function pdf_create($html, $filename = '', $stream = TRUE, $invoice_id, $type)
{
require_once "dompdf/dompdf_config.inc.php";
if (get_magic_quotes_gpc()) {
$html = stripslashes($html);
}
$dompdf = new DOMPDF();
$dompdf->load_html($html);
$dompdf->set_paper("a4", "portrait");
$dompdf->render();
$timestamp = date('YmdGis') . $invoice_id;
$filename = $timestamp . '.pdf';
if ($stream) {
$dompdf->stream($filename);
} else {
if ($type == 'invoice') {
$CI =& get_instance();
$CI->load->helper('file');
write_file("invoice/" . $filename, $dompdf->output());
return $filename;
} else {
if ($type == 'salary') {
$CI =& get_instance();
$CI->load->helper('file');
write_file("salary_slip/" . $filename, $dompdf->output());
return $filename;
}
}
}
}
function clean($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return trim(mysql_real_escape_string($value));
}
function PMA_gpc_extract($array, &$target, $sanitize = TRUE)
{
if (!is_array($array)) {
return FALSE;
}
$is_magic_quotes = get_magic_quotes_gpc();
foreach ($array as $key => $value) {
/**
* 2005-02-22, rabus:
*
* This is just an ugly hotfix to avoid changing internal config
* parameters.
*
* Currently, the following variable names are rejected when found in
* $_GET or $_POST: cfg, GLOBALS, str* and _*
*/
if ($sanitize && is_string($key) && ($key == 'cfg' || $key == 'GLOBALS' || substr($key, 0, 3) == 'str' || $key[0] == '_')) {
continue;
}
if (is_array($value)) {
// there could be a variable coming from a cookie of
// another application, with the same name as this array
unset($target[$key]);
PMA_gpc_extract($value, $target[$key], FALSE);
} else {
if ($is_magic_quotes) {
$target[$key] = stripslashes($value);
} else {
$target[$key] = $value;
}
}
}
return TRUE;
}
function stripStr($str)
{
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
}
function mysql_fix_string($conn, $string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $conn->real_escape_string($string);
}
public function check_input($value)
{
if (get_magic_quotes_gpc()) {
$value = sqlite_escape_string($value);
}
return $value;
}
function mres($input)
{
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
return mysql_real_escape_string($input);
}
function backslash(&$arr, $escape)
{
$magic_on = get_magic_quotes_gpc();
if ($escape && !$magic_on) {
foreach ($arr as $k => $v) {
switch (gettype($v)) {
case 'string':
$arr[$k] = addslashes($v);
break;
case 'array':
backslash($arr[$k], true);
}
}
}
if (!$escape && $magic_on) {
foreach ($arr as $k => $v) {
switch (gettype($v)) {
case 'string':
$arr[$k] = stripslashes($v);
break;
case 'array':
backslash($arr[$k], false);
}
}
}
}
function set_configuration($meeting)
{
global $strOmegaPathWriteFailed, $strOmegaNoPath;
//if(@is_dir($_POST['path'])){
// test local path for writing
$fp = fopen($_POST['path'] . "/test.txt", 'w');
if (!$fp) {
$GLOBALS['ERROR'] = $strOmegaPathWriteFailed;
} else {
fclose($fp);
unlink($_POST['path'] . "/test.txt");
}
mysql_query("LOCK TABLES zeitmessung WRITE");
$res = mysql_query("SELECT * FROM zeitmessung WHERE xMeeting = {$meeting}");
if (mysql_errno() > 0) {
AA_printErrorMsg(mysql_errno() . ": " . mysql_error());
} else {
if (!get_magic_quotes_gpc()) {
$_POST['path'] = addslashes($_POST['path']);
$_POST['ftppath'] = addslashes($_POST['ftppath']);
$_POST['sponsor'] = addslashes($_POST['sponsor']);
}
if (mysql_num_rows($res) == 0) {
mysql_query("\r\n\t\t\t\t\t\tINSERT INTO zeitmessung\r\n\t\t\t\t\t\tSET\tOMEGA_Verbindung = '" . $_POST['connection'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Pfad = '" . $_POST['path'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Server = '" . $_POST['host'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Benutzer = '" . $_POST['user'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Passwort = '" . $_POST['pass'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Ftppfad = '" . $_POST['ftppath'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Sponsor = '" . $_POST['sponsor'] . "'\r\n\t\t\t\t\t\t\t, xMeeting = {$meeting}\r\n\t\t\t\t\t\t");
} else {
mysql_query("\r\n\t\t\t\t\t\tUPDATE zeitmessung\r\n\t\t\t\t\t\tSET\tOMEGA_Verbindung = '" . $_POST['connection'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Pfad = '" . $_POST['path'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Server = '" . $_POST['host'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Benutzer = '" . $_POST['user'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Passwort = '" . $_POST['pass'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Ftppfad = '" . $_POST['ftppath'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Sponsor = '" . $_POST['sponsor'] . "'\r\n\t\t\t\t\t\tWHERE\txMeeting = {$meeting}\r\n\t\t\t\t\t\t");
}
}
mysql_query("UNLOCK TABLES");
/*} else {
$GLOBALS['ERROR'] = $strOmegaNoPath;
}*/
}
/**
* Override the default Symphony constructor to initialise the Log, Config
* and Database objects for installation/update. This allows us to use the
* normal accessors.
*/
protected function __construct()
{
if (get_magic_quotes_gpc()) {
General::cleanArray($_SERVER);
General::cleanArray($_COOKIE);
General::cleanArray($_GET);
General::cleanArray($_POST);
}
// Include the default Config for installation.
include INSTALL . '/includes/config_default.php';
$this->initialiseConfiguration($settings);
// Initialize date/time
define_safe('__SYM_DATE_FORMAT__', self::Configuration()->get('date_format', 'region'));
define_safe('__SYM_TIME_FORMAT__', self::Configuration()->get('time_format', 'region'));
define_safe('__SYM_DATETIME_FORMAT__', __SYM_DATE_FORMAT__ . self::Configuration()->get('datetime_separator', 'region') . __SYM_TIME_FORMAT__);
DateTimeObj::setSettings(self::Configuration()->get('region'));
// Initialize language
$this->initialiseLang();
// Initialize logs
$this->initialiseLog(INSTALL_LOGS . '/install');
// Initialize database
$this->initialiseDatabase();
// Initialize error handlers
GenericExceptionHandler::initialise(Symphony::Log());
GenericErrorHandler::initialise(Symphony::Log());
}
/**
* Méthode qui supprime les antislashs
*
* @param content variable ou tableau
* @return array ou string tableau ou variable avec les antislashs supprimés
**/
public static function unSlash($content)
{
if (get_magic_quotes_gpc() == 1) {
if (is_array($content)) {
# On traite un tableau
foreach ($content as $k => $v) {
# On parcourt le tableau
if (is_array($v)) {
foreach ($v as $key => $val) {
$new_content[$k][$key] = stripslashes($val);
}
} else {
$new_content[$k] = stripslashes($v);
}
}
} else {
# On traite une chaine
$new_content = stripslashes($content);
}
# On retourne le tableau modifie
return $new_content;
} else {
return $content;
}
}
public function __construct()
{
if (!get_magic_quotes_gpc()) {
$_POST = new_addslashes($_POST);
$_GET = new_addslashes($_GET);
$_REQUEST = new_addslashes($_REQUEST);
$_COOKIE = new_addslashes($_COOKIE);
}
$this->route_config = pc_base::load_config('route', SITE_URL) ? pc_base::load_config('route', SITE_URL) : pc_base::load_config('route', 'default');
if (isset($this->route_config['data']['POST']) && is_array($this->route_config['data']['POST'])) {
foreach ($this->route_config['data']['POST'] as $_key => $_value) {
if (!isset($_POST[$_key])) {
$_POST[$_key] = $_value;
}
}
}
if (isset($this->route_config['data']['GET']) && is_array($this->route_config['data']['GET'])) {
foreach ($this->route_config['data']['GET'] as $_key => $_value) {
if (!isset($_GET[$_key])) {
$_GET[$_key] = $_value;
}
}
}
if (isset($_GET['page'])) {
$_GET['page'] = max(intval($_GET['page']), 1);
}
return true;
}
static function init()
{
$version_file = APP_PATH . '/../version';
if (file_exists($version_file)) {
self::$version = trim(@file_get_contents($version_file));
}
$config_file = APP_PATH . '/config/config.php';
if (!file_exists($config_file)) {
throw new Exception("No config file");
}
$config = (include $config_file);
self::$config = $config;
self::$env = $config['env'];
#self::$context = new stdClass();
self::$context = new Context();
Logger::init($config['logger']);
if (isset($config['db'])) {
Db::init($config['db']);
}
if (get_magic_quotes_gpc()) {
foreach ($_GET as $k => $v) {
$_GET[$k] = Text::stripslashes($v);
}
foreach ($_POST as $k => $v) {
$_POST[$k] = Text::stripslashes($v);
}
foreach ($_COOKIE as $k => $v) {
$_COOKIE[$k] = Text::stripslashes($v);
}
}
$_REQUEST = $_GET + $_POST + $_COOKIE;
}
/**
* Anti-Mysql-Injection method, escapes a string.
*
* @param string $text_to_escape
*/
public static function setEscape($text_to_escape)
{
if (!get_magic_quotes_gpc()) {
$text_to_escape = mysql_real_escape_string($text_to_escape);
}
return $text_to_escape;
}
function __construct()
{
$this->open_connection();
$this->magic_quotes_active = get_magic_quotes_gpc();
$this->real_escape_string_exists = function_exists("mysql_real_escape_string");
// i.e. PHP >= v4.3.0
}
function SafeStripSlashes($text)
{
if (get_magic_quotes_gpc()) {
return stripslashes($text);
}
return $text;
}
/**
* 변수 유무 체크 처리
*
* @param string $vars 변수명
* @param string $message 에러메시지
* @param string $code 반환코드
* @param string $type Y일경우 변수값이 없으면 에러, N일 경우 필수가 아님
* @return string $clean_input 보안처리된 변수값 반환
*/
private function param_proc($vars, $message = '', $code, $type = 'Y')
{
if ($type == 'Y') {
if (@$this->_request[$vars] == '') {
$this->response($message, $code);
exit;
} else {
//변수에 대한 보안처리
if (get_magic_quotes_gpc()) {
$data = trim(stripslashes($this->_request[$vars]));
} else {
$data = $this->_request[$vars];
}
$data = strip_tags($data);
$clean_input = trim($data);
return $clean_input;
}
} else {
if ($type == 'N') {
//변수에 대한 보안처리
if (get_magic_quotes_gpc()) {
$data = trim(stripslashes(@$this->_request[$vars]));
} else {
$data = @$this->_request[$vars];
}
$data = strip_tags($data);
$clean_input = trim($data);
return $clean_input;
}
}
}
/**
* Validates a IPN message
*
* @return boolean
*/
public function validate()
{
if (isset($this->isIpnVerified)) {
return $this->isIpnVerified;
} else {
$request = self::IPN_CMD;
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() == 1) {
$get_magic_quotes_exists = true;
} else {
$get_magic_quotes_exists = false;
}
foreach ($this->ipnData as $key => $value) {
if ($get_magic_quotes_exists) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$request .= "&{$key}={$value}";
}
$httpConfig = new PPHttpConfig(PPConfigManager::getInstance()->get('service.EndPoint.IPN'));
$httpConfig->addCurlOption(CURLOPT_FORBID_REUSE, 1);
$httpConfig->addCurlOption(CURLOPT_HTTPHEADER, array('Connection: Close'));
$connection = PPConnectionManager::getInstance()->getConnection($httpConfig);
$response = $connection->execute($request);
if ($response == 'VERIFIED') {
$this->isIpnVerified = true;
return true;
}
$this->isIpnVerified = false;
return false;
// value is 'INVALID'
}
}
static function undecorate($str)
{
if (!get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
/**
* Send an e-mail to the admin and another to the user if form passes
* validation.
*/
public function add_ics_feed_frontend()
{
global $wpdb, $ai1ec_settings;
$table_name = $wpdb->prefix . 'ai1ec_event_feeds';
$check = $this->validate_form();
$check['nonce'] = wp_nonce_field('ai1ec_submit_ics_form', AI1EC_POST_TYPE, true, false);
if (true === $check['success']) {
// Strip slashes if ridiculous PHP setting magic_quotes_gpc is enabled.
if (get_magic_quotes_gpc()) {
foreach ($_POST as &$param) {
$param = stripslashes($param);
}
}
// Send admin e-mail.
$admin_email = get_option('admin_email');
$admin_mail_subject = $this->parse_mail($ai1ec_settings->admin_mail_subject);
$admin_mail_body = $this->parse_mail($ai1ec_settings->admin_mail_body);
wp_mail($admin_email, $admin_mail_subject, $admin_mail_body);
// Send user e-mail.
$user_email = $_POST['ai1ec_submitter_email'];
$user_mail_subject = $this->parse_mail($ai1ec_settings->user_mail_subject);
$user_mail_body = $this->parse_mail($ai1ec_settings->user_mail_body);
wp_mail($user_email, $user_mail_subject, $user_mail_body);
}
echo json_encode($check);
exit;
}
protected function _configureViaDSN($dsn)
{
$dsnVars = array();
if (strpos($dsn, '=') === false) {
throw new Zend_Tool_Project_Provider_Exception('At least one name value pair is expected, typcially ' . 'in the format of "adapter=Mysqli&username=uname&password=mypass&dbname=mydb"');
}
parse_str($dsn, $dsnVars);
// parse_str suffers when magic_quotes is enabled
if (get_magic_quotes_gpc()) {
array_walk_recursive($dsnVars, array($this, '_cleanMagicQuotesInValues'));
}
$dbConfigValues = array('resources' => array('db' => null));
if (isset($dsnVars['adapter'])) {
$dbConfigValues['resources']['db']['adapter'] = $dsnVars['adapter'];
unset($dsnVars['adapter']);
}
$dbConfigValues['resources']['db']['params'] = $dsnVars;
$isPretend = $this->_registry->getRequest()->isPretend();
// get the config resource
$applicationConfig = $this->_loadedProfile->search('ApplicationConfigFile');
$applicationConfig->addItem($dbConfigValues, $this->_sectionName, null);
$response = $this->_registry->getResponse();
if ($isPretend) {
$response->appendContent('A db configuration for the ' . $this->_sectionName . ' section would be written to the application config file with the following contents: ');
$response->appendContent($applicationConfig->getContents());
} else {
$applicationConfig->create();
$response->appendContent('A db configuration for the ' . $this->_sectionName . ' section has been written to the application config file.');
}
}
/**
* __construct()
*/
public function __construct()
{
global $debug;
$this->_debug = $debug;
$this->open_connection();
$this->_magic_quotes_active = get_magic_quotes_gpc();
}
/**
* Handle a POST request for this map save ressource
* @param Request request
* @return Response
*/
function post($request)
{
$response = new Response($request);
if (isset($_POST['map'])) {
// Remove those slashes
if (get_magic_quotes_gpc()) {
$map = stripslashes($_POST['map']);
} else {
$map = $_POST['map'];
}
$map_obj = json_decode($map);
$geocacheManager = GeocacheManager::getInstance();
$geocaches = $geocacheManager->parseGeocaches($map_obj->{"geocaches"});
foreach ($geocaches as $geocache) {
$geocache->save();
}
$ownWaypoints = $geocacheManager->parseOwnWaypoints($map_obj->{"costumMarkers"});
foreach ($ownWaypoints as $ownWaypoint) {
$ownWaypoint->save();
}
$response->code = Response::OK;
$response->addHeader('Content-type', 'text/plain');
$response->body = print_r($map, true);
} else {
$response->code = Response::BADREQUEST;
}
return $response;
}
/**
* The Symphony constructor initialises the class variables of Symphony.
* It will set the DateTime settings, define new date constants and initialise
* the correct Language for the currently logged in Author. If magic quotes
* are enabled, Symphony will sanitize the `$_SERVER`, `$_COOKIE`,
* `$_GET` and `$_POST` arrays. The constructor loads in
* the initial Configuration values from the `CONFIG` file
*/
protected function __construct()
{
self::$Profiler = Profiler::instance();
if (get_magic_quotes_gpc()) {
General::cleanArray($_SERVER);
General::cleanArray($_COOKIE);
General::cleanArray($_GET);
General::cleanArray($_POST);
}
// Set date format throughout the system
define_safe('__SYM_DATE_FORMAT__', self::Configuration()->get('date_format', 'region'));
define_safe('__SYM_TIME_FORMAT__', self::Configuration()->get('time_format', 'region'));
define_safe('__SYM_DATETIME_FORMAT__', __SYM_DATE_FORMAT__ . self::Configuration()->get('datetime_separator', 'region') . __SYM_TIME_FORMAT__);
DateTimeObj::setSettings(self::Configuration()->get('region'));
self::initialiseErrorHandler();
// Initialize language management
Lang::initialize();
Lang::set(self::$Configuration->get('lang', 'symphony'));
self::initialiseCookie();
// If the user is not a logged in Author, turn off the verbose error messages.
if (!self::isLoggedIn() && is_null(self::$Author)) {
GenericExceptionHandler::$enabled = false;
}
// Engine is ready.
self::$Profiler->sample('Engine Initialisation');
}
public static function prepareSuperglobal($array)
{
if (!get_magic_quotes_gpc()) {
return $array;
}
return self::recursiveStripslashes($array);
}
/**
* Process notification from google
* @return Mage_GoogleCheckout_Model_Api_Xml_Callback
*/
public function process()
{
// Retrieve the XML sent in the HTTP POST request to the ResponseHandler
$xmlResponse = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : file_get_contents("php://input");
if (get_magic_quotes_gpc()) {
$xmlResponse = stripslashes($xmlResponse);
}
$debugData = array('request' => $xmlResponse, 'dir' => 'in');
if (empty($xmlResponse)) {
$this->getApi()->debugData($debugData);
return false;
}
list($root, $data) = $this->getGResponse()->GetParsedXML($xmlResponse);
$this->getGResponse()->SetMerchantAuthentication($this->getMerchantId(), $this->getMerchantKey());
$status = $this->getGResponse()->HttpAuthentication();
if (!$status || empty($data[$root])) {
exit;
}
$this->setRootName($root)->setRoot($data[$root]);
$this->getGResponse()->setSerialNumber($this->getData('root/serial-number'));
$method = '_response' . uc_words($root, '', '-');
if (method_exists($this, $method)) {
ob_start();
try {
$this->{$method}();
} catch (Exception $e) {
$this->getGResponse()->log->logError($e->__toString());
}
$debugData['result'] = ob_get_flush();
$this->getApi()->debugData($debugData);
} else {
$this->getGResponse()->SendBadRequestStatus("Invalid or not supported Message");
}
return $this;
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = $theValue != "" ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
/**
* @see ExportTypePlugin::generate()
*/
public function generate($generator)
{
$exportTarget = $generator->getExportTarget();
$postData = $generator->getPostData();
$data = $generator->generateExportData();
$content = "";
$htmlFormat = isset($postData["etHTMLExportFormat"]) ? $postData["etHTMLExportFormat"] : "custom";
if ($htmlFormat == "custom") {
$smartyTemplate = get_magic_quotes_gpc() ? stripslashes($postData["etHTMLCustomHTMLSource"]) : $postData["etHTMLCustomHTMLSource"];
$content .= $this->genFormatCustom($data, $smartyTemplate);
} else {
// if we're generating the data in the context of a new window/tab, include the additional
// necessary HTML & styles to prettify it a bit
if ($exportTarget == "newTab" || $exportTarget == "promptDownload") {
$content .= $this->generateExportHeader();
}
switch ($htmlFormat) {
case "table":
$content .= $this->genFormatTable($data);
break;
case "ul":
$content .= $this->genFormatUl($data);
break;
case "dl":
$content .= $this->genFormatDl($data);
break;
}
if ($exportTarget == "newTab" || $exportTarget == "promptDownload") {
$content .= $this->generateExportFooter();
}
}
return array("success" => true, "content" => $content);
}
private function _init_env()
{
error_reporting(E_ERROR);
define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
// ' " \ NULL 等字符转义 当magic_quotes_gpc=On的时候,函数get_magic_quotes_gpc()就会返回1
define('GZIP', function_exists('ob_gzhandler'));
// ob 缓存压缩输出
if (function_exists('date_default_timezone_set')) {
@date_default_timezone_set('Etc/GMT-8');
//东八区 北京时间
}
define('TIMESTAMP', time());
if (!defined('BLOG_FUNCTION') && !@(include BLOG_ROOT . '/source/functions.php')) {
exit('functions.php is missing');
}
define('IS_ROBOT', checkrobot());
global $_B;
$_B = array('uid' => 0, 'username' => '', 'groupid' => 0, 'timestamp' => TIMESTAMP, 'clientip' => $this->_get_client_ip(), 'mobile' => '', 'agent' => '', 'admin' => 0);
checkmobile();
$_B['PHP_SELF'] = bhtmlspecialchars($this->_get_script_url());
$_B['basefilename'] = basename($_B['PHP_SELF']);
$sitepath = substr($_B['PHP_SELF'], 0, strrpos($_B['PHP_SELF'], '/'));
$_B['siteurl'] = bhtmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . $sitepath . '/');
getReferer();
$url = parse_url($_B['siteurl']);
$_B['siteroot'] = isset($url['path']) ? $url['path'] : '';
$_B['siteport'] = empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT'];
$this->b =& $_B;
}
function ADVT_stripslashes($text)
{
if (get_magic_quotes_gpc() == 1) {
return filter($text, "nohtml");
}
return $text;
}
