/**
*
* This method automatically triggers whenever we try to get a property
* from this object.
*
* Instead of actually getting a property from this object, it instead pulls
* it from the data property, which is an array.
*
* @param string $var The property being requested
*
* @return mixed The value of the property being requested, or false if the property doesn't exist
*
*/
function __get($var)
{
if (isset($this->data[$var])) {
return XSS::filter($this->data[$var]);
} else {
return false;
}
}
* Este script faz parte do Projeto Prático do curso Ultimate PHP.
* O Ultimate PHP é um curso voltado para iniciantes e intermediários em PHP.
* Conheça o curso Ultimate PHP acessando http://www.ultimatephp.com.br
*
* O projeto completo está disponível no Github: https://github.com/beraldo/UltimatePHPerguntas
*
* @author: Roberto Beraldo Chaiben
* @package Ultimate PHPerguntas
* @link http://www.ultimatephp.com.br
*/
?>
<div class="row">
<h1>Respondendo à PHPergunta <em><?php
echo \XSS::filter($question->getTitle());
?>
</em></h1>
</div>
<br><br>
<div class="row">
<form action="<?php
echo getBaseURL();
?>
/enviar-resposta" method="post" class="form-horizontal">
<div class="form-group">
<div class="col-md-3">
<label for="description">Sua resposta</label>
if (is_string($toClean)) {
// call cleaning function.
return $this->cleanGPC($toClean, $options);
} elseif (is_array($toClean)) {
$output = array();
foreach ($toClean as $k1 => $v1) {
if (!array_key_exists($k1, (array) $exclude)) {
if ($cleanKey) {
$k1 = $this->cleanGPC($k1, array(1, 1, 0, 1));
}
// check if the variable is an array, for nested arrays.
if (is_array($v1)) {
// recursive call.
$output[$k1] = $this->checkXSS($v1, &$options);
} else {
// call cleaning function.
$output[$k1] = $this->cleanGPC($v1, &$options);
}
}
}
}
return $output;
}
}
//$options, the default value is array(1,1,0,1). 1 => urldecode, 2 => striptags, 3 => strip xss tags patterns, 4 => strip xss event patterns.
$xssObj = new XSS();
$_GET = $xssObj->checkXSS($_GET, array(1, 1, 0, 1), null, true);
$_COOKIE = $xssObj->checkXSS($_COOKIE, array(1, 1, 0, 1), null, true);
$_SESSION = $xssObj->checkXSS($_SESSION, array(1, 1, 0, 1), null, true);
$_REQUEST = $xssObj->checkXSS($_REQUEST, array(1, 1, 0, 1), null, true);
$_SERVER = $xssObj->checkXSS($_SERVER, array(1, 1, 0, 1), null, true);
public function to_array()
{
$data = $this->data;
if (!$data) {
$data = [];
}
foreach ($data as $key => $val) {
$data[$key] = XSS::filter($val);
}
return $this->data;
}
/**
* Builds the details of a package.
*
* @param array $package
* The package name.
*
* @return array
* A render array of a form element.
*/
protected function buildPackageDetail(array $package)
{
$config_collection = $this->featuresManager->getConfigCollection();
$url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
$element['name'] = array('data' => \Drupal::l($package['name'], $url), 'class' => array('feature-name'));
$element['machine_name'] = $package['machine_name'];
$element['status'] = array('data' => $this->featuresManager->statusLabel($package['status']), 'class' => array('column-nowrap'));
// Use 'data' instead of plain string value so a blank version doesn't
// remove column from table.
$element['version'] = array('data' => SafeMarkup::checkPlain($package['version']), 'class' => array('column-nowrap'));
$overrides = $this->featuresManager->detectOverrides($package);
$new_config = $this->featuresManager->detectNew($package);
$conflicts = array();
$missing = array();
if ($package['status'] == FeaturesManagerInterface::STATUS_NO_EXPORT) {
$overrides = array();
$new_config = array();
}
// Bundle package configuration by type.
$package_config = array();
foreach ($package['config'] as $item_name) {
$item = $config_collection[$item_name];
$package_config[$item['type']][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item['label']), 'class' => in_array($item_name, $overrides) ? 'features-override' : (in_array($item_name, $new_config) ? 'features-detected' : ''));
}
// Conflict config from other modules.
if (!empty($package['config_orig'])) {
foreach ($package['config_orig'] as $item_name) {
if (!isset($config_collection[$item_name])) {
$missing[] = $item_name;
$package_config['missing'][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item_name), 'class' => 'features-conflict');
} elseif (!in_array($item_name, $package['config'])) {
$item = $config_collection[$item_name];
$conflicts[] = $item_name;
$package_config[$item['type']][] = array('name' => SafeMarkup::checkPlain($item_name), 'label' => SafeMarkup::checkPlain($item['label']), 'class' => 'features-conflict');
}
}
}
// Add dependencies.
$package_config['dependencies'] = array();
if (!empty($package['dependencies'])) {
foreach ($package['dependencies'] as $dependency) {
$package_config['dependencies'][] = array('name' => $dependency, 'label' => $this->moduleHandler->getName($dependency), 'class' => '');
}
}
$class = '';
$label = '';
if (!empty($conflicts)) {
$url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
$class = 'features-conflict';
$label = t('Conflicts');
} elseif (!empty($overrides)) {
$url = Url::fromRoute('features.diff', array('featurename' => $package['machine_name']));
$class = 'features-override';
$label = $this->featuresManager->stateLabel(FeaturesManagerInterface::STATE_OVERRIDDEN);
} elseif (!empty($new_config)) {
$url = Url::fromRoute('features.diff', array('featurename' => $package['machine_name']));
$class = 'features-detected';
$label = t('New detected');
} elseif (!empty($missing)) {
$url = Url::fromRoute('features.edit', array('featurename' => $package['machine_name']));
$class = 'features-conflict';
$label = t('Missing');
}
if (!empty($class)) {
$element['state'] = array('data' => \Drupal::l($label, $url), 'class' => array($class, 'column-nowrap'));
} else {
$element['state'] = '';
}
$config_types = $this->featuresManager->listConfigTypes();
// Add dependencies.
$config_types['dependencies'] = $this->t('Dependencies');
$config_types['missing'] = $this->t('Missing');
uasort($config_types, 'strnatcasecmp');
$rows = array();
// Use sorted array for order.
foreach ($config_types as $type => $label) {
// For each component type, offer alternating rows.
$row = array();
if (isset($package_config[$type])) {
$row[] = array('data' => array('#type' => 'html_tag', '#tag' => 'span', '#value' => SafeMarkup::checkPlain($label), '#attributes' => array('title' => SafeMarkup::checkPlain($type), 'class' => 'features-item-label')));
$row[] = array('data' => array('#theme' => 'features_items', '#items' => $package_config[$type], '#value' => SafeMarkup::checkPlain($label), '#title' => SafeMarkup::checkPlain($type)), 'class' => 'item');
}
$rows[] = $row;
}
$element['details'] = array('#type' => 'table', '#rows' => $rows);
$details = array('#type' => 'details', '#title' => XSS::filterAdmin($package['description']), '#description' => array('data' => $element['details']));
$element['details'] = array('class' => array('description', 'expand'), 'data' => $details);
return $element;
}
?>
/remover-resposta/<?php
echo $answer->id;
?>
/<?php
echo $question->getId();
?>
" class="btn btn-danger btn-xs">Remover Resposta</a>
<?php
}
?>
</div>
<div class="col-md-9">
<?php
echo nl2br(\XSS::filter($answer->description));
?>
</div>
</div>
<?php
}
?>
<?php
} else {
?>
<div class="alert alert-warning">
Não há respostas para esta pergunta
<td>
<a href="<?php
getBaseURL();
?>
/pergunta/<?php
echo $question->id;
?>
">
<?php
echo \XSS::filter($question->title);
?>
</a>
</td>
<td>
<?php
echo \XSS::filter($question->user->getNickname());
?>
</td>
<td>
<?php
echo date('d/m/Y H:i', strtotime($question->created_at));
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php
} else {
private static $blockedAttributes = '#^(on\\w|srcdoc)#i';
private static function handleAttributes(&$matches)
{
if (preg_match(self::$blockedAttributes, $matches[1])) {
return '';
}
$value = html_entity_decode(str_replace(["\r", "\n", "\t"], '', $matches[3]));
self::cleanAttributeValue($value);
return $matches[1] . '="' . $value . '"';
}
private static function cleanAttributeValue(&$value)
{
if (strpos($value, '&') === FALSE) {
return;
}
$value = html_entity_decode($value);
$value = preg_replace_callback('/&#x([\\da-f]{1,6})/i', 'self::chrFirstFromHex', $value);
$value = preg_replace_callback('/&#(\\d+)/', 'self::chrFirstFromDec', $value);
self::cleanNonPrinting($value);
}
private static function chrFirstFromHex(&$matches)
{
return chr(hexdec($matches[1]));
}
private static function chrFirstFromDec(&$matches)
{
return chr($matches[1]);
}
}
XSS::setNonPrinting();
// run once