/**
* Validate a Zikula variable.
*
* @param mixed $var The variable to validate.
* @param string $type The type of the validation to perform (email, url etc.).
* @param mixed $args Optional array with validation-specific settings (deprecated).
*
* @return boolean True if the validation was successful, false otherwise.
*/
public static function varValidate($var, $type, $args = 0)
{
if (!isset($var) || !isset($type)) {
return false;
}
// typecasting (might be useless in this function)
$var = (string) $var;
$type = (string) $type;
static $maxlength = array('modvar' => 64, 'func' => 512, 'api' => 187, 'theme' => 200, 'uname' => 25, 'config' => 64);
static $minlength = array('mod' => 1, 'modvar' => 1, 'uname' => 1, 'config' => 1);
// commented out some regexps until some useful and working ones are found
static $regexp = array('email' => '/^(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\"\\[\\]]\\.?)+@(?:[^\\s\\000-\\037\\177\\(\\)<>@,;:\\\\"\\[\\]]\\.?)+\\.[a-z]{2,6}$/Ui', 'url' => '/^([!#\\$\\046-\\073=\\077-\\132_\\141-\\172~]|(?:%[a-f0-9]{2}))+$/i');
// special cases
if ($type == 'mod' && $var == ModUtil::CONFIG_MODULE) {
return true;
}
if ($type == 'config' && $var == 'dbtype' || $var == 'dbhost' || $var == 'dbuname' || $var == 'dbpass' || $var == 'dbname' || $var == 'system' || $var == 'prefix' || $var == 'encoded') {
// The database parameter are not allowed to change
return false;
}
if ($type == 'email' || $type == 'url') {
// CSRF protection for email and url
$var = str_replace(array('\\r', '\\n', '%0d', '%0a'), '', $var);
if (self::getVar('idnnames')) {
// transfer between the encoded (Punycode) notation and the decoded (8bit) notation.
require_once 'lib/vendor/idn/idna_convert.class.php';
$IDN = new idna_convert();
$var = $IDN->encode(DataUtil::convertToUTF8($var));
}
// all characters must be 7 bit ascii
$length = strlen($var);
$idx = 0;
while ($length--) {
$c = $var[$idx++];
if (ord($c) > 127) {
return false;
}
}
}
if ($type == 'url') {
// check for url
$url_array = @parse_url($var);
if (!empty($url_array) && empty($url_array['scheme'])) {
return false;
}
}
if ($type == 'uname') {
// check for invalid characters
if (!preg_match('/^[\\p{L}\\p{N}_\\.\\-]+$/uD', $var)) {
return false;
} else {
$lowerUname = mb_strtolower($var);
if ($lowerUname != $var) {
return false;
}
}
}
// variable passed special checks. We now to generic checkings.
// check for maximal length
if (isset($maxlength[$type]) && mb_strlen($var) > $maxlength[$type]) {
return false;
}
// check for minimal length
if (isset($minlength[$type]) && mb_strlen($var) < $minlength[$type]) {
return false;
}
// check for regular expression
if (isset($regexp[$type]) && !preg_match($regexp[$type], $var)) {
return false;
}
// all tests for illegal entries failed, so we assume the var is ok ;-)
return true;
}
/**
* Encode data in JSON and return.
*
* This functions can add a new authid if requested to do so (default).
* If the supplied args is not an array, it will be converted to an
* array with 'data' as key.
* Authid field will always be named 'authid'. Any other field 'authid'
* will be overwritten!
* Script execution stops here
*
* @param mixed $args String or array of data.
* @param boolean $createauthid Create a new authid and send it back to the calling javascript.
* @param boolean $xjsonheader Send result in X-JSON: header for prototype.js.
* @param boolean $statusmsg Include statusmsg in output.
* @param string $code Optional error code, default '200 OK'.
*
* @deprecated since 1.3.0
*
* @return void
*/
public static function output($args, $createauthid = false, $xjsonheader = false, $statusmsg = true, $code = '200 OK')
{
if (!System::isLegacyMode()) {
$response = new Zikula_Response_Ajax($args);
echo $response;
System::shutDown();
}
// Below for reference - to be deleted.
// check if an error message is set
$msgs = LogUtil::getErrorMessagesText('<br />');
if ($msgs != false && !empty($msgs)) {
self::error($msgs);
}
$data = !is_array($args) ? array('data' => $args) : $args;
if ($statusmsg === true) {
// now check if a status message is set
$msgs = LogUtil::getStatusMessagesText('<br />');
$data['statusmsg'] = $msgs;
}
if ($createauthid === true) {
$data['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName());
}
// convert the data to UTF-8 if not already encoded as such
// Note: this isn't strict test but relying on the site language pack encoding seems to be a good compromise
if (ZLanguage::getEncoding() != 'utf-8') {
$data = DataUtil::convertToUTF8($data);
}
$output = json_encode($data);
header("HTTP/1.0 $code");
header('Content-type: application/json');
if ($xjsonheader == true) {
header('X-JSON:(' . $output . ')');
}
echo $output;
System::shutdown();
}
