Esempio n. 1
0
 public function testXSS()
 {
     if (!class_exists('DOMDocument')) {
         $this->markTestSkipped('Test skipped');
         return;
     }
     $str = '<strong style="color:blue">Click</strong><div>name</div>';
     $filter = new Phalcon\Filter();
     $ret = $filter->sanitize('<strong style="color:blue" onclick="alert(\'clicked\')">Click</strong><div style="color:expression(1+1)">name</div>', 'xssclean');
     $this->assertEquals($ret, $str);
     $ret = $filter->sanitize('1.1111', 'int!');
     $this->assertTrue(is_int($ret));
     $ret = $filter->sanitize('1.1111', 'float!');
     $this->assertTrue(is_float($ret));
     $ret = $filter->sanitize('-1.1111', 'abs');
     $this->assertTrue($ret === 1.1111);
 }
Esempio n. 2
0
/**
 * Get latest tagged images
 */
$app->get('/images/latest', function () use($app) {
    $url = $app->getDI()->get('imageLocation');
    $sql = 'select distinct(images.id), CONCAT("' . $url . '",images.id,"_thumb.jpg") as url from images left join images_tags ON images.id = images_tags.image_id order by images_tags.created DESC limit 30';
    $resultSet = $app->getDI()->get('db')->query($sql);
    $resultSet->setFetchMode(Phalcon\Db::FETCH_ASSOC);
    echo json_encode($resultSet->fetchAll());
});
/**
 * Set image tags
 */
$app->post('/image/metadata/{id:[0-9]+}', function ($id) use($app) {
    $request = new Phalcon\Http\Request();
    $filter = new Phalcon\Filter();
    $user = new Users();
    $data = $request->getPost('tags', null, false);
    $image = Images::findFirst("id = '" . $id . "'");
    $tags = [];
    /**
     * Save each tag
     * This is done by:
     * 1) Getting/creating the tag
     * 2) Creating an imageTag
     * 3) Saving the imageTag
     */
    foreach ($data as $tagRow) {
        $name = $filter->sanitize($tagRow['name'], 'string');
        //Get tag if it exists already
        $tag = Tags::findFirst("name = '" . $name . "' AND category_id = '" . $tagRow['category_id'] . "'");
Esempio n. 3
0
<?php

require_once __DIR__ . '/../app/bootstrap.php';
$di->set('filter', function () {
    $filter = new Phalcon\Filter();
    $filter->add('string', function ($value) {
        return '' . $value;
        /* is_string($value) ? $value : ''; */
    });
    $filter->add('uint', function ($value) {
        return is_scalar($value) && preg_match('/^[0-9]+$/iD', $value) && $value >= 0 ? $value : 0;
    });
    $filter->add('array', function ($value) {
        return is_array($value) ? $value : [];
    });
    $filter->add('intbool', function ($value) {
        return empty($value) ? 0 : 1;
    });
    return $filter;
}, true);
$di->set('request', new Phalcon\Http\Request());
$di->set('router', function () use($di) {
    $router = new \Phalcon\Mvc\Router();
    return $router;
}, true);
$di->set('flash', function () {
    return new Phalcon\Flash\Session(['error' => 'alert alert-danger', 'success' => 'alert alert-success', 'notice' => 'alert alert-info', 'warning' => 'alert alert-warning']);
});
$di->set('session', function () use($di) {
    $class = Config::instance()->session->class;
    session_name(Config::instance()->session->name);
Esempio n. 4
0
 private function definirVariablesCommunes()
 {
     $this->view->setVar("version", $this->config->application->version);
     $this->view->setVar("apps", "js/app");
     $this->view->setVar("widgets", "js/widgets");
     $configClient = $this->config->navigateur;
     $configClient->uri = $this->config->uri;
     $this->view->setVar("configClient", $configClient);
     global $application;
     $libelleProfil = '';
     $user = '';
     $count = 0;
     $application->getDI()->getSession()->set('page', '../' . $application->getDi()['router']->getRewriteUri());
     if ($application->getDI()->getSession()->has("info_utilisateur")) {
         if ($application->getDI()->getSession()->get("info_utilisateur")->identifiant) {
             $user = $application->getDI()->getSession()->get("info_utilisateur")->identifiant;
             $idProfil = $application->getDI()->getSession()->get("info_utilisateur")->profilActif;
             if (isset($application->getDI()->getSession()->get("info_utilisateur")->profils)) {
                 $count = count($application->getDI()->getSession()->get("info_utilisateur")->profils);
                 foreach ($application->getDI()->getSession()->get("info_utilisateur")->profils as $value) {
                     if ($value['id'] == $idProfil) {
                         $libelleProfil = $value['libelle'];
                         break;
                     }
                 }
             }
             if ($libelleProfil === '') {
                 $count = 0;
             }
         }
     }
     $this->view->setVar("profil", $libelleProfil);
     $this->view->setVar("utilisateur", $user);
     $this->view->setVar("nbProfil", $count);
     if ($this->request->get('url') || $this->request->get('URL')) {
         $filter = new \Phalcon\Filter();
         $filter->add('url', function ($value) {
             filter_var($value, FILTER_SANITIZE_URL);
         });
         $url = $this->request->get('url') ? $this->request->get('url') : $this->request->get('URL');
         $layers = $this->request->get('layers') ? $this->request->get('layers', 'string') : $this->request->get('LAYERS', 'string');
         if ($layers == null && strrpos($url, 'layers') !== false) {
             $layers = substr($url, strrpos($url, 'layers') + 7);
             $url = substr($url, 0, strrpos($url, 'layers'));
         }
         if ($layers == null && strrpos($url, 'LAYERS') !== false) {
             $layers = substr($url, strrpos($url, 'LAYERS') + 7);
             $url = substr($url, 0, strrpos($url, 'LAYERS'));
         }
         $filter->sanitize($url, 'url');
         $active = $layers == null ? 'false' : 'true';
         $fonctionCallback = "function(e){\n                    var coucheWMS = new Igo.Couches.WMS(\n                        {\n                            url:'{$url}', \n                            nom:'{$layers}',\n                            fond:false,\n                            active:{$active},\n                            mode: 'getCapabilities'\n                        }\n                    );\n                    Igo.nav.carte.gestionCouches.ajouterCouche(coucheWMS);\n                };";
         $this->view->setVar("callbackInitIGO", $fonctionCallback);
     } else {
         $this->view->setVar("callbackInitIGO", 'null');
     }
 }
Esempio n. 5
0
 /**
  * Reimports an old revision, creating a new revision with the old contents of the old revision in the process.
  */
 public function reimportAction()
 {
     $id = (int) $this->dispatcher->getParam('id');
     $revision = (int) $this->dispatcher->getParam('revision');
     $oldRevision = Versions::findFirst(array('page_id = :id: AND version = :revision:', 'bind' => array('id' => $id, 'revision' => $revision)));
     $page = Pages::findFirst($id);
     if ($page === false) {
         return $this->dispatcher->forward(array('action' => 'error404'));
     }
     if ($oldRevision === false) {
         return $this->dispatcher->forward(array('action' => 'error404'));
     }
     $filter = new \Phalcon\Filter();
     $page->content = $filter->sanitize($oldRevision->content, array('trim'));
     $page->update();
     $curVersion = Versions::maximum(array("column" => "version", "conditions" => "page_id = :id:", "bind" => array('id' => $id)));
     $version = new Versions();
     $version->page_id = $page->id;
     $version->content = $page->content;
     $version->version = $curVersion + 1;
     $version->create();
     $this->viewCache->delete('page-' . $page->id);
     $this->modelsCache->delete('page-' . $page->title);
     $this->flash->success("The changes have been saved!");
     return $this->response->redirect("page/" . $page->title);
 }
Esempio n. 6
0
 /**
  * Set the filter service
  *
  * @return void
  */
 protected function filter()
 {
     $this->_di->set('filter', function () {
         $filter = new \Phalcon\Filter();
         $filter->add('repeat', new Extension\Repeat());
         $filter->add('escape', new Extension\Escape());
         return $filter;
     });
 }
Esempio n. 7
0
function transaction($data)
{
    $filter = new \Phalcon\Filter();
    $results = array();
    $services = getServices();
    if (isset($data["layer"])) {
        $layer = $filter->sanitize($data["layer"], array("string"));
        $srv = $services[$layer];
    }
    $connection = $srv->getConnection();
    $connection->begin();
    try {
        $errors = array();
        $warnings = array();
        if (isset($data["features"])) {
            $featureCollection = json_decode($data["features"]);
            foreach ($featureCollection->features as $feature) {
                if ($feature->action === "create") {
                    $result = $srv->createFeature($feature);
                } else {
                    if ($feature->action === "update") {
                        $result = $srv->updateFeature($feature);
                    } else {
                        if ($feature->action === "delete") {
                            $result = $srv->deleteFeature($feature);
                        } else {
                            throw new Exception("Action invalide ou indéfinit: " . $feature->action);
                        }
                    }
                }
                if ($result["result"] === "failure" && isset($result["error"])) {
                    $errors[$feature->no_seq] = $result["error"];
                } else {
                    if ($result["result"] === "failure" && isset($result["errors"])) {
                        $errors[$feature->no_seq] = $result["errors"];
                    } else {
                        if ($result["result"] === "warning") {
                            $warnings[$feature->no_seq] = $result["warning"];
                        }
                    }
                }
                $srv->reset();
            }
        }
        if (count($errors) > 0 || count($warnings) > 0) {
            $connection->rollback();
            return array("result" => "failure", "errors" => $errors, "warnings" => $warnings);
        }
        $connection->commit();
    } catch (\Exception $e) {
        $connection->rollback();
        throw $e;
    }
    return array("result" => "success");
}
Esempio n. 8
0
 /**
  * unlock package
  * @param string $pkg_name package name to unlock
  * @return array status
  * @throws \Exception
  */
 public function unlockAction($pkg_name)
 {
     $backend = new Backend();
     $response = array();
     if ($this->request->isPost()) {
         $response['status'] = 'ok';
         // sanitize package name
         $filter = new \Phalcon\Filter();
         $filter->add('pkgname', function ($value) {
             return preg_replace('/[^0-9a-zA-Z-_]/', '', $value);
         });
         $pkg_name = $filter->sanitize($pkg_name, "pkgname");
         // execute action
         $response['msg_uuid'] = trim($backend->configdpRun("firmware unlock", array($pkg_name), true));
     } else {
         $response['status'] = 'failure';
     }
     return $response;
 }
Esempio n. 9
0
});
$di->setShared('response', function () {
    $response = new \Phalcon\Http\Response();
    return $response;
});
//注入DB服务
$di->setShared('gcoperator', function () use($di) {
    $dbclass = '\\Phalcon\\Db\\Adapter\\Pdo\\' . $di['config']->v3opDB->driver;
    return new $dbclass(array('host' => $di['config']->v3opDB->host, 'username' => $di['config']->v3opDB->username, 'password' => $di['config']->v3opDB->password, 'dbname' => $di['config']->v3opDB->database, 'charset' => $di['config']->v3opDB->charset));
});
//注入sphinx 服务
$di->setShared('sphinxCon', function () use($di) {
    $conn = new \Foolz\SphinxQL\Connection();
    $conn->setParams(array('host' => $di['config']->sphinx->host, 'port' => intval($di['config']->sphinx->port)));
    return $conn;
});
$di->setShared('filter', function () {
    $filter = new \Phalcon\Filter();
    $filter->add('price', function ($value) {
        return round(abs($value), 2);
    });
    return $filter;
});
$di->set('memObj', function () use($di) {
    $mcObj = new \Xz\Lib\Memcached($di['config']->memcommon);
    return $mcObj;
});
$di->set('request', function () {
    $request = new \Phalcon\Http\Request();
    return $request;
});
Esempio n. 10
0
<?php

$filter = new \Phalcon\Filter();
//Using an anonymous function
$filter->add('md5', function ($value) {
    return preg_replace('/[^0-9a-f]/', '', $value);
});
//Sanitize with the "md5" filter
$filtered = $filter->sanitize($possibleMd5, "md5");
Esempio n. 11
0
<?php

class IPv4Filter
{
    public function filter($value)
    {
        return filter_var($value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
    }
}
$filter = new \Phalcon\Filter();
//Using an object
$filter->add('ipv4', new IPv4Filter());
//Sanitize with the "ipv4" filter
$filteredIp = $filter->sanitize("127.0.0.1", "ipv4");
 /**
  * @return mixed
  */
 public function getExpectedFieldB()
 {
     $filter = new \Phalcon\Filter();
     $value = $filter->sanitize($this->fieldB, 'email');
     return $filter->sanitize($value, 'upper');
 }
Esempio n. 13
0
<?php

$filter = new \Phalcon\Filter();
// returns "*****@*****.**"
$filter->sanitize("some(one)@exa\\mple.com", "email");
// returns "hello"
$filter->sanitize("hello<<", "string");
// returns "100019"
$filter->sanitize("!100a019", "int");
// returns "100019.01"
$filter->sanitize("!100a019.01a", "float");
Esempio n. 14
0
 /**
  * Filters a value
  *
  * @param	string $paramValue
  * @return	mixed
  */
 protected function filter($paramValue, $filters)
 {
     $filter = new \Phalcon\Filter();
     return $filter->sanitize($paramValue, $filters);
 }
Esempio n. 15
0
function getLabelNameInformation($data)
{
    $filter = new \Phalcon\Filter();
    $services = getServices();
    if (isset($data["layer"])) {
        $layer = $filter->sanitize($data["layer"], array("string"));
        if (!isset($services[$layer])) {
            throw new Exception("Le service {$layer} n'est pas disponible.");
        }
        $srv = $services[$layer];
    }
    return $srv->getLabelName();
}
Esempio n. 16
0
<?php

// Manually applying the filter
$filter = new Phalcon\Filter();
$email = $filter->sanitize($_POST["user_email"], "email");
// Manually applying the filter to the value
$filter = new Phalcon\Filter();
$email = $filter->sanitize($request->getPost("user_email"), "email");
// Automatically applying the filter
$email = $request->getPost("user_email", "email");
// Setting a default value if the param is null
$email = $request->getPost("user_email", "email", "*****@*****.**");
// Setting a default value if the param is null without filtering
$email = $request->getPost("user_email", null, "*****@*****.**");
Esempio n. 17
0
 function wms_proxy($contexteId)
 {
     global $app;
     $httprequest = new Phalcon\Http\Request();
     $httprequest->setDI($app->getDI());
     //Possible sanitize filters: string, email, int, float, alphanum, striptags, trim, lower, upper
     $filter = new \Phalcon\Filter();
     if ($httprequest->isGet() || $httprequest->isPost()) {
         $datain = $httprequest->get();
         $data = array();
         foreach ($datain as $key => $value) {
             $data[strtoupper($key)] = $value;
         }
         $service = $filter->sanitize($data["SERVICE"], array("string", "upper"));
         $request = $filter->sanitize($data["REQUEST"], array("string", "upper"));
     } else {
         // TODO : Gérer l'erreur, on ne peut appeler un service wms en put ou en delete.
         error_log("not a get or a post?");
         return;
     }
     error_log("service: {$service}, request: {$request}");
     if ($service === "WMS") {
         $config = $app->getDI()->get("config");
         $mapserver = $config['mapserver']['host'] . $config['mapserver']['mapserver_path'] . $config['mapserver']['executable'];
         $contexte = IgoContexte::findFirst("id='{$contexteId}'");
         $map = $config['mapserver']['mapfileCacheDir'] . $config['mapserver']['contextesCacheDir'] . $contexte->code . ".map";
         $method = $httprequest->getMethod();
         $data = $httprequest->get();
         $data["MAP"] = $map;
         $response = null;
         switch ($request) {
             case "GETCAPABILITIES":
                 $response = proxy_request($mapserver, $data, $method);
                 // Devrait-on enlever les couches non permises en lecture de la réponse.? C'est probablement trop complexe...
                 break;
             case "GETMAP":
             case "GETFEATUREINFO":
             case "DESCRIBELAYER":
             case "GETLEGENDGRAPHIC":
                 $authentificationModule = obtenirAuthentificationModule();
                 if ($authentificationModule === null) {
                     $response = proxy_request($mapserver, $data, $method);
                 } else {
                     if (isset($data["LAYERS"])) {
                         $couches = explode(",", $data["LAYERS"]);
                     } else {
                         $couches = explode(",", $data["LAYER"]);
                     }
                     foreach ($couches as $couche) {
                         $igoVueContexteCoucheNavigateur = IgoVueContexteCoucheNavigateur::findFirst("mf_layer_name='{$couche}'");
                         $coucheContexte = array($igoVueContexteCoucheNavigateur);
                         if ($igoVueContexteCoucheNavigateur === false) {
                             $coucheContexte = IgoVueContexteCoucheNavigateur::find("mf_layer_group='{$couche}' and contexte_id='{$contexteId}'");
                         }
                         if (count($coucheContexte) === 0) {
                             // L'utilisateur essaie d'appeler la couche root du mapfile qui consiste à toutes les couches.
                             // Nous interdissons ce type d'appels pour le moment.
                             die("Forbidden");
                         }
                         $estPermis = false;
                         foreach ($coucheContexte as $igoVueContexteCoucheNavigateur) {
                             $permission = obtenirPermission($igoVueContexteCoucheNavigateur->couche_id);
                             if ($permission !== null && $permission->est_lecture) {
                                 $estPermis = true;
                                 break;
                             }
                         }
                         if (!$estPermis) {
                             die("Forbidden");
                         }
                     }
                     $response = proxy_request($mapserver, $data, $method);
                 }
                 break;
             default:
                 break;
         }
         $headerArray = explode("\r\n", $response["header"]);
         foreach ($headerArray as $headerLine) {
             header($headerLine);
         }
         echo $response["content"];
     } else {
         die("Seul les services WMS sont pris en charge par ce proxy.");
     }
 }
Esempio n. 18
0
<?php

$filter = new \Phalcon\Filter();
// returns "Hello"
$filter->filter("<h1>Hello</h1>", "striptags");
// returns "Hello"
$filter->filter("  Hello   ", "trim");
Esempio n. 19
0
<?php

$di->setShared('filter', function () {
    $filter = new \Phalcon\Filter();
    // Remove quotation marks (single and double):
    $filter->add('removeq', function ($value) {
        if (preg_match("/[^']'\$/", $value) and !preg_match("/^'[^']/", $value)) {
            return $value;
        }
        return preg_replace("/^[\"']+|[\"']+\$/u", '', $value);
    });
    // Saxon genitive replacement:
    $filter->add('saxgen', function ($value) {
        return preg_replace("/'+/u", '’', $value);
    });
    // Empty value null replacement:
    $filter->add('null', function ($value) {
        return strlen($value) === 0 ? null : $value;
    });
    // Title case modifier:
    $filter->add('title', function ($value) {
        return mb_convert_case($value, MB_CASE_TITLE, 'UTF-8');
    });
    // Lower case modifier:
    $filter->add('lower', function ($value) {
        return mb_convert_case($value, MB_CASE_LOWER, 'UTF-8');
    });
    // Upper case modifier:
    $filter->add('upper', function ($value) {
        return mb_convert_case($value, MB_CASE_UPPER, 'UTF-8');
    });