static function extract($item) { $keys = array(); // Only try to extract EXIF from photos if ($item->is_photo() && $item->mime_type == "image/jpeg") { $data = array(); require_once MODPATH . "exif/lib/exif.php"; $exif_raw = read_exif_data_raw($item->file_path(), false); if (isset($exif_raw['ValidEXIFData'])) { foreach (self::_keys() as $field => $exifvar) { if (isset($exif_raw[$exifvar[0]][$exifvar[1]])) { $value = $exif_raw[$exifvar[0]][$exifvar[1]]; if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") { $value = utf8_encode($value); } $keys[$field] = utf8::clean($value); if ($field == "DateTime") { $time = strtotime($value); if ($time > 0) { $item->captured = $time; } } else { if ($field == "Caption" && !$item->description) { $item->description = $value; } } } } } $size = getimagesize($item->file_path(), $info); if (is_array($info) && !empty($info["APP13"])) { $iptc = iptcparse($info["APP13"]); foreach (array("Keywords" => "2#025", "Caption" => "2#120") as $keyword => $iptc_key) { if (!empty($iptc[$iptc_key])) { $value = implode(" ", $iptc[$iptc_key]); if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") { $value = utf8_encode($value); } $keys[$keyword] = utf8::clean($value); if ($keyword == "Caption" && !$item->description) { $item->description = $value; } } } } } $item->save(); $record = ORM::factory("exif_record")->where("item_id", $item->id)->find(); if (!$record->loaded) { $record->item_id = $item->id; } $record->data = serialize($keys); $record->key_count = count($keys); $record->dirty = 0; $record->save(); }
error_reporting($ER); // SERVER_UTF8 ? use mb_* functions : use non-native functions if (extension_loaded('mbstring')) { mb_internal_encoding('UTF-8'); define('SERVER_UTF8', TRUE); } else { define('SERVER_UTF8', FALSE); } // Convert all global variables to UTF-8. $_GET = utf8::clean($_GET); $_POST = utf8::clean($_POST); $_COOKIE = utf8::clean($_COOKIE); $_SERVER = utf8::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = utf8::clean($_SERVER['argv']); } final class utf8 { // Called methods static $called = array(); /** * Recursively cleans arrays, objects, and strings. Removes ASCII control * codes and converts to UTF-8 while silently discarding incompatible * UTF-8 characters. * * @param string string to clean * @return string */ public static function clean($str) {
public static function guess_site_domain() { if (PHP_SAPI === 'cli') { // Command line requires a bit of hacking if (isset($_SERVER['argv'][1])) { $current_uri = $_SERVER['argv'][1]; // Remove GET string from segments if (($query = strpos($current_uri, '?')) !== FALSE) { list($current_uri, $query) = explode('?', $current_uri, 2); // Parse the query string into $_GET parse_str($query, $_GET); // Convert $_GET to UTF-8 $_GET = utf8::clean($_GET); } } } elseif (isset($_GET['kohana_uri'])) { // Use the URI defined in the query string $current_uri = $_GET['kohana_uri']; // Remove the URI from $_GET unset($_GET['kohana_uri']); // Remove the URI from $_SERVER['QUERY_STRING'] $_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']); } elseif (isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI']) { $current_uri = $_SERVER['REQUEST_URI']; } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) { $current_uri = $_SERVER['ORIG_PATH_INFO']; } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) { $current_uri = $_SERVER['PHP_SELF']; } else { kohana::log('debug', 'Quessing that the site domain is `/`'); return '/'; } $current_uri = self::determineBaseURI($current_uri); if ($current_uri !== '') { // remove the index page if it is in there $indexPage = Kohana::config('core.index_page'); if (!empty($indexPage)) { $current_uri = str_replace($indexPage, '', $current_uri); } else { $current_uri = str_replace('index.php', '', $current_uri); } // Reduce multiple slashes into single slashes $current_uri = preg_replace('#//+#', '/', $current_uri); $current_uri = '/' . trim($current_uri, '/') . '/'; kohana::log('debug', 'Quessing that the site domain is `' . $current_uri . '`'); return $current_uri; } kohana::log('debug', 'Quessing that the site domain is `/`'); return '/'; }
/** * Initializes the environment: * * - Disables register_globals and magic_quotes_gpc * - Determines the current environment * - Set global settings * - Sanitizes GET, POST, and COOKIE variables * - Converts GET, POST, and COOKIE variables to the global character set * * Any of the global settings can be set here: * * > boolean "display_errors" : display errors and exceptions * > boolean "log_errors" : log errors and exceptions * > boolean "cache_paths" : cache the location of files between requests * > string "charset" : character set used for all input and output * * @param array global settings * @return void */ public static function init(array $settings = NULL) { static $_init; // This function can only be run once if ($_init === TRUE) { return; } if (isset($settings['profile'])) { // Enable profiling self::$profile = (bool) $settings['profile']; } if (self::$profile === TRUE) { // Start a new benchmark $benchmark = Profiler::start(__CLASS__, __FUNCTION__); } // The system will now be initialized $_init = TRUE; // Start an output buffer ob_start(); if (version_compare(PHP_VERSION, '6.0', '<=')) { // Disable magic quotes at runtime set_magic_quotes_runtime(0); } if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent malicious GLOBALS overload attack echo "Global variable overload attack detected! Request aborted.\n"; // Exit with an error status exit(1); } // Get the variable names of all globals $global_variables = array_keys($GLOBALS); // Remove the standard global variables from the list $global_variables = array_diff($global_vars, array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION')); foreach ($global_variables as $name) { // Retrieve the global variable and make it null global ${$name}; ${$name} = NULL; // Unset the global variable, effectively disabling register_globals unset($GLOBALS[$name], ${$name}); } } // Determine if we are running in a command line environment self::$is_cli = PHP_SAPI === 'cli'; // Determine if we are running in a Windows environment self::$is_windows = DIRECTORY_SEPARATOR === '\\'; if (isset($settings['display_errors'])) { // Enable or disable the display of errors self::$display_errors = (bool) $settings['display_errors']; } if (isset($settings['cache_paths'])) { // Enable or disable the caching of paths self::$cache_paths = (bool) $settings['cache_paths']; } if (isset($settings['charset'])) { // Set the system character set self::$charset = strtolower($settings['charset']); } if (isset($settings['base_url'])) { // Set the base URL self::$base_url = rtrim($settings['base_url'], '/') . '/'; } // Determine if the extremely evil magic quotes are enabled self::$magic_quotes = (bool) get_magic_quotes_gpc(); // Sanitize all request variables $_GET = self::sanitize($_GET); $_POST = self::sanitize($_POST); $_COOKIE = self::sanitize($_COOKIE); // Load the logger self::$log = Kohana_Log::instance(); // Determine if this server supports UTF-8 natively utf8::$server_utf8 = extension_loaded('mbstring'); // Normalize all request variables to the current charset $_GET = utf8::clean($_GET, self::$charset); $_POST = utf8::clean($_POST, self::$charset); $_COOKIE = utf8::clean($_COOKIE, self::$charset); if (isset($benchmark)) { // Stop benchmarking Profiler::stop($benchmark); } }
/** * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF. * * @return void */ public static function find_uri() { if (PHP_SAPI === 'cli') { // Command line requires a bit of hacking if (isset($_SERVER['argv'][1])) { Router::$current_uri = $_SERVER['argv'][1]; // Remove GET string from segments if (($query = strpos(Router::$current_uri, '?')) !== FALSE) { list(Router::$current_uri, $query) = explode('?', Router::$current_uri, 2); // Parse the query string into $_GET parse_str($query, $_GET); // Convert $_GET to UTF-8 $_GET = utf8::clean($_GET); } } } elseif (isset($_GET['kohana_uri'])) { // Use the URI defined in the query string Router::$current_uri = $_GET['kohana_uri']; // Remove the URI from $_GET unset($_GET['kohana_uri']); // Remove the URI from $_SERVER['QUERY_STRING'] $_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']); } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) { Router::$current_uri = $_SERVER['PATH_INFO']; } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) { Router::$current_uri = $_SERVER['ORIG_PATH_INFO']; } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) { Router::$current_uri = $_SERVER['PHP_SELF']; } // The front controller directory and filename $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT)); if (($strpos_fc = strpos(Router::$current_uri, $fc)) !== FALSE) { // Remove the front controller from the current uri Router::$current_uri = substr(Router::$current_uri, $strpos_fc + strlen($fc)); } // Remove slashes from the start and end of the URI Router::$current_uri = trim(Router::$current_uri, '/'); if (Router::$current_uri !== '') { if ($suffix = Kohana::config('core.url_suffix') and strpos(Router::$current_uri, $suffix) !== FALSE) { // Remove the URL suffix Router::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', Router::$current_uri); // Set the URL suffix Router::$url_suffix = $suffix; } // Reduce multiple slashes into single slashes Router::$current_uri = preg_replace('#//+#', '/', Router::$current_uri); } }
/** * Initializes the environment: * * - Loads hooks * - Converts all input variables to the configured character set * * @return void */ public static function init() { if (self::$init === TRUE) { return; } // Test if the current environment is command-line self::$is_cli = PHP_SAPI === 'cli'; // Test if the current evironment is Windows self::$is_windows = DIRECTORY_SEPARATOR === '\\'; // Determine if the server supports UTF-8 natively utf8::$server_utf8 = extension_loaded('mbstring'); // Load the file path cache self::$file_path = Kohana::cache('kohana_file_paths'); // Load the configuration loader self::$config = new Kohana_Config_Loader(); // Import the main configuration locally $config = self::$config->kohana; // Set the default locale self::$default_locale = $config->default_locale; self::$save_cache = $config->save_cache; self::$charset = $config->charset; // Localize the environment self::locale($config->locale); // Set the enviroment time self::timezone($config->timezone); // Enable modules self::modules($config->modules); if ($hooks = self::list_files('hooks', TRUE)) { foreach ($hooks as $hook) { // Load each hook in the order they appear require $hook; } } // Convert global variables to current charset. $_GET = utf8::clean($_GET, self::$charset); $_POST = utf8::clean($_POST, self::$charset); $_SERVER = utf8::clean($_SERVER, self::$charset); // The system has been initialized self::$init = TRUE; }
/** * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF. * * @return void */ public static function find_uri() { if (PHP_SAPI === 'cli') { // Command line requires a bit of hacking if (isset($_SERVER['argv'][1])) { self::$current_uri = $_SERVER['argv'][1]; // Remove GET string from segments if (($query = strpos(self::$current_uri, '?')) !== FALSE) { list(self::$current_uri, $query) = explode('?', self::$current_uri, 2); // Parse the query string into $_GET parse_str($query, $_GET); // Convert $_GET to UTF-8 $_GET = utf8::clean($_GET); } } } elseif (current($_GET) === '' and substr($_SERVER['QUERY_STRING'], -1) !== '=') { // The URI is the array key, eg: ?this/is/the/uri self::$current_uri = key($_GET); // Remove the URI from $_GET unset($_GET[self::$current_uri]); // Remove the URI from $_SERVER['QUERY_STRING'] $_SERVER['QUERY_STRING'] = ltrim(substr($_SERVER['QUERY_STRING'], strlen(self::$current_uri)), '/&'); // Fixes really strange handling of a suffix in a GET string if ($suffix = Kohana::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) { self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix)); } } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) { self::$current_uri = $_SERVER['PATH_INFO']; } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) { self::$current_uri = $_SERVER['ORIG_PATH_INFO']; } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) { self::$current_uri = $_SERVER['PHP_SELF']; } // The front controller directory and filename $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT)); if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) { // Remove the front controller from the current uri self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc)); } // Remove slashes from the start and end of the URI self::$current_uri = trim(self::$current_uri, '/'); if (self::$current_uri !== '') { if ($suffix = Kohana::config('core.url_suffix') and strpos(self::$current_uri, $suffix) !== FALSE) { // Remove the URL suffix self::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', self::$current_uri); // Set the URL suffix self::$url_suffix = $suffix; } // Reduce multiple slashes into single slashes self::$current_uri = preg_replace('#//+#', '/', self::$current_uri); } }
/** * Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF. * * @return void */ public static function find_uri() { if (PHP_SAPI === 'cli') { // Command line requires a bit of hacking if (isset($_SERVER['argv'][1])) { self::$current_uri = $_SERVER['argv'][1]; // Remove GET string from segments if (($query = strpos(self::$current_uri, '?')) !== FALSE) { list(self::$current_uri, $query) = explode('?', self::$current_uri, 2); // Parse the query string into $_GET parse_str($query, $_GET); // Convert $_GET to UTF-8 $_GET = utf8::clean($_GET); } } } elseif (isset($_GET['Eight_uri'])) { // Use the URI defined in the query string self::$current_uri = $_GET['Eight_uri']; // Remove the URI from $_GET unset($_GET['Eight_uri']); // Remove the URI from $_SERVER['QUERY_STRING'] $_SERVER['QUERY_STRING'] = preg_replace('~\\bEight_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']); // Fixes really strange handling of a suffix in a GET string if ($suffix = Eight::config('core.url_suffix') and substr(self::$current_uri, -strlen($suffix)) === '_' . substr($suffix, 1)) { self::$current_uri = substr(self::$current_uri, 0, -strlen($suffix)); } } elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) { self::$current_uri = $_SERVER['PATH_INFO']; } elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) { self::$current_uri = $_SERVER['ORIG_PATH_INFO']; } elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) { self::$current_uri = $_SERVER['PHP_SELF']; } // The front controller directory and filename $fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT)); if (($strpos_fc = strpos(self::$current_uri, $fc)) !== FALSE) { // Remove the front controller from the current URI self::$current_uri = substr(self::$current_uri, $strpos_fc + strlen($fc)); } // Remove all dot-paths from the URI, they are not valid self::$current_uri = preg_replace('#\\.[\\s./]*/#', '', self::$current_uri); // Reduce multiple slashes into single slashes, remove trailing slashes self::$current_uri = trim(preg_replace('#//+#', '/', self::$current_uri), '/'); // Make sure the URL is not tainted with HTML characters self::$current_uri = html::specialchars(self::$current_uri, FALSE); if (!empty($_SERVER['QUERY_STRING'])) { // Set the query string to the current query string self::$query_string = '?' . trim($_SERVER['QUERY_STRING'], '&'); } }
private static function filteringInput() { $step_report = array(); // todo: check if we can do in other way the same thing // save login password from modification $ldap_used = Get::sett('ldap_used'); if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) { $password_login = $_POST['passIns']; } // Convert to Utf-8. self::log("Convert to Utf-8."); $_GET = utf8::clean($_GET); $_POST = utf8::clean($_POST); $_COOKIE = utf8::clean($_COOKIE); $_SERVER = utf8::clean($_SERVER); if (isset($_FILES)) { $_FILES = utf8::clean($_FILES); } // Convert ' and " (quote or unquote) self::log("Sanitize the input."); if (Docebo::user()->getUserLevelId() == ADMIN_GROUP_GODADMIN) { $filter_input = new FilterInput(); $filter_input->tool = 'none'; $filter_input->sanitize(); } else { $filter_input = new FilterInput(); $filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier'); // Whitelist some tags if we're a teacher in a course: if (isset($_SESSION['idCourse']) && $_SESSION['levelCourse'] >= 6) { $filter_input->appendToWhitelist(array('tag' => array('object', 'param'), 'attrib' => array('object.data', 'object.type', 'object.width', 'object.height', 'param.name', 'param.value'))); } $filter_input->sanitize(); } if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) { $_POST['passIns'] = utf8::clean(stripslashes($password_login)); } if (!defined("IS_API") && !defined("IS_PAYPAL") && (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' || defined("IS_AJAX"))) { // If this is a post or a ajax request then we must have a signature attached Util::checkSignature(); } }
/** * Load one user. * * @param mixed $user user_id, username, email, User_Model or false for current session * @return User_Model */ public function find_user($id = false) { static $session = false; $user = null; $cache = false; // Try user models first (User_Model, session) if ($id instanceof User_Model) { // User_Model $user = $id; } else { if ($id === false) { // Current session, fetch only once if ($session === false) { $session = Visitor::instance()->get_user(); } $user = $session; } } // Then try others (user_id, email, username_clean) if (!$user && $id !== true && !empty($id)) { if (is_numeric($id) || empty($id)) { $id = (int) $id; } else { if (valid::email($id)) { $id = mb_strtolower($id); } else { $id = utf8::clean($id); } } if (isset(self::$users[$id])) { // Found from static cache return self::$users[$id]; } else { if ($user = $this->cache->get($this->cache->key('user', $id))) { // Found from cache $user = unserialize($user); } else { // Not found from caches, try db if (is_int($id)) { $user = $this->find($id); } else { $user = $this->where(valid::email($id) ? 'email' : 'username_clean', '=', $id)->find(); } $cache = true; } } } // If user found, add to cache(s) if ($user && $user->loaded()) { self::$users[$user->id] = self::$users[utf8::clean($user->username)] = self::$users[mb_strtolower($user->email)] = $user; if ($cache) { $this->cache->set($this->cache->key('user', $user->id), serialize($user), null, self::$cache_max_age); } } return $user; }
/** * Register with code * * @param Invitation_Model $invitation */ public function _join(Invitation_Model $invitation) { $this->history = false; $user = new User_Model(); $form_values = $user->as_array(); $form_errors = array(); // handle post if (request::method() == 'post') { $post = $this->input->post(); $post['email'] = $invitation->email; $post['username_clean'] = utf8::clean($post['username']); if ($user->validate($post, false, null, null, array('rules' => 'register', 'callbacks' => 'register'))) { $invitation->delete(); $user->add(ORM::factory('role', 'login')); $user->save(); $this->visitor->login($user, $post->password); url::back(); } else { $form_errors = $post->errors(); $form_values = arr::overwrite($form_values, $post->as_array()); } } widget::add('main', View::factory('member/signup', array('values' => $form_values, 'errors' => $form_errors, 'invitation' => $invitation))); }