/** * Searches the recipes database and returns the results * @return array */ public function searchRecipes($postData) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) { array_htmlspecialchars($_POST); // store search tokens $search_string = $_POST['search']; // explode search tokens to array $tokens = explode(" ", $search_string); // remove empty fields from tokens and re-index $tokens = array_values(array_filter($tokens)); // print_var($tokens); // if actual search intput was provided if (!empty($tokens)) { $select = 'SELECT * FROM recipes WHERE '; $construct = ""; # append search fields foreach ($tokens as $key => $value) { $construct .= 'recipe_name LIKE "%' . $value . '%" OR '; } // remove the last two characters as they contain an extra OR $construct = substr($construct, 0, strlen($construct) - 3); // create final SQL query $select .= $construct; // prepare query $statementHandler = Database::getInstance()->query($select); // fetch results return $results = $statementHandler->fetchAll(PDO::FETCH_ASSOC); } } }
public function validateLoginCredentails() { // send form data to the model if ($_SERVER['REQUEST_METHOD'] == 'POST') { // clean user input array_htmlspecialchars($_POST); // store username and password in object $this->username = $_POST['username']; $this->password = $_POST['password']; // invoke login form validator $LoginModel = new LoginModel(); $LoginModel->validateFormData($_POST); var_dump($LoginModel->validateFormData($_POST)); // get errors array $errorsArray = $LoginModel->getErrorsArray(); if (filter_by_value($errorsArray, 'error', '1')) { // render errors to client require APP_PATH . 'views/login/login.php'; } else { } echo "<br><br>ERRORS START: <br>"; print_var($errorsArray); // render errors to client // require(APP_PATH . 'views/login/login.php'); echo "HELLLLLO"; echo URL_WITH_INDEX_FILE; } }
public function saveAction() { $values = Zend_Json::decode($this->getParam("data")); // convert all special characters to their entities so the xml writer can put it into the file $values = array_htmlspecialchars($values); try { $sphinx_config = new SphinxSearch_Config(); $sphinx_config->writeSphinxConfig(); $plugin_config = new SphinxSearch_Config_Plugin(); $config_data = $plugin_config->getData(); $config_data["path"]["pid"] = $values["sphinxsearch.path_pid"]; $config_data["path"]["querylog"] = $values["sphinxsearch.path_querylog"]; $config_data["path"]["log"] = $values["sphinxsearch.path_logfile"]; $config_data["path"]["indexer"] = $values["sphinxsearch.path_indexer"]; $config_data["path"]["phpcli"] = $values["sphinxsearch.path_phpcli"]; $config_data["path"]["searchd"] = $values["sphinxsearch.path_searchd"]; $config_data["indexer"]["period"] = $values["sphinxsearch.indexer_period"]; $config_data["indexer"]["runwithmaintenance"] = $values["sphinxsearch.indexer_maintenance"] == "true" ? "true" : "false"; $config_data["indexer"]["onchange"] = $values["sphinxsearch.indexer_onchange"]; $config_data["documents"]["use_i18n"] = $values["sphinxsearch.documents_i18n"] == "true" ? "true" : "false"; $config_data["searchd"]["port"] = $values["sphinxsearch.searchd_port"]; $plugin_config->setData($config_data); $plugin_config->save(); $this->_helper->json(array("success" => true)); } catch (Exception $e) { $this->_helper->json(false); } }
public function setAction() { $values = \Zend_Json::decode($this->getParam("data")); $values = array_htmlspecialchars($values); foreach ($values as $key => $value) { Model\Configuration::set($key, $value); } $this->_helper->json(array("success" => true)); }
/** * @param $array * @return array */ function array_htmlspecialchars($array) { foreach ($array as $key => $value) { if (is_string($value) || is_numeric($value)) { $array[$key] = htmlspecialchars($value, ENT_COMPAT, "UTF-8"); } else { if (is_array($value)) { $array[$key] = array_htmlspecialchars($value); } } } return $array; }
public function updateAction() { $code = Qrcode\Config::getByName($this->getParam("name")); $data = \Zend_Json::decode($this->getParam("configuration")); $data = array_htmlspecialchars($data); foreach ($data as $key => $value) { $setter = "set" . ucfirst($key); if (method_exists($code, $setter)) { $code->{$setter}($value); } } $code->save(); $this->_helper->json(array("success" => true)); }
function aq_array_htmlspecialchars(&$input) { if (is_array($input)) { foreach ($input as $key => $value) { if (is_array($value)) { $input[$key] = array_htmlspecialchars($value); } else { $input[$key] = htmlspecialchars($value); } } return $input; } return htmlspecialchars($input); }
public function setAction() { $values = \Zend_Json::decode($this->getParam("data")); // convert all special characters to their entities so the xml writer can put it into the file $values = array_htmlspecialchars($values); // email settings $oldConfig = Config::getConfig(); $oldValues = $oldConfig->toArray(); $settings = array("base" => array("base-currency" => $values["base.base-currency"]), "product" => array("default-image" => $values["product.default-image"], "days-as-new" => $values["product.days-as-new"]), "category" => array("default-image" => $values["category.default-image"])); $config = new \Zend_Config($settings, true); $writer = new \Zend_Config_Writer_Xml(array("config" => $config, "filename" => CORESHOP_CONFIGURATION)); $writer->write(); $this->_helper->json(array("success" => true)); }
function getGET_POST($inputs, $mode) { $mode = strtoupper(trim($mode)); $data = $GLOBALS['_' . $mode]; $data = array_htmlspecialchars($data); array_walk_recursive($data, "trim"); $keys = array_keys($data); $filters = explode(',', $inputs); foreach ($keys as $k) { if (!in_array($k, $filters)) { unset($data[$k]); } } return $data; }
public function updateAction() { $letter = Newsletter\Config::getByName($this->getParam("name")); $data = \Zend_Json::decode($this->getParam("configuration")); $data = array_htmlspecialchars($data); if ($emailDoc = Document::getByPath($data["document"])) { $data["document"] = $emailDoc->getId(); } foreach ($data as $key => $value) { $setter = "set" . ucfirst($key); if (method_exists($letter, $setter)) { $letter->{$setter}($value); } } $letter->save(); $this->_helper->json(array("success" => true)); }
/** * @param array $config */ public function config($config = array()) { $settings = null; // check for an initial configuration template // used eg. by the demo installer $configTemplatePath = PIMCORE_CONFIGURATION_DIRECTORY . "/system.xml.template"; if (file_exists($configTemplatePath)) { try { $configTemplate = new \Zend_Config_Xml($configTemplatePath); if ($configTemplate->general) { // check if the template contains a valid configuration $settings = $configTemplate->toArray(); // unset database configuration unset($settings["database"]["params"]["host"]); unset($settings["database"]["params"]["port"]); } } catch (\Exception $e) { } } // set default configuration if no template is present if (!$settings) { // write configuration file $settings = array("general" => array("timezone" => "Europe/Berlin", "language" => "en", "validLanguages" => "en", "debug" => "1", "debugloglevel" => "debug", "custom_php_logfile" => "1", "extjs6" => "1"), "database" => array("adapter" => "Mysqli", "params" => array("username" => "root", "password" => "", "dbname" => "")), "documents" => array("versions" => array("steps" => "10"), "default_controller" => "default", "default_action" => "default", "error_pages" => array("default" => "/"), "createredirectwhenmoved" => "", "allowtrailingslash" => "no", "allowcapitals" => "no", "generatepreview" => "1"), "objects" => array("versions" => array("steps" => "10")), "assets" => array("versions" => array("steps" => "10")), "services" => array(), "cache" => array("excludeCookie" => ""), "httpclient" => array("adapter" => "Zend_Http_Client_Adapter_Socket")); } $settings = array_replace_recursive($settings, $config); // convert all special characters to their entities so the xml writer can put it into the file $settings = array_htmlspecialchars($settings); // create initial /website/var folder structure // @TODO: should use values out of startup.php (Constants) $varFolders = array("areas", "assets", "backup", "cache", "classes", "config", "email", "log", "plugins", "recyclebin", "search", "system", "tmp", "versions", "webdav"); foreach ($varFolders as $folder) { \Pimcore\File::mkdir(PIMCORE_WEBSITE_VAR . "/" . $folder); } $config = new \Zend_Config($settings, true); $writer = new \Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM)); $writer->write(); }
$message = param('message', '', FALSE); $cover = param('cover'); $seo_title = param('seo_title'); $seo_keywords = param('seo_keywords'); $seo_description = param('seo_description'); !$cateid and message(1, '文章分类未指定'); $arr = array('cateid' => $cateid, 'subject' => $subject, 'brief' => $brief, 'message' => $message, 'cover' => $cover, 'uid' => $uid, 'create_date' => $time, 'update_date' => $time, 'ip' => $longip, 'seo_title' => $seo_title, 'seo_keywords' => $seo_keywords, 'seo_description' => $seo_description); $r = article_replace($articleid, $arr); $r !== FALSE ? message(0, '创建成功') : message(11, '创建失败'); } } elseif ($action == 'update') { if ($method == 'GET') { $articleid = param(2, 0); $header['title'] = '更新文章'; $article = article_read($articleid); array_htmlspecialchars($article); include "./admin/view/article_update.htm"; } elseif ($method == 'POST') { $articleid = param(2, 0); $cateid = param('cateid', 0); $subject = param('subject'); $brief = param('brief'); $message = param('message', '', FALSE); $cover = param('cover'); $seo_title = param('seo_title'); $seo_keywords = param('seo_keywords'); $seo_description = param('seo_description'); !$cateid and message(1, '请指定文章分类'); !$subject and message(2, '请填写标题'); !$message and message(3, '请填写内容'); $arr = array('cateid' => $cateid, 'subject' => $subject, 'brief' => $brief, 'message' => $message, 'cover' => $cover, 'update_date' => $time, 'seo_title' => $seo_title, 'seo_keywords' => $seo_keywords, 'seo_description' => $seo_description);
} ?> <link rel="bookmark" href="http://lsd.fi.muni.cz/webgen/" title="<?php echo $webgen_info[$language]; ?> " /> <script type="text/javascript"> <?php // promenne ze SESSION do JS // nejprve pridame vsem prvkum ve vzbranych polich addslashes() $_SESSION = array_htmlspecialchars_decode(array_map_r('addslashes', $_SESSION)); // nahrajeme promenne do JS getJavascriptArray($_SESSION, 'session', $result); // vratime na puvodni hodnotu pomoci stripslashes() $_SESSION = array_htmlspecialchars(array_map_r('stripslashes', $_SESSION)); // ulozim si aktualni krok, kvuli napovede getJavascriptArray($_GET, 'get', $result); // nacteni nekterych promluv do js promennych getJavascriptArray($webgen_basic_info, 'webgen_basic_info', $result); getJavascriptArray($feat_answ_next, 'feat_answ_next', $result); getJavascriptArray($webgen_u_r_day, 'webgen_u_r_day', $result); getJavascriptArray($webgen_u_s_project_next, 'webgen_u_s_project_next', $result); getJavascriptArray($webgen_u_s_project_coauthor_next, 'webgen_u_s_project_coauthor_next', $result); getJavascriptArray($webgen_firm_direction_another, 'webgen_firm_direction_another', $result); getJavascriptArray($webgen_firm_workload_another, 'webgen_firm_workload_another', $result); getJavascriptArray($hobby_next, 'hobby_next', $result); getJavascriptArray($knowledge_next, 'knowledge_next', $result); getJavascriptArray($webgen_cv_edu_from, 'webgen_cv_edu_from', $result); getJavascriptArray($webgen_cv_lang_type, 'webgen_cv_lang_type', $result); getJavascriptArray($webgen_links_undef_description, 'webgen_links_undef_description', $result);
/** * Validates new projects being created by performing error checks on user input * @return boolean Returns false if user input fields threw an error */ public function validateNewProject() { if ($_SERVER['REQUEST_METHOD'] == 'POST') { array_htmlspecialchars($_POST); $this->project_name = $_POST['projectName']; $this->facilitator = $_POST['facilitator']; $this->project_due_date = $_POST['projectDueDate']; $this->project_description = trim($_POST['projectDescription']); // validate project name if (!ctype_alnum(remove_whitespace($this->project_name))) { $this->errors['project_name']['error'] = 1; } elseif ($this->projectAlreadyExists() == TRUE) { $this->errors['project_exists']['error'] = 1; } // validate instructor name if (validate_instructor($this->facilitator) == FALSE) { $this->errors['instructor']['error'] = 1; } // validate project description if (strlen($this->project_description) < 100) { $this->errors['project_description']['error'] = 1; } // validating due date field by attempting to make a DateTime object if (DateTime::createFromFormat("Y-m-d", $this->project_due_date) == false) { $this->errors['project_due_date_invalid']['error'] = 1; } // check for empty fields if (empty($this->project_name) or empty($this->facilitator)) { $this->errors['empty']['error'] = 1; } // check if a file was uploaded and if so run validation $this->confidentiality_agreement_file_validation(); // run through the errors array and check if any errors are set to 1 $error_exists = 0; foreach ($this->errors as $key => $value) { if ($this->errors[$key]['error'] == 1) { $error_exists = 1; } } // return true if file was validated if ($error_exists == 0) { /** * insert project record to database depending on user type * * note - professor accounts will update the claimed section automatically to 1 * so that the project does not show up on the search results once claimed */ if ($_SESSION['Account_Type'] == 'Professor') { $this->insertNewProjectProfessor(); } elseif ($_SESSION['Account_Type'] = 'Business') { $this->insertNewProjectBusiness(); } // save uploaded file to disk drive if (!empty($_SESSION['Create_New_Project'])) { $this->saveFileToDisk(); } // unset session variable unset($_SESSION['Create_New_Project']); // redirect user header('Location: create_project_success.php'); } else { return false; } } }
public function tagManagementUpdateAction() { $this->checkPermission("tag_snippet_management"); $tag = Model\Tool\Tag\Config::getByName($this->getParam("name")); $data = \Zend_Json::decode($this->getParam("configuration")); $data = array_htmlspecialchars($data); $items = array(); foreach ($data as $key => $value) { $setter = "set" . ucfirst($key); if (method_exists($tag, $setter)) { $tag->{$setter}($value); } if (strpos($key, "item.") === 0) { $cleanKeyParts = explode(".", $key); $items[$cleanKeyParts[1]][$cleanKeyParts[2]] = $value; } } $tag->resetItems(); foreach ($items as $item) { $tag->addItem($item); } // parameters get/post $params = array(); for ($i = 0; $i < 5; $i++) { $params[] = array("name" => $data["params.name" . $i], "value" => $data["params.value" . $i]); } $tag->setParams($params); if ($this->getParam("name") != $data["name"]) { $tag->setName($this->getParam("name")); // set the old name again, so that the old file get's deleted $tag->delete(); // delete the old config / file $tag->setName($data["name"]); } $tag->save(); $this->_helper->json(array("success" => true)); }
public function setSystemAction() { if ($this->getUser()->isAllowed("system_settings")) { $values = Zend_Json::decode($this->_getParam("data")); $oldConfig = Pimcore_Config::getSystemConfig(); $oldValues = $oldConfig->toArray(); $smtpPassword = $values["email.smtp.auth.password"]; if (empty($smtpPassword)) { $smtpPassword = $oldValues['email']['smtp']['auth']['password']; } // convert all special characters to their entities so the xml writer can put it into the file $values = array_htmlspecialchars($values); $settings = array("general" => array("timezone" => $values["general.timezone"], "php_cli" => $values["general.php_cli"], "domain" => $values["general.domain"], "language" => $values["general.language"], "validLanguages" => $values["general.validLanguages"], "theme" => $values["general.theme"], "loginscreenimageservice" => $values["general.loginscreenimageservice"], "loginscreencustomimage" => $values["general.loginscreencustomimage"], "debug" => $values["general.debug"], "debug_ip" => $values["general.debug_ip"], "firephp" => $values["general.firephp"], "loglevel" => array("debug" => $values["general.loglevel.debug"], "info" => $values["general.loglevel.info"], "notice" => $values["general.loglevel.notice"], "warning" => $values["general.loglevel.warning"], "error" => $values["general.loglevel.error"], "critical" => $oldValues["general"]["loglevel"]["critical"], "alert" => $oldValues["general"]["loglevel"]["alert"], "emergency" => $oldValues["general"]["loglevel"]["emergency"]), "devmode" => $values["general.devmode"], "logrecipient" => $values["general.logrecipient"], "welcomescreen" => $values["general.welcomescreen"], "viewSuffix" => $values["general.viewSuffix"]), "database" => $oldValues["database"], "documents" => array("versions" => array("days" => $values["documents.versions.days"], "steps" => $values["documents.versions.steps"]), "default_controller" => $values["documents.default_controller"], "default_action" => $values["documents.default_action"], "error_page" => $values["documents.error_page"], "allowtrailingslash" => $values["documents.allowtrailingslash"], "allowcapitals" => $values["documents.allowcapitals"]), "objects" => array("versions" => array("days" => $values["objects.versions.days"], "steps" => $values["objects.versions.steps"])), "assets" => array("webdav" => array("hostname" => $values["assets.webdav.hostname"]), "versions" => array("days" => $values["assets.versions.days"], "steps" => $values["assets.versions.steps"]), "ffmpeg" => $values["assets.ffmpeg"]), "services" => array("googlemaps" => array("apikey" => $values["services.googlemaps.apikey"]), "translate" => array("apikey" => $values["services.translate.apikey"]), "google" => array("username" => $values["services.google.username"], "password" => $values["services.google.password"])), "cache" => array("enabled" => $values["cache.enabled"], "lifetime" => $values["cache.lifetime"], "excludePatterns" => $values["cache.excludePatterns"], "excludeCookie" => $values["cache.excludeCookie"]), "outputfilters" => array("imagedatauri" => $values["outputfilters.imagedatauri"], "less" => $values["outputfilters.less"], "lesscpath" => $values["outputfilters.lesscpath"], "cssminify" => $values["outputfilters.cssminify"], "javascriptminify" => $values["outputfilters.javascriptminify"], "javascriptminifyalgorithm" => $values["outputfilters.javascriptminifyalgorithm"], "htmlminify" => $values["outputfilters.htmlminify"], "cdn" => $values["outputfilters.cdn"], "cdnhostnames" => $values["outputfilters.cdnhostnames"], "cdnpatterns" => $values["outputfilters.cdnpatterns"]), "email" => array("sender" => array("name" => $values["email.sender.name"], "email" => $values["email.sender.email"]), "return" => array("name" => $values["email.return.name"], "email" => $values["email.return.email"]), "method" => $values["email.method"], "smtp" => array("host" => $values["email.smtp.host"], "port" => $values["email.smtp.port"], "ssl" => $values["email.smtp.ssl"], "name" => $values["email.smtp.name"], "auth" => array("method" => $values["email.smtp.auth.method"], "username" => $values["email.smtp.auth.username"], "password" => $smtpPassword)), "debug" => array("emailaddresses" => $values["email.debug.emailAddresses"])), "webservice" => array("enabled" => $values["webservice.enabled"]), "httpclient" => array("adapter" => $values["httpclient.adapter"], "proxy_host" => $values["httpclient.proxy_host"], "proxy_port" => $values["httpclient.proxy_port"], "proxy_user" => $values["httpclient.proxy_user"], "proxy_pass" => $values["httpclient.proxy_pass"])); $config = new Zend_Config($settings, true); $writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM)); $writer->write(); $this->_helper->json(array("success" => true)); } else { if ($this->getUser() != null) { Logger::err("user [" . $this->getUser()->getId() . "] attempted to change system settings, but has no permission to do so."); } else { Logger::err("attempt to change system settings, but no user in session."); } } $this->_helper->json(false); }
function array_htmlspecialchars(&$var) { if (is_array($var)) { foreach ($var as $k => &$v) { array_htmlspecialchars($v); } } else { $var = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $var); } return $var; }
$header['title'] = '板块更新'; $forum = forum_read($fid); $grouplist = group_find(); $accesslist = forum_access_find_by_fid($fid); if (empty($accesslist)) { foreach ($grouplist as $group) { $accesslist[$group['gid']] = $group; // 字段名相同,直接覆盖。 } } else { foreach ($accesslist as &$access) { $access['name'] = $grouplist[$access['gid']]['name']; // 字段名相同,直接覆盖。 } } array_htmlspecialchars($forum); include "./admin/view/forum_update.htm"; } elseif ($method == 'POST') { $fid = param(2, 0); $name = param('name'); $rank = param('rank'); $moduids = param('moduids'); $moduids = forum_filter_moduid($moduids); $forum = forum_read($fid); empty($name) and message(1, '论坛名称不能为空'); // 列表页 ajax post 逐行提交 $arr = array('name' => $name, 'rank' => $rank, 'create_date' => $time); // 详情页的 POST 提交 if (isset($_POST['brief'])) { empty($forum) and message(11, '版块不存在'); $brief = param('brief', '', FALSE);
<?php // valid languages is new in system config $configArray = Pimcore_Config::getSystemConfig()->toArray(); $configArray["general"]["custom_php_logfile"] = "1"; $configArray = array_htmlspecialchars($configArray); $config = new Zend_Config($configArray, true); $writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM)); $writer->write();
public function tagManagementUpdateAction() { $tag = Tool_Tag_Config::getByName($this->_getParam("name")); $data = Zend_Json::decode($this->_getParam("configuration")); $data = array_htmlspecialchars($data); $items = array(); foreach ($data as $key => $value) { $setter = "set" . ucfirst($key); if (method_exists($tag, $setter)) { $tag->{$setter}($value); } if (strpos($key, "item.") === 0) { $cleanKeyParts = explode(".", $key); $items[$cleanKeyParts[1]][$cleanKeyParts[2]] = $value; } } $tag->resetItems(); foreach ($items as $item) { $tag->addItem($item); } // parameters get/post $params = array(); for ($i = 0; $i < 5; $i++) { $params[] = array("name" => $data["params.name" . $i], "value" => $data["params.value" . $i]); } $tag->setParams($params); $tag->save(); // clear cache tag Pimcore_Model_Cache::clearTag("tagmanagement"); $this->_helper->json(array("success" => true)); }