public function renderAsHtml() { $rendered = ''; if (preg_match('/^http/i', $this->image_reference)) { // NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs) $rendered = '<img id="specimen_image_' . $this->specimen_image_id . '" class="plant-image external-reference" src="' . $this->image_reference . '" />'; } else { $rendered = '<img id="specimen_image_' . $this->specimen_image_id . '" class="plant-image" src="' . APP_ROOT_PATH . '/image_data/specimen/' . util_sanitizeFileReference($this->image_reference) . '" />'; } return $rendered; }
public function renderAsHtml() { $rendered = 'UNKNOWN TYPE'; if ($this->type == 'common name') { $rendered = "<div class=\"field-label\">" . util_lang('common_name') . " : </div><div class=\"field-value taxonomy taxonomy-common-name\">\"" . htmlentities($this->value) . "\"</div>"; } elseif ($this->type == 'image') { if (preg_match('/^http/i', $this->value)) { // NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs) $rendered = '<img class="plant-image external-reference" src="' . $this->value . '"/>'; } else { $rendered = '<img class="plant-image" src="' . APP_ROOT_PATH . '/image_data/authoritative/' . util_sanitizeFileReference($this->value) . '"/>'; } } elseif ($this->type == 'description') { $rendered = "<div class=\"plant-description\">" . htmlentities($this->value) . "</div>"; } return $rendered; }
function testSanitizeFileReference() { $this->assertEqual('filename', util_sanitizeFileReference('filename')); $this->assertEqual('file_name', util_sanitizeFileReference('file name')); $this->assertEqual('filename', util_sanitizeFileReference('../filename')); $this->assertEqual('foo/filename', util_sanitizeFileReference('../foo/filename')); $this->assertEqual('/foo/filename', util_sanitizeFileReference('/../foo/filename')); $this->assertEqual('__filename', util_sanitizeFileReference('; filename')); }
public function renderAsHtml() { $rendered = ''; if ($this->type == 'text') { $file_path = $_SERVER["DOCUMENT_ROOT"] . APP_ROOT_PATH . '/text_data/' . util_sanitizeFileReference($this->external_reference); $text_data = file_get_contents($file_path); $text_data = preg_replace('/\\r/', "", $text_data); $rendered = '<div class="text_data" title="' . htmlentities($this->description) . '">' . htmlentities($text_data) . '</div>'; } elseif ($this->type == 'image') { if (preg_match('/^http/i', $this->external_reference)) { // NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs) $rendered = '<img class="metadata-reference-image external-reference" src="' . $this->external_reference . '" alt="' . htmlentities($this->description) . '"/>'; } else { $rendered = '<img class="metadata-reference-image" src="' . APP_ROOT_PATH . '/image_data/reference/' . util_sanitizeFileReference($this->external_reference) . '" alt="' . htmlentities($this->description) . '"/>'; } } elseif ($this->type == 'link') { // NOTE: external references are NOT sanitized! That is beyond the security scope of this app (i.e. only pre-trusted users have data entry privs) $rendered = '<a href="' . $this->external_reference . '" title="' . htmlentities($this->description) . '">' . htmlentities($this->description) . '</a>'; } return $rendered; }