public static function generateProjectCheckList($selected = array()) { if (!is_array($selected)) { return FALSE; } $allProjects = projects::getProjects(); $output = ""; foreach ($allProjects as $project) { $output .= sprintf('<li><label class="checkbox" for="%s"><input type="checkbox" id="%s" name="projects[]" value="%s"%s> %s</label></li>', htmlSanitize("project_" . $project['ID']), htmlSanitize("project_" . $project['ID']), htmlSanitize($project['ID']), in_array($project['ID'], $selected) ? " checked" : "", htmlSanitize($project['projectName'])); } return "<ul class='checkboxList'>{$output}</ul>"; }
public static function validate($type, $data, $extraData = NULL) { if (in_array($type, self::getValidationTypes())) { if (strtolower($type) === 'regexp' && validate::regexp($extraData, $data)) { return TRUE; } else { if (method_exists("validate", $type) && validate::$type($data)) { return TRUE; } } } errorHandle::errorMsg("Entry, " . htmlSanitize($data) . ", is not valid."); return FALSE; }
public static function buildProjectNavigation($formID) { if (($form = forms::get($formID)) === FALSE) { return FALSE; } localvars::add("formID", htmlSanitize($formID)); $output = ""; $currentGroup = ""; if (!is_array($form['navigation'])) { return $output; } foreach ($form['navigation'] as $item) { // deal with field sets if ($item['grouping'] != $currentGroup) { if ($currentGroup != "") { $output .= "</ul></li>"; } if (!is_empty($item['grouping'])) { $output .= sprintf('<li><strong>%s</strong><ul>', $item['grouping']); } $currentGroup = $item['grouping']; } $output .= "<li>"; if ($item['type'] == "logout") { $output .= sprintf('<a href="%s">%s</a>', htmlSanitize($item['url']), htmlSanitize($item['label'])); } else { if ($item['type'] == "link") { $item['url'] = preg_replace("/{siteRoot}/", mfcs::config("siteRoot"), $item['url']); $output .= sprintf('<a href="%s">%s</a>', htmlSanitize($item['url']), htmlSanitize($item['label'])); } else { if ($item['type'] == "objectForm" || $item['type'] == "metadataForm") { $form = forms::get($item['formID']); $output .= sprintf('<a href="" data-formID="%s" data-header="%s" data-toggle="modal" class="metadataObjectEditor">%s</a>', htmlSanitize($item['formID']), htmlSanitize($item['label']), htmlSanitize(!empty($form['displayTitle']) ? $form['displayTitle'] : (!empty($form['title']) ? $form['title'] : '[No form title]'))); } else { $output .= sprintf('%s', htmlSanitize($item['label'])); } } } $output .= "</li>"; } return $output; }
<?php require_once "../includes/engine.php"; $localvars->set('user', htmlSanitize(session::get('username'))); templates::display('header'); ?> <section id="{local var="tracker"}" class="wrapper"> <div class="container"> <div class="row"> <div class="picture" style="padding:30px !important;"> <img src="/includes/img/oatmeal.png" alt="computer stuff" /> <p class="micro-text"> Credit: The Oatmeal </p> </div> <div class="intro"> <h2> Views! </h2> <p> The part of the web application that everybody sees. These should be kept mostly logic free and involve use a variety of different HTML templating setups to make them easy to maintain. Views are where designers and developers really get to see the hard work that they are doing and is the main part of the application that a user will see. Your looking at a view now! </p> <h3> Jump To </h3> <a href="#lessons" class="btn-primary"> Lessons </a> <a href="#survey" class="btn-primary"> Survey </a> </div> </div> </div> </section> <section> <div class="container"> <div id="lessons" class="row"> <div class="meteor"> <div class="imgHeader"> <img class="meteorLogo" src="/includes/img/meteor.png" />
public static function buildEditTable($formID) { $form = self::get($formID); // Get all objects from this form $objects = objects::getAllObjectsForForm($formID); $objects = objects::sort($objects, $form['objectTitleField']); // If the data is too large, setup pagination if (sizeof($objects) > mfcs::config("metadataPageCount")) { $pagination = new pagination(sizeof($objects)); $pagination->itemsPerPage = mfcs::config("metadataPageCount"); $pagination->currentPage = isset(mfcs::$engine->cleanGet['MYSQL'][$pagination->urlVar]) ? mfcs::$engine->cleanGet['MYSQL'][$pagination->urlVar] : 1; $startPos = $pagination->itemsPerPage * ($pagination->currentPage - 1); $objects = array_slice($objects, $startPos, $pagination->itemsPerPage); } if (count($objects) > 0) { $headers = array(); $headers[] = "Delete"; foreach ($form['fields'] as $field) { $headers[] = $field['label']; } if (forms::isMetadataForm($formID) === TRUE) { $headers[] = "Search"; $headers[] = "Move"; } $tableRows = array(); for ($I = 0; $I < count($objects); $I++) { $temp = array(); $temp[] = sprintf('<input type="checkbox" name="delete[]" value="%s"', $objects[$I]['ID']); foreach ($form['fields'] as $field) { $temp[] = sprintf('<input type="%s" style="%s" name="%s_%s" value="%s" />', $field['type'], $field['style'], $field['name'], $objects[$I]['ID'], isset($objects[$I]['data'][$field['name']]) ? htmlSanitize($objects[$I]['data'][$field['name']]) : ""); } if (forms::isMetadataForm($formID) === TRUE) { $temp[] = sprintf('<a href="%sdataView/list.php?listType=metadataObjects&formID=%s&objectID=%s">Find Objects</a>', localvars::get('siteRoot'), htmlSanitize($formID), $objects[$I]['ID']); $temp[] = sprintf('<a href="%sdataEntry/move.php?objectID=%s">Move</a>', localvars::get('siteRoot'), $objects[$I]['ID']); } $tableRows[] = $temp; } $table = new tableObject("array"); $table->summary = "Object Listing"; $table->class = "tableObject table table-striped table-bordered"; $table->headers($headers); $output = ""; // Add in pagination bar if (isset($pagination)) { $output .= $pagination->nav_bar(); } $output .= sprintf('<form action="%s?formID=%s" method="%s" name="updateForm" data-formid="%s">', $_SERVER['PHP_SELF'], htmlSanitize($formID), "post", mfcs::$engine->openDB->escape($formID)); $output .= sessionInsertCSRF(); $output .= $table->display($tableRows); $output .= '<input type="submit" name="updateEdit" value="Update" class="btn" />'; $output .= "</form>"; // Add in pagination bar if (isset($pagination)) { $output .= $pagination->nav_bar(); } return $output; } else { return "No data entered for this Metadata Form."; } }
function htmlSanitizeInput() { htmlSanitize($_GET); htmlSanitize($_POST); //sanitize($_REQUEST); }
public static function availableUsersList($users) { if (!is_array($users)) { return FALSE; } $availableUsersList = '<option value="null">Select a User</option>'; foreach ($users as $row) { $name = array(); if (!is_empty($row['lastname'])) { $name[] = htmlSanitize($row['lastname']); } if (!is_empty($row['firstname'])) { $name[] = htmlSanitize($row['firstname']); } $availableUsersList .= sprintf('<option value="%s">%s (%s)</option>', htmlSanitize($row['ID']), implode(", ", $name), htmlSanitize($row['username'])); } return $availableUsersList; }
} } } } catch (Exception $e) { errorHandle::errorMsg($e->getMessage()); } // Get List of existing watermarks $sql = sprintf("SELECT * FROM `watermarks` ORDER BY `name`"); $sqlResult = $engine->openDB->query($sql); if ($sqlResult['result']) { $tmp = NULL; while ($row = mysql_fetch_array($sqlResult['result'], MYSQL_ASSOC)) { try { $i = new Imagick(); $i->readImageBlob($row['data']); $tmp .= sprintf('<li><a href="?id=%s">%s<br><img src="data:image/%s;base64,%s"></a></li>', htmlSanitize($row['ID']), htmlSanitize($row['name']), strtolower($i->getImageFormat()), base64_encode($row['data'])); } catch (Exception $e) { errorHandle::newError("readImageBlob failed - {$e->getMessage()}", errorHandle::HIGH); errorHandle::errorMsg("Failed to load watermark."); } } localVars::add("existingWatermarks", $tmp); unset($tmp); } // Get List of existing watermarks if (!isnull($ID)) { localVars::add("headerText", "Update Watermark"); localVars::add("submitBtn", '<button type="submit" name="update" class="btn">Update</button><button type="submit" name="delete" class="btn">Delete</button>'); $sql = sprintf("SELECT * FROM `watermarks` WHERE ID='%s' LIMIT 1", $engine->openDB->escape($ID)); $sqlResult = $engine->openDB->query($sql); if ($sqlResult['result']) {
} catch (Exception $e) { errorHandle::errorMsg($e->getMessage()); } } // Build the list of users for the form permissions select boxes $selectedEntryUsers = ""; $selectedViewUsers = ""; $selectedUsersAdmins = ""; if (isset($engine->cleanGet['MYSQL']['id']) && !isempty($engine->cleanGet['MYSQL']['id'])) { $sql = sprintf("SELECT permissions.type, users.status, users.firstname, users.lastname, users.username, users.ID as userID FROM permissions LEFT JOIN users ON permissions.userID=users.ID WHERE permissions.formID='%s'", $engine->cleanGet['MYSQL']['id']); $sqlResult = $engine->openDB->query($sql); if (!$sqlResult['result']) { throw new Exception("MySQL Error - getting permissions ({$sqlResult['error']})"); } while ($row = mysql_fetch_array($sqlResult['result'], MYSQL_ASSOC)) { $optionHTML = sprintf('<option value="%s">%s, %s (%s)</option>', htmlSanitize($row['userID']), htmlSanitize($row['lastname']), htmlSanitize($row['firstname']), htmlSanitize($row['username'])); switch ($row['type']) { case mfcs::AUTH_VIEW: $selectedViewUsers .= $optionHTML; break; case mfcs::AUTH_ENTRY: $selectedEntryUsers .= $optionHTML; break; case mfcs::AUTH_ADMIN: $selectedUsersAdmins .= $optionHTML; break; } } } localvars::add("selectedEntryUsers", $selectedEntryUsers); localvars::add("selectedViewUsers", $selectedViewUsers);