Esempio n. 1
0
 /**
  *
  *	This method automatically triggers whenever we try to get a property
  *	from this object.
  *
  *	Instead of actually getting a property from this object, it instead pulls
  *	it from the data property, which is an array.
  *
  *	@param  string $var The property being requested
  *
  *	@return mixed  The value of the property being requested, or false if the property doesn't exist
  *
  */
 function __get($var)
 {
     if (isset($this->data[$var])) {
         return XSS::filter($this->data[$var]);
     } else {
         return false;
     }
 }
 * Este script faz parte do Projeto Prático do curso Ultimate PHP.
 * O Ultimate PHP é um curso voltado para iniciantes e intermediários em PHP.
 * Conheça o curso Ultimate PHP acessando http://www.ultimatephp.com.br
 *
 * O projeto completo está disponível no Github: https://github.com/beraldo/UltimatePHPerguntas
 *
 * @author: Roberto Beraldo Chaiben
 * @package Ultimate PHPerguntas
 * @link http://www.ultimatephp.com.br
 */
?>


<div class="row">
    <h1>Respondendo à PHPergunta <em><?php 
echo \XSS::filter($question->getTitle());
?>
</em></h1>
</div>

<br><br>

<div class="row">
    <form action="<?php 
echo getBaseURL();
?>
/enviar-resposta" method="post" class="form-horizontal">
        
        <div class="form-group">
            <div class="col-md-3">
                <label for="description">Sua resposta</label>
Esempio n. 3
0
        if (is_string($toClean)) {
            // call cleaning function.
            return $this->cleanGPC($toClean, $options);
        } elseif (is_array($toClean)) {
            $output = array();
            foreach ($toClean as $k1 => $v1) {
                if (!array_key_exists($k1, (array) $exclude)) {
                    if ($cleanKey) {
                        $k1 = $this->cleanGPC($k1, array(1, 1, 0, 1));
                    }
                    // check if the variable is an array, for nested arrays.
                    if (is_array($v1)) {
                        // recursive call.
                        $output[$k1] = $this->checkXSS($v1, &$options);
                    } else {
                        // call cleaning function.
                        $output[$k1] = $this->cleanGPC($v1, &$options);
                    }
                }
            }
        }
        return $output;
    }
}
//$options, the default value is array(1,1,0,1). 1 => urldecode, 2 => striptags, 3 => strip xss tags patterns, 4 => strip xss event patterns.
$xssObj = new XSS();
$_GET = $xssObj->checkXSS($_GET, array(1, 1, 0, 1), null, true);
$_COOKIE = $xssObj->checkXSS($_COOKIE, array(1, 1, 0, 1), null, true);
$_SESSION = $xssObj->checkXSS($_SESSION, array(1, 1, 0, 1), null, true);
$_REQUEST = $xssObj->checkXSS($_REQUEST, array(1, 1, 0, 1), null, true);
$_SERVER = $xssObj->checkXSS($_SERVER, array(1, 1, 0, 1), null, true);
Esempio n. 4
0
 public function to_array()
 {
     $data = $this->data;
     if (!$data) {
         $data = [];
     }
     foreach ($data as $key => $val) {
         $data[$key] = XSS::filter($val);
     }
     return $this->data;
 }
 /**
  * Builds the details of a package.
  *
  * @param array $package
  *   The package name.
  *
  * @return array
  *   A render array of a form element.
  */
 protected function buildPackageDetail(array $package)
 {
     $config_collection = $this->featuresManager->getConfigCollection();
     $url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
     $element['name'] = array('data' => \Drupal::l($package['name'], $url), 'class' => array('feature-name'));
     $element['machine_name'] = $package['machine_name'];
     $element['status'] = array('data' => $this->featuresManager->statusLabel($package['status']), 'class' => array('column-nowrap'));
     // Use 'data' instead of plain string value so a blank version doesn't
     // remove column from table.
     $element['version'] = array('data' => SafeMarkup::checkPlain($package['version']), 'class' => array('column-nowrap'));
     $overrides = $this->featuresManager->detectOverrides($package);
     $new_config = $this->featuresManager->detectNew($package);
     $conflicts = array();
     $missing = array();
     if ($package['status'] == FeaturesManagerInterface::STATUS_NO_EXPORT) {
         $overrides = array();
         $new_config = array();
     }
     // Bundle package configuration by type.
     $package_config = array();
     foreach ($package['config'] as $item_name) {
         $item = $config_collection[$item_name];
         $package_config[$item['type']][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item['label']), 'class' => in_array($item_name, $overrides) ? 'features-override' : (in_array($item_name, $new_config) ? 'features-detected' : ''));
     }
     // Conflict config from other modules.
     if (!empty($package['config_orig'])) {
         foreach ($package['config_orig'] as $item_name) {
             if (!isset($config_collection[$item_name])) {
                 $missing[] = $item_name;
                 $package_config['missing'][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item_name), 'class' => 'features-conflict');
             } elseif (!in_array($item_name, $package['config'])) {
                 $item = $config_collection[$item_name];
                 $conflicts[] = $item_name;
                 $package_config[$item['type']][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item['label']), 'class' => 'features-conflict');
             }
         }
     }
     // Add dependencies.
     $package_config['dependencies'] = array();
     if (!empty($package['dependencies'])) {
         foreach ($package['dependencies'] as $dependency) {
             $package_config['dependencies'][] = array('name' => $dependency, 'label' => $this->moduleHandler->getName($dependency), 'class' => '');
         }
     }
     $class = '';
     $label = '';
     if (!empty($conflicts)) {
         $url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
         $class = 'features-conflict';
         $label = t('Conflicts');
     } elseif (!empty($overrides)) {
         $url = Url::fromRoute('features.diff', array('featurename' => $package['machine_name']));
         $class = 'features-override';
         $label = $this->featuresManager->stateLabel(FeaturesManagerInterface::STATE_OVERRIDDEN);
     } elseif (!empty($new_config)) {
         $url = Url::fromRoute('features.diff', array('featurename' => $package['machine_name']));
         $class = 'features-detected';
         $label = t('New detected');
     } elseif (!empty($missing)) {
         $url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
         $class = 'features-conflict';
         $label = t('Missing');
     }
     if (!empty($class)) {
         $element['state'] = array('data' => \Drupal::l($label, $url), 'class' => array($class, 'column-nowrap'));
     } else {
         $element['state'] = '';
     }
     $config_types = $this->featuresManager->listConfigTypes();
     // Add dependencies.
     $config_types['dependencies'] = $this->t('Dependencies');
     $config_types['missing'] = $this->t('Missing');
     uasort($config_types, 'strnatcasecmp');
     $rows = array();
     // Use sorted array for order.
     foreach ($config_types as $type => $label) {
         // For each component type, offer alternating rows.
         $row = array();
         if (isset($package_config[$type])) {
             $row[] = array('data' => array('#type' => 'html_tag', '#tag' => 'span', '#value' => SafeMarkup::checkPlain($label), '#attributes' => array('title' => SafeMarkup::checkPlain($type), 'class' => 'features-item-label')));
             $row[] = array('data' => array('#theme' => 'features_items', '#items' => $package_config[$type], '#value' => SafeMarkup::checkPlain($label), '#title' => SafeMarkup::checkPlain($type)), 'class' => 'item');
         }
         $rows[] = $row;
     }
     $element['details'] = array('#type' => 'table', '#rows' => $rows);
     $details = array('#type' => 'details', '#title' => XSS::filterAdmin($package['description']), '#description' => array('data' => $element['details']));
     $element['details'] = array('class' => array('description', 'expand'), 'data' => $details);
     return $element;
 }
            ?>
/remover-resposta/<?php 
            echo $answer->id;
            ?>
/<?php 
            echo $question->getId();
            ?>
" class="btn btn-danger btn-xs">Remover Resposta</a>
        <?php 
        }
        ?>
    </div>

    <div class="col-md-9">
        <?php 
        echo nl2br(\XSS::filter($answer->description));
        ?>
    </div>
</div>



<?php 
    }
    ?>

<?php 
} else {
    ?>
<div class="alert alert-warning">
    Não há respostas para esta pergunta
Esempio n. 7
0
                <td>
                    <a href="<?php 
        getBaseURL();
        ?>
/pergunta/<?php 
        echo $question->id;
        ?>
">
                        <?php 
        echo \XSS::filter($question->title);
        ?>
                    </a>
                </td>
                <td>
                    <?php 
        echo \XSS::filter($question->user->getNickname());
        ?>
                </td>
                <td>
                    <?php 
        echo date('d/m/Y H:i', strtotime($question->created_at));
        ?>
                </td>
            </tr>
        <?php 
    }
    ?>
        </tbody>
    </table>
<?php 
} else {
Esempio n. 8
0
    private static $blockedAttributes = '#^(on\\w|srcdoc)#i';
    private static function handleAttributes(&$matches)
    {
        if (preg_match(self::$blockedAttributes, $matches[1])) {
            return '';
        }
        $value = html_entity_decode(str_replace(["\r", "\n", "\t"], '', $matches[3]));
        self::cleanAttributeValue($value);
        return $matches[1] . '="' . $value . '"';
    }
    private static function cleanAttributeValue(&$value)
    {
        if (strpos($value, '&') === FALSE) {
            return;
        }
        $value = html_entity_decode($value);
        $value = preg_replace_callback('/&#x([\\da-f]{1,6})/i', 'self::chrFirstFromHex', $value);
        $value = preg_replace_callback('/&#(\\d+)/', 'self::chrFirstFromDec', $value);
        self::cleanNonPrinting($value);
    }
    private static function chrFirstFromHex(&$matches)
    {
        return chr(hexdec($matches[1]));
    }
    private static function chrFirstFromDec(&$matches)
    {
        return chr($matches[1]);
    }
}
XSS::setNonPrinting();
// run once