private function filterCartInput($v) { $v = tsmilter::hl($v, array('deny_attribute' => '*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $v = JComponentHelper::filterText($v); $v = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $v); //replace start of script onclick() onload()... $v = str_replace(array('"', "\t", "\n", "\r", "", "\v"), ' ', trim($v)); return (string) preg_replace('#^\'#si', '', $v); }
/** * Prepare a user field for database update */ public function prepareFieldDataSave($field, &$data) { // $post = vRequest::getRequest(); $fieldType = $field->type; $fieldName = $field->name; $value = $data[$field->name]; $params = $field->userfield_params; if (!class_exists('tsmilter')) { require VMPATH_ADMIN . DS . 'helpers' . DS . 'tsmfilter.php'; } switch (strtolower($fieldType)) { case 'webaddress': if (isset($post[$fieldName . "Text"]) && $post[$fieldName . "Text"]) { $oValuesArr = array(); $oValuesArr[0] = str_replace(array('mailto:', 'http://', 'https://'), '', $value); $oValuesArr[1] = str_replace(array('mailto:', 'http://', 'https://'), '', $post[$fieldName . "Text"]); $value = implode("|*|", $oValuesArr); } else { if ($value = tsmilter::urlcheck($value)) { $value = str_replace(array('mailto:', 'http://', 'https://'), '', $value); } } break; case 'email': case 'emailaddress': //vmdebug('emailaddress before filter',$value); $value = tsmilter::mail($value); //$value = str_replace('mailto:','', $value); //$value = str_replace(array('\'','"',',','%','*','/','\\','?','^','`','{','}','|','~'),array(''),$value); //vmdebug('emailaddress after filter',$value); break; // case 'phone': // $value = vmFilter::phone( $value ); // break; // case 'phone': // $value = vmFilter::phone( $value ); // break; case 'multiselect': case 'multicheckbox': case 'select': if (is_array($value)) { $value = implode("|*|", $value); } break; case 'age_verification': $value = vRequest::getInt('birthday_selector_year') . '-' . vRequest::getInt('birthday_selector_month') . '-' . vRequest::getInt('birthday_selector_day'); break; case 'textarea': $value = vRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW); $value = tsmilter::hl($value, 'text'); break; case 'editorta': $value = vRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW); $value = tsmilter::hl($value, 'no_js_flash'); break; default: // //*** code for htmlpurifier *** // //SEE http://htmlpurifier.org/ // // must only add all htmlpurifier in library/htmlpurifier/ // if (!$this->htmlpurifier) { // require(VMPATH_ADMIN.DS.'library'.DS.'htmlpurifier'.DS.'HTMLPurifier.auto.php'); // $config = HTMLPurifier_Config::createDefault(); // $this->htmlpurifier = new HTMLPurifier($config); // } // $value = $this->htmlpurifier->purify($value); // vmdebug( "purified filter" , $value); //$config->set('URI.HostBlacklist', array('google.com'));// set eg .add google.com in black list if (strpos($fieldType, 'plugin') !== false) { JPluginHelper::importPlugin('vmuserfield'); $dispatcher = JDispatcher::getInstance(); // vmdebug('params',$params); $dispatcher->trigger('plgVmPrepareUserfieldDataSave', array($fieldType, $fieldName, &$data, &$value, $params)); return $value; } // no HTML TAGS but permit all alphabet $value = tsmilter::hl($value, array('deny_attribute' => '*')); $value = preg_replace('@<[\\/\\!]*?[^<>]*?>@si', '', $value); //remove all html tags $value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value); //replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value), "'"); $value = (string) preg_replace('#^\'#si', '', $value); //replace ' at start break; } return $value; }