/** * Execute the action */ public function execute() { parent::execute(); // get parameters $categoryTitle = trim(\SpoonFilter::getPostValue('value', null, '', 'string')); // validate if ($categoryTitle === '') { $this->output(self::BAD_REQUEST, null, BL::err('TitleIsRequired')); } else { // get the data // build array $item['title'] = \SpoonFilter::htmlspecialchars($categoryTitle); $item['language'] = BL::getWorkingLanguage(); $meta['keywords'] = $item['title']; $meta['keywords_overwrite'] = 'N'; $meta['description'] = $item['title']; $meta['description_overwrite'] = 'N'; $meta['title'] = $item['title']; $meta['title_overwrite'] = 'N'; $meta['url'] = BackendBlogModel::getURLForCategory(\SpoonFilter::urlise($item['title'])); // update $item['id'] = BackendBlogModel::insertCategory($item, $meta); // output $this->output(self::OK, $item, vsprintf(BL::msg('AddedCategory'), array($item['title']))); } }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $id = \SpoonFilter::getPostValue('id', null, 0, 'int'); $tag = trim(\SpoonFilter::getPostValue('value', null, '', 'string')); // validate id if ($id === 0) { $this->output(self::BAD_REQUEST, null, 'no id provided'); } else { // validate tag name if ($tag === '') { $this->output(self::BAD_REQUEST, null, BL::err('NameIsRequired')); } else { // check if tag exists if (BackendTagsModel::existsTag($tag)) { $this->output(self::BAD_REQUEST, null, BL::err('TagAlreadyExists')); } else { $item['id'] = $id; $item['tag'] = \SpoonFilter::htmlspecialchars($tag); $item['url'] = BackendTagsModel::getURL(CommonUri::getUrl(\SpoonFilter::htmlspecialcharsDecode($item['tag'])), $id); BackendTagsModel::update($item); $this->output(self::OK, $item, vsprintf(BL::msg('Edited'), array($item['tag']))); } } } }
/** * Execute the action */ public function execute() { // call parent, this will probably add some general CSS/JS or other required files parent::execute(); // get parameters $charset = $this->getContainer()->getParameter('kernel.charset'); $searchTerm = \SpoonFilter::getPostValue('term', null, ''); $term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm); $limit = (int) $this->get('fork.settings')->get('Search', 'autocomplete_num_items', 10); // validate if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } else { // get matches $matches = FrontendSearchModel::getStartsWith($term, FRONTEND_LANGUAGE, $limit); // get search url $url = FrontendNavigation::getURLForBlock('Search'); // loop items and set search url foreach ($matches as &$match) { $match['url'] = $url . '?form=search&q=' . $match['term']; } // output $this->output(self::OK, $matches); } }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $charset = $this->getContainer()->getParameter('kernel.charset'); $searchTerm = \SpoonFilter::getPostValue('term', null, ''); $term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm); // validate search term if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } else { // previous search result $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : ''; \SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $term) { // format data $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie \SpoonSession::set('searchTerm', $term); // output $this->output(self::OK); } }
/** * Execute the action * * @return void */ public function execute() { // call parent, this will probably add some general CSS/JS or other required files parent::execute(); // get parameters $id = SpoonFilter::getPostValue('id', null, 0, 'int'); $tag = trim(SpoonFilter::getPostValue('value', null, '', 'string')); // validate if ($id === 0) { $this->output(self::BAD_REQUEST, null, 'no id provided'); } if ($tag === '') { $this->output(self::BAD_REQUEST, null, BL::err('NameIsRequired')); } // check if tag exists if (BackendTagsModel::existsTag($tag)) { $this->output(self::BAD_REQUEST, null, BL::err('TagAlreadyExists')); } // build array $item['id'] = $id; $item['tag'] = SpoonFilter::htmlspecialchars($tag); $item['url'] = BackendTagsModel::getURL($item['tag'], $id); // update BackendTagsModel::update($item); // output $this->output(self::OK, $item, vsprintf(BL::msg('Edited'), array($item['tag']))); }
/** * Retrieve the initial or submitted value. * * @param bool[optional] $allowHTML Is HTML allowed? * @return string */ public function getValue($allowHTML = null) { // redefine default value $value = $this->value; // added to form if ($this->isSubmitted()) { // post/get data $data = $this->getMethod(true); // submitted by post/get (may be empty) if (isset($data[$this->attributes['name']])) { // value $value = $data[$this->getName()]; $value = is_scalar($value) ? (string) $value : 'Array'; if (!$allowHTML) { $value = Spoon::getCharset() == 'utf-8' ? SpoonFilter::htmlspecialchars($value) : SpoonFilter::htmlentities($value); } } } return $value; }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $formId = \SpoonFilter::getPostValue('form_id', null, '', 'int'); $fieldId = \SpoonFilter::getPostValue('field_id', null, '', 'int'); $type = \SpoonFilter::getPostValue('type', array('checkbox', 'dropdown', 'datetime', 'heading', 'paragraph', 'radiobutton', 'submit', 'textarea', 'textbox'), '', 'string'); $label = trim(\SpoonFilter::getPostValue('label', null, '', 'string')); $values = trim(\SpoonFilter::getPostValue('values', null, '', 'string')); // this is somewhat a nasty hack, but it makes special chars work. $values = \SpoonFilter::htmlspecialcharsDecode($values); $defaultValues = trim(\SpoonFilter::getPostValue('default_values', null, '', 'string')); $placeholder = trim(\SpoonFilter::getPostValue('placeholder', null, '', 'string')); $required = \SpoonFilter::getPostValue('required', array('Y', 'N'), 'N', 'string'); $requiredErrorMessage = trim(\SpoonFilter::getPostValue('required_error_message', null, '', 'string')); $validation = \SpoonFilter::getPostValue('validation', array('email', 'numeric', 'time'), '', 'string'); $validationParameter = trim(\SpoonFilter::getPostValue('validation_parameter', null, '', 'string')); $errorMessage = trim(\SpoonFilter::getPostValue('error_message', null, '', 'string')); // special field for textbox: reply to $replyTo = \SpoonFilter::getPostValue('reply_to', array('Y', 'N'), 'N', 'string'); // special fields for datetime $inputType = \SpoonFilter::getPostValue('input_type', array('date', 'time'), 'date', 'string'); $valueAmount = trim(\SpoonFilter::getPostValue('value_amount', null, '', 'string')); $valueType = trim(\SpoonFilter::getPostValue('value_type', null, '', 'string')); // invalid form id if (!BackendFormBuilderModel::exists($formId)) { $this->output(self::BAD_REQUEST, null, 'form does not exist'); } else { // invalid fieldId if ($fieldId !== 0 && !BackendFormBuilderModel::existsField($fieldId, $formId)) { $this->output(self::BAD_REQUEST, null, 'field does not exist'); } else { // invalid type if ($type == '') { $this->output(self::BAD_REQUEST, null, 'invalid type provided'); } else { // extra validation is only possible for textfields & datetime fields if ($type != 'textbox' && $type != 'datetime') { $validation = ''; $validationParameter = ''; $errorMessage = ''; } // init $errors = array(); // validate textbox if ($type == 'textbox') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($replyTo == 'Y' && $validation != 'email') { $errors['reply_to_error_message'] = BL::getError('EmailValidationIsRequired'); } } elseif ($type == 'textarea') { // validate textarea if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'datetime') { // validate datetime if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if (in_array($valueType, array('day', 'week', 'month', 'year')) && $valueAmount == '') { $errors['default_value_error_message'] = BL::getError('ValueIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'heading' && $values == '') { // validate heading $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'paragraph' && $values == '') { // validate paragraphs $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'submit' && $values == '') { // validate submitbuttons $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'dropdown') { // validate dropdown $values = trim($values, ','); // validate if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'radiobutton') { // validate radiobutton if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'checkbox') { // validate checkbox if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } } // got errors if (!empty($errors)) { $this->output(self::OK, array('errors' => $errors), 'form contains errors'); } else { // htmlspecialchars except for paragraphs if ($type != 'paragraph') { if ($values != '') { $values = \SpoonFilter::htmlspecialchars($values); } if ($defaultValues != '') { $defaultValues = \SpoonFilter::htmlspecialchars($defaultValues); } } // split if ($type == 'dropdown' || $type == 'checkbox') { $values = (array) explode('|', $values); } elseif ($type == 'radiobutton') { $postedValues = (array) explode('|', $values); $values = array(); foreach ($postedValues as $postedValue) { $values[] = array('value' => CommonUri::getUrl($postedValue), 'label' => $postedValue); } } /** * Save! */ // settings $settings = array(); if ($label != '') { $settings['label'] = \SpoonFilter::htmlspecialchars($label); } if (isset($values)) { $settings['values'] = $values; } if ($defaultValues != '') { $settings['default_values'] = $defaultValues; } if ($placeholder != '') { $settings['placeholder'] = \SpoonFilter::htmlspecialchars($placeholder); } // reply-to, only for textboxes if ($type == 'textbox') { $settings['reply_to'] = $replyTo == 'Y'; } // only for datetime input if ($type == 'datetime') { $settings['input_type'] = $inputType; if ($inputType == 'date') { $settings['value_amount'] = $valueAmount; $settings['value_type'] = $valueType; } } // build array $field = array(); $field['form_id'] = $formId; $field['type'] = $type; $field['settings'] = !empty($settings) ? serialize($settings) : null; // existing field if ($fieldId !== 0) { // update field BackendFormBuilderModel::updateField($fieldId, $field); // delete all validation (added again later) BackendFormBuilderModel::deleteFieldValidation($fieldId); } else { // sequence $field['sequence'] = BackendFormBuilderModel::getMaximumSequence($formId) + 1; // insert $fieldId = BackendFormBuilderModel::insertField($field); } // required if ($required == 'Y') { // build array $validate['field_id'] = $fieldId; $validate['type'] = 'required'; $validate['error_message'] = \SpoonFilter::htmlspecialchars($requiredErrorMessage); // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations']['required'] = $validate; } // other validation if ($validation != '') { // build array $validate['field_id'] = $fieldId; $validate['type'] = $validation; $validate['error_message'] = \SpoonFilter::htmlspecialchars($errorMessage); $validate['parameter'] = $validationParameter != '' ? \SpoonFilter::htmlspecialchars($validationParameter) : null; // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations'][$type] = $validate; } // get item from database (i do this call again to keep the pof as low as possible) $field = BackendFormBuilderModel::getField($fieldId); // submit button isnt parsed but handled directly via javascript if ($type == 'submit') { $fieldHTML = ''; } else { // parse field to html $fieldHTML = FormBuilderHelper::parseField($field); } // success output $this->output(self::OK, array('field_id' => $fieldId, 'field_html' => $fieldHTML), 'field saved'); } } } } }
/** * Truncate a string * syntax: {$var|truncate:max-length[:append-hellip][:closest-word]} * * @param string $var The string passed from the template. * @param int $length The maximum length of the truncated string. * @param bool $useHellip Should a hellip be appended if the length exceeds the requested length? * @param bool $closestWord Truncate on exact length or on closest word? * @return string */ public static function truncate($var = null, $length, $useHellip = true, $closestWord = false) { // init vars $charset = BackendModel::getContainer()->getParameter('kernel.charset'); // remove special chars, all of them, also the ones that shouldn't be there. $var = \SpoonFilter::htmlentitiesDecode($var, null, ENT_QUOTES); // remove HTML $var = strip_tags($var); // less characters if (mb_strlen($var) <= $length) { return \SpoonFilter::htmlspecialchars($var); } else { // more characters // hellip is seen as 1 char, so remove it from length if ($useHellip) { $length = $length - 1; } // truncate if ($closestWord) { $var = mb_substr($var, 0, strrpos(substr($var, 0, $length + 1), ' '), $charset); } else { $var = mb_substr($var, 0, $length, $charset); } // add hellip if ($useHellip) { $var .= '…'; } // return return \SpoonFilter::htmlspecialchars($var, ENT_QUOTES); } }
/** * Parse SEO specific data */ private function parseSeo() { // when on the homepage of the default language, set the clean site url as canonical, because of redirect fix $queryString = trim($this->URL->getQueryString(), '/'); $language = $this->get('fork.settings')->get('Core', 'default_language', SITE_DEFAULT_LANGUAGE); if ($queryString == $language) { $this->canonical = rtrim(SITE_URL, '/'); if ($this->getContainer()->getParameter('site.multilanguage')) { $this->canonical .= '/' . $language; } } // any canonical URL provided? if ($this->canonical != '') { $url = $this->canonical; } else { // get the chunks of the current url $urlChunks = parse_url($this->URL->getQueryString()); // a canonical url should contain the domain. So make sure you // redirect your website to a single url with .htaccess $url = rtrim(SITE_URL, '/'); if (isset($urlChunks['port'])) { $url .= ':' . $urlChunks['port']; } if (isset($urlChunks['path'])) { $url .= '/' . $urlChunks['path']; } // any items provided through GET? if (isset($urlChunks['query'])) { // the items we should add into the canonical url $itemsToAdd = array('page'); $addToUrl = array(); // loop all items in GET and check if we should ignore them foreach ($_GET as $key => $value) { if (in_array($key, $itemsToAdd)) { $addToUrl[$key] = $value; } } // add GET-params if (!empty($addToUrl)) { $url .= '?' . http_build_query($addToUrl); } } } // prevent against xss $charset = $this->getContainer()->getParameter('kernel.charset'); $url = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($url) : \SpoonFilter::htmlentities($url); $this->addLink(array('rel' => 'canonical', 'href' => $url)); if ($this->get('fork.settings')->get('Core', 'seo_noodp', false)) { $this->addMetaData(array('name' => 'robots', 'content' => 'noodp')); } if ($this->get('fork.settings')->get('Core', 'seo_noydir', false)) { $this->addMetaData(array('name' => 'robots', 'content' => 'noydir')); } }
/** * Truncate a string * * @param string $string The string to truncate. * @param int $length The maximumlength for the string. * @param bool $useHellip Should a hellip be appended? * @return string */ public static function truncate($string, $length, $useHellip = true) { // remove special chars $string = htmlspecialchars_decode($string); // less characters if (mb_strlen($string) <= $length) { return \SpoonFilter::htmlspecialchars($string); } else { // more characters // hellip is seen as 1 char, so remove it from length if ($useHellip) { $length = $length - 1; } // get the amount of requested characters $string = mb_substr($string, 0, $length); // add hellip if ($useHellip) { $string .= '…'; } return \SpoonFilter::htmlspecialchars($string); } }
/** * Truncate a string * syntax: {{ $string|truncate($max-length, $append-hellip, $closest-word) }}. * * @param string $string The string passed from the template. * @param int $length The maximum length of the truncated string. * @param bool $useHellip Should a hellip be appended if the length exceeds the requested length? * @param bool $closestWord Truncate on exact length or on closest word? * * @return string */ public static function truncate($string, $length, $useHellip = true, $closestWord = false) { // remove special chars, all of them, also the ones that shouldn't be there. $string = \SpoonFilter::htmlentitiesDecode($string, null, ENT_QUOTES); // remove HTML $string = strip_tags($string); // less characters if (mb_strlen($string) <= $length) { return \SpoonFilter::htmlspecialchars($string); } else { // more characters // hellip is seen as 1 char, so remove it from length if ($useHellip) { --$length; } // truncate if ($closestWord) { $string = mb_substr($string, 0, strrpos(substr($string, 0, $length + 1), ' '), 'UTF-8'); } else { $string = mb_substr($string, 0, $length, 'UTF8'); } // add hellip if ($useHellip) { $string .= '…'; } // return return \SpoonFilter::htmlspecialchars($string, ENT_QUOTES); } }
/** * Retrieve the initial or submitted value. * * @return string * @param bool[optional] $allowHTML Is HTML allowed? */ public function getValue($allowHTML = null) { // redefine html & default value $allowHTML = $allowHTML !== null ? (bool) $allowHTML : $this->isHTML; $value = $this->value; // contains html if ($this->isHTML) { // set value $value = SPOON_CHARSET == 'utf-8' ? SpoonFilter::htmlspecialchars($value) : SpoonFilter::htmlentities($value); } // form submitted if ($this->isSubmitted()) { // post/get data $data = $this->getMethod(true); // submitted by post (may be empty) if (isset($data[$this->getName()])) { // value $value = $data[$this->attributes['name']]; // maximum length? if (isset($this->attributes['maxlength']) && $this->attributes['maxlength'] > 0) { $value = mb_substr($value, 0, (int) $this->attributes['maxlength'], SPOON_CHARSET); } // html allowed? if (!$allowHTML) { $value = SPOON_CHARSET == 'utf-8' ? SpoonFilter::htmlspecialchars($value) : SpoonFilter::htmlentities($value); } } } return $value; }
/** * Truncate a string * syntax: {$var|truncate:max-length[:append-hellip]} * * @param string[optional] $var A placeholder var, will be replaced with the generated HTML. * @param int $length The maximum length of the truncated string. * @param bool[optional] $useHellip Should a hellip be appended if the length exceeds the requested length? * @return string */ public static function truncate($var = null, $length, $useHellip = true) { // remove special chars $var = htmlspecialchars_decode($var, ENT_QUOTES); // remove HTML $var = strip_tags($var); // less characters if (mb_strlen($var) <= $length) { return SpoonFilter::htmlspecialchars($var); } else { // hellip is seen as 1 char, so remove it from length if ($useHellip) { $length = $length - 1; } // get the amount of requested characters $var = mb_substr($var, 0, $length); // add hellip if ($useHellip) { $var .= '…'; } return SpoonFilter::htmlspecialchars($var, ENT_QUOTES); } }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $formId = SpoonFilter::getPostValue('form_id', null, '', 'int'); $fieldId = SpoonFilter::getPostValue('field_id', null, '', 'int'); $type = SpoonFilter::getPostValue('type', array('checkbox', 'dropdown', 'heading', 'paragraph', 'radiobutton', 'submit', 'textarea', 'textbox'), '', 'string'); $label = trim(SpoonFilter::getPostValue('label', null, '', 'string')); $values = trim(SpoonFilter::getPostValue('values', null, '', 'string')); $defaultValues = trim(SpoonFilter::getPostValue('default_values', null, '', 'string')); $required = SpoonFilter::getPostValue('required', array('Y', 'N'), 'N', 'string'); $requiredErrorMessage = trim(SpoonFilter::getPostValue('required_error_message', null, '', 'string')); $validation = SpoonFilter::getPostValue('validation', array('email', 'numeric'), '', 'string'); $validationParameter = trim(SpoonFilter::getPostValue('validation_parameter', null, '', 'string')); $errorMessage = trim(SpoonFilter::getPostValue('error_message', null, '', 'string')); // invalid form id if (!BackendFormBuilderModel::exists($formId)) { $this->output(self::BAD_REQUEST, null, 'form does not exist'); } // invalid fieldId if ($fieldId !== 0 && !BackendFormBuilderModel::existsField($fieldId, $formId)) { $this->output(self::BAD_REQUEST, null, 'field does not exist'); } // invalid type if ($type == '') { $this->output(self::BAD_REQUEST, null, 'invalid type provided'); } // init $errors = array(); // validate textbox if ($type == 'textbox') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'textarea') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'heading' && $values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'paragraph' && $values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'submit' && $values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'dropdown') { // values trim $values = trim($values, ','); // validate if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'radiobutton') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'checkbox') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } } // got errors if (!empty($errors)) { $this->output(self::OK, array('errors' => $errors), 'form contains errors'); } // htmlspecialchars except for paragraphs if ($type != 'paragraph') { if ($values != '') { $values = SpoonFilter::htmlspecialchars($values); } if ($defaultValues != '') { $defaultValues = SpoonFilter::htmlspecialchars($defaultValues); } } // split if ($type == 'dropdown' || $type == 'radiobutton' || $type == 'checkbox') { $values = (array) explode('|', $values); } /** * Save! */ // settings $settings = array(); if ($label != '') { $settings['label'] = SpoonFilter::htmlspecialchars($label); } if ($values != '') { $settings['values'] = $values; } if ($defaultValues != '') { $settings['default_values'] = $defaultValues; } // build array $field = array(); $field['form_id'] = $formId; $field['type'] = $type; $field['settings'] = !empty($settings) ? serialize($settings) : null; // existing field if ($fieldId !== 0) { // update field BackendFormBuilderModel::updateField($fieldId, $field); // delete all validation (added again later) BackendFormBuilderModel::deleteFieldValidation($fieldId); } else { // sequence $field['sequence'] = BackendFormBuilderModel::getMaximumSequence($formId) + 1; // insert $fieldId = BackendFormBuilderModel::insertField($field); } // required if ($required == 'Y') { // build array $validate['field_id'] = $fieldId; $validate['type'] = 'required'; $validate['error_message'] = SpoonFilter::htmlspecialchars($requiredErrorMessage); // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations']['required'] = $validate; } // other validation if ($validation != '') { // build array $validate['field_id'] = $fieldId; $validate['type'] = $validation; $validate['error_message'] = SpoonFilter::htmlspecialchars($errorMessage); $validate['parameter'] = $validationParameter != '' ? SpoonFilter::htmlspecialchars($validationParameter) : null; // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations'][$type] = $validate; } // get item from database (i do this call again to keep the points of failure as low as possible) $field = BackendFormBuilderModel::getField($fieldId); // submit button isnt parsed but handled directly via javascript if ($type == 'submit') { $fieldHTML = ''; } else { $fieldHTML = FormBuilderHelper::parseField($field); } // success output $this->output(self::OK, array('field_id' => $fieldId, 'field_html' => $fieldHTML), 'field saved'); }
public function testGetValue() { $_POST['form'] = 'textfield'; $_POST['name'] = '<a href="http://www.spoon-library.be">Bobby Tables, my friends call mééé</a>'; $this->assertEquals(SpoonFilter::htmlspecialchars($_POST['name']), $this->txtName->getValue()); $this->assertEquals($_POST['name'], $this->txtName->getValue(true)); $_POST['name'] = array('foo', 'bar'); $this->assertEquals('Array', $this->txtName->getValue()); }
/** * Parse the html for this button. * * @return string * @param SpoonTemplate[optional] $template */ public function parse(SpoonTemplate $template = null) { // start element $output = '<input type="' . $this->type . '" value="' . SpoonFilter::htmlspecialchars($this->value) . '"'; // add attributes $output .= $this->getAttributesHTML(array('[id]' => $this->attributes['id'], '[name]' => $this->attributes['name'], '[value]' => $this->getValue())) . ' />'; // parse if ($template !== null) { $template->assign('btn' . SpoonFilter::toCamelCase($this->attributes['name']), $output); } return $output; }
/** * Validate the form */ private function validateForm() { // set search term $searchTerm = SpoonFilter::getPostValue('term', null, ''); $this->term = SPOON_CHARSET == 'utf-8' ? SpoonFilter::htmlspecialchars($searchTerm) : SpoonFilter::htmlentities($searchTerm); // validate if ($this->term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } }
/** * Validate the form */ private function validateForm() { // set search term $charset = $this->getContainer()->getParameter('kernel.charset'); $searchTerm = \SpoonFilter::getPostValue('term', null, ''); $this->term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm); // validate if ($this->term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } }
/** * Load the form */ private function loadForm() { // create form $this->frm = new FrontendForm('search', null, 'get', null, false); // could also have been submitted by our widget if (!\SpoonFilter::getGetValue('q', null, '')) { $_GET['q'] = \SpoonFilter::getGetValue('q_widget', null, ''); } // create elements $this->frm->addText('q', null, 255, 'inputText liveSuggest autoComplete', 'inputTextError liveSuggest autoComplete'); // since we know the term just here we should set the canonical url here $canonicalUrl = SITE_URL . FrontendNavigation::getURLForBlock('Search'); if (isset($_GET['q']) && $_GET['q'] != '') { $canonicalUrl .= '?q=' . \SpoonFilter::htmlspecialchars($_GET['q']); } $this->header->setCanonicalUrl($canonicalUrl); }
public function testHtmlspecialchars() { // setup $input = '<a href="http://www.spoon-library.be">Ik heb géén bananen vandaag</a>'; $expectedResult = '<a href="http://www.spoon-library.be">Ik heb géén bananen vandaag</a>'; // perform test $this->assertEquals($expectedResult, SpoonFilter::htmlspecialchars($input, 'utf-8')); }
/** * Add all element into the form */ protected function loadForm() { // is the form submitted? if ($this->frm->isSubmitted()) { /** * If the fields are disabled we don't have any values in the post. When an error occurs in the other fields of the form the meta-fields would be cleared * therefore we alter the POST so it contains the initial values. */ if (!isset($_POST['page_title'])) { $_POST['page_title'] = isset($this->data['title']) ? $this->data['title'] : null; } if (!isset($_POST['meta_description'])) { $_POST['meta_description'] = isset($this->data['description']) ? $this->data['description'] : null; } if (!isset($_POST['meta_keywords'])) { $_POST['meta_keywords'] = isset($this->data['keywords']) ? $this->data['keywords'] : null; } if (!isset($_POST['url'])) { $_POST['url'] = isset($this->data['url']) ? $this->data['url'] : null; } if ($this->custom && !isset($_POST['meta_custom'])) { $_POST['meta_custom'] = isset($this->data['custom']) ? $this->data['custom'] : null; } if (!isset($_POST['seo_index'])) { $_POST['seo_index'] = isset($this->data['data']['seo_index']) ? $this->data['data']['seo_index'] : 'none'; } if (!isset($_POST['seo_follow'])) { $_POST['seo_follow'] = isset($this->data['data']['seo_follow']) ? $this->data['data']['seo_follow'] : 'none'; } } // add page title elements into the form $this->frm->addCheckbox('page_title_overwrite', isset($this->data['title_overwrite']) && $this->data['title_overwrite'] == 'Y'); $this->frm->addText('page_title', isset($this->data['title']) ? $this->data['title'] : null); // add meta description elements into the form $this->frm->addCheckbox('meta_description_overwrite', isset($this->data['description_overwrite']) && $this->data['description_overwrite'] == 'Y'); $this->frm->addText('meta_description', isset($this->data['description']) ? $this->data['description'] : null); // add meta keywords elements into the form $this->frm->addCheckbox('meta_keywords_overwrite', isset($this->data['keywords_overwrite']) && $this->data['keywords_overwrite'] == 'Y'); $this->frm->addText('meta_keywords', isset($this->data['keywords']) ? $this->data['keywords'] : null); // add URL elements into the form $this->frm->addCheckbox('url_overwrite', isset($this->data['url_overwrite']) && $this->data['url_overwrite'] == 'Y'); $this->frm->addText('url', isset($this->data['url']) ? urldecode($this->data['url']) : null); // advanced SEO $indexValues = array(array('value' => 'none', 'label' => BL::getLabel('None')), array('value' => 'index', 'label' => 'index'), array('value' => 'noindex', 'label' => 'noindex')); $this->frm->addRadiobutton('seo_index', $indexValues, isset($this->data['data']['seo_index']) ? $this->data['data']['seo_index'] : 'none'); $followValues = array(array('value' => 'none', 'label' => BL::getLabel('None')), array('value' => 'follow', 'label' => 'follow'), array('value' => 'nofollow', 'label' => 'nofollow')); $this->frm->addRadiobutton('seo_follow', $followValues, isset($this->data['data']['seo_follow']) ? $this->data['data']['seo_follow'] : 'none'); // should we add the meta-custom field if ($this->custom) { // add meta custom element into the form $this->frm->addTextarea('meta_custom', isset($this->data['custom']) ? $this->data['custom'] : null); } $this->frm->addHidden('meta_id', $this->id); $this->frm->addHidden('base_field_name', $this->baseFieldName); $this->frm->addHidden('custom', $this->custom); $this->frm->addHidden('class_name', $this->callback['class']); $this->frm->addHidden('method_name', $this->callback['method']); $this->frm->addHidden('parameters', SpoonFilter::htmlspecialchars(serialize($this->callback['parameters']))); }
/** * Retrieve the method post/get. * * @return string */ public function getMethod() { // prevent against xss $method = SPOON_CHARSET == 'utf-8' ? SpoonFilter::htmlspecialchars($this->method) : SpoonFilter::htmlentities($this->method); return $method; }
/** * Parse SEO specific data */ private function parseSeo() { // any canonical URL provided? if ($this->canonical != '') { $url = $this->canonical; } else { // get the chunks of the current url $urlChunks = parse_url($this->URL->getQueryString()); // a canonical url should contain the domain. So make sure you redirect your website to a single url with .htaccess $url = rtrim(SITE_URL, '/'); if (isset($urlChunks['port'])) { $url .= ':' . $urlChunks['port']; } if (isset($urlChunks['path'])) { $url .= '/' . $urlChunks['path']; } // any items provided through GET? if (isset($urlChunks['query'])) { // the items we should add into the canonical url $itemsToAdd = array('page'); $addToUrl = array(); // loop all items in GET and check if we should ignore them foreach ($_GET as $key => $value) { if (in_array($key, $itemsToAdd)) { $addToUrl[$key] = $value; } } // add GET-params if (!empty($addToUrl)) { $url .= '?' . http_build_query($addToUrl); } } } // prevent against xss $url = SPOON_CHARSET == 'utf-8' ? SpoonFilter::htmlspecialchars($url) : SpoonFilter::htmlentities($url); // canonical $this->addLink(array('rel' => 'canonical', 'href' => $url)); // noodp, noydir if (FrontendModel::getModuleSetting('core', 'seo_noodp', false)) { $this->addMetaData(array('name' => 'robots', 'content' => 'noodp')); } if (FrontendModel::getModuleSetting('core', 'seo_noydir', false)) { $this->addMetaData(array('name' => 'robots', 'content' => 'noydir')); } }