* PXHTML / Chip Binding Layer * Performs a parse using the PXHTML library, and adds * the chip: specific tags. **/ // init the framework if the PXHTML class doesn't exist yet if (!class_exists('PXHTML')) { chip('#Chippino/Template/PXHTML/Package')->with(); chip('#Chippino/Template/Chip/Node/Component')->with(); chip('#Chippino/Template/Chip/Node/Filter')->with(); chip('#Chippino/Template/Chip/Node/Include')->with(); chip('#Chippino/Template/Chip/Node/Inspect')->with(); chip('#Chippino/Template/Chip/Node/Header')->with(); chip('#Chippino/Template/Chip/Node/Redirect')->with(); chip('#Chippino/Template/Chip/Expr/Url')->with(); } $core = chipi('#Chippino/Config')->with()->core; $cache = isset($core['template_cache']) ? $core['template_cache'] : NULL; $file = chip($this->route)->getFilePath() . '.php'; $chk = md5(file_get_contents($file)); if ($cache) { $_chip_pxhtml_cache_file = chip($cache . '/' . $chk)->getFilePath() . '.php'; } else { $_chip_pxhtml_cache_file = tempnam(sys_get_temp_dir(), 'pxhtml') . '.php'; } define('PXHTML_SIGNATURE_HASH', $chk); header('X-Chippino-File-Checksum: ' . PXHTML_SIGNATURE_HASH . "\n\n"); // begin output buffering // check for zlib.output_compression // open proper output bufer if (ini_get('zlib.output_compression')) { ob_start();
<?php /** * Performs an XSS Clean of the content * @param $value the value to clean **/ $value = $this->value; $charset = chipi('#Chippino/Config')->with()->core['charset']; // these strings are removed when encountered. // we don't reduce them to '' to avoid reintroducing a blacklisted word $blacklist_strings = array('fscommand' => '[removed]', 'seeksegmenttime' => '[removed]', 'document.cookie' => '[removed]', 'document.write' => '[removed]', '.parentNode' => '[removed]', '.innerHTML' => '[removed]', 'window.location' => '[removed]', '-moz-binding' => '[removed]', '<!--' => '<!--', '-->' => '-->', '<![CDATA[' => '<![CDATA['); // these words, if they are found, will trigger an advanced // regex search $blacklist_regex_triggers = array('javascript', 'expression', 'redirect'); // if a trigger is found, these regex will be ran $blacklist_regex = array("javascript\\s*:" => '[removed]', "expression\\s*\\(" => '[removed]', "Redirect\\s+302" => '[removed]'); // this is a list of words which browsers will render with whitespace // in them, for example // java // script // these will be collapsed down to their non-spaced version. $blacklist_whitespace = array('javascript', 'expression', 'script', 'vbscript', 'alert', 'document', 'write', 'cookie', 'window'); // a list of attributes that are not allowed. Anything starting with // "on"* is caught in a separate filter // http://www.w3schools.com/jsref/jsref_events.asp $xpath_check_attributes = array('xmlns'); // a list of notes that require special scrutiny $xpath_check_special_attributes = array('href', 'style', 'src', 'dynsrc', 'lowsrc', 'datasrc'); // a list of known nodes to remove $xpath_remove_nodes = array('vbscript', 'script', 'applet', 'object', 'embed', 'xss', 'bgsound', 'style', 'link', 'meta'); // first pass normalization
<?php // get all errors return chipi('#Chippino/Request/_errors')->with();
<?php /** * Gets the post handler for our post data * @param String handler the handler to match * @return String the best matching handler **/ if (!$this->handler) { return FALSE; } // load handler table $handlers = chipi('#Chippino/Router/HandlerTables')->with(); // if no handler if (!isset($handlers[$this->handler])) { return FALSE; } // handler found return $handlers[$this->handler];
$f_part = preg_replace('/[^0-9]/iu', '', $f_part); } else { $f_part = 0; } // capture the interger part // see getAsInt preg $value = preg_replace('/([0-9]+)(.*)$/iu', '\\1', $value); $value = preg_replace('/[^0-9]/iu', '', $value); // we can use the significant bit calc here, but for now, just return the // proper floatval of the safer number return $is_negative ? -1 * floatval($value . '.' . $f_part) : floatval($value . '.' . $f_part); case 'int': // setups $has_bc_math = function_exists('bccomp') ? TRUE : FALSE; $has_bc_math = chipi('#Chippino/Config')->with()->core['force_bc_math'] !== NULL ? chipi('#Chippino/Config')->with()->core['force_bc_math'] : $has_bc_math; if (chipi('#Chippino/Config')->with()->core['max_bit_size'] != 64) { $max_int = '2147483647'; $min_int = '-2147483648'; } else { $max_int = '9223372036854775807'; $min_int = '-9223372036854775808'; } // detect negative and trim $is_negative = strpos($value, '-') === 0 ? TRUE : FALSE; $value = trim($value, '-'); // consider the last non-numeric a decimal place, and truncate // this is a cheap way of reducing the dependancy on i18n // we can then consider what's left to be the interger part and strip // all non numerics $value = preg_replace('/(.*)([^0-9][0-9]*?)$/iu', '\\1', $value); $value = preg_replace('/[^0-9]/iu', '', $value);
<?php /** * Gets the router for a provied path * @param String path the path to match * @return String the best matching route **/ $path = trim($this->path, '/'); $routes = chipi('#Chippino/Router/RoutingTables')->with(); $routes = $routes['routes']; // check for an exact key match in the route array if (isset($routes[$path])) { return $routes[$path]; } // attempt preg over our routes // create search/replace for our preg $route_preg = array('#all#' => '(.+?)', '#number#' => '([0-9]+?)', '#alpha#' => '([A-Za-z]+?)', '#alnum#' => '([A-Za-z0-9]+?)', '#list#' => '([A-Za-z0-9,\\.\\;]+?)', '#words#' => '([\\w]+?)'); // time to loop $best_match = NULL; foreach ($routes as $route_match => $controller_path) { $preg_route_match = $route_match; $preg_route_match = str_replace(array('(', ')'), '', $preg_route_match); $preg_route_match = str_replace(array_keys($route_preg), array_values($route_preg), $preg_route_match); $preg_route_match = '#\\A' . str_replace('#', '', $preg_route_match) . '\\z#'; $matches = array(); if (!preg_match($preg_route_match, $path, $matches)) { // continue, not a match continue; } // we found a match. Get a count of wildcards $wildcard_count = intval(substr_count($route_match, '#') / 2);
foreach ($route['params'] as $param => $data) { if ($data['required'] && !isset($this->params[$param])) { throw new Exception('required attr of ' . $param . ' missing'); } if ($data['default'] && !isset($this->params[$param])) { $this->params[$param] = $data['default']; } if ($data['loc'] == 'url') { $url = str_replace($data['map'], urlencode($this->params[$param]), $url); } elseif (isset($this->params[$param])) { $gets[] = urlencode($data['map']) . '=' . urlencode($this->params[$param]); } } // make sure our base url ends in a / $base_url = chipi('#Chippino/Config')->with()->core['base_url']; if (strpos(strrev($base_url), '/') !== 0) { $base_url .= '/'; } // if it's messy, build as index.php?_= format // otherwise, attach routing information normally if (chipi('#Chippino/Config')->with()->core['url_mode'] == 'messy') { $output_url = $base_url . 'index.php?__=' . $url . '&' . implode('&', $gets); } else { $output_url = $base_url . $url; if ($gets) { $output_url .= '?' . implode('&', $gets); } } // trim any & that came from attaching $_GET $output_url = trim($output_url, '&'); return $output_url;
public function loadRoute() { $urlpath = chip('#Chippino/Router/GetPath')->with(array('mode' => chipi('#Chippino/Config')->with()->core['url_mode'])); $route = chip('#Chippino/Router/GetRoute')->with(array('path' => $urlpath)); $this->route = $route; }
<?php // set an error return chipi('#Chippino/Request/_errors')->with(array('mode' => 'set', 'field' => $this->field, 'error' => $this->error, 'value' => $this->value));
<?php if (!isset($this->override_route)) { session_start(); $urlpath = chip('#Chippino/Router/GetPath')->with(array('mode' => chipi('#Chippino/Config')->with()->core['url_mode'])); $route = chip('#Chippino/Router/GetRoute')->with(array('path' => $urlpath)); } if ($route['type'] == 'pxhtml') { // post Mod: Look for post data. If we have post data, then we do the post handler $handler = chip('#Chippino/Router/GetPostHandler')->with(array('handler' => isset($_POST['action']) ? $_POST['action'] : null)); // var_dump($handler); if ($handler) { // each handler will redirect if required $res = chip($handler['path'])->with(array('POST' => TRUE, 'redirect' => $handler['redirect'] && isset($_POST[$handler['redirect']]) ? $_POST[$handler['redirect']] : null)); } // to arrive here, either the handler had errors (and are set) // or there was no posting to begin with echo chip('#Chippino/Template/Init')->with(array('route' => $route['path'])); } else { $res = chip($route['path'])->with(array('segments' => explode('/', trim($urlpath, '/')), 'POST' => count($_POST) ? TRUE : FALSE)); }