echo $title;
?>
</h2>
<p>
The following unit tests are available:
<ul>
<li>ProjectControllerTest tests the VM module's main project controller.</li>
<li>ValidationTest tests the VM module's input validation functions, such as dates and times.</li>
<li>daoTest tests database queries.</li>
</ul>
Click on the name of a test to run it. Click on the link next to a test to view its source code.<br />
<i>Note:</i> the database tests are very query-intensive, and refreshing quickly can lead to concurrency issues with our
current setup. Please click once and wait for the test to complete.
</p>
<?php
foreach (glob(sql_regcase("*test*")) as $file) {
if (stristr($file, 'test') && !stristr('RunTest.php,TestIncludes.php', $file)) {
$name = str_replace('.php', '', $file);
echo "<a href=\"RunTest.php?test={$name}\">{$name}</a> ";
echo "<small>(<a href=\"RunTest.php?source={$name}\">view unit test source</a>)</small><br />";
}
}
?>
<br />
<form action="RunTest" method="get">
<label for="test">Test name: </label>
<input type="text" name="test" id="test" value="<?php
echo $test;
?>
"/>
<input type="submit" value="Run" />
static function cleanSqlCommands($string)
{
$string = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $string);
$string = strip_tags($string);
$string = get_magic_quotes_gpc() ? $string : addslashes($string);
return $string;
}
function anti_injection($sql)
{
$sql = preg_replace(sql_regcase("/(table|or|from|select|insert|delete|where|drop table|like|show tables|\\'|'\\| |=|-|;|,|\\|'|<|>|#|\\*|--|\\\\)/"), "", $sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = get_magic_quotes_gpc() ? $sql : addslashes($sql);
return $sql;
}
public function removerSQLInjection($strTexto)
{
@($strTexto = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|\\*|--|\\\\)/"), "", $strTexto));
@($strTexto = trim($strTexto));
// @$strTexto = strip_tags($strTexto);
//@$strTexto = addslashes($strTexto);
return $strTexto;
}
/**
* retourne la liste des films trouvés
* @return array
*/
public function fetchAll()
{
$pattern = $this->_path . DIRECTORY_SEPARATOR . '*.{' . $this->_extensions . '}';
$t = array();
foreach (glob(sql_regcase($pattern), GLOB_BRACE) as $file) {
// sql_regcase pour matcher avi et AVI
$t[] = new Default_Model_Film($file);
}
return $t;
}
function antiSQL($string)
{
if ($string == NULL) {
return $string;
}
if (get_magic_quotes_gpc() == 0) {
$string = addslashes($string);
}
preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $string);
$string = strip_tags($string);
return $string;
}
public static function antiSqlInjection4($str)
{
# Remove palavras suspeitas de injection.
$str = preg_replace(sql_regcase("/(\n|\r|%0a|%0d|Content-Type:|bcc:|to:|cc:|Autoreply:|from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $str);
$str = trim($str);
# Remove espaços vazios.
$str = strip_tags($str);
# Remove tags HTML e PHP.
$str = addslashes($str);
# Adiciona barras invertidas à uma string.
return $str;
}
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $sql);
$sql = trim($sql);
//limpa espaços vazio
$sql = strip_tags($sql);
//tira tags html e php
$sql = addslashes($sql);
//Adiciona barras invertidas a uma string
return $sql;
}
function BitcoinAddressCheck($UserInput)
{
if (preg_match("/[^A-Za-z0-9]/", $UserInput)) {
return "password";
} else {
$UserInput = $UserInput;
$UserInput = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $UserInput);
$UserInput = trim($UserInput);
$UserInput = strip_tags($UserInput);
$UserInput = get_magic_quotes_gpc() ? $UserInput : addslashes($UserInput);
return $UserInput;
}
}
/**
* DoFilter
*
* @param mixed $value
* @param array $modes
* @return mixed
* @static
* @since 1.0
*/
protected static function _doFilter($value, $mode)
{
switch ($mode) {
case 'html':
$value = strip_tags($value);
$value = addslashes($value);
$value = htmlspecialchars($value);
break;
case 'sql':
$value = preg_replace(sql_regcase('/(from|select|insert|delete|where|drop table|show tables|#|\\*| |\\\\)/'), '', $value);
$value = trim($value);
break;
}
return $value;
}
/**
* Compatible function, supporting PHP7+, because:
* http://php.net/sql_regcase !Warning! This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
*/
function _sql_regcase($str)
{
if (function_exists('sql_regcase')) {
return sql_regcase($str);
}
$res = '';
$chars = str_split($str);
foreach ($chars as $char) {
if (preg_match('/[A-Za-z]/', $char)) {
$res .= '[' . mb_strtoupper($char, 'UTF-8') . mb_strtolower($char, 'UTF-8') . ']';
} else {
$res .= $char;
}
}
return $res;
}
function anti_inject($campo)
{
foreach ($campo as $key => $val) {
//remove words that contains syntax sql
$val = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $val);
//Remove empty spaces
$val = trim($val);
//Removes tags html/php
$val = strip_tags($val);
//Add inverted bars to a string
$val = addslashes($val);
// store it back into the array
$campo[$key] = $val;
}
return $campo;
//Returns the the var clean
}
/**
* @static
* @return array
*/
public static function getAvailableCultures()
{
//FCKeditor's available languages
$fck = self::getFCKeditorsLanguages();
//Prado's available languages
$prado = CultureInfo::getCultures();
//Gets the intersection through comparison
$intersection = array();
foreach ($prado as $p) {
foreach ($fck as $f) {
if (eregi("^" . sql_regcase($p) . "\$", str_replace('-', '_', $f))) {
$intersection[$p] = $f;
}
}
}
unset($fck, $prado);
//Include languages that were not included, but are available.
$intersection['ja'] = 'jp';
$intersection['ja_JP'] = 'jp';
$intersection['ja_JP_TRADITIONAL'] = 'jp';
return $intersection;
}
function highlight($text, $keyval)
{
global $ssearch;
$txt = $text;
$hicolor = array('#FFFF66', '#ADD8E6', '#90EE8A', '#FF99FF');
$keys = array();
$keys = !is_array($keyval) ? array($keyval) : $keyval;
foreach ($keys as $key) {
if (mb_strlen($key[0]) > 0) {
$key[0] = stripslashes($key[0]);
if (isset($ssearch['ignore_specchar']) && $ssearch['ignore_specchar'] == 'on') {
$case = $ssearch['ignore_case'] == 'on' ? '/i' : '/';
$txt = preg_replace('/' . recode2regexp_utf8($key[0]) . $case, '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
} else {
if (!isset($ssearch['ignore_specchar']) || $ssearch['ignore_specchar'] == '') {
$case = $ssearch['ignore_case'] == 'on' ? '/i' : '/';
$txt = preg_replace('/' . $key[0] . $case, '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
} else {
$txt = preg_replace('/' . sql_regcase($key[0]) . '/i', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
}
}
}
}
return $txt;
}
/**
* Setting some vars in TSFE, primarily based on TypoScript config settings.
*
* @return void
*/
public static function pagegenInit()
{
if ($GLOBALS['TSFE']->page['content_from_pid'] > 0) {
$temp_copy_TSFE = clone $GLOBALS['TSFE'];
// make REAL copy of TSFE object - not reference!
$temp_copy_TSFE->id = $GLOBALS['TSFE']->page['content_from_pid'];
// Set ->id to the content_from_pid value - we are going to evaluate this pid as was it a given id for a page-display!
$temp_copy_TSFE->getPageAndRootlineWithDomain($GLOBALS['TSFE']->config['config']['content_from_pid_allowOutsideDomain'] ? 0 : $GLOBALS['TSFE']->domainStartPage);
$GLOBALS['TSFE']->contentPid = intval($temp_copy_TSFE->id);
unset($temp_copy_TSFE);
}
if ($GLOBALS['TSFE']->config['config']['MP_defaults']) {
$temp_parts = t3lib_div::trimExplode('|', $GLOBALS['TSFE']->config['config']['MP_defaults'], 1);
foreach ($temp_parts as $temp_p) {
list($temp_idP, $temp_MPp) = explode(':', $temp_p, 2);
$temp_ids = t3lib_div::intExplode(',', $temp_idP);
foreach ($temp_ids as $temp_id) {
$GLOBALS['TSFE']->MP_defaults[$temp_id] = $temp_MPp;
}
}
}
// Global vars...
$GLOBALS['TSFE']->indexedDocTitle = $GLOBALS['TSFE']->page['title'];
$GLOBALS['TSFE']->debug = '' . $GLOBALS['TSFE']->config['config']['debug'];
// Base url:
if ($GLOBALS['TSFE']->config['config']['baseURL']) {
if ($GLOBALS['TSFE']->config['config']['baseURL'] === '1') {
// Deprecated property, going to be dropped.
$error = 'Unsupported TypoScript property was found in this template: "config.baseURL="1"
This setting has been deprecated in TYPO 3.8.1 due to security concerns.
You need to change this value to the URL of your website root, otherwise TYPO3 will not work!
See <a href="http://wiki.typo3.org/index.php/TYPO3_3.8.1" target="_blank">wiki.typo3.org/index.php/TYPO3_3.8.1</a> for more information.';
$GLOBALS['TSFE']->printError(nl2br($error));
exit;
} else {
$GLOBALS['TSFE']->baseUrl = $GLOBALS['TSFE']->config['config']['baseURL'];
}
$GLOBALS['TSFE']->anchorPrefix = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
}
// Internal and External target defaults
$GLOBALS['TSFE']->intTarget = '' . $GLOBALS['TSFE']->config['config']['intTarget'];
$GLOBALS['TSFE']->extTarget = '' . $GLOBALS['TSFE']->config['config']['extTarget'];
$GLOBALS['TSFE']->fileTarget = '' . $GLOBALS['TSFE']->config['config']['fileTarget'];
if ($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'] === 'ascii') {
$GLOBALS['TSFE']->spamProtectEmailAddresses = 'ascii';
} else {
$GLOBALS['TSFE']->spamProtectEmailAddresses = t3lib_div::intInRange($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'], -10, 10, 0);
}
$GLOBALS['TSFE']->absRefPrefix = $GLOBALS['TSFE']->config['config']['absRefPrefix'] ? trim($GLOBALS['TSFE']->config['config']['absRefPrefix']) : '';
if ($GLOBALS['TSFE']->type && $GLOBALS['TSFE']->config['config']['frameReloadIfNotInFrameset']) {
$tdlLD = $GLOBALS['TSFE']->tmpl->linkData($GLOBALS['TSFE']->page, '_top', $GLOBALS['TSFE']->no_cache, '');
$GLOBALS['TSFE']->JSCode = 'if(!parent.' . trim($GLOBALS['TSFE']->sPre) . ' && !parent.view_frame) top.location.href="' . $GLOBALS['TSFE']->baseUrlWrap($tdlLD['totalURL']) . '"';
}
$GLOBALS['TSFE']->compensateFieldWidth = '' . $GLOBALS['TSFE']->config['config']['compensateFieldWidth'];
$GLOBALS['TSFE']->lockFilePath = '' . $GLOBALS['TSFE']->config['config']['lockFilePath'];
$GLOBALS['TSFE']->lockFilePath = $GLOBALS['TSFE']->lockFilePath ? $GLOBALS['TSFE']->lockFilePath : $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];
$GLOBALS['TYPO3_CONF_VARS']['GFX']['im_noScaleUp'] = isset($GLOBALS['TSFE']->config['config']['noScaleUp']) ? '' . $GLOBALS['TSFE']->config['config']['noScaleUp'] : $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_noScaleUp'];
$GLOBALS['TSFE']->TYPO3_CONF_VARS['GFX']['im_noScaleUp'] = $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_noScaleUp'];
$GLOBALS['TSFE']->ATagParams = trim($GLOBALS['TSFE']->config['config']['ATagParams']) ? ' ' . trim($GLOBALS['TSFE']->config['config']['ATagParams']) : '';
if ($GLOBALS['TSFE']->config['config']['setJS_mouseOver']) {
$GLOBALS['TSFE']->setJS('mouseOver');
}
if ($GLOBALS['TSFE']->config['config']['setJS_openPic']) {
$GLOBALS['TSFE']->setJS('openPic');
}
$GLOBALS['TSFE']->sWordRegEx = '';
$GLOBALS['TSFE']->sWordList = t3lib_div::_GP('sword_list');
if (is_array($GLOBALS['TSFE']->sWordList)) {
$standAlone = trim('' . $GLOBALS['TSFE']->config['config']['sword_standAlone']);
$noMixedCase = trim('' . $GLOBALS['TSFE']->config['config']['sword_noMixedCase']);
$space = $standAlone ? '[[:space:]]' : '';
foreach ($GLOBALS['TSFE']->sWordList as $val) {
if (trim($val)) {
if (!$noMixedCase) {
$GLOBALS['TSFE']->sWordRegEx .= $space . sql_regcase(quotemeta($val)) . $space . '|';
} else {
$GLOBALS['TSFE']->sWordRegEx .= $space . quotemeta($val) . $space . '|';
}
}
}
$GLOBALS['TSFE']->sWordRegEx = preg_replace('/\\|$/', '', $GLOBALS['TSFE']->sWordRegEx);
}
// linkVars
$linkVars = (string) $GLOBALS['TSFE']->config['config']['linkVars'];
if ($linkVars) {
$linkVarArr = explode(',', $linkVars);
$GLOBALS['TSFE']->linkVars = '';
$GET = t3lib_div::_GET();
foreach ($linkVarArr as $val) {
$val = trim($val);
if (preg_match('/^(.*)\\((.+)\\)$/', $val, $match)) {
$val = trim($match[1]);
$test = trim($match[2]);
} else {
unset($test);
}
if ($val && isset($GET[$val])) {
if (!is_array($GET[$val])) {
$tmpVal = rawurlencode($GET[$val]);
if ($test && !TSpagegen::isAllowedLinkVarValue($tmpVal, $test)) {
continue;
// Error: This value was not allowed for this key
}
$value = '&' . $val . '=' . $tmpVal;
} else {
if ($test && strcmp('array', $test)) {
continue;
// Error: This key must not be an array!
}
$value = t3lib_div::implodeArrayForUrl($val, $GET[$val]);
}
} else {
continue;
}
$GLOBALS['TSFE']->linkVars .= $value;
}
unset($GET);
} else {
$GLOBALS['TSFE']->linkVars = '';
}
// Setting XHTML-doctype from doctype
if (!$GLOBALS['TSFE']->config['config']['xhtmlDoctype']) {
$GLOBALS['TSFE']->config['config']['xhtmlDoctype'] = $GLOBALS['TSFE']->config['config']['doctype'];
}
if ($GLOBALS['TSFE']->config['config']['xhtmlDoctype']) {
$GLOBALS['TSFE']->xhtmlDoctype = $GLOBALS['TSFE']->config['config']['xhtmlDoctype'];
// Checking XHTML-docytpe
switch ((string) $GLOBALS['TSFE']->config['config']['xhtmlDoctype']) {
case 'xhtml_trans':
case 'xhtml_strict':
case 'xhtml_frames':
$GLOBALS['TSFE']->xhtmlVersion = 100;
break;
case 'xhtml_basic':
$GLOBALS['TSFE']->xhtmlVersion = 105;
break;
case 'xhtml_11':
$GLOBALS['TSFE']->xhtmlVersion = 110;
break;
case 'xhtml_2':
$GLOBALS['TSFE']->xhtmlVersion = 200;
break;
default:
$GLOBALS['TSFE']->getPageRenderer()->setRenderXhtml(FALSE);
$GLOBALS['TSFE']->xhtmlDoctype = '';
$GLOBALS['TSFE']->xhtmlVersion = 0;
}
} else {
$GLOBALS['TSFE']->getPageRenderer()->setRenderXhtml(FALSE);
}
}
<?php
$str = "K#V3050";
echo "<b>原字符串:</b><br/>{$str}";
echo "<br/>";
echo "<br/>";
$reg_str = sql_regcase($str);
echo "<b>使用函数sql_regcase()生成的正则表达式为:</b>";
echo "<br/>";
echo $reg_str;
function refineQuery($query, $condition)
{
$queryToken['body'] = $query;
if (ereg("(.*)(" . sql_regcase("order by") . ".*)\$", $queryToken['body'], $token)) {
$queryToken['order_by'] = $token[2];
$queryToken['body'] = $token[1];
}
if (ereg("(.*)(" . sql_regcase("where") . ".*)\$", $queryToken['body'], $token)) {
$queryToken['where'] = $token[2];
$queryToken['body'] = $token[1];
}
$query = $queryToken['body'];
if ($queryToken['where'] == "") {
if ($condition != "") {
$query .= " WHERE {$condition} ";
}
} else {
$query .= $queryToken['where'] . " AND {$condition} ";
}
$query .= $queryToken['order_by'];
return $query;
}
<?php
sql_regcase(str_repeat('x', 1 << 30));
print "Done\n";
function test_sql_regcase()
{
VS(sql_regcase("Foo - bar."), "[Ff][Oo][Oo] - [Bb][Aa][Rr].");
}
/**
* Creates a regular expression out of a list of tags
*
* @param mixed $tagArray: the list of tags (either as array or string if it is one tag)
* @return string the regular expression
*/
public function tag_regex($tags)
{
$tags = !is_array($tags) ? array($tags) : $tags;
$regexp = '';
$c = count($tags);
foreach ($tags as $tag) {
$c--;
$regexp .= '<' . sql_regcase($tag) . "[[:space:]]" . ($c ? '|' : '');
}
return $regexp;
}
function highlight($text, $keyval)
{
global $ssearch;
$txt = $text;
$hicolor = array('#FFFF66', '#ADD8E6', '#90EE8A', '#FF99FF');
$keys = array();
if (!is_array($keyval)) {
$keys = array($keyval);
} else {
$keys = $keyval;
}
foreach ($keys as $key) {
if (mb_strlen($key[0]) > 0) {
$key[0] = stripslashes($key[0]);
$metacharacters = array('\\', '(', ')', '$', '[', '*', '+', '|', '.', '^', '?');
$metareplacement = array('\\\\', '\\(', '\\)', '\\$', '\\[', '\\*', '\\+', '\\|', '\\.', '\\^', '\\?');
$key[0] = mb_str_replace($metacharacters, $metareplacement, $key[0]);
if (isset($ssearch['ignore_specchar']) && $ssearch['ignore_specchar'] == 'on') {
if ($ssearch['ignore_case'] == 'on') {
$txt = preg_replace('/' . recode2regexp_utf8($key[0]) . '/i', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
} else {
$txt = preg_replace('/' . recode2regexp_utf8($key[0]) . '/', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
}
} elseif (!isset($ssearch['ignore_specchar']) || $ssearch['ignore_specchar'] == '') {
if ($ssearch['ignore_case'] == 'on') {
$txt = preg_replace('/' . $key[0] . '/i', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
} else {
$txt = preg_replace('/' . $key[0] . '/', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
}
} else {
$txt = preg_replace('/' . sql_regcase($key[0]) . '/i', '<span style="background:' . $hicolor[$key[1]] . '" >\\0</span>', $txt);
}
}
}
return $txt;
}
function highlight($text, $keyval)
{
global $ssearch;
$txt = $text;
$hicolor = array("#FFFF66", "#ADD8E6", "#90EE8A", "#FF99FF");
$keys = array();
if (!is_array($keyval)) {
$keys = array($keyval);
} else {
$keys = $keyval;
}
foreach ($keys as $key) {
if (strlen($key[0]) > 0) {
$key[0] = stripslashes($key[0]);
if (isset($ssearch['ignore_specchar']) && $ssearch['ignore_specchar'] == "on") {
if ($ssearch['ignore_case'] == 'on') {
$txt = eregi_replace(recode2regexp_utf8($key[0]), "<span style=\"background:" . $hicolor[$key[1]] . "\" >\\0</span>", $txt);
} else {
$txt = ereg_replace(recode2regexp_utf8($key[0]), "<span style=\"background:" . $hicolor[$key[1]] . "\" >\\0</span>", $txt);
}
} elseif (!isset($ssearch['ignore_specchar']) || $ssearch['ignore_specchar'] == "") {
if ($ssearch['ignore_case'] == 'on') {
$txt = eregi_replace($key[0], "<span style=\"background:" . $hicolor[$key[1]] . "\" >\\0</span>", $txt);
} else {
$txt = ereg_replace($key[0], "<span style=\"background:" . $hicolor[$key[1]] . "\" >\\0</span>", $txt);
}
} else {
$txt = eregi_replace(sql_regcase($key[0]), "<span style=\"background:" . $hicolor[$key[1]] . "\" >\\0</span>", $txt);
}
}
}
return $txt;
}
function wikify($alias, $link, $txt)
{
$r = preg_split('((>)|(<))', $txt, -1, PREG_SPLIT_DELIM_CAPTURE);
$ns = '';
for ($i = 0; $i < count($r); $i++) {
if ($r[$i] == "<") {
$i += 2;
continue;
}
$r[$i] = eregi_replace(sql_regcase($alias), '<a href="' . $link . '">' . $alias . '</a>', $r[$i]);
}
return join("", $r);
}
<html>
<head>
<title>sql_regcase() Demo</title>
</head>
<body>
<?php
$sequenceToMatch = "Doctor";
$myPattern = sql_regcase($sequenceToMatch);
echo "<p>To match '{$sequenceToMatch}' the sql_regcase() function produces: '{$myPattern}'.</p>";
?>
</body>
</html>
eregi_replace(); import_request_variables(); mcrypt_generic_end(); mysql_db_query(); mysql_escape_string(); mysql_list_dbs(); mysqli_bind_param(); mysqli_bind_result(); mysqli_client_encoding(); mysqli_fetch(); mysqli_param_count(); mysqli_get_metadata(); mysqli_send_long_data(); magic_quotes_runtime(); session_register(); session_unregister(); session_is_registered(); set_magic_quotes_runtime(); set_socket_blocking(); split(); spliti(); sql_regcase(); php_logo_guid(); php_egg_logo_guid(); php_real_logo_guid(); zend_logo_guid(); datefmt_set_timezone_id(); mcrypt_ecb(); mcrypt_cbc(); mcrypt_cfb(); mcrypt_ofb();
function dirtree(&$alldirs, $types = '*.*', $root = '', $tree = '', $branch = '', $level = 0)
{
// filter file types according to type
$filetypes = explode(',', preg_replace('{[ \\t]+}', '', $types));
if ($level == 0 && is_dir($root . $tree . $branch)) {
$filenum = 0;
foreach ($filetypes as $filetype) {
$filenum = $filenum + count(glob($root . $tree . $branch . sql_regcase($filetype), GLOB_NOSORT));
}
$treeparts = explode('/', rtrim($tree, '/'));
$topname = end($treeparts);
$alldirs[] = array($branch, rtrim($topname, '/') . ' (' . $filenum . ')', rtrim($topname, '/'), rtrim($topname, '/'), $filenum, filemtime($root . $tree . $branch));
}
$level++;
$dh = opendir($root . $tree . $branch);
while (($dirname = readdir($dh)) !== false) {
if ($dirname != '.' && $dirname != '..' && is_dir($root . $tree . $branch . $dirname) && $dirname != '_thumbs') {
$filenum = 0;
foreach ($filetypes as $filetype) {
$filenum = $filenum + count(glob($root . $tree . $branch . $dirname . '/' . sql_regcase($filetype), GLOB_NOSORT));
}
$indent = '';
for ($i = 0; $i < $level; $i++) {
$indent .= ' ';
}
if (strlen($indent) > 0) {
$indent .= '→ ';
}
$alldirs[] = array(urlencode($branch . $dirname . '/'), $indent . $dirname . ' (' . $filenum . ')', $indent . $dirname, $dirname, $filenum, filemtime($root . $tree . $branch . $dirname));
dirtree($alldirs, $types, $root, $tree, $branch . $dirname . '/', $level);
}
}
closedir($dh);
$level--;
}
<?php $version = "php 4.0"; print sql_regcase($version); // outputs [Pp] [Hh] [Pp] 4.0
function RemoveXSS(&$val)
{
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as <java\0script>
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
$val = preg_replace('/([\\x00-\\x08][\\x0b-\\x0c][\\x0e-\\x20])/', '', $val);
//REMOVE SQL INJECTION
$val = preg_replace(sql_regcase("/(\n|\r|%0a|%0d|Content-Type:|bcc:|to:|cc:|Autoreply:|from|select|insert|truncate|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $val);
// straight replacements, the user should never need these since they're normal characters
// this prevents like <IMG SRC=@avascript:alert('XSS')>
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0; $i < strlen($search); $i++) {
// ;? matches the ;, which is optional
// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
// @ @ search for the hex values
$val = preg_replace('/(&#[x|X]0{0,8}' . dechex(ord($search[$i])) . ';?)/i', $search[$i], $val);
// with a ;
// @ @ 0{0,7} matches '0' zero to seven times
$val = preg_replace('/(�{0,8}' . ord($search[$i]) . ';?)/', $search[$i], $val);
// with a ;
}
// now the only remaining whitespace attacks are \t, \n, and \r
$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
$ra = array_merge($ra1, $ra2);
$found = true;
// keep replacing as long as the previous round replaced something
while ($found == true) {
$val_before = $val;
for ($i = 0; $i < sizeof($ra); $i++) {
$pattern = '/';
for ($j = 0; $j < strlen($ra[$i]); $j++) {
if ($j > 0) {
$pattern .= '(';
$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
$pattern .= '|(�{0,8}([9][10][13]);?)?';
$pattern .= ')?';
}
$pattern .= $ra[$i][$j];
}
$pattern .= '/i';
$replacement = substr($ra[$i], 0, 2) . '<x>' . substr($ra[$i], 2);
// add in <> to nerf the tag
$val = preg_replace($pattern, $replacement, $val);
// filter out the hex tags
if ($val_before == $val) {
// no replacements were made, so exit the loop
$found = false;
}
}
}
// $val = trim($val);
return $val;
}
$columntext .= "&desc={$tempdesc}&dir={$dir}\">{$heading}</a>";
} else {
$columntext = $heading;
}
echo "\t\t<th width={$width}% class=\"header\">{$columntext}</th>\n";
}
echo "</tr>";
if (is_dir($localdir)) {
$dirhandle = opendir($localdir);
}
$dirs = array();
$files = array();
$m3u = array();
$results = array();
if ($search_pattern) {
foreach (glob_recursive("*" . sql_regcase($search_pattern) . "*") as $file) {
if (preg_match("/^\\.\\/files/", $file)) {
$results[] = preg_replace("/^\\.\\//", "", $file);
}
}
} else {
while ($dirhandle && false !== ($file = readdir($dirhandle))) {
if (preg_match("/^\\./", $file)) {
continue;
}
$results[] = "files/{$dir}/{$file}";
}
}
foreach ($results as $file) {
$info = stat("{$file}");
$comment = "";
/**
* Apply a case-insensitive "like" constraint to the named property
*
* @see php://sql_regcase
* @param string field
* @param var value
* @return rdbms.criterion.Criterion
*/
public static function ilike($field, $value)
{
return new SimpleExpression($field, sql_regcase($value), LIKE);
}
