function _filter($html, $truncate = NULL, $params = NULL)
{
require_once PA::$path . "/ext/InputSanitizer/InputSanitizer.php";
$defaults = NULL;
// bleep out cuss words
$defaults->filter_profanity = TRUE;
// strip most html
$defaults->passthrough_html = FALSE;
// and break longish strings
$defaults->wbr = 15;
// minimal HTML formating
$defaults->taglist = array('ul', 'li', 'p', 'br', 'b', 'strong', 'em', 'i');
$defaults->collapseWhitespace = TRUE;
foreach ($defaults as $k => $v) {
if (empty($params->{$k})) {
$params->{$k} = $v;
}
}
$sDom = new InputSanitizer(@$params->taglist, @$params->attrlist);
$sDom->wbr = @$params->wbr;
// break long strings every 15 chars
$sDom->htmlAllowedEverywhere = TRUE;
$sDom->passthrough = @$params->passthrough_html;
$sDom->collapseWhitespace = $params->collapseWhitespace;
$filered_drop = array();
foreach ($sDom->dropWithChildren as $i => $tag) {
if (!in_array($tag, $params->taglist)) {
$filered_drop[] = $tag;
}
}
$sDom->dropWithChildren = $filered_drop;
$html = $sDom->process($html, $truncate);
if (@$params->filter_profanity) {
require_once PA::$path . "/api/Validation/ProfanityFilter.php";
$html = ProfanityFilter::filterHTML($html);
}
return $html;
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . "/include.php";
require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/charavatar.php";
require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/thumbnail.php";
$post_array = ['firstname', 'lastname', 'haircolor', 'eyecolor', 'height', 'weight', 'bustsize', 'hipsize', 'waistsize', 'bodytype', 'personality', 'description'];
$avatar_img = !empty($_FILES) ? $_FILES['files']['tmp_name'] : null;
if (isset($_POST) && !array_diff($post_array, array_keys($_POST)) && !empty($_FILES) && $_FILES["files"]["error"] == UPLOAD_ERR_OK) {
if (in_array("", array_values($_POST))) {
$RENDENGINE->render(new Text("Sorry. One of more of the fields were not filled out!"));
exit;
}
$SANTIZER = new InputSanitizer($_POST);
//Will think of better sanitize flags. Will add validation steps as well. Remember to santize avatar as well.
$SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("haircolor", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("eyecolor", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("height", FILTER_SANITIZE_NUMBER_INT);
$SANTIZER->addFilter("weight", FILTER_SANITIZE_NUMBER_INT);
$SANTIZER->addFilter("bustsize", FILTER_SANITIZE_NUMBER_INT);
$SANTIZER->addFilter("hipsize", FILTER_SANITIZE_NUMBER_INT);
$SANTIZER->addFilter("waistsize", FILTER_SANITIZE_NUMBER_INT);
$SANTIZER->addFilter("bodytype", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("personality", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("description", FILTER_SANITIZE_STRING);
$sant_array = $SANTIZER->filter();
$connection = $DB->connect();
/*Error handling?*/
$char_ava = new CharacterAvatar($avatar_img);
$thumb = new ThumbNail($avatar_img);
$rendlist->addRenderable(new Text('<textarea rows="7" columns="20" name="about">' . $user_fields["about"] . '</textarea>'));
$rendlist->addRenderable(new Text('<img src="' . Config::USER_IMAGE_ROOT . $user_fields["avatarpath"] . '">'));
$rendlist->addRenderable(new Text('</div>'));
$RENDENGINE->render($rendlist);
?>
<input name="files" type="file" accept="image/*">
<div class="form-group">
<button type="submit" class="btn" value="Submit">Submit</button>
</div>
</form>
<?php
if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) {
$SANTIZER = new InputSanitizer($_POST);
$SANTIZER->addFilter("about", FILTER_SANITIZE_STRING);
$sant_arr = $SANTIZER->filter();
/*
We will not worry about deleting the old image for now. Should be implemented later, however.
*/
$connection2 = $DB->connect();
if ($avatar_img != null) {
require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/useravatar.php";
$img_mang = new UserAvatar($avatar_img);
$ava_path = $img_mang->createImage($USERSESS->getUserID());
(new sqlDBExecute($connection2, "UPDATE USERINFO SET About = \$1,AvatarPath = \$2 WHERE UserID = \$3", array($sant_arr[0], $ava_path, $USERSESS->getUserID())))->execute();
} else {
/*Redundent for now*/
(new sqlDBExecute($connection2, "UPDATE USERINFO SET About = \$1 WHERE UserID = \$2", array($sant_arr[0], $USERSESS->getUserID())))->execute();
}
function chop_string($string, $length = 30, $link = "")
{
if (has_html($string)) {
$san = new InputSanitizer();
$san->passthrough = TRUE;
// we want no HTML filtering here
$return = $san->process($string, $length);
} else {
$return = substr($string, 0, $length);
if (strlen($string) > $length) {
$return .= "..";
/* if($length >= DESCRIPTION_LENGTH && !empty($link)) {
$return .= "<br><a href='".$link."' class='forums-module'>read more..</a>";
} */
}
}
$return = nl2br($return);
return $return;
}
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/include.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config.php";
$post_array = array("firstname", "lastname");
if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) {
$SANTIZER = new InputSanitizer($_POST);
$SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING);
$sant_array = $SANTIZER->filter();
$conn = $DB->connect();
$char_query = new sqlDBQueryResult($conn, "SELECT CharacterID, FirstName, LastName, AvatarThumbPath FROM Character WHERE FirstName=\$1 or LastName=\$2;", array($sant_array[0], $sant_array[1]));
$char_query->query();
$result_list = new RenderList();
$media_head = '<div class="media">';
$result_list->addRenderable(new Text($media_head));
//Turn this into a file. More convenient.
while ($row = $char_query->getRow()) {
$media_rend = new RenderList(new Text('<a class="media-left" href="/Public/Waifu/waifu.php?characterid=' . $row["characterid"] . '">'), new Text('<img class="media-object" src="' . Config::THUMB_IMAGE_ROOT . $row["avatarthumbpath"] . '">'), new Text('<div class="media-body">' . $row["firstname"] . $row["lastname"]));
$result_list->addRenderable($media_rend);
}
$result_list->addRenderable(new Text("</a></div></div>"));
//Add this encapsulation functionality in render list class? or different object?
$RENDENGINE->render($result_list);
}
public function activate($id, Request $request)
{
// we get the slide
try {
$slide = $this->repository->find($id);
} catch (Exception $e) {
// we log the error
CustomLog::error($e);
return response(['message' => [trans('home.message.slide.find.failure', ['id' => $id]), trans('global.message.global.failure.contact.support', ['email' => config('settings.support_email')])]], 401);
}
// we check the current user permission
if ($permission_denied = Permission::hasPermissionJson('home.slides.update')) {
return response(['active' => $slide->active, 'message' => [$permission_denied]], 401);
}
// if the active field is not given, we set it to false
$request->merge(['active' => $request->get('active', false)]);
// we sanitize the entries
$request->replace(\InputSanitizer::sanitize($request->all()));
// we check inputs validity
$rules = ['active' => 'required|boolean'];
if (is_array($errors = Validation::check($request->all(), $rules, true))) {
return response(['active' => $slide->active, 'message' => $errors], 401);
}
try {
$slide->active = $request->get('active');
$slide->save();
return response(['active' => $slide->active, 'message' => [trans('home.message.slide.activation.success.label', ['action' => trans_choice('users.message.activation.success.action', $slide->active), 'slide' => $slide->title])]], 200);
} catch (\Exception $e) {
// we log the error
CustomLog::error($e);
return response(['active' => $slide->fresh()->active, 'message' => [trans('home.message.slide.activation.failure', ['slide' => $slide->title]), trans('global.message.global.failure.contact.support', ['email' => config('settings.support_email')])]], 401);
}
}
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/include.php";
if (isset($_POST['username']) && $_POST['password']) {
if ($USERSESS->isLoggedIn()) {
echo 'You are already logged in';
exit;
//A dirty fix to try to fix the attempt relogging. Will have to put the login html at the top of the page at some point.
}
$SANTIZER = new InputSanitizer($_POST);
$SANTIZER->addFilter("username", FILTER_SANITIZE_STRING);
$sant_array = $SANTIZER->filter();
$username = $sant_array[0];
$password = md5($_POST['password']);
$connection = $DB->connect();
$login_query = new sqlDBQueryResult($connection, "SELECT UserID FROM USERINFO WHERE USERNAME = \$1", $params = array($username));
$login_query->query();
$login_result = $login_query->getRow();
if ($login_result == null) {
echo 'No such username was found';
} else {
$userid = $login_result["userid"];
$USERSESS->logIn();
$USERSESS->setUserFields($username, $userid);
$REDIRECTOR->redirectFromRoot('index');
}
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/include.php';
if (isset($_GET['characterid'])) {
$SANTIZER = new InputSanitizer($_GET);
$SANTIZER->addFilter("characterid", FILTER_SANITIZE_NUMBER_INT);
//Add Validation
$sant_arr = $SANTIZER->filter();
$connection = $DB->connect();
$character_query = new sqlDBQueryResult($connection, "SELECT * FROM CHARACTER WHERE characterid = \$1 LIMIT 1", $params = $sant_arr);
$character_query->query();
$char_stat_arr = $character_query->getRow();
if ($char_stat_arr == null) {
$RENDENGINE->render(new Text("NO WAIFU DESU!!!! Nonexistent Character!"));
} else {
$rendList = new RenderList();
$rendList->addRenderable(new Text('<div id="waifu">
<div class="waifuinfo">
<table>
<tr> <th> Field </th>
<th> Value </th></tr>'));
$key_arr = ["CharacterID" => "pub", "First Name" => "pub", "Last Name" => "pub", "Hair Color" => "pub", "Eye Color" => "pub", "Height" => "pub", "Weight" => "pub", "Bust" => "pub", "Waist" => "pub", "Hips" => "pub", "Body Type" => "pub", "Personality" => "pub", "Description" => "protect", "AvatarPath" => "protect", "AvatarThumbPath" => "protect"];
$val_arr = array_combine(array_keys($key_arr), array_values($char_stat_arr));
foreach ($val_arr as $key => $value) {
if ($key_arr[$key] == "pub") {
$rendList->addRenderable(new Text("<tr> <td> {$key} </td> <td> {$value} </td> </tr>"));
}
}
$rendList->addRenderable(new Text("</table>"));
$rendList->addRenderable(new Text('<h3> Description </h3> <div class="waifudescrip">' . $val_arr["Description"] . '</div> <a href="#"> Edit this page </a> </div>'));
$rendList->addRenderable(new Text('<img src="' . Config::IMAGE_ROOT . $val_arr["AvatarPath"] . '"style=float: right; margin-left: auto;>'));
function VideoList($content)
{
// print_r($content);
$sanit = new InputSanitizer();
echo '<ul class="videolist">';
foreach ($content as $k => $video) {
echo '<li class="video">';
$linkOpen = '<a href="' . $video->pageUrl . '" target="_blank">';
echo $linkOpen . '<img class="thumbnail" src="' . $video->icon . '"></a>';
echo '<p class="title">';
echo $linkOpen . $sanit->process($video->title, 30);
echo '</a></p>';
echo '<p class="description">' . $sanit->process($video->description, 40) . '</p>';
/*
echo '<div class="config buttonbar"><ul><li>';
if (isset($existingmedia[$video->url])) {
echo '<a href="javascript://" onclick="removemedia(this, \''
$video->url
. '\');">';
echo 'Eemove from Galery';
echo '</a>';
} else {
echo '<a href="javascript://" onclick="addmedia(this, \''
$video->url
. '\');">';
echo 'Add to Galery';
echo '</a>';
}
echo '</li></ul></div>';
*/
echo '</li>';
}
echo '</ul>';
echo '<p class="header"> </p>';
}
