/** * Validate a Zikula variable. * * @param mixed $var The variable to validate. * @param string $type The type of the validation to perform (email, url etc.). * @param mixed $args Optional array with validation-specific settings (deprecated). * * @return boolean True if the validation was successful, false otherwise. */ public static function varValidate($var, $type, $args = 0) { if (!isset($var) || !isset($type)) { return false; } // typecasting (might be useless in this function) $var = (string) $var; $type = (string) $type; static $maxlength = array('modvar' => 64, 'func' => 512, 'api' => 187, 'theme' => 200, 'uname' => 25, 'config' => 64); static $minlength = array('mod' => 1, 'modvar' => 1, 'uname' => 1, 'config' => 1); // commented out some regexps until some useful and working ones are found static $regexp = array('email' => '/^(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\"\\[\\]]\\.?)+@(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\\\"\\[\\]]\\.?)+\\.[a-z]{2,6}$/Ui', 'url' => '/^([!#\\$\\046-\\073=\\077-\\132_\\141-\\172~]|(?:%[a-f0-9]{2}))+$/i'); // special cases if ($type == 'mod' && $var == ModUtil::CONFIG_MODULE) { return true; } if ($type == 'config' && $var == 'dbtype' || $var == 'dbhost' || $var == 'dbuname' || $var == 'dbpass' || $var == 'dbname' || $var == 'system' || $var == 'prefix' || $var == 'encoded') { // The database parameter are not allowed to change return false; } if ($type == 'email' || $type == 'url') { // CSRF protection for email and url $var = str_replace(array('\\r', '\\n', '%0d', '%0a'), '', $var); if (self::getVar('idnnames')) { // transfer between the encoded (Punycode) notation and the decoded (8bit) notation. require_once 'lib/vendor/idn/idna_convert.class.php'; $IDN = new idna_convert(); $var = $IDN->encode(DataUtil::convertToUTF8($var)); } // all characters must be 7 bit ascii $length = strlen($var); $idx = 0; while ($length--) { $c = $var[$idx++]; if (ord($c) > 127) { return false; } } } if ($type == 'url') { // check for url $url_array = @parse_url($var); if (!empty($url_array) && empty($url_array['scheme'])) { return false; } } if ($type == 'uname') { // check for invalid characters if (!preg_match('/^[\\p{L}\\p{N}_\\.\\-]+$/uD', $var)) { return false; } else { $lowerUname = mb_strtolower($var); if ($lowerUname != $var) { return false; } } } // variable passed special checks. We now to generic checkings. // check for maximal length if (isset($maxlength[$type]) && mb_strlen($var) > $maxlength[$type]) { return false; } // check for minimal length if (isset($minlength[$type]) && mb_strlen($var) < $minlength[$type]) { return false; } // check for regular expression if (isset($regexp[$type]) && !preg_match($regexp[$type], $var)) { return false; } // all tests for illegal entries failed, so we assume the var is ok ;-) return true; }
/** * Encode data in JSON and return. * * This functions can add a new authid if requested to do so (default). * If the supplied args is not an array, it will be converted to an * array with 'data' as key. * Authid field will always be named 'authid'. Any other field 'authid' * will be overwritten! * Script execution stops here * * @param mixed $args String or array of data. * @param boolean $createauthid Create a new authid and send it back to the calling javascript. * @param boolean $xjsonheader Send result in X-JSON: header for prototype.js. * @param boolean $statusmsg Include statusmsg in output. * @param string $code Optional error code, default '200 OK'. * * @deprecated since 1.3.0 * * @return void */ public static function output($args, $createauthid = false, $xjsonheader = false, $statusmsg = true, $code = '200 OK') { if (!System::isLegacyMode()) { $response = new Zikula_Response_Ajax($args); echo $response; System::shutDown(); } // Below for reference - to be deleted. // check if an error message is set $msgs = LogUtil::getErrorMessagesText('<br />'); if ($msgs != false && !empty($msgs)) { self::error($msgs); } $data = !is_array($args) ? array('data' => $args) : $args; if ($statusmsg === true) { // now check if a status message is set $msgs = LogUtil::getStatusMessagesText('<br />'); $data['statusmsg'] = $msgs; } if ($createauthid === true) { $data['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName()); } // convert the data to UTF-8 if not already encoded as such // Note: this isn't strict test but relying on the site language pack encoding seems to be a good compromise if (ZLanguage::getEncoding() != 'utf-8') { $data = DataUtil::convertToUTF8($data); } $output = json_encode($data); header("HTTP/1.0 $code"); header('Content-type: application/json'); if ($xjsonheader == true) { header('X-JSON:(' . $output . ')'); } echo $output; System::shutdown(); }