) . '">Thanks for the info; continue on.</a></p>';
                 exit;
             }
         }
         header('Location: ' . $where_to);
         exit;
     }
 }
Example #12
0
$es = new entity_selector();
$es->add_type(id_of('minisite_page'));
$es->limit_tables(array('page_node', 'url'));
$es->limit_fields('entity.name, page_node.custom_page, page_node.url_fragment, url.url');
$es->add_right_relationship_field('owns', 'entity', 'id', 'owner_id');
$es->add_right_relationship_field('owns', 'entity', 'name', 'site_name');
$es->add_left_relationship_field('minisite_page_parent', 'entity', 'id', 'parent_id');
// we add some relations so that we grab only valid pages with names that are not custom url pages
$es->add_relation('(entity.name != "") AND ((url.url = "") OR (url.url IS NULL))');
$result = $es->run_one();
$builder = new reasonPageURL();
$builder->provide_page_entities($result);
$request = carl_get_request();
$detail_mode = isset($request['detail']) ? $request['detail'] == 'true' : false;
$module_limiter = isset($request['limit']) ? conditional_stripslashes(turn_into_string($request['limit'])) : '';
$detail_limiter = isset($request['detail_limit']) ? conditional_stripslashes(turn_into_string($request['detail_limit'])) : '';
$core_local_limiter = isset($request['core_local_limit']) ? check_against_array($request['core_local_limit'], array('core', 'local')) : '';
$num = isset($request['num']) ? turn_into_int($request['num']) : 'All';
if (isset($request['reset'])) {
    header("Location: " . carl_make_redirect(array('limit' => '', 'core_local_limit' => '')));
    exit;
}
// Make an array with first dimension of page type name, second dimension of every page
// ID using the pt, third dimension 'true' for every page type returned by the query.
foreach ($result as $k => $mypage) {
    $page_type_value = $mypage->get_value('custom_page');
    if (empty($page_type_value)) {
        $page_type_value = 'default';
    }
    $reason_page_types[$page_type_value][$k] = 'true';
}
Example #13
0
 /**
  * This is a replacement for referencing $_REQUEST directly, and gives us a consistent result that includes just $_GET and $_POST.
  *
  * It should be used instead of $_REQUEST, as the makeup of $_REQUEST depends upon the PHP version and settings.
  *
  * If $_POST and $_GET are set for a named item, $_POST is preferred.
  *
  * @param boolean run_conditional_stripslashes - defaults to true ... makes sure stripslashes gets run if magic_quotes is on.
  * @author Nathan White
  * @return array
  */
 function carl_get_request($run_conditional_stripslashes = true)
 {
     $merged = array_merge_recursive2((array) $_GET, (array) $_POST);
     return $run_conditional_stripslashes ? conditional_stripslashes($merged) : $merged;
 }
Example #14
0
 /**
  * Handles all the internal logic for an instantiated table viewer - request variables will override any settings that correspond to a request
  * variable that may have been specified prior to the init ...
  */
 function _set_params_from_request()
 {
     // alter cleanup rules
     $this->cleanup_rules['table_sort_field'] = array('function' => 'check_against_array', 'extra_args' => array_keys($this->_display_values));
     // dynamically add
     $va = $this->_get_valid_actions();
     $vra = $this->_get_valid_row_actions();
     if (!empty($va)) {
         $this->cleanup_rules['table_action'] = array('function' => 'check_against_array', 'extra_args' => $va);
     }
     if (!empty($vra)) {
         $this->cleanup_rules['table_row_action'] = array('function' => 'check_against_array', 'extra_args' => $vra);
     }
     $this->request = carl_clean_vars(conditional_stripslashes($_REQUEST), $this->cleanup_rules);
     if (isset($this->request['table_action'])) {
         $this->set_action($this->request['table_action']);
     }
     if (isset($this->request['table_row_action'])) {
         $this->set_row_action($this->request['table_row_action']);
     }
     if (isset($this->request['table_action_id'])) {
         $this->set_action_id($this->request['table_action_id']);
     }
     if (isset($this->request['table_sort_order'])) {
         $this->set_sort_order($this->request['table_sort_order']);
     }
     if (isset($this->request['table_sort_field'])) {
         $this->set_sort_field($this->request['table_sort_field']);
     }
     if (isset($this->request['table_filters'])) {
         $this->set_filters($this->request['table_filters']);
     }
     if (isset($this->request['table_filter_clear'])) {
         $this->clear_filters($this->request['table_filters']);
     }
 }
Example #15
0
 function clean_external_vars($rules)
 {
     $request = $cleanup_params = array();
     $prepped_request = conditional_stripslashes($_REQUEST);
     $prepped_post = conditional_stripslashes($_POST);
     $prepped_get = conditional_stripslashes($_GET);
     foreach ($rules as $param => $rule) {
         if (isset($rule['method'])) {
             switch ($rule['method']) {
                 case 'get':
                 case 'GET':
                     $cleanup_params['prepped_get'][$param] = $rule;
                     break;
                 case 'post':
                 case 'POST':
                     $cleanup_params['prepped_post'][$param] = $rule;
                     break;
                 default:
                     $cleanup_params['prepped_request'][$param] = $rule;
                     break;
             }
         } else {
             $cleanup_params['prepped_request'][$param] = $rule;
         }
     }
     foreach ($cleanup_params as $source => $rules) {
         $cleaned = $this->clean_vars(${$source}, $rules);
         $request = array_merge($request, $cleaned);
     }
     return $request;
 }