/** * clean values of all variables of the object for storage. * also add slashes wherever needed * * YOU SHOULD NOT USE ANY OF THE UNICODE TYPES, THEY WILL BE REMOVED * * @return bool true if successful * @access public */ public function cleanVars() { $ts = MyTextSanitizer::getInstance(); $existing_errors = $this->getErrors(); $this->_errors = array(); foreach ($this->vars as $k => $v) { $cleanv = $v['value']; if (!$v['changed']) { } else { $cleanv = is_string($cleanv) ? trim($cleanv) : $cleanv; switch ($v['data_type']) { case XOBJ_DTYPE_TIMESTAMP: $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTAMPSTRING, $cleanv) : date(_DBTIMESTAMPSTRING, strtotime($cleanv)); break; case XOBJ_DTYPE_TIME: $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTRING, $cleanv) : date(_DBTIMESTRING, strtotime($cleanv)); break; case XOBJ_DTYPE_DATE: $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBDATESTRING, $cleanv) : date(_DBDATESTRING, strtotime($cleanv)); break; case XOBJ_DTYPE_TXTBOX: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if (isset($v['maxlength']) && strlen($cleanv) > (int) $v['maxlength']) { $this->setErrors(sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int) $v['maxlength'])); continue 2; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } break; case XOBJ_DTYPE_TXTAREA: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } break; case XOBJ_DTYPE_SOURCE: if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } break; case XOBJ_DTYPE_INT: $cleanv = (int) $cleanv; break; case XOBJ_DTYPE_EMAIL: if ($v['required'] && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$/i", $cleanv)) { $this->setErrors('Invalid Email'); //_XOBJ_ERR_INVALID_EMAIL continue 2; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } break; case XOBJ_DTYPE_URL: if ($v['required'] && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if ($cleanv != '' && !preg_match("/^http[s]*:\\/\\//i", $cleanv)) { $cleanv = 'http://' . $cleanv; } if (!$v['not_gpc']) { $cleanv =& $ts->stripSlashesGPC($cleanv); } break; case XOBJ_DTYPE_ARRAY: $cleanv = (array) $cleanv; $cleanv = serialize($cleanv); break; case XOBJ_DTYPE_STIME: case XOBJ_DTYPE_MTIME: case XOBJ_DTYPE_LTIME: $cleanv = !is_string($cleanv) ? (int) $cleanv : strtotime($cleanv); break; case XOBJ_DTYPE_FLOAT: $cleanv = (double) $cleanv; break; case XOBJ_DTYPE_DECIMAL: $cleanv = (double) $cleanv; break; case XOBJ_DTYPE_ENUM: if (!in_array($cleanv, $v['enumeration'])) { $this->setErrors('Invalid Enumeration'); //_XOBJ_ERR_INVALID_ENUMERATION continue 2; } break; case XOBJ_DTYPE_UNICODE_TXTBOX: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } $cleanv = xoops_convert_encode($cleanv); if (isset($v['maxlength']) && strlen($cleanv) > (int) $v['maxlength']) { $this->setErrors(sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int) $v['maxlength'])); continue 2; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } break; case XOBJ_DTYPE_UNICODE_TXTAREA: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } $cleanv = xoops_convert_encode($cleanv); if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } break; case XOBJ_DTYPE_UNICODE_EMAIL: if ($v['required'] && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$/i", $cleanv)) { $this->setErrors('Invalid Email'); continue 2; } $cleanv = xoops_convert_encode($cleanv); if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } break; case XOBJ_DTYPE_UNICODE_URL: if ($v['required'] && $cleanv == '') { $this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); continue 2; } if ($cleanv != '' && !preg_match("/^http[s]*:\\/\\//i", $cleanv)) { $cleanv = 'http://' . $cleanv; } $cleanv = xoops_convert_encode($cleanv); if (!$v['not_gpc']) { $cleanv =& $ts->stripSlashesGPC($cleanv); } break; case XOBJ_DTYPE_UNICODE_ARRAY: $cleanv = serialize(array_walk($cleanv, 'xoops_aw_encode')); break; default: break; } } $this->cleanVars[$k] = str_replace('\\"', '"', $cleanv); unset($cleanv); } if (count($this->_errors) > 0) { $this->_errors = array_merge($existing_errors, $this->_errors); return false; } $this->_errors = array_merge($existing_errors, $this->_errors); $this->unsetDirty(); return true; }
/** * xoops_aw_encode() * * @param value of array $value * @param key of array $key * @return boolean */ function xoops_aw_encode($value, $key, $store_method = "urlcode") { $value = xoops_convert_encode($value, $store_method); }
/** * Clean values of all variables of the object for storage. * also add slashes and quote string whereever needed * * CleanVars only contains changed and cleaned variables * Reference is used for PHP4 compliance * * @return bool true if successful * @access public */ function cleanVars(&$object) { $ts =& MyTextSanitizer::getInstance(); $errors = array(); $vars = $object->getVars(); $object->cleanVars = array(); foreach ($vars as $k => $v) { if (!$v["changed"]) { continue; } $cleanv = $v['value']; switch ($v["data_type"]) { case XOBJ_DTYPE_UNICODE_TXTBOX: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if (isset($v['maxlength']) && strlen($cleanv) > intval($v['maxlength'])) { $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, intval($v['maxlength'])); continue; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv))); break; case XOBJ_DTYPE_UNICODE_TXTAREA: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if (!$v['not_gpc']) { if (!empty($vars['dohtml']['value'])) { $cleanv = $ts->textFilter($cleanv); } $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv))); break; case XOBJ_DTYPE_TXTBOX: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if (isset($v['maxlength']) && strlen($cleanv) > intval($v['maxlength'])) { $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, intval($v['maxlength'])); continue; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_TXTAREA: if ($v['required'] && $cleanv != '0' && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if (!$v['not_gpc']) { if (!empty($vars['dohtml']['value'])) { $cleanv = $ts->textFilter($cleanv); } $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); } else { $cleanv = $ts->censorString($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_SOURCE: $cleanv = trim($cleanv); if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } else { $cleanv = $cleanv; } $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_UNICODE_EMAIL: $cleanv = trim($cleanv); if ($v['required'] && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv))); break; case XOBJ_DTYPE_EMAIL: $cleanv = trim($cleanv); if ($v['required'] && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$/i", $cleanv)) { $errors[] = "Invalid Email"; continue; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_UNICODE_URL: $cleanv = trim($cleanv); if ($v['required'] && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if ($cleanv != '' && !preg_match("/^http[s]*:\\/\\//i", $cleanv)) { $cleanv = 'http://' . $cleanv; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv))); break; case XOBJ_DTYPE_URL: $cleanv = trim($cleanv); if ($v['required'] && $cleanv == '') { $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k); continue; } if ($cleanv != '' && !preg_match("/^http[s]*:\\/\\//i", $cleanv)) { $cleanv = 'http://' . $cleanv; } if (!$v['not_gpc']) { $cleanv = $ts->stripSlashesGPC($cleanv); } $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_UNICODE_OTHER: $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv))); break; case XOBJ_DTYPE_OTHER: $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; case XOBJ_DTYPE_INT: $cleanv = intval($cleanv); break; case XOBJ_DTYPE_FLOAT: $cleanv = floatval($cleanv); break; case XOBJ_DTYPE_DECIMAL: $cleanv = doubleval($cleanv); break; case XOBJ_DTYPE_UNICODE_ARRAY: if (!$v['not_gpc']) { $cleanv = array_map(array(&$ts, "stripSlashesGPC"), $cleanv); } foreach (array_keys($cleanv) as $key) { $cleanv[$key] = str_replace('\\"', '"', addslashes($cleanv[$key])); } // TODO: Not encoding safe, should try base64_encode -- phppp $cleanv = "'" . serialize(array_walk($cleanv, 'xoops_aw_encode')) . "'"; break; case XOBJ_DTYPE_ARRAY: if (!$v['not_gpc']) { $cleanv = array_map(array(&$ts, "stripSlashesGPC"), $cleanv); } foreach (array_keys($cleanv) as $key) { $cleanv[$key] = str_replace('\\"', '"', addslashes($cleanv[$key])); } // TODO: Not encoding safe, should try base64_encode -- phppp $cleanv = "'" . serialize($cleanv) . "'"; break; case XOBJ_DTYPE_STIME: case XOBJ_DTYPE_MTIME: case XOBJ_DTYPE_LTIME: $cleanv = !is_string($cleanv) ? intval($cleanv) : strtotime($cleanv); break; default: $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv)); break; } $object->cleanVars[$k] = $cleanv; } if (!empty($errors)) { $object->setErrors($errors); } $object->unsetDirty(); return empty($errors) ? true : false; }