/** * Filter data from file uploader * * @param string $name * @return array $filtered */ function fn_filter_uploaded_data($name) { $udata_local = fn_rebuid_files('file_' . $name); $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array(); $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array(); //var_dump($udata_local);var_dump($udata_other);var_dump($utype); if (empty($utype)) { return array(); } $filtered = array(); //var_dump($udata_local); foreach ($utype as $id => $type) { if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) { $filtered[$id] = fn_get_local_data(fn_strip_slashes($udata_local[$id])); } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') { fn_get_last_key($udata_other[$id], 'fn_get_server_data', true); $filtered[$id] = $udata_other[$id]; } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) { fn_get_last_key($udata_other[$id], 'fn_get_url_data', true); $filtered[$id] = $udata_other[$id]; } if (!empty($filtered[$id]['name'])) { $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name'])); // replace spaces with underscores $ext = fn_get_file_ext($filtered[$id]['name']); if (in_array($ext, Registry::get('config.forbidden_file_extensions'))) { unset($filtered[$id]); $msg = fn_get_lang_var('text_forbidden_file_extension'); $msg = str_replace('[ext]', $ext, $msg); fn_set_notification('E', fn_get_lang_var('error'), $msg); } } } static $shutdown_inited; if (!$shutdown_inited) { $shutdown_inited = true; register_shutdown_function('fn_remove_temp_data'); } //var_dump($filtered); //die(); return $filtered; }
function fn_find_file($prefix, $file) { $file = fn_strip_slashes($file); // Absolute path if (is_file($file)) { return realpath($file); } // Path is relative to prefix if (is_file($prefix . '/' . $file)) { return realpath($prefix . '/' . $file); } // Url if (strpos($file, '://') !== false) { $content = fn_get_contents($file); if (!empty($content)) { $fname = basename($file); if (empty($fname) || strpos($fname, '?') !== false) { $fname = basename(fn_create_temp_file()); } if (fn_put_contents(DIR_COMPILED . $fname, $content)) { return DIR_COMPILED . $fname; } } } return false; }
function fn_trusted_vars() { $args = func_get_args(); if (sizeof($args) > 0) { foreach ($args as $k => $v) { if (isset($_POST[$v])) { $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_POST[$v] : fn_strip_slashes($_POST[$v]); } elseif (isset($_GET[$v])) { $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_GET[$v] : fn_strip_slashes($_GET[$v]); } } } return true; }
/** * Sanitize input data * * @param mixed $data data to filter * @return mixed filtered data */ function fn_safe_input($data) { if (defined('QUOTES_ENABLED')) { $data = fn_strip_slashes($data); } return fn_strip_tags($data); }