/** * Constructor. * * @param String $url - REST url */ function __construct($url) { $GLOBALS['log']->info('Begin: SugarRestService->__construct'); $this->restURL = $url; $responseTypeString = 'SugarRest'; if (!empty($_REQUEST['response_type'])) { $responseTypeString = clean_string($_REQUEST['response_type'], 'ALPHANUM'); if (strcasecmp($responseTypeString, 'JSON') === 0) { $responseTypeString = 'SugarRest' . 'JSON'; } elseif (strcasecmp($responseTypeString, 'RSS') === 0) { $responseTypeString = 'SugarRest' . 'RSS'; } elseif (strcasecmp($responseTypeString, 'Serialize') === 0) { $responseTypeString = 'SugarRest' . 'Serialize'; } } // if $this->responseClass = $responseTypeString; //$this->responseClass = (!empty($_REQUEST['response_type']))?'SugarRest'.clean_string($_REQUEST['response_type'], 'ALPHANUM'): 'SugarRest'; if (!file_exists('service/core/REST/' . $this->responseClass . '.php')) { $this->responseClass = 'SugarRest'; } $this->serverClass = !empty($_REQUEST['input_type']) ? 'SugarRest' . clean_string($_REQUEST['input_type'], 'ALPHANUM') : 'SugarRest'; $GLOBALS['log']->info('SugarRestService->__construct serverclass = ' . $this->serverClass); if (!file_exists('service/core/REST/' . $this->serverClass . '.php')) { $this->serverClass = 'SugarRest'; } require_once 'service/core/REST/' . $this->serverClass . '.php'; $GLOBALS['log']->info('End: SugarRestService->__construct'); }
/** * Loads up menu items from files located in include/contextMenus/menuDefs * @param string $name name of the object */ function loadFromFile($name) { global $menuDef; clean_string($name, 'FILE'); require_once 'include/contextMenus/menuDefs/' . $name . '.php'; $this->loadFromDef($name, $menuDef[$name]); }
function construct_clean_output_for_employee($employee) { $a = clean_string(8, $employee['Units']); $b = clean_string(45, $employee['Name']); $c = " {$employee['Employee Number']}"; return "{$a}|{$b}|{$c}"; }
function sendEmail($name, $from, $to, $user_subject, $msg) { // check strings for cross site scripting (illegal characters). function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $subject = "{$name} send you a message via your contact form"; $message = "Name: " . clean_string($name) . "\r\n"; $message .= "Email: " . clean_string($from) . "\r\n"; if (isset($subject)) { $message .= "Subject: " . clean_string($user_subject) . "\r\n"; } $message .= "Message: \r\n" . clean_string($msg) . "\r\n"; $message = wordwrap($message, 72); // create email headers From, Cc and Bcc. $headers = "MINE-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n"; $headers .= "From: {$name} <{$from}>\r\n"; // $headers .= "Cc: publicarray@icloud.com\r\n"; // $headers .= "Bcc: admin@publicarray.com\r\n"; 'Reply-To: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); set_time_limit(0); // actually send email & redirect if (mail($to, $subject, $message, $headers)) { echo '<div class="block"><div class="alert green">Message Send!</div></div>'; } else { echo '<div class="block"><div class="alert red">Sorry, but it there was a problem sending this email. <br /> Please try again later or send it directly to: admin@publicarray.com</div></div>'; } }
function product_link($product) { $name = clean_string($product->name); $segments = array('nutrition-facts', $product->id, $product->name); $url = generate_url($segments); return $url; }
private function discourse($volume, $discourse) { $this->Discourse =& ClassRegistry::init('Discourse'); $volume = str_pad((int) $volume, 2, "0", STR_PAD_LEFT); $discourse = str_pad($discourse, 2, "0", STR_PAD_LEFT); App::import('Core', array('Xml', 'HttpSocket')); $this->Http =& new HttpSocket(); $url = "http://scriptures.byu.edu/gettalk.php?vol={$volume}&disc={$discourse}"; $html = $this->Http->get($url); if (strpos($html, 'file_get_contents') !== false) { return false; } $dom = new DOMDocument(); @$dom->loadHTML($html); $xpath = new DOMXPath($dom); $start_page = (int) $xpath->evaluate('//a[@name][1]')->item(0)->getAttribute('name'); $column_anchors = $xpath->evaluate('//a[@name]'); $end_page = (int) $column_anchors->item($column_anchors->length - 1)->getAttribute('name'); $title = clean_string(find_content($xpath, '//div[@class="title"]')); $subtitle = find_content($xpath, '//div[@class="subtitle"]'); $reported_by = clean_string(find_content($xpath, '//div[@class="reportedBy"]')); $page_header = clean_string(find_content($xpath, '//div[@class="pageHeader"]')); $speaker = clean_string(find_content($xpath, '//div[@class="speaker"]')); $date = prepare_date(find_content($xpath, '//div[@class="date"]')); $content = find_content($xpath, '//div[@class="discourseBody"]'); $this->Discourse->create(); $this->Discourse->save(array('volume' => $volume, 'start_page' => $start_page, 'end_page' => $end_page, 'title' => $title, 'subtitle' => $subtitle, 'reported_by' => $reported_by, 'page_header' => $page_header, 'speaker' => $speaker, 'date' => $date, 'subtitle' => $subtitle, 'content' => $content)); return true; }
function listViewProcess() { $GLOBALS['log'] = LoggerManager::getLogger('SugarCRM'); global $sugar_config; global $current_user; global $app_strings; global $timedate; $type = clean_string($_REQUEST['module']); $db = DBManagerFactory::getInstance(); /* $query = $_REQUEST['query']; if($query){ $ret_array = generateSearchWhere($type, $_REQUEST['current_post']); $w = $ret_array['where']; $where = "IN ( SELECT id from grouplists WHERE ".$w .")"; } else{ $where = ''; } */ /*$ids = $_REQUEST['uid']; if($ids) { $ids = explode(',', $ids); $ids = "'" . implode("','", $ids) . "'"; $where = "in ($ids)"; } else if (isset($_REQUEST['all']) ){ $where = '';//get all } else { if(!empty($_REQUEST['current_post'])) { $ret_array = generateSearchWhere($type, $_REQUEST['current_post']); $w = $ret_array['where']; $where = "IN ( SELECT id from grouplists WHERE ".$w .")"; } else { $where = ''; } }*/ $focus = new GroupLists(); // $query = $focus->create_new_list_query($order_by, $where,$filter=array(),$params=array(), $show_deleted = 0,$join_type='', $return_array = false, $parentbean=null, $singleSelect = false); $query = $focus->{$start_date} = $_REQUEST['start_date']; $end_date = $_REQUEST['end_date']; $template = file_get_contents('modules/GroupLists/tpls/report.tpl'); $template = str_replace('{START}', $start_date, $template); $template = str_replace('{END}', $end_date, $template); $template = str_replace('{LIST_GIT}', $focus->get_GIT_to_report($where), $template); $template = str_replace('{LIST_FIT}', $focus->get_FIT_to_report($where), $template); $size = strlen($template); $filename = "DS KHACH DI TOUR TU " . $start_date . " DEN " . $end_date . ".doc"; ob_end_clean(); header("Cache-Control: private"); header("Content-Type: application/force-download;"); header("Content-Disposition:attachment; filename=\"{$filename}\""); header("Content-length:{$size}"); echo $template; ob_flush(); // header("Location: index.php?module=GroupLists&action=index"); sugar_cleanup(true); }
function generate_url($segments) { for ($i = 0; $i < count($segments); $i++) { $segments[$i] = clean_string($segments[$i]); } $url = site_url($segments); return $url; }
/** * @dataProvider providerCleanString * @ticket 45877 */ public function testCleanString($string, $filter, $resultBool) { if ($resultBool) { $this->assertEquals($string, clean_string($string, $filter, false)); } else { $this->assertFalse(clean_string($string, $filter, false)); } }
function sendEmail() { if (isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "*****@*****.**"; $email_subject = "Website Inquiry : "; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error . "<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die; } // validation expected data exists if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['subject']) || !isset($_POST['message'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $name = $_POST['name']; // required $email = $_POST['email']; // required $subject = $_POST['subject']; // required $message = $_POST['message']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+\$/"; if (!preg_match($string_exp, $name)) { $error_message .= 'The Name you entered does not appear to be valid.<br />'; } if (strlen($message) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "Name: " . clean_string($name) . "\n"; $email_message .= "Email: " . clean_string($email) . "\n"; $email_message .= "Subject: " . clean_string($subject) . "\n"; $email_message .= "Message: " . clean_string($message) . "\n"; // create email headers $headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); } }
function recup_noticeunimarc_suite($notice) { global $tit_200a, $serie_200; if (clean_string($serie_200[0]['i']) != "") { $tmp_buffer = $serie_200[0]['i']; $serie_200[0]['i'] = $tit_200a[0]; $tit_200a[0] = $tmp_buffer; } }
function createContingent($nameParam) { $password = random_password(); $name = clean_string($nameParam); $loginID = registration_id(); $db = \Udaan\Database::connect(); $sth = $db->prepare("INSERT INTO contingent_college(name,loginid,password) VALUES('{$name}','{$loginID}','{$password}')"); $sth->execute(); header('Location: college.php'); }
/** * Add Value Row * * Adds a row that is just a <label></label> Value row * * @param string $label What to put in the <label> * @param string $value What to put as the value * @param boolean $full * * @return void */ function value_row($label, $value, $full = FALSE) { if ($this->fieldset == 0) { show_error('You must create a fieldset before adding fields.'); } $CI =& get_instance(); $CI->load->helper('clean_string_helper'); $name = clean_string($label); $this->fields[$this->fieldset][] = array('type' => 'value_row', 'label' => $label, 'value' => $value, 'full' => $full, 'name' => $name); }
/** * Create New Content Type * * Creates a new content type, including the associated table and custom field group * * @param string $name * @param boolean $is_standard Include Title, URL Path, and Topic dropdown? (default: FALSE) * @param boolean $is_privileged Include Restrict Access to Member Group(s) Dropdown? (default: FALSE) * @param boolean $is_module Should this be treated as an automatic content type? Or is there another admin module which will manage this content type? (default: FALSE) * @param string $template The filename of the template in the theme directory to use for output (default: content.thtml) * @param string $base_url If this will be managed with the standard content module, we can pre-populate the URL string with this base_url. (default: '') * * @return int $content_type_id */ function new_content_type($name, $is_standard = TRUE, $is_privileged = FALSE, $is_module = FALSE, $template = 'content.thtml', $base_url = '') { // prep base url $base_url = rtrim($base_url, '/'); $base_url = !empty($base_url) ? $base_url . '/' : ''; // get system name $this->load->helper('clean_string'); $system_name = clean_string($name); // make sure table doesn't already exist, after we clear the cache // we clear the cache because, when theme installs run, we don't want to run into errors about // non-existant table conflicts $this->db->data_cache = array(); if ($this->db->table_exists($system_name)) { die(show_error('There is already a table in the database by the name of ' . $system_name . '. You should rename your content type to avoid a conflict.')); } // create custom field group $this->load->model('custom_fields_model'); $custom_field_group_id = $this->custom_fields_model->new_group('Content: ' . $name); $insert_fields = array('content_type_is_module' => $is_module == FALSE ? '0' : '1', 'content_type_friendly_name' => $name, 'content_type_system_name' => $system_name, 'content_type_is_standard' => $is_standard == TRUE ? '1' : '0', 'content_type_is_privileged' => $is_privileged == TRUE ? '1' : '0', 'content_type_template' => $template, 'content_type_base_url' => $base_url, 'custom_field_group_id' => $custom_field_group_id); $this->db->insert('content_types', $insert_fields); $content_type_id = $this->db->insert_id(); // if this content type isn't another admin module, we'll create a table for it // otherwise, we expect the developer to create it's own table in the module install if ($is_module == FALSE) { /* OLD DBFORGE METHOD // database functions $this->load->dbforge(); // add ID, date, edit_date, admin rows $this->dbforge->add_field('`' . $system_name . '_id` INT(11) auto_increment PRIMARY KEY'); $this->dbforge->add_field('`content_id` INT(11) NOT NULL'); // create table $this->dbforge->create_table($system_name); // add the content_id index to VASTLY speed up queries $this->db->query('ALTER TABLE `' . $system_name . '` ADD INDEX ( `content_id` )'); */ /* We can't use dbforge anymore as it doesn't let us specify a table-type, which we need to be able to support FULLTEXT queries. */ $prefix = $this->db->dbprefix; $sql = "CREATE TABLE `{$prefix}{$system_name}` (\n\t\t\t\t`{$system_name}_id` INT(11) AUTO_INCREMENT PRIMARY KEY,\n\t\t\t\t`content_id` INT(11) NOT NULL,\n\t\t\t\tINDEX ( `content_id` )\n\t\t\t) ENGINE = MYISAM"; $this->db->query($sql); } // clear cache if (isset($this->CI->cache)) { $this->CI->cache->file->clean(); } return $content_type_id; }
function send_mail($email_to, $email_subject, $first_name, $last_name, $email_from, $telephone, $comments) { $email_message = "Form details below.\n\n"; $email_message .= "First Name: " . clean_string($first_name) . "\n"; $email_message .= "Last Name: " . clean_string($last_name) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Telephone: " . clean_string($telephone) . "\n"; $email_message .= "Comments: " . clean_string($comments) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); }
public function get_notice_id() { global $pmb_keyword_sep; $notice_id = 0; $this->data = array(); $this->data['tit1'] = $this->data['tit4'] = $this->data['authors'] = $this->data['co_authors'] = $this->data['code'] = $this->data['npages'] = $this->data['year'] = $this->data['index_l'] = $this->data['url'] = $this->data['thumbnail_content'] = $this->data['publisher'] = $this->data['n_resume'] = ""; if ($this->mimetype == "application/epub+zip") { //pour les ebook, on gère ca directement ici ! $this->data['tit1'] = $this->metas['title'][0]; $this->data['authors'] = $this->metas['creator']; $this->data['co_authors'] = $this->metas['contributor']; if ($this->metas['identifier']['isbn']) { $this->data['code'] = \formatISBN($this->metas['identifier']['isbn'], 13); } else { if ($this->metas['identifier']['ean']) { $this->data['code'] = \EANtoISBN($this->metas['identifier']['ean']); $this->data['code'] = \formatISBN($code, 13); } } if ($this->metas['identifier']['uri']) { $this->data['url'] = \clean_string($this->metas['identifier']['uri']); } $this->data['publisher'] = $this->metas['publisher'][0]; $this->data['year'] = $this->metas['date'][0]['value']; if (strlen($this->data['year']) && strlen($this->data['year']) != 4) { $this->data['year'] = \formatdate(detectFormatDate($this->data['year'])); } $this->data['lang'] = $this->metas['language']; $this->data['n_resume'] = implode("\n", $this->metas['description']); $this->data['keywords'] = implode($pmb_keyword_sep, $this->metas['subject']); $this->data['thumbnail_content'] = $this->metas['thumbnail_content']; } else { foreach ($this->map['meta'] as $map_field => $map) { foreach ($this->metas as $meta_field => $meta_value) { if ($map_field == $meta_field) { if (method_exists($this, $map['function'])) { $this->data[$map['field']] = $this->{$map}['function']($this->data[$map['field']], $meta_value, $map['params']); } else { $this->data[$map['field']] = $meta_value; } break; } } } } if (!$this->data['tit1']) { $this->data['tit1'] = $this->name; } $notice_id = $this->create_notice(); $notice_id = $this->dedoublonne($notice_id); return $notice_id; }
/** * Constructor. * * @param String $url - REST url */ function __construct($url) { $GLOBALS['log']->info('Begin: SugarRestService->__construct'); $this->restURL = $url; $this->responseClass = !empty($_REQUEST['response_type']) ? 'SugarRest' . clean_string($_REQUEST['response_type'], 'ALPHANUM') : 'SugarRest'; if (!file_exists('service/core/REST/' . $this->responseClass . '.php')) { $this->responseClass = 'SugarRest'; } $this->serverClass = !empty($_REQUEST['input_type']) ? 'SugarRest' . clean_string($_REQUEST['input_type'], 'ALPHANUM') : 'SugarRest'; if (!file_exists('service/core/REST/' . $this->serverClass . '.php')) { $this->serverClass = 'SugarRest'; } require_once 'service/core/REST/' . $this->serverClass . '.php'; $GLOBALS['log']->info('Begin: SugarRestService->__construct'); }
function find_citation($citation, &$result, $threshold = 0.8) { global $config; global $couch; $q = clean_string($citation); $rows_per_page = 5; $url = '/_design/citation/_search/all?q=' . urlencode($q) . '&limit=' . $rows_per_page; $resp = $couch->send("GET", "/" . $config['couchdb_options']['database'] . "/" . $url); $obj = json_decode($resp); if (isset($obj->error)) { } else { $result->query_ok = true; if ($obj->total_rows > 0) { $best_hit = 0; $q = strtolower($q); foreach ($obj->rows as $row) { $hit = $row->fields->default; $hit_original = $hit; $hit = clean_string($hit); $hit = strtolower($hit); $query_length = strlen($q); $hit_length = strlen($hit); $C = LCSLength($hit, $q); // length of subsequence as percentage of query string $subsequence_length = round(100.0 * $C[$hit_length][$query_length] / $query_length); $symdiff = 1.0 - ($query_length + $hit_length - 2 * $C[$hit_length][$query_length]) / ($query_length + $hit_length); if ($symdiff > $threshold) { if ($symdiff >= $best_hit) { $best_hit = $symdiff; $match = new stdclass(); $match->text = $citation; $match->hit = $hit_original; $match->match = true; $match->id = $row->id; $match->score = $row->order[0]; $match->symdiff = $symdiff; if ($symdiff > $best_hit) { $result->results = array(); } $result->results[] = $match; } } } } } return count($result->results) > 1; }
/** * Create New Menu * * @param string $name * * @return int $menu_id */ function new_menu($name) { $this->load->helper('clean_string'); $name = clean_string($name); // make sure it's unique $duplicates = $this->get_menus(array('name' => $name)); if (!empty($duplicates)) { die(show_error('A menu with that name (' . $name . ') already exists.')); } $insert_fields = array('menu_name' => $name); $this->db->insert('menus', $insert_fields); $link_id = $this->db->insert_id(); if (isset($this->CI->cache)) { $this->CI->cache->file->clean(); } return $link_id; }
/** * Update Blog * * @param int $blog_id * @param int $content_type_id Each blog displays content of only one type, specified here * @param string $title Blog title * @param string $url_path * @param string $description Blog description * @param array $filter_author The user ID(s) to filter by (default: array()) * @param array $filter_topic The topic ID(s) to filter by (default: array()) * @param string $summary_field The column name to use for the summary (default: FALSE) * @param string $sort_field The column name to sort by (default: FALSE) * @param string $sort_dir Sort direction (default: FALSE) * @param boolean $auto_trim Should we auto trim the summary field in listings? (default: FALSE) * @param string $template The filename of the template in the theme directory to use for output (default: blog.html) * @param int $per_page How many items to show per page? (default: 25) * @param array $privileges array of member group ID's (default: array()) * * @return boolean */ function update_blog($blog_id, $content_type_id, $title, $url_path, $description, $filter_author = array(), $filter_topic = array(), $summary_field = FALSE, $sort_field = FALSE, $sort_dir = FALSE, $auto_trim = TRUE, $template = 'blog.thtml', $per_page = 25, $privileges = array()) { $blog = $this->get_blog($blog_id); $this->load->model('link_model'); if (empty($url_path)) { $this->load->helper('url_string'); $url_path = clean_string($title); } if ($url_path != $blog['url_path']) { $url_path = $this->link_model->prep_url_path($url_path); $url_path = $this->link_model->get_unique_url_path($url_path); $this->link_model->update_url($blog['link_id'], $url_path); } $this->link_model->update_title($blog['link_id'], $title); $update_fields = array('content_type_id' => $content_type_id, 'blog_title' => $title, 'blog_description' => $description, 'blog_filter_author' => (is_array($filter_author) and !empty($filter_author)) ? serialize($filter_author) : '', 'blog_filter_topic' => (is_array($filter_topic) and !empty($filter_topic)) ? serialize($filter_topic) : '', 'blog_summary_field' => !empty($summary_field) ? $summary_field : '', 'blog_sort_field' => !empty($sort_field) ? $sort_field : '', 'blog_sort_dir' => !empty($sort_dir) ? $sort_dir : '', 'blog_auto_trim' => $auto_trim == TRUE ? '1' : '0', 'blog_privileges' => (is_array($privileges) and !in_array(0, $privileges)) ? serialize($privileges) : '', 'blog_template' => $template, 'blog_per_page' => $per_page); $this->db->update('blogs', $update_fields, array('blog_id' => $blog_id)); return TRUE; }
/** * Update RSS Feed * * @param int $feed_id * @param int $content_type_id * @param string $title Feed title * @param string $url_path * @param string $description Feed description * @param array $filter_author The user ID(s) to filter by (default: array()) * @param array $filter_topic The topic ID(s) to filter by (default: array()) * @param string $summary_field The column name to use for the summary (default: FALSE) * @param string $sort_field The column name to sort by (default: '') * @param string $sort_dir Sort direction (default: '') * @param string $template The template file to use for output (default: rss_feed.txml) * * @return void */ function update_feed($feed_id, $content_type_id, $title, $url_path, $description, $filter_author = array(), $filter_topic = array(), $summary_field = FALSE, $sort_field = '', $sort_dir = '', $template = 'rss_feed.txml') { $feed = $this->get_feed($feed_id); $this->load->model('link_model'); if (empty($url_path)) { $this->load->helper('clean_string'); $url_path = clean_string($title); } if ($url_path != $feed['url_path']) { $this->load->helper('clean_string'); $url_path = clean_string($url_path); $url_path = $this->link_model->prep_url_path($url_path); $url_path = $this->link_model->get_unique_url_path($url_path); $this->link_model->update_url($feed['link_id'], $url_path); } $this->link_model->update_title($feed['link_id'], $title); $update_fields = array('content_type_id' => $content_type_id, 'rss_title' => $title, 'rss_description' => $description, 'rss_filter_author' => (is_array($filter_author) and !empty($filter_author)) ? serialize($filter_author) : '', 'rss_filter_topic' => (is_array($filter_topic) and !empty($filter_topic)) ? serialize($filter_topic) : '', 'rss_summary_field' => !empty($summary_field) ? $summary_field : '', 'rss_sort_field' => !empty($sort_field) ? $sort_field : '', 'rss_sort_dir' => !empty($sort_dir) ? $sort_dir : '', 'rss_template' => $template); $this->db->update('rss_feeds', $update_fields, array('rss_id' => $feed_id)); return; }
function cre_login($nom, $prenom, $dbh) { $empr_login = substr($prenom, 0, 1) . $nom; $empr_login = strtolower($empr_login); $empr_login = clean_string($empr_login); $empr_login = convert_diacrit(strtolower($empr_login)); $empr_login = preg_replace('/[^a-z0-9\\.]/', '', $empr_login); $pb = 1; $num_login = 1; while ($pb == 1) { $requete = "SELECT empr_login FROM empr WHERE empr_login='******' AND empr_nom <> '{$nom}' AND empr_prenom <> '{$prenom}' LIMIT 1 "; $res = mysql_query($requete, $dbh); $nbr_lignes = mysql_num_rows($res); if ($nbr_lignes) { $empr_login .= $num_login; $num_login++; } else { $pb = 0; } } return $empr_login; }
/** * Build out the chart for the sales rep view in the forecast module * * @param ServiceBase $api The Api Class * @param array $args Service Call Arguments * @return mixed */ public function chart($api, $args) { $args['timeperiod_id'] = clean_string($args['timeperiod_id']); $args['user_id'] = clean_string($args['user_id']); $args['group_by'] = !isset($args['group_by']) ? "forecast" : $args['group_by']; // default to the Individual Code $file = 'include/SugarForecasting/Chart/Individual.php'; $klass = 'SugarForecasting_Chart_Individual'; // test to see if we need to display the manager if ((bool) $args['display_manager'] && User::isManager($api->user->id)) { // we have a manager view, pull in the manager classes $file = 'include/SugarForecasting/Chart/Manager.php'; $klass = 'SugarForecasting_Chart_Manager'; } // check for a custom file exists SugarAutoLoader::requireWithCustom($file); $klass = SugarAutoLoader::customClass($klass); // create the class /* @var $obj SugarForecasting_Chart_AbstractChart */ $obj = new $klass($args); return $obj->process(); }
/** * Get Sugar REST class name for input/return type * * @param string $name * @return string */ protected function _getTypeName($name) { if (empty($name)) { return 'SugarRest'; } $name = clean_string($name, 'ALPHANUM'); $type = ''; switch (strtolower($name)) { case 'json': $type = 'JSON'; break; case 'rss': $type = 'RSS'; break; case 'serialize': $type = 'Serialize'; break; } $classname = "SugarRest{$type}"; if (!file_exists('service/core/REST/' . $classname . '.php')) { return 'SugarRest'; } return $classname; }
/** * Export API * * @param $api ServiceBase The API class of the request, used in cases where the API changes how the fields are pulled from the args array. * @param $args array The arguments array passed in from the API * @return String */ public function export(ServiceBase $api, array $args) { $seed = BeanFactory::newBean($args['module']); if (!$seed->ACLAccess('export')) { throw new SugarApiExceptionNotAuthorized($GLOBALS['app_strings']['ERR_EXPORT_DISABLED']); } ob_start(); global $sugar_config; global $current_user; global $app_list_strings; $theModule = clean_string($args['module']); if ($sugar_config['disable_export'] || !empty($sugar_config['admin_export_only']) && !(is_admin($current_user) || ACLController::moduleSupportsACL($theModule) && ACLAction::getUserAccessLevel($current_user->id, $theModule, 'access') == ACL_ALLOW_ENABLED && (ACLAction::getUserAccessLevel($current_user->id, $theModule, 'admin') == ACL_ALLOW_ADMIN || ACLAction::getUserAccessLevel($current_user->id, $theModule, 'admin') == ACL_ALLOW_ADMIN_DEV))) { throw new SugarApiExceptionNotAuthorized($GLOBALS['app_strings']['ERR_EXPORT_DISABLED']); } //check to see if this is a request for a sample or for a regular export if (!empty($args['sample'])) { //call special method that will create dummy data for bean as well as insert standard help message. $content = exportSampleFromApi($args); } else { $content = exportFromApi($args); } $filename = $args['module']; //use label if one is defined if (!empty($app_list_strings['moduleList'][$args['module']])) { $filename = $app_list_strings['moduleList'][$args['module']]; } //strip away any blank spaces $filename = str_replace(' ', '', $filename); if (isset($args['members']) && $args['members'] == true) { $filename .= '_' . 'members'; } /////////////////////////////////////////////////////////////////////////////// //// BUILD THE EXPORT FILE ob_end_clean(); return $this->doExport($api, $filename, $content); }
$error_message .= 'The Last Name you entered does not appear to be valid.<br />'; } if (strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type", "bcc:", "to:", "cc:", "href"); return str_replace($bad, "", $string); } $email_message .= "First Name: " . clean_string($first_name) . "\n"; $email_message .= "Last Name: " . clean_string($last_name) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Telephone: " . clean_string($telephone) . "\n"; $email_message .= "Comments: " . clean_string($comments) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); ?> <!-- place your own success html below --> Thank you for contacting us. We will be in touch with you very soon. <?php } die;
function clean_incoming_data() { global $sugar_config; if (get_magic_quotes_gpc() == 1) { $req = array_map("preprocess_param", $_REQUEST); $post = array_map("preprocess_param", $_POST); $get = array_map("preprocess_param", $_GET); } else { $req = array_map("securexss", $_REQUEST); $post = array_map("securexss", $_POST); $get = array_map("securexss", $_GET); } // PHP cannot stomp out superglobals reliably foreach ($post as $k => $v) { $_POST[$k] = $v; } foreach ($get as $k => $v) { $_GET[$k] = $v; } foreach ($req as $k => $v) { $_REQUEST[$k] = $v; //ensure the keys are safe as well securexsskey($k); } // Any additional variables that need to be cleaned should be added here if (isset($_REQUEST['login_theme'])) { clean_string($_REQUEST['login_theme']); } if (isset($_REQUEST['login_module'])) { clean_string($_REQUEST['login_module']); } if (isset($_REQUEST['login_action'])) { clean_string($_REQUEST['login_action']); } if (isset($_REQUEST['login_language'])) { clean_string($_REQUEST['login_language']); } if (isset($_REQUEST['action'])) { clean_string($_REQUEST['action']); } if (isset($_REQUEST['module'])) { clean_string($_REQUEST['module']); } if (isset($_REQUEST['record'])) { clean_string($_REQUEST['record'], 'STANDARDSPACE'); } if (isset($_SESSION['authenticated_user_theme'])) { clean_string($_SESSION['authenticated_user_theme']); } if (isset($_SESSION['authenticated_user_language'])) { clean_string($_SESSION['authenticated_user_language']); } if (isset($_REQUEST['language'])) { clean_string($_REQUEST['language']); } if (isset($sugar_config['default_theme'])) { clean_string($sugar_config['default_theme']); } if (isset($_REQUEST['offset'])) { clean_string($_REQUEST['offset']); } if (isset($_REQUEST['stamp'])) { clean_string($_REQUEST['stamp']); } if (isset($_REQUEST['lvso'])) { set_superglobals('lvso', strtolower($_REQUEST['lvso']) === 'desc' ? 'desc' : 'asc'); } // Clean "offset" and "order_by" parameters in URL foreach ($_REQUEST as $key => $val) { if (str_end($key, "_offset")) { clean_string($_REQUEST[$key], "ALPHANUM"); // keep this ALPHANUM for disable_count_query set_superglobals($key, $_REQUEST[$key]); } elseif (str_end($key, "_ORDER_BY")) { clean_string($_REQUEST[$key], "SQL_COLUMN_LIST"); set_superglobals($key, $_REQUEST[$key]); } } return 0; }
/** * Given a list of modules to search and a search string, return the id, module_name, along with the fields * We will support Accounts, Bug Tracker, Cases, Contacts, Leads, Opportunities, Project, ProjectTask, Quotes * * @param string $session - Session ID returned by a previous call to login. * @param string $search_string - string to search * @param string[] $modules - array of modules to query * @param int $offset - a specified offset in the query * @param int $max_results - max number of records to return * @param string $assigned_user_id - a user id to filter all records by, leave empty to exclude the filter * @param string[] $select_fields - An array of fields to return. If empty the default return fields will be from the active list view defs. * @param bool $unified_search_only - A boolean indicating if we should only search against those modules participating in the unified search. * @param bool $favorites - A boolean indicating if we should only search against records marked as favorites. * @return Array return_search_result - Array('Accounts' => array(array('name' => 'first_name', 'value' => 'John', 'name' => 'last_name', 'value' => 'Do'))) * @exception 'SoapFault' -- The SOAP error, if any */ function search_by_module($session, $search_string, $modules, $offset, $max_results, $assigned_user_id = '', $select_fields = array(), $unified_search_only = TRUE, $favorites = FALSE) { $GLOBALS['log']->info('Begin: SugarWebServiceImpl->search_by_module'); global $beanList, $beanFiles; global $sugar_config, $current_language; $error = new SoapError(); $output_list = array(); if (!self::$helperObject->checkSessionAndModuleAccess($session, 'invalid_session', '', '', '', $error)) { $error->set_error('invalid_login'); $GLOBALS['log']->error('End: SugarWebServiceImpl->search_by_module - FAILED on checkSessionAndModuleAccess'); return; } global $current_user; if ($max_results > 0) { $sugar_config['list_max_entries_per_page'] = $max_results; } require_once 'modules/Home/UnifiedSearchAdvanced.php'; require_once 'include/utils.php'; $usa = new UnifiedSearchAdvanced(); if (!file_exists($cachefile = sugar_cached('modules/unified_search_modules.php'))) { $usa->buildCache(); } include $cachefile; $modules_to_search = array(); $unified_search_modules['Users'] = array('fields' => array()); $unified_search_modules['ProjectTask'] = array('fields' => array()); //If we are ignoring the unified search flag within the vardef we need to re-create the search fields. This allows us to search //against a specific module even though it is not enabled for the unified search within the application. if (!$unified_search_only) { foreach ($modules as $singleModule) { if (!isset($unified_search_modules[$singleModule])) { $newSearchFields = array('fields' => self::$helperObject->generateUnifiedSearchFields($singleModule)); $unified_search_modules[$singleModule] = $newSearchFields; } } } foreach ($unified_search_modules as $module => $data) { if (in_array($module, $modules)) { $modules_to_search[$module] = $beanList[$module]; } // if } // foreach $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - search string = ' . $search_string); if (!empty($search_string) && isset($search_string)) { $search_string = trim($GLOBALS['db']->quote(securexss(from_html(clean_string($search_string, 'UNIFIED_SEARCH'))))); foreach ($modules_to_search as $name => $beanName) { $where_clauses_array = array(); $unifiedSearchFields = array(); foreach ($unified_search_modules[$name]['fields'] as $field => $def) { $unifiedSearchFields[$name][$field] = $def; $unifiedSearchFields[$name][$field]['value'] = $search_string; } require_once $beanFiles[$beanName]; $seed = new $beanName(); require_once 'include/SearchForm/SearchForm2.php'; if ($beanName == "User" || $beanName == "ProjectTask") { if (!self::$helperObject->check_modules_access($current_user, $seed->module_dir, 'read')) { continue; } // if if (!$seed->ACLAccess('ListView')) { continue; } // if } if ($beanName != "User" && $beanName != "ProjectTask") { $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); require_once 'include/SearchForm/SearchForm2.php'; $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); $emailQuery = false; $where = ''; if (count($where_clauses) > 0) { $where = '(' . implode(' ) OR ( ', $where_clauses) . ')'; } $mod_strings = return_module_language($current_language, $seed->module_dir); if (count($select_fields) > 0) { $filterFields = $select_fields; } else { if (file_exists('custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php')) { require_once 'custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } else { require_once 'modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } $filterFields = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $filterFields[] = strtolower($colName); } } if (!in_array('id', $filterFields)) { $filterFields[] = 'id'; } } //Pull in any db fields used for the unified search query so the correct joins will be added $selectOnlyQueryFields = array(); foreach ($unifiedSearchFields[$name] as $field => $def) { if (isset($def['db_field']) && !in_array($field, $filterFields)) { $filterFields[] = $field; $selectOnlyQueryFields[] = $field; } } //Add the assigned user filter if applicable if (!empty($assigned_user_id) && isset($seed->field_defs['assigned_user_id'])) { $ownerWhere = $seed->getOwnerWhere($assigned_user_id); $where = "({$where}) AND {$ownerWhere}"; } if ($beanName == "Employee") { $where = "({$where}) AND users.deleted = 0 AND users.is_group = 0 AND users.employee_status = 'Active'"; } $list_params = array(); $ret_array = $seed->create_new_list_query('', $where, $filterFields, $list_params, 0, '', true, $seed, true); if (empty($params) or !is_array($params)) { $params = array(); } if (!isset($params['custom_select'])) { $params['custom_select'] = ''; } if (!isset($params['custom_from'])) { $params['custom_from'] = ''; } if (!isset($params['custom_where'])) { $params['custom_where'] = ''; } if (!isset($params['custom_order_by'])) { $params['custom_order_by'] = ''; } $main_query = $ret_array['select'] . $params['custom_select'] . $ret_array['from'] . $params['custom_from'] . $ret_array['where'] . $params['custom_where'] . $ret_array['order_by'] . $params['custom_order_by']; } else { if ($beanName == "User") { $filterFields = array('id', 'user_name', 'first_name', 'last_name', 'email_address'); $main_query = "select users.id, ea.email_address, users.user_name, first_name, last_name from users "; $main_query = $main_query . " LEFT JOIN email_addr_bean_rel eabl ON eabl.bean_module = '{$seed->module_dir}'\n LEFT JOIN email_addresses ea ON (ea.id = eabl.email_address_id) "; $main_query = $main_query . "where ((users.first_name like '{$search_string}') or (users.last_name like '{$search_string}') or (users.user_name like '{$search_string}') or (ea.email_address like '{$search_string}')) and users.deleted = 0 and users.is_group = 0 and users.employee_status = 'Active'"; } // if if ($beanName == "ProjectTask") { $filterFields = array('id', 'name', 'project_id', 'project_name'); $main_query = "select {$seed->table_name}.project_task_id id,{$seed->table_name}.project_id, {$seed->table_name}.name, project.name project_name from {$seed->table_name} "; $seed->add_team_security_where_clause($main_query); $main_query .= "LEFT JOIN teams ON {$seed->table_name}.team_id=teams.id AND (teams.deleted=0) "; $main_query .= "LEFT JOIN project ON {$seed->table_name}.project_id = project.id "; $main_query .= "where {$seed->table_name}.name like '{$search_string}%'"; } // if } // else $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - query = ' . $main_query); if ($max_results < -1) { $result = $seed->db->query($main_query); } else { if ($max_results == -1) { $limit = $sugar_config['list_max_entries_per_page']; } else { $limit = $max_results; } $result = $seed->db->limitQuery($main_query, $offset, $limit + 1); } $rowArray = array(); while ($row = $seed->db->fetchByAssoc($result)) { $nameValueArray = array(); foreach ($filterFields as $field) { if (in_array($field, $selectOnlyQueryFields)) { continue; } $nameValue = array(); if (isset($row[$field])) { $nameValueArray[$field] = self::$helperObject->get_name_value($field, $row[$field]); } // if } // foreach $rowArray[] = $nameValueArray; } // while $output_list[] = array('name' => $name, 'records' => $rowArray); } // foreach $GLOBALS['log']->info('End: SugarWebServiceImpl->search_by_module'); return array('entry_list' => $output_list); } // if return array('entry_list' => $output_list); }
function update($nom, $comment, $id_pclass = 0) { global $dbh; global $msg; global $include_path; global $thesaurus_classement_mode_pmb, $thesaurus_classement_defaut; global $thesaurus_concepts_active; if (!$nom) { return false; } // nettoyage de la chaîne en entrée $nom = clean_string($nom); if ($thesaurus_classement_mode_pmb == 0 || $id_pclass == 0) { $id_pclass = $thesaurus_classement_defaut; } $requete = "SET indexint_name='{$nom}', "; $requete .= "indexint_comment='{$comment}', "; $requete .= "num_pclass='{$id_pclass}', "; $requete .= "index_indexint=' " . strip_empty_words($nom . " " . $comment) . " '"; if ($this->indexint_id) { // update $requete = 'UPDATE indexint ' . $requete; $requete .= ' WHERE indexint_id=' . $this->indexint_id . ' LIMIT 1;'; if (pmb_mysql_query($requete, $dbh)) { $aut_link = new aut_link(AUT_TABLE_INDEXINT, $this->indexint_id); $aut_link->save_form(); $aut_pperso = new aut_pperso("indexint", $this->indexint_id); $aut_pperso->save_form(); indexint::update_index($this->indexint_id); audit::insert_modif(AUDIT_INDEXINT, $this->indexint_id); } else { require_once "{$include_path}/user_error.inc.php"; warning($msg[indexint_update], $msg[indexint_unable]); return FALSE; } } else { // création : s'assurer que le nom n'existe pas déjà $dummy = "SELECT * FROM indexint WHERE indexint_name = '" . $nom . "' and num_pclass='" . $id_pclass . "' LIMIT 1 "; $check = pmb_mysql_query($dummy, $dbh); if (pmb_mysql_num_rows($check)) { require_once "{$include_path}/user_error.inc.php"; warning($msg[indexint_create], $msg[indexint_exists]); return FALSE; } $requete = 'INSERT INTO indexint ' . $requete . ';'; if (pmb_mysql_query($requete, $dbh)) { $this->indexint_id = pmb_mysql_insert_id(); $aut_link = new aut_link(AUT_TABLE_INDEXINT, $this->indexint_id); $aut_link->save_form(); $aut_pperso = new aut_pperso("indexint", $this->indexint_id); $aut_pperso->save_form(); audit::insert_creation(AUDIT_INDEXINT, $this->indexint_id); } else { require_once "{$include_path}/user_error.inc.php"; warning($msg[indexint_create], $msg[indexint_unable_create]); return FALSE; } } // Indexation concepts if ($thesaurus_concepts_active == 1) { $index_concept = new index_concept($this->indexint_id, TYPE_INDEXINT); $index_concept->save(); } // Mise à jour des vedettes composées contenant cette autorité vedette_composee::update_vedettes_built_with_element($this->indexint_id, "indexint"); return TRUE; }
} //If there were any errors, call the function to display errors if (strlen($error_message) > 0) { displayError($error_message); } //Construct the email message $email_to = "rie1211@gmail.com,josh.d.henry@gmail.com"; $email_subject = "A wedding guest has made a reservation!"; $email_message = "Form details below.\n\n"; $email_message .= "Name: " . clean_string($name) . "\n"; $email_message .= "Email: " . clean_string($email_from) . "\n"; $email_message .= "Will attend: " . clean_string($willAttend) . "\n"; $email_message .= "Total attending: " . clean_string($totalAttending) . "\n"; $email_message .= "How many over age 21?: " . clean_string($over21) . "\n"; $email_message .= "How many under age 12?: " . clean_string($under12) . "\n"; $email_message .= "Questions, comments, or dietary restrictions: " . clean_string($comments) . "\n"; //Create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); //Send email mail($email_to, $email_subject, $email_message); ?> <!-- success html below --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=us-ascii" /> <meta name="description" content= "Enter your description here so that you can take advantage of search engine optimization." /> <meta name="keywords" content= "keywords, are, always, good, to have, and use, so that, you are, seen in the, search engines, and people, will come, to your, web site, then buy, what you, are selling, or saying" /> <meta name="author" content="Josh Henry" /> <link rel="stylesheet" type="text/css" href="style.css" media="all" /> <title>