/**
* Searches the recipes database and returns the results
* @return array
*/
public function searchRecipes($postData)
{
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) {
array_htmlspecialchars($_POST);
// store search tokens
$search_string = $_POST['search'];
// explode search tokens to array
$tokens = explode(" ", $search_string);
// remove empty fields from tokens and re-index
$tokens = array_values(array_filter($tokens));
// print_var($tokens);
// if actual search intput was provided
if (!empty($tokens)) {
$select = 'SELECT * FROM recipes WHERE ';
$construct = "";
# append search fields
foreach ($tokens as $key => $value) {
$construct .= 'recipe_name LIKE "%' . $value . '%" OR ';
}
// remove the last two characters as they contain an extra OR
$construct = substr($construct, 0, strlen($construct) - 3);
// create final SQL query
$select .= $construct;
// prepare query
$statementHandler = Database::getInstance()->query($select);
// fetch results
return $results = $statementHandler->fetchAll(PDO::FETCH_ASSOC);
}
}
}
public function validateLoginCredentails()
{
// send form data to the model
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// clean user input
array_htmlspecialchars($_POST);
// store username and password in object
$this->username = $_POST['username'];
$this->password = $_POST['password'];
// invoke login form validator
$LoginModel = new LoginModel();
$LoginModel->validateFormData($_POST);
var_dump($LoginModel->validateFormData($_POST));
// get errors array
$errorsArray = $LoginModel->getErrorsArray();
if (filter_by_value($errorsArray, 'error', '1')) {
// render errors to client
require APP_PATH . 'views/login/login.php';
} else {
}
echo "<br><br>ERRORS START: <br>";
print_var($errorsArray);
// render errors to client
// require(APP_PATH . 'views/login/login.php');
echo "HELLLLLO";
echo URL_WITH_INDEX_FILE;
}
}
public function saveAction()
{
$values = Zend_Json::decode($this->getParam("data"));
// convert all special characters to their entities so the xml writer can put it into the file
$values = array_htmlspecialchars($values);
try {
$sphinx_config = new SphinxSearch_Config();
$sphinx_config->writeSphinxConfig();
$plugin_config = new SphinxSearch_Config_Plugin();
$config_data = $plugin_config->getData();
$config_data["path"]["pid"] = $values["sphinxsearch.path_pid"];
$config_data["path"]["querylog"] = $values["sphinxsearch.path_querylog"];
$config_data["path"]["log"] = $values["sphinxsearch.path_logfile"];
$config_data["path"]["indexer"] = $values["sphinxsearch.path_indexer"];
$config_data["path"]["phpcli"] = $values["sphinxsearch.path_phpcli"];
$config_data["path"]["searchd"] = $values["sphinxsearch.path_searchd"];
$config_data["indexer"]["period"] = $values["sphinxsearch.indexer_period"];
$config_data["indexer"]["runwithmaintenance"] = $values["sphinxsearch.indexer_maintenance"] == "true" ? "true" : "false";
$config_data["indexer"]["onchange"] = $values["sphinxsearch.indexer_onchange"];
$config_data["documents"]["use_i18n"] = $values["sphinxsearch.documents_i18n"] == "true" ? "true" : "false";
$config_data["searchd"]["port"] = $values["sphinxsearch.searchd_port"];
$plugin_config->setData($config_data);
$plugin_config->save();
$this->_helper->json(array("success" => true));
} catch (Exception $e) {
$this->_helper->json(false);
}
}
public function setAction()
{
$values = \Zend_Json::decode($this->getParam("data"));
$values = array_htmlspecialchars($values);
foreach ($values as $key => $value) {
Model\Configuration::set($key, $value);
}
$this->_helper->json(array("success" => true));
}
/**
* @param $array
* @return array
*/
function array_htmlspecialchars($array)
{
foreach ($array as $key => $value) {
if (is_string($value) || is_numeric($value)) {
$array[$key] = htmlspecialchars($value, ENT_COMPAT, "UTF-8");
} else {
if (is_array($value)) {
$array[$key] = array_htmlspecialchars($value);
}
}
}
return $array;
}
public function updateAction()
{
$code = Qrcode\Config::getByName($this->getParam("name"));
$data = \Zend_Json::decode($this->getParam("configuration"));
$data = array_htmlspecialchars($data);
foreach ($data as $key => $value) {
$setter = "set" . ucfirst($key);
if (method_exists($code, $setter)) {
$code->{$setter}($value);
}
}
$code->save();
$this->_helper->json(array("success" => true));
}
function aq_array_htmlspecialchars(&$input)
{
if (is_array($input)) {
foreach ($input as $key => $value) {
if (is_array($value)) {
$input[$key] = array_htmlspecialchars($value);
} else {
$input[$key] = htmlspecialchars($value);
}
}
return $input;
}
return htmlspecialchars($input);
}
public function setAction()
{
$values = \Zend_Json::decode($this->getParam("data"));
// convert all special characters to their entities so the xml writer can put it into the file
$values = array_htmlspecialchars($values);
// email settings
$oldConfig = Config::getConfig();
$oldValues = $oldConfig->toArray();
$settings = array("base" => array("base-currency" => $values["base.base-currency"]), "product" => array("default-image" => $values["product.default-image"], "days-as-new" => $values["product.days-as-new"]), "category" => array("default-image" => $values["category.default-image"]));
$config = new \Zend_Config($settings, true);
$writer = new \Zend_Config_Writer_Xml(array("config" => $config, "filename" => CORESHOP_CONFIGURATION));
$writer->write();
$this->_helper->json(array("success" => true));
}
function getGET_POST($inputs, $mode)
{
$mode = strtoupper(trim($mode));
$data = $GLOBALS['_' . $mode];
$data = array_htmlspecialchars($data);
array_walk_recursive($data, "trim");
$keys = array_keys($data);
$filters = explode(',', $inputs);
foreach ($keys as $k) {
if (!in_array($k, $filters)) {
unset($data[$k]);
}
}
return $data;
}
public function updateAction()
{
$letter = Newsletter\Config::getByName($this->getParam("name"));
$data = \Zend_Json::decode($this->getParam("configuration"));
$data = array_htmlspecialchars($data);
if ($emailDoc = Document::getByPath($data["document"])) {
$data["document"] = $emailDoc->getId();
}
foreach ($data as $key => $value) {
$setter = "set" . ucfirst($key);
if (method_exists($letter, $setter)) {
$letter->{$setter}($value);
}
}
$letter->save();
$this->_helper->json(array("success" => true));
}
/**
* @param array $config
*/
public function config($config = array())
{
$settings = null;
// check for an initial configuration template
// used eg. by the demo installer
$configTemplatePath = PIMCORE_CONFIGURATION_DIRECTORY . "/system.xml.template";
if (file_exists($configTemplatePath)) {
try {
$configTemplate = new \Zend_Config_Xml($configTemplatePath);
if ($configTemplate->general) {
// check if the template contains a valid configuration
$settings = $configTemplate->toArray();
// unset database configuration
unset($settings["database"]["params"]["host"]);
unset($settings["database"]["params"]["port"]);
}
} catch (\Exception $e) {
}
}
// set default configuration if no template is present
if (!$settings) {
// write configuration file
$settings = array("general" => array("timezone" => "Europe/Berlin", "language" => "en", "validLanguages" => "en", "debug" => "1", "debugloglevel" => "debug", "custom_php_logfile" => "1", "extjs6" => "1"), "database" => array("adapter" => "Mysqli", "params" => array("username" => "root", "password" => "", "dbname" => "")), "documents" => array("versions" => array("steps" => "10"), "default_controller" => "default", "default_action" => "default", "error_pages" => array("default" => "/"), "createredirectwhenmoved" => "", "allowtrailingslash" => "no", "allowcapitals" => "no", "generatepreview" => "1"), "objects" => array("versions" => array("steps" => "10")), "assets" => array("versions" => array("steps" => "10")), "services" => array(), "cache" => array("excludeCookie" => ""), "httpclient" => array("adapter" => "Zend_Http_Client_Adapter_Socket"));
}
$settings = array_replace_recursive($settings, $config);
// convert all special characters to their entities so the xml writer can put it into the file
$settings = array_htmlspecialchars($settings);
// create initial /website/var folder structure
// @TODO: should use values out of startup.php (Constants)
$varFolders = array("areas", "assets", "backup", "cache", "classes", "config", "email", "log", "plugins", "recyclebin", "search", "system", "tmp", "versions", "webdav");
foreach ($varFolders as $folder) {
\Pimcore\File::mkdir(PIMCORE_WEBSITE_VAR . "/" . $folder);
}
$config = new \Zend_Config($settings, true);
$writer = new \Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM));
$writer->write();
}
$message = param('message', '', FALSE);
$cover = param('cover');
$seo_title = param('seo_title');
$seo_keywords = param('seo_keywords');
$seo_description = param('seo_description');
!$cateid and message(1, '文章分类未指定');
$arr = array('cateid' => $cateid, 'subject' => $subject, 'brief' => $brief, 'message' => $message, 'cover' => $cover, 'uid' => $uid, 'create_date' => $time, 'update_date' => $time, 'ip' => $longip, 'seo_title' => $seo_title, 'seo_keywords' => $seo_keywords, 'seo_description' => $seo_description);
$r = article_replace($articleid, $arr);
$r !== FALSE ? message(0, '创建成功') : message(11, '创建失败');
}
} elseif ($action == 'update') {
if ($method == 'GET') {
$articleid = param(2, 0);
$header['title'] = '更新文章';
$article = article_read($articleid);
array_htmlspecialchars($article);
include "./admin/view/article_update.htm";
} elseif ($method == 'POST') {
$articleid = param(2, 0);
$cateid = param('cateid', 0);
$subject = param('subject');
$brief = param('brief');
$message = param('message', '', FALSE);
$cover = param('cover');
$seo_title = param('seo_title');
$seo_keywords = param('seo_keywords');
$seo_description = param('seo_description');
!$cateid and message(1, '请指定文章分类');
!$subject and message(2, '请填写标题');
!$message and message(3, '请填写内容');
$arr = array('cateid' => $cateid, 'subject' => $subject, 'brief' => $brief, 'message' => $message, 'cover' => $cover, 'update_date' => $time, 'seo_title' => $seo_title, 'seo_keywords' => $seo_keywords, 'seo_description' => $seo_description);
}
?>
<link rel="bookmark" href="http://lsd.fi.muni.cz/webgen/" title="<?php
echo $webgen_info[$language];
?>
" />
<script type="text/javascript">
<?php
// promenne ze SESSION do JS
// nejprve pridame vsem prvkum ve vzbranych polich addslashes()
$_SESSION = array_htmlspecialchars_decode(array_map_r('addslashes', $_SESSION));
// nahrajeme promenne do JS
getJavascriptArray($_SESSION, 'session', $result);
// vratime na puvodni hodnotu pomoci stripslashes()
$_SESSION = array_htmlspecialchars(array_map_r('stripslashes', $_SESSION));
// ulozim si aktualni krok, kvuli napovede
getJavascriptArray($_GET, 'get', $result);
// nacteni nekterych promluv do js promennych
getJavascriptArray($webgen_basic_info, 'webgen_basic_info', $result);
getJavascriptArray($feat_answ_next, 'feat_answ_next', $result);
getJavascriptArray($webgen_u_r_day, 'webgen_u_r_day', $result);
getJavascriptArray($webgen_u_s_project_next, 'webgen_u_s_project_next', $result);
getJavascriptArray($webgen_u_s_project_coauthor_next, 'webgen_u_s_project_coauthor_next', $result);
getJavascriptArray($webgen_firm_direction_another, 'webgen_firm_direction_another', $result);
getJavascriptArray($webgen_firm_workload_another, 'webgen_firm_workload_another', $result);
getJavascriptArray($hobby_next, 'hobby_next', $result);
getJavascriptArray($knowledge_next, 'knowledge_next', $result);
getJavascriptArray($webgen_cv_edu_from, 'webgen_cv_edu_from', $result);
getJavascriptArray($webgen_cv_lang_type, 'webgen_cv_lang_type', $result);
getJavascriptArray($webgen_links_undef_description, 'webgen_links_undef_description', $result);
/**
* Validates new projects being created by performing error checks on user input
* @return boolean Returns false if user input fields threw an error
*/
public function validateNewProject()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
array_htmlspecialchars($_POST);
$this->project_name = $_POST['projectName'];
$this->facilitator = $_POST['facilitator'];
$this->project_due_date = $_POST['projectDueDate'];
$this->project_description = trim($_POST['projectDescription']);
// validate project name
if (!ctype_alnum(remove_whitespace($this->project_name))) {
$this->errors['project_name']['error'] = 1;
} elseif ($this->projectAlreadyExists() == TRUE) {
$this->errors['project_exists']['error'] = 1;
}
// validate instructor name
if (validate_instructor($this->facilitator) == FALSE) {
$this->errors['instructor']['error'] = 1;
}
// validate project description
if (strlen($this->project_description) < 100) {
$this->errors['project_description']['error'] = 1;
}
// validating due date field by attempting to make a DateTime object
if (DateTime::createFromFormat("Y-m-d", $this->project_due_date) == false) {
$this->errors['project_due_date_invalid']['error'] = 1;
}
// check for empty fields
if (empty($this->project_name) or empty($this->facilitator)) {
$this->errors['empty']['error'] = 1;
}
// check if a file was uploaded and if so run validation
$this->confidentiality_agreement_file_validation();
// run through the errors array and check if any errors are set to 1
$error_exists = 0;
foreach ($this->errors as $key => $value) {
if ($this->errors[$key]['error'] == 1) {
$error_exists = 1;
}
}
// return true if file was validated
if ($error_exists == 0) {
/**
* insert project record to database depending on user type
*
* note - professor accounts will update the claimed section automatically to 1
* so that the project does not show up on the search results once claimed
*/
if ($_SESSION['Account_Type'] == 'Professor') {
$this->insertNewProjectProfessor();
} elseif ($_SESSION['Account_Type'] = 'Business') {
$this->insertNewProjectBusiness();
}
// save uploaded file to disk drive
if (!empty($_SESSION['Create_New_Project'])) {
$this->saveFileToDisk();
}
// unset session variable
unset($_SESSION['Create_New_Project']);
// redirect user
header('Location: create_project_success.php');
} else {
return false;
}
}
}
public function tagManagementUpdateAction()
{
$this->checkPermission("tag_snippet_management");
$tag = Model\Tool\Tag\Config::getByName($this->getParam("name"));
$data = \Zend_Json::decode($this->getParam("configuration"));
$data = array_htmlspecialchars($data);
$items = array();
foreach ($data as $key => $value) {
$setter = "set" . ucfirst($key);
if (method_exists($tag, $setter)) {
$tag->{$setter}($value);
}
if (strpos($key, "item.") === 0) {
$cleanKeyParts = explode(".", $key);
$items[$cleanKeyParts[1]][$cleanKeyParts[2]] = $value;
}
}
$tag->resetItems();
foreach ($items as $item) {
$tag->addItem($item);
}
// parameters get/post
$params = array();
for ($i = 0; $i < 5; $i++) {
$params[] = array("name" => $data["params.name" . $i], "value" => $data["params.value" . $i]);
}
$tag->setParams($params);
if ($this->getParam("name") != $data["name"]) {
$tag->setName($this->getParam("name"));
// set the old name again, so that the old file get's deleted
$tag->delete();
// delete the old config / file
$tag->setName($data["name"]);
}
$tag->save();
$this->_helper->json(array("success" => true));
}
public function setSystemAction()
{
if ($this->getUser()->isAllowed("system_settings")) {
$values = Zend_Json::decode($this->_getParam("data"));
$oldConfig = Pimcore_Config::getSystemConfig();
$oldValues = $oldConfig->toArray();
$smtpPassword = $values["email.smtp.auth.password"];
if (empty($smtpPassword)) {
$smtpPassword = $oldValues['email']['smtp']['auth']['password'];
}
// convert all special characters to their entities so the xml writer can put it into the file
$values = array_htmlspecialchars($values);
$settings = array("general" => array("timezone" => $values["general.timezone"], "php_cli" => $values["general.php_cli"], "domain" => $values["general.domain"], "language" => $values["general.language"], "validLanguages" => $values["general.validLanguages"], "theme" => $values["general.theme"], "loginscreenimageservice" => $values["general.loginscreenimageservice"], "loginscreencustomimage" => $values["general.loginscreencustomimage"], "debug" => $values["general.debug"], "debug_ip" => $values["general.debug_ip"], "firephp" => $values["general.firephp"], "loglevel" => array("debug" => $values["general.loglevel.debug"], "info" => $values["general.loglevel.info"], "notice" => $values["general.loglevel.notice"], "warning" => $values["general.loglevel.warning"], "error" => $values["general.loglevel.error"], "critical" => $oldValues["general"]["loglevel"]["critical"], "alert" => $oldValues["general"]["loglevel"]["alert"], "emergency" => $oldValues["general"]["loglevel"]["emergency"]), "devmode" => $values["general.devmode"], "logrecipient" => $values["general.logrecipient"], "welcomescreen" => $values["general.welcomescreen"], "viewSuffix" => $values["general.viewSuffix"]), "database" => $oldValues["database"], "documents" => array("versions" => array("days" => $values["documents.versions.days"], "steps" => $values["documents.versions.steps"]), "default_controller" => $values["documents.default_controller"], "default_action" => $values["documents.default_action"], "error_page" => $values["documents.error_page"], "allowtrailingslash" => $values["documents.allowtrailingslash"], "allowcapitals" => $values["documents.allowcapitals"]), "objects" => array("versions" => array("days" => $values["objects.versions.days"], "steps" => $values["objects.versions.steps"])), "assets" => array("webdav" => array("hostname" => $values["assets.webdav.hostname"]), "versions" => array("days" => $values["assets.versions.days"], "steps" => $values["assets.versions.steps"]), "ffmpeg" => $values["assets.ffmpeg"]), "services" => array("googlemaps" => array("apikey" => $values["services.googlemaps.apikey"]), "translate" => array("apikey" => $values["services.translate.apikey"]), "google" => array("username" => $values["services.google.username"], "password" => $values["services.google.password"])), "cache" => array("enabled" => $values["cache.enabled"], "lifetime" => $values["cache.lifetime"], "excludePatterns" => $values["cache.excludePatterns"], "excludeCookie" => $values["cache.excludeCookie"]), "outputfilters" => array("imagedatauri" => $values["outputfilters.imagedatauri"], "less" => $values["outputfilters.less"], "lesscpath" => $values["outputfilters.lesscpath"], "cssminify" => $values["outputfilters.cssminify"], "javascriptminify" => $values["outputfilters.javascriptminify"], "javascriptminifyalgorithm" => $values["outputfilters.javascriptminifyalgorithm"], "htmlminify" => $values["outputfilters.htmlminify"], "cdn" => $values["outputfilters.cdn"], "cdnhostnames" => $values["outputfilters.cdnhostnames"], "cdnpatterns" => $values["outputfilters.cdnpatterns"]), "email" => array("sender" => array("name" => $values["email.sender.name"], "email" => $values["email.sender.email"]), "return" => array("name" => $values["email.return.name"], "email" => $values["email.return.email"]), "method" => $values["email.method"], "smtp" => array("host" => $values["email.smtp.host"], "port" => $values["email.smtp.port"], "ssl" => $values["email.smtp.ssl"], "name" => $values["email.smtp.name"], "auth" => array("method" => $values["email.smtp.auth.method"], "username" => $values["email.smtp.auth.username"], "password" => $smtpPassword)), "debug" => array("emailaddresses" => $values["email.debug.emailAddresses"])), "webservice" => array("enabled" => $values["webservice.enabled"]), "httpclient" => array("adapter" => $values["httpclient.adapter"], "proxy_host" => $values["httpclient.proxy_host"], "proxy_port" => $values["httpclient.proxy_port"], "proxy_user" => $values["httpclient.proxy_user"], "proxy_pass" => $values["httpclient.proxy_pass"]));
$config = new Zend_Config($settings, true);
$writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM));
$writer->write();
$this->_helper->json(array("success" => true));
} else {
if ($this->getUser() != null) {
Logger::err("user [" . $this->getUser()->getId() . "] attempted to change system settings, but has no permission to do so.");
} else {
Logger::err("attempt to change system settings, but no user in session.");
}
}
$this->_helper->json(false);
}
function array_htmlspecialchars(&$var)
{
if (is_array($var)) {
foreach ($var as $k => &$v) {
array_htmlspecialchars($v);
}
} else {
$var = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $var);
}
return $var;
}
$header['title'] = '板块更新';
$forum = forum_read($fid);
$grouplist = group_find();
$accesslist = forum_access_find_by_fid($fid);
if (empty($accesslist)) {
foreach ($grouplist as $group) {
$accesslist[$group['gid']] = $group;
// 字段名相同,直接覆盖。
}
} else {
foreach ($accesslist as &$access) {
$access['name'] = $grouplist[$access['gid']]['name'];
// 字段名相同,直接覆盖。
}
}
array_htmlspecialchars($forum);
include "./admin/view/forum_update.htm";
} elseif ($method == 'POST') {
$fid = param(2, 0);
$name = param('name');
$rank = param('rank');
$moduids = param('moduids');
$moduids = forum_filter_moduid($moduids);
$forum = forum_read($fid);
empty($name) and message(1, '论坛名称不能为空');
// 列表页 ajax post 逐行提交
$arr = array('name' => $name, 'rank' => $rank, 'create_date' => $time);
// 详情页的 POST 提交
if (isset($_POST['brief'])) {
empty($forum) and message(11, '版块不存在');
$brief = param('brief', '', FALSE);
<?php
// valid languages is new in system config
$configArray = Pimcore_Config::getSystemConfig()->toArray();
$configArray["general"]["custom_php_logfile"] = "1";
$configArray = array_htmlspecialchars($configArray);
$config = new Zend_Config($configArray, true);
$writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM));
$writer->write();
public function tagManagementUpdateAction()
{
$tag = Tool_Tag_Config::getByName($this->_getParam("name"));
$data = Zend_Json::decode($this->_getParam("configuration"));
$data = array_htmlspecialchars($data);
$items = array();
foreach ($data as $key => $value) {
$setter = "set" . ucfirst($key);
if (method_exists($tag, $setter)) {
$tag->{$setter}($value);
}
if (strpos($key, "item.") === 0) {
$cleanKeyParts = explode(".", $key);
$items[$cleanKeyParts[1]][$cleanKeyParts[2]] = $value;
}
}
$tag->resetItems();
foreach ($items as $item) {
$tag->addItem($item);
}
// parameters get/post
$params = array();
for ($i = 0; $i < 5; $i++) {
$params[] = array("name" => $data["params.name" . $i], "value" => $data["params.value" . $i]);
}
$tag->setParams($params);
$tag->save();
// clear cache tag
Pimcore_Model_Cache::clearTag("tagmanagement");
$this->_helper->json(array("success" => true));
}
