function process_form_input() { log_debug("journal_process", "Executing process_form_input()"); $this->structure["action"] = @security_form_input_predefined("any", "action", 1, ""); $this->structure["type"] = @security_form_input_predefined("any", "type", 1, ""); $this->structure["title"] = @security_form_input_predefined("any", "title", 0, ""); $this->structure["content"] = @security_form_input_predefined("any", "content", 0, ""); $this->structure["customid"] = @security_form_input_predefined("int", "id_custom", 0, ""); $this->structure["id"] = @security_form_input_predefined("int", "id_journal", 0, ""); if ($this->structure["type"] == "text" && $this->structure["action"] != "delete") { // need title field for text entries if (!$this->structure["title"]) { $_SESSION["error"]["message"][] = "You must provide a title"; $_SESSION["error"]["title-error"] = 1; } // need content field for text entries if (!$this->structure["content"]) { $_SESSION["error"]["message"][] = "You must provide some content"; $_SESSION["error"]["content-error"] = 1; } } // file upload - get the temporary name // we still need to security check it, otherwise someone could pull a nasty exploit using a specially name file. :-) if ($this->structure["type"] == "file") { // a file might not have been uploaded - we want to allow users to be able // to change the notes on file uploads, without having to upload the file again. if ($_FILES["upload"]["size"] < 1) { // nothing has been uploaded if (!$this->structure["id"]) { // this is a new upload - a file MUST be provided for the first upload // use the file_storage class to perform error handling. $file_obj = new file_storage(); $file_obj->verify_upload_form("upload"); } else { // no file has been uploaded. We better get the old title so we don't lose it $this->structure["title"] = sql_get_singlevalue("SELECT title as value FROM journal WHERE id='" . $this->structure["id"] . "' LIMIT 1"); } } else { // a file has been uploaded - perform verification of the file, if there // are any problems, the function will raise errors. $file_obj = new file_storage(); $file_obj->verify_upload_form("upload"); // set the title of the journal entry to the filename $this->structure["title"] = @security_script_input("/^[\\S\\s]*\$/", $_FILES["upload"]["name"]); } } }
Load Data */ $obj_rate_table = new cdr_rate_table(); $obj_rate_table->id = @security_form_input_predefined("int", "id_rate_table", 1, ""); $cdr_import_mode = @security_form_input_predefined("any", "cdr_rate_import_mode", 1, ""); /* Verify valid rate table */ if (!$obj_rate_table->verify_id()) { log_write("error", "process", "The CDR rate table you have attempted to edit - " . $obj_rate_table->id . " - does not exist in this system."); } /* Verify File Upload */ $file_obj = new file_storage(); $file_obj->verify_upload_form("cdr_rate_import_file", array("csv", "zip")); /* Handle Errors */ if (error_check()) { header("Location: ../index.php?page=services/cdr-rates-import.php&id=" . $obj_rate_table->id); exit(0); } else { error_clear(); /* Load the file */ $rate_table = array(); switch (format_file_extension($_FILES["cdr_rate_import_file"]["name"])) { case "zip": /*
TODO: * complete remaining notes * better handling of unmatches/unprocessible rows * further testing * slash ALL input data to prevent exploit risk or having charactors that are not form friendly break the processing form. */ // fetch type information $import_upload_type = @security_form_input_predefined("any", "import_upload_type", 1, ""); // check type requirements switch ($import_upload_type) { case "file_bind_8": // Bind 8/9 compatible zonefile $file_obj = new file_storage(); $file_obj->verify_upload_form("import_upload_file"); break; default: log_write("error", "process", "An invalid import type (\"" . $import_upload_type . "\") was uploaded"); break; } /* Handle Validation Errors */ if (error_check()) { header("Location: ../index.php?page=domains/import.php&mode=1"); exit(0); } /* Import the data */
access: "accounts_import_statement" group members Validates the uploaded statement file as being a supported format and reads in the data into session information to pass to the column assignment and then the record matching pages. */ //inclues require "../../include/config.php"; require "../../include/amberphplib/main.php"; if (user_permissions_get("accounts_import_statement")) { /* Process Uploaded File */ $file_obj = new file_storage(); $file_obj->verify_upload_form("BANK_STATEMENT", array("csv")); $dest_account = @security_form_input_predefined("int", "dest_account", 1, ""); $employeeid = @security_form_input_predefined("any", "employeeid", 1, ""); /* Check for obvious errors */ if (error_check()) { header("Location: ../../index.php?page=accounts/import/bankstatement.php"); exit(0); } /* Import File Contents */ // declare array $transactions = array(); // set file type
$data["COMPANY_CONTACT_EMAIL"] = @security_form_input_predefined("email", "COMPANY_CONTACT_EMAIL", 1, ""); $data["COMPANY_CONTACT_PHONE"] = @security_form_input_predefined("any", "COMPANY_CONTACT_PHONE", 1, ""); $data["COMPANY_CONTACT_FAX"] = @security_form_input_predefined("any", "COMPANY_CONTACT_FAX", 0, ""); $data["COMPANY_ADDRESS1_STREET"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_STREET", 1, ""); $data["COMPANY_ADDRESS1_CITY"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_CITY", 1, ""); $data["COMPANY_ADDRESS1_STATE"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_STATE", 0, ""); $data["COMPANY_ADDRESS1_COUNTRY"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_COUNTRY", 1, ""); $data["COMPANY_ADDRESS1_ZIPCODE"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_ZIPCODE", 0, ""); $data["COMPANY_PAYMENT_DETAILS"] = @security_form_input_predefined("any", "COMPANY_PAYMENT_DETAILS", 1, ""); /* Process company logo upload and verify content if any has been supplied. Enforce png only */ $file_obj = new file_storage(); if ($_FILES["COMPANY_LOGO"]["size"] > 1) { $file_obj->verify_upload_form("COMPANY_LOGO", array("png")); } /* Error Handling */ if (error_check()) { $_SESSION["error"]["form"]["config_company"] = "failed"; header("Location: ../index.php?page=admin/config_company.php"); exit(0); } else { $_SESSION["error"] = array(); /* Start Transaction */ $sql_obj = new sql_query(); $sql_obj->trans_begin();