function _filter($html, $truncate = NULL, $params = NULL) { require_once PA::$path . "/ext/InputSanitizer/InputSanitizer.php"; $defaults = NULL; // bleep out cuss words $defaults->filter_profanity = TRUE; // strip most html $defaults->passthrough_html = FALSE; // and break longish strings $defaults->wbr = 15; // minimal HTML formating $defaults->taglist = array('ul', 'li', 'p', 'br', 'b', 'strong', 'em', 'i'); $defaults->collapseWhitespace = TRUE; foreach ($defaults as $k => $v) { if (empty($params->{$k})) { $params->{$k} = $v; } } $sDom = new InputSanitizer(@$params->taglist, @$params->attrlist); $sDom->wbr = @$params->wbr; // break long strings every 15 chars $sDom->htmlAllowedEverywhere = TRUE; $sDom->passthrough = @$params->passthrough_html; $sDom->collapseWhitespace = $params->collapseWhitespace; $filered_drop = array(); foreach ($sDom->dropWithChildren as $i => $tag) { if (!in_array($tag, $params->taglist)) { $filered_drop[] = $tag; } } $sDom->dropWithChildren = $filered_drop; $html = $sDom->process($html, $truncate); if (@$params->filter_profanity) { require_once PA::$path . "/api/Validation/ProfanityFilter.php"; $html = ProfanityFilter::filterHTML($html); } return $html; }
<?php require $_SERVER['DOCUMENT_ROOT'] . "/include.php"; require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/charavatar.php"; require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/thumbnail.php"; $post_array = ['firstname', 'lastname', 'haircolor', 'eyecolor', 'height', 'weight', 'bustsize', 'hipsize', 'waistsize', 'bodytype', 'personality', 'description']; $avatar_img = !empty($_FILES) ? $_FILES['files']['tmp_name'] : null; if (isset($_POST) && !array_diff($post_array, array_keys($_POST)) && !empty($_FILES) && $_FILES["files"]["error"] == UPLOAD_ERR_OK) { if (in_array("", array_values($_POST))) { $RENDENGINE->render(new Text("Sorry. One of more of the fields were not filled out!")); exit; } $SANTIZER = new InputSanitizer($_POST); //Will think of better sanitize flags. Will add validation steps as well. Remember to santize avatar as well. $SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("haircolor", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("eyecolor", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("height", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("weight", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("bustsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("hipsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("waistsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("bodytype", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("personality", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("description", FILTER_SANITIZE_STRING); $sant_array = $SANTIZER->filter(); $connection = $DB->connect(); /*Error handling?*/ $char_ava = new CharacterAvatar($avatar_img); $thumb = new ThumbNail($avatar_img);
$rendlist->addRenderable(new Text('<textarea rows="7" columns="20" name="about">' . $user_fields["about"] . '</textarea>')); $rendlist->addRenderable(new Text('<img src="' . Config::USER_IMAGE_ROOT . $user_fields["avatarpath"] . '">')); $rendlist->addRenderable(new Text('</div>')); $RENDENGINE->render($rendlist); ?> <input name="files" type="file" accept="image/*"> <div class="form-group"> <button type="submit" class="btn" value="Submit">Submit</button> </div> </form> <?php if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) { $SANTIZER = new InputSanitizer($_POST); $SANTIZER->addFilter("about", FILTER_SANITIZE_STRING); $sant_arr = $SANTIZER->filter(); /* We will not worry about deleting the old image for now. Should be implemented later, however. */ $connection2 = $DB->connect(); if ($avatar_img != null) { require $_SERVER['DOCUMENT_ROOT'] . "/Common/ImageManager/useravatar.php"; $img_mang = new UserAvatar($avatar_img); $ava_path = $img_mang->createImage($USERSESS->getUserID()); (new sqlDBExecute($connection2, "UPDATE USERINFO SET About = \$1,AvatarPath = \$2 WHERE UserID = \$3", array($sant_arr[0], $ava_path, $USERSESS->getUserID())))->execute(); } else { /*Redundent for now*/ (new sqlDBExecute($connection2, "UPDATE USERINFO SET About = \$1 WHERE UserID = \$2", array($sant_arr[0], $USERSESS->getUserID())))->execute(); }
function chop_string($string, $length = 30, $link = "") { if (has_html($string)) { $san = new InputSanitizer(); $san->passthrough = TRUE; // we want no HTML filtering here $return = $san->process($string, $length); } else { $return = substr($string, 0, $length); if (strlen($string) > $length) { $return .= ".."; /* if($length >= DESCRIPTION_LENGTH && !empty($link)) { $return .= "<br><a href='".$link."' class='forums-module'>read more..</a>"; } */ } } $return = nl2br($return); return $return; }
<?php include $_SERVER['DOCUMENT_ROOT'] . "/include.php"; include_once $_SERVER['DOCUMENT_ROOT'] . "/config.php"; $post_array = array("firstname", "lastname"); if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) { $SANTIZER = new InputSanitizer($_POST); $SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING); $sant_array = $SANTIZER->filter(); $conn = $DB->connect(); $char_query = new sqlDBQueryResult($conn, "SELECT CharacterID, FirstName, LastName, AvatarThumbPath FROM Character WHERE FirstName=\$1 or LastName=\$2;", array($sant_array[0], $sant_array[1])); $char_query->query(); $result_list = new RenderList(); $media_head = '<div class="media">'; $result_list->addRenderable(new Text($media_head)); //Turn this into a file. More convenient. while ($row = $char_query->getRow()) { $media_rend = new RenderList(new Text('<a class="media-left" href="/Public/Waifu/waifu.php?characterid=' . $row["characterid"] . '">'), new Text('<img class="media-object" src="' . Config::THUMB_IMAGE_ROOT . $row["avatarthumbpath"] . '">'), new Text('<div class="media-body">' . $row["firstname"] . $row["lastname"])); $result_list->addRenderable($media_rend); } $result_list->addRenderable(new Text("</a></div></div>")); //Add this encapsulation functionality in render list class? or different object? $RENDENGINE->render($result_list); }
public function activate($id, Request $request) { // we get the slide try { $slide = $this->repository->find($id); } catch (Exception $e) { // we log the error CustomLog::error($e); return response(['message' => [trans('home.message.slide.find.failure', ['id' => $id]), trans('global.message.global.failure.contact.support', ['email' => config('settings.support_email')])]], 401); } // we check the current user permission if ($permission_denied = Permission::hasPermissionJson('home.slides.update')) { return response(['active' => $slide->active, 'message' => [$permission_denied]], 401); } // if the active field is not given, we set it to false $request->merge(['active' => $request->get('active', false)]); // we sanitize the entries $request->replace(\InputSanitizer::sanitize($request->all())); // we check inputs validity $rules = ['active' => 'required|boolean']; if (is_array($errors = Validation::check($request->all(), $rules, true))) { return response(['active' => $slide->active, 'message' => $errors], 401); } try { $slide->active = $request->get('active'); $slide->save(); return response(['active' => $slide->active, 'message' => [trans('home.message.slide.activation.success.label', ['action' => trans_choice('users.message.activation.success.action', $slide->active), 'slide' => $slide->title])]], 200); } catch (\Exception $e) { // we log the error CustomLog::error($e); return response(['active' => $slide->fresh()->active, 'message' => [trans('home.message.slide.activation.failure', ['slide' => $slide->title]), trans('global.message.global.failure.contact.support', ['email' => config('settings.support_email')])]], 401); } }
<?php include $_SERVER['DOCUMENT_ROOT'] . "/include.php"; if (isset($_POST['username']) && $_POST['password']) { if ($USERSESS->isLoggedIn()) { echo 'You are already logged in'; exit; //A dirty fix to try to fix the attempt relogging. Will have to put the login html at the top of the page at some point. } $SANTIZER = new InputSanitizer($_POST); $SANTIZER->addFilter("username", FILTER_SANITIZE_STRING); $sant_array = $SANTIZER->filter(); $username = $sant_array[0]; $password = md5($_POST['password']); $connection = $DB->connect(); $login_query = new sqlDBQueryResult($connection, "SELECT UserID FROM USERINFO WHERE USERNAME = \$1", $params = array($username)); $login_query->query(); $login_result = $login_query->getRow(); if ($login_result == null) { echo 'No such username was found'; } else { $userid = $login_result["userid"]; $USERSESS->logIn(); $USERSESS->setUserFields($username, $userid); $REDIRECTOR->redirectFromRoot('index'); } }
<?php require $_SERVER['DOCUMENT_ROOT'] . '/include.php'; if (isset($_GET['characterid'])) { $SANTIZER = new InputSanitizer($_GET); $SANTIZER->addFilter("characterid", FILTER_SANITIZE_NUMBER_INT); //Add Validation $sant_arr = $SANTIZER->filter(); $connection = $DB->connect(); $character_query = new sqlDBQueryResult($connection, "SELECT * FROM CHARACTER WHERE characterid = \$1 LIMIT 1", $params = $sant_arr); $character_query->query(); $char_stat_arr = $character_query->getRow(); if ($char_stat_arr == null) { $RENDENGINE->render(new Text("NO WAIFU DESU!!!! Nonexistent Character!")); } else { $rendList = new RenderList(); $rendList->addRenderable(new Text('<div id="waifu"> <div class="waifuinfo"> <table> <tr> <th> Field </th> <th> Value </th></tr>')); $key_arr = ["CharacterID" => "pub", "First Name" => "pub", "Last Name" => "pub", "Hair Color" => "pub", "Eye Color" => "pub", "Height" => "pub", "Weight" => "pub", "Bust" => "pub", "Waist" => "pub", "Hips" => "pub", "Body Type" => "pub", "Personality" => "pub", "Description" => "protect", "AvatarPath" => "protect", "AvatarThumbPath" => "protect"]; $val_arr = array_combine(array_keys($key_arr), array_values($char_stat_arr)); foreach ($val_arr as $key => $value) { if ($key_arr[$key] == "pub") { $rendList->addRenderable(new Text("<tr> <td> {$key} </td> <td> {$value} </td> </tr>")); } } $rendList->addRenderable(new Text("</table>")); $rendList->addRenderable(new Text('<h3> Description </h3> <div class="waifudescrip">' . $val_arr["Description"] . '</div> <a href="#"> Edit this page </a> </div>')); $rendList->addRenderable(new Text('<img src="' . Config::IMAGE_ROOT . $val_arr["AvatarPath"] . '"style=float: right; margin-left: auto;>'));
function VideoList($content) { // print_r($content); $sanit = new InputSanitizer(); echo '<ul class="videolist">'; foreach ($content as $k => $video) { echo '<li class="video">'; $linkOpen = '<a href="' . $video->pageUrl . '" target="_blank">'; echo $linkOpen . '<img class="thumbnail" src="' . $video->icon . '"></a>'; echo '<p class="title">'; echo $linkOpen . $sanit->process($video->title, 30); echo '</a></p>'; echo '<p class="description">' . $sanit->process($video->description, 40) . '</p>'; /* echo '<div class="config buttonbar"><ul><li>'; if (isset($existingmedia[$video->url])) { echo '<a href="javascript://" onclick="removemedia(this, \'' $video->url . '\');">'; echo 'Eemove from Galery'; echo '</a>'; } else { echo '<a href="javascript://" onclick="addmedia(this, \'' $video->url . '\');">'; echo 'Add to Galery'; echo '</a>'; } echo '</li></ul></div>'; */ echo '</li>'; } echo '</ul>'; echo '<p class="header"> </p>'; }