/** * Imports data from the outer world * * @param string $name Variable name * @param string $source Source type: G/GET, P/POST, C/COOKIE, R/REQUEST, PUT, DELETE or D/DIRECT (variable filtering) * @param string $filter Filter type * @param int $maxlen Length limit * @param bool $dieonerror Die with fatal error on wrong input * @param bool $buffer Try to load from input buffer (previously submitted) if current value is empty * @return mixed */ function cot_import($name, $source, $filter, $maxlen = 0, $dieonerror = false, $buffer = false) { global $cot_import_filters, $_PUT, $_PATCH, $_DELETE; if (isset($_SERVER['REQUEST_METHOD'])) { if ($_SERVER['REQUEST_METHOD'] == 'PUT' && is_null($_PUT)) { parse_str(file_get_contents('php://input'), $_PUT); } elseif ($_SERVER['REQUEST_METHOD'] == 'PATCH' && is_null($_PATCH)) { parse_str(file_get_contents('php://input'), $_PATCH); } elseif ($_SERVER['REQUEST_METHOD'] == 'DELETE' && is_null($_DELETE)) { parse_str(file_get_contents('php://input'), $_DELETE); } } $v = NULL; switch ($source) { case 'G': case 'GET': $v = isset($_GET[$name]) ? $_GET[$name] : NULL; $log = TRUE; break; case 'P': case 'POST': $v = isset($_POST[$name]) ? $_POST[$name] : NULL; $log = TRUE; break; case 'PUT': $v = isset($_PUT[$name]) ? $_PUT[$name] : NULL; $log = TRUE; break; case 'PATCH': $v = isset($_PATCH[$name]) ? $_PATCH[$name] : NULL; $log = TRUE; break; case 'DELETE': $v = isset($_DELETE[$name]) ? $_DELETE[$name] : NULL; $log = TRUE; break; case 'R': case 'REQUEST': $v = isset($_REQUEST[$name]) ? $_REQUEST[$name] : NULL; $log = TRUE; break; case 'C': case 'COOKIE': $v = isset($_COOKIE[$name]) ? $_COOKIE[$name] : NULL; $log = TRUE; break; case 'D': case 'DIRECT': $v = $name; $log = FALSE; break; default: cot_diefatal('Unknown source for a variable : <br />Name = ' . $name . '<br />Source = ' . $source . ' ? (must be G, P, C or D)'); break; } if (is_array($v)) { if ($filter == 'NOC') { $filter = 'ARR'; } if ($filter != 'ARR') { return null; } } else { if ($filter == 'ARR') { return array(); } } if (MQGPC && ($source == 'G' || $source == 'P' || $source == 'C') && $v != NULL && $filter != 'ARR') { $v = stripslashes($v); } if (($v === '' || $v === NULL || $filter == 'ARR') && $buffer) { $v = cot_import_buffered($name, $v, null); return $v; } if ($v === null) { return null; } if ($maxlen > 0) { $v = mb_substr($v, 0, $maxlen); } $pass = FALSE; $defret = NULL; // Custom filter support if (is_array($cot_import_filters[$filter])) { foreach ($cot_import_filters[$filter] as $func) { $v = $func($v, $name); } return $v; } switch ($filter) { case 'INT': if (is_numeric($v) && floor($v) == $v) { $pass = TRUE; $v = (int) $v; } break; case 'NUM': if (is_numeric($v)) { $pass = TRUE; $v = (double) $v; } break; case 'TXT': $v = trim($v); if (mb_strpos($v, '<') === FALSE) { $pass = TRUE; } else { $defret = str_replace('<', '<', $v); } break; case 'ALP': $v = trim($v); $f = cot_alphaonly($v); if ($v == $f) { $pass = TRUE; } else { $defret = $f; } break; case 'PSW': $v = trim($v); $f = preg_replace('#[\'"&<>]#', '', $v); $f = mb_substr($f, 0, 32); if ($v == $f) { $pass = TRUE; } else { $defret = $f; } break; case 'HTM': $v = trim($v); $pass = TRUE; break; case 'ARR': $pass = TRUE; break; case 'BOL': if ($v == '1' || $v == 'on') { $pass = TRUE; $v = TRUE; } elseif ($v == '0' || $v == 'off') { $pass = TRUE; $v = FALSE; } else { $defret = FALSE; } break; case 'NOC': $pass = TRUE; break; default: cot_diefatal('Unknown filter for a variable : <br />Var = ' . $v . '<br />Filter = "' . $filter . '" ?'); break; } if (!$pass || !in_array($filter, array('INT', 'NUM', 'BOL', 'ARR'))) { $v = preg_replace('/(&#\\d+)(?![\\d;])/', '$1;', $v); } if ($pass) { return $v; } else { if ($log) { cot_log_import($source, $filter, $name, $v); } if ($dieonerror) { cot_diefatal('Wrong input.'); } else { return $defret; } } }
/** * Generates a checklistbox output * @param mixed $chosen Checkbox state * @param string $name Input name * @param array $values Options available * @param array $titles Titles for options * @param mixed $attrs Additional attributes as an associative array or a string * @param string $separator Option separator, by default is taken from $R['input_radio_separator'] * @param bool $addnull add nullvalue field for easycheck if chechlisybox is isset on the form * @param string $custom_rc Custom resource string name * @return string */ function cot_checklistbox($chosen, $name, $values, $titles = array(), $attrs = '', $separator = '', $addnull = true, $custom_rc = '') { global $R; if (!is_array($values)) { $values = explode(',', $values); } if (!is_array($titles)) { $titles = explode(',', $titles); } $use_titles = count($values) == count($titles); $input_attrs = cot_rc_attr_string($attrs); $chosen = cot_import_buffered($name, $chosen); if (empty($separator)) { $separator = $R['input_radio_separator']; } $i = 0; $result = ''; if ($addnull) { $result .= cot_inputbox('hidden', $name . '[nullval]', 'nullval'); } $rc_name = preg_match('#^(\\w+)\\[(.*?)\\]$#', $name, $mt) ? $mt[1] : $name; $rc = empty($R["input_check_{$rc_name}"]) ? empty($custom_rc) ? 'input_check' : $custom_rc : "input_check_{$rc_name}"; foreach ($values as $k => $x) { $i++; $x = trim($x); $checked = is_array($chosen) && in_array($x, $chosen) || !is_array($chosen) && $x == $chosen ? ' checked="checked"' : ''; $title = $use_titles ? htmlspecialchars($titles[$k]) : htmlspecialchars($x); if ($i > 1) { $result .= $separator; } $result .= cot_rc($rc, array('value' => htmlspecialchars($x), 'name' => $name . '[' . $i . ']', 'checked' => $checked, 'title' => $title, 'attrs' => $input_attrs)); } return $result; }