Example #1
0
/**
 * Filter data from file uploader
 *
 * @param string $name
 * @return array $filtered
 */
function fn_filter_uploaded_data($name)
{
    $udata_local = fn_rebuid_files('file_' . $name);
    $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array();
    $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array();
    //var_dump($udata_local);var_dump($udata_other);var_dump($utype);
    if (empty($utype)) {
        return array();
    }
    $filtered = array();
    //var_dump($udata_local);
    foreach ($utype as $id => $type) {
        if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) {
            $filtered[$id] = fn_get_local_data(fn_strip_slashes($udata_local[$id]));
        } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') {
            fn_get_last_key($udata_other[$id], 'fn_get_server_data', true);
            $filtered[$id] = $udata_other[$id];
        } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) {
            fn_get_last_key($udata_other[$id], 'fn_get_url_data', true);
            $filtered[$id] = $udata_other[$id];
        }
        if (!empty($filtered[$id]['name'])) {
            $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name']));
            // replace spaces with underscores
            $ext = fn_get_file_ext($filtered[$id]['name']);
            if (in_array($ext, Registry::get('config.forbidden_file_extensions'))) {
                unset($filtered[$id]);
                $msg = fn_get_lang_var('text_forbidden_file_extension');
                $msg = str_replace('[ext]', $ext, $msg);
                fn_set_notification('E', fn_get_lang_var('error'), $msg);
            }
        }
    }
    static $shutdown_inited;
    if (!$shutdown_inited) {
        $shutdown_inited = true;
        register_shutdown_function('fn_remove_temp_data');
    }
    //var_dump($filtered);
    //die();
    return $filtered;
}
Example #2
0
function fn_find_file($prefix, $file)
{
    $file = fn_strip_slashes($file);
    // Absolute path
    if (is_file($file)) {
        return realpath($file);
    }
    // Path is relative to prefix
    if (is_file($prefix . '/' . $file)) {
        return realpath($prefix . '/' . $file);
    }
    // Url
    if (strpos($file, '://') !== false) {
        $content = fn_get_contents($file);
        if (!empty($content)) {
            $fname = basename($file);
            if (empty($fname) || strpos($fname, '?') !== false) {
                $fname = basename(fn_create_temp_file());
            }
            if (fn_put_contents(DIR_COMPILED . $fname, $content)) {
                return DIR_COMPILED . $fname;
            }
        }
    }
    return false;
}
Example #3
0
function fn_trusted_vars()
{
    $args = func_get_args();
    if (sizeof($args) > 0) {
        foreach ($args as $k => $v) {
            if (isset($_POST[$v])) {
                $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_POST[$v] : fn_strip_slashes($_POST[$v]);
            } elseif (isset($_GET[$v])) {
                $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_GET[$v] : fn_strip_slashes($_GET[$v]);
            }
        }
    }
    return true;
}
Example #4
0
/**
 * Sanitize input data
 *
 * @param mixed $data data to filter
 * @return mixed filtered data
 */
function fn_safe_input($data)
{
    if (defined('QUOTES_ENABLED')) {
        $data = fn_strip_slashes($data);
    }
    return fn_strip_tags($data);
}