/**
* Imports data from the outer world
*
* @param string $name Variable name
* @param string $source Source type: G/GET, P/POST, C/COOKIE, R/REQUEST, PUT, DELETE or D/DIRECT (variable filtering)
* @param string $filter Filter type
* @param int $maxlen Length limit
* @param bool $dieonerror Die with fatal error on wrong input
* @param bool $buffer Try to load from input buffer (previously submitted) if current value is empty
* @return mixed
*/
function cot_import($name, $source, $filter, $maxlen = 0, $dieonerror = false, $buffer = false)
{
global $cot_import_filters, $_PUT, $_PATCH, $_DELETE;
if (isset($_SERVER['REQUEST_METHOD'])) {
if ($_SERVER['REQUEST_METHOD'] == 'PUT' && is_null($_PUT)) {
parse_str(file_get_contents('php://input'), $_PUT);
} elseif ($_SERVER['REQUEST_METHOD'] == 'PATCH' && is_null($_PATCH)) {
parse_str(file_get_contents('php://input'), $_PATCH);
} elseif ($_SERVER['REQUEST_METHOD'] == 'DELETE' && is_null($_DELETE)) {
parse_str(file_get_contents('php://input'), $_DELETE);
}
}
$v = NULL;
switch ($source) {
case 'G':
case 'GET':
$v = isset($_GET[$name]) ? $_GET[$name] : NULL;
$log = TRUE;
break;
case 'P':
case 'POST':
$v = isset($_POST[$name]) ? $_POST[$name] : NULL;
$log = TRUE;
break;
case 'PUT':
$v = isset($_PUT[$name]) ? $_PUT[$name] : NULL;
$log = TRUE;
break;
case 'PATCH':
$v = isset($_PATCH[$name]) ? $_PATCH[$name] : NULL;
$log = TRUE;
break;
case 'DELETE':
$v = isset($_DELETE[$name]) ? $_DELETE[$name] : NULL;
$log = TRUE;
break;
case 'R':
case 'REQUEST':
$v = isset($_REQUEST[$name]) ? $_REQUEST[$name] : NULL;
$log = TRUE;
break;
case 'C':
case 'COOKIE':
$v = isset($_COOKIE[$name]) ? $_COOKIE[$name] : NULL;
$log = TRUE;
break;
case 'D':
case 'DIRECT':
$v = $name;
$log = FALSE;
break;
default:
cot_diefatal('Unknown source for a variable : <br />Name = ' . $name . '<br />Source = ' . $source . ' ? (must be G, P, C or D)');
break;
}
if (is_array($v)) {
if ($filter == 'NOC') {
$filter = 'ARR';
}
if ($filter != 'ARR') {
return null;
}
} else {
if ($filter == 'ARR') {
return array();
}
}
if (MQGPC && ($source == 'G' || $source == 'P' || $source == 'C') && $v != NULL && $filter != 'ARR') {
$v = stripslashes($v);
}
if (($v === '' || $v === NULL || $filter == 'ARR') && $buffer) {
$v = cot_import_buffered($name, $v, null);
return $v;
}
if ($v === null) {
return null;
}
if ($maxlen > 0) {
$v = mb_substr($v, 0, $maxlen);
}
$pass = FALSE;
$defret = NULL;
// Custom filter support
if (is_array($cot_import_filters[$filter])) {
foreach ($cot_import_filters[$filter] as $func) {
$v = $func($v, $name);
}
return $v;
}
switch ($filter) {
case 'INT':
if (is_numeric($v) && floor($v) == $v) {
$pass = TRUE;
$v = (int) $v;
}
break;
case 'NUM':
if (is_numeric($v)) {
$pass = TRUE;
$v = (double) $v;
}
break;
case 'TXT':
$v = trim($v);
if (mb_strpos($v, '<') === FALSE) {
$pass = TRUE;
} else {
$defret = str_replace('<', '<', $v);
}
break;
case 'ALP':
$v = trim($v);
$f = cot_alphaonly($v);
if ($v == $f) {
$pass = TRUE;
} else {
$defret = $f;
}
break;
case 'PSW':
$v = trim($v);
$f = preg_replace('#[\'"&<>]#', '', $v);
$f = mb_substr($f, 0, 32);
if ($v == $f) {
$pass = TRUE;
} else {
$defret = $f;
}
break;
case 'HTM':
$v = trim($v);
$pass = TRUE;
break;
case 'ARR':
$pass = TRUE;
break;
case 'BOL':
if ($v == '1' || $v == 'on') {
$pass = TRUE;
$v = TRUE;
} elseif ($v == '0' || $v == 'off') {
$pass = TRUE;
$v = FALSE;
} else {
$defret = FALSE;
}
break;
case 'NOC':
$pass = TRUE;
break;
default:
cot_diefatal('Unknown filter for a variable : <br />Var = ' . $v . '<br />Filter = "' . $filter . '" ?');
break;
}
if (!$pass || !in_array($filter, array('INT', 'NUM', 'BOL', 'ARR'))) {
$v = preg_replace('/(&#\\d+)(?![\\d;])/', '$1;', $v);
}
if ($pass) {
return $v;
} else {
if ($log) {
cot_log_import($source, $filter, $name, $v);
}
if ($dieonerror) {
cot_diefatal('Wrong input.');
} else {
return $defret;
}
}
}
/**
* Generates a checklistbox output
* @param mixed $chosen Checkbox state
* @param string $name Input name
* @param array $values Options available
* @param array $titles Titles for options
* @param mixed $attrs Additional attributes as an associative array or a string
* @param string $separator Option separator, by default is taken from $R['input_radio_separator']
* @param bool $addnull add nullvalue field for easycheck if chechlisybox is isset on the form
* @param string $custom_rc Custom resource string name
* @return string
*/
function cot_checklistbox($chosen, $name, $values, $titles = array(), $attrs = '', $separator = '', $addnull = true, $custom_rc = '')
{
global $R;
if (!is_array($values)) {
$values = explode(',', $values);
}
if (!is_array($titles)) {
$titles = explode(',', $titles);
}
$use_titles = count($values) == count($titles);
$input_attrs = cot_rc_attr_string($attrs);
$chosen = cot_import_buffered($name, $chosen);
if (empty($separator)) {
$separator = $R['input_radio_separator'];
}
$i = 0;
$result = '';
if ($addnull) {
$result .= cot_inputbox('hidden', $name . '[nullval]', 'nullval');
}
$rc_name = preg_match('#^(\\w+)\\[(.*?)\\]$#', $name, $mt) ? $mt[1] : $name;
$rc = empty($R["input_check_{$rc_name}"]) ? empty($custom_rc) ? 'input_check' : $custom_rc : "input_check_{$rc_name}";
foreach ($values as $k => $x) {
$i++;
$x = trim($x);
$checked = is_array($chosen) && in_array($x, $chosen) || !is_array($chosen) && $x == $chosen ? ' checked="checked"' : '';
$title = $use_titles ? htmlspecialchars($titles[$k]) : htmlspecialchars($x);
if ($i > 1) {
$result .= $separator;
}
$result .= cot_rc($rc, array('value' => htmlspecialchars($x), 'name' => $name . '[' . $i . ']', 'checked' => $checked, 'title' => $title, 'attrs' => $input_attrs));
}
return $result;
}
