Esempio n. 1
0
 /**
  * Method to apply an input filter to a value based on field data.
  *
  * @param   string  $element  The XML element object representation of the form field.
  * @param   mixed   $value    The value to filter for the field.
  * @return  mixed   The filtered value.
  */
 protected function filterField($element, $value)
 {
     // Make sure there is a valid SimpleXMLElement.
     if (!$element instanceof SimpleXMLElement) {
         return false;
     }
     // Get the field filter type.
     $filter = (string) $element['filter'];
     // Process the input value based on the filter.
     $return = null;
     switch (strtoupper($filter)) {
         // Access Control Rules.
         case 'RULES':
             $return = array();
             foreach ((array) $value as $action => $ids) {
                 // Build the rules array.
                 $return[$action] = array();
                 foreach ($ids as $id => $p) {
                     if ($p !== '') {
                         $return[$action][$id] = $p == '1' || $p == 'true' ? true : false;
                     }
                 }
             }
             break;
             // Do nothing, thus leaving the return value as null.
         // Do nothing, thus leaving the return value as null.
         case 'UNSET':
             break;
             // No Filter.
         // No Filter.
         case 'RAW':
             $return = $value;
             break;
             // Filter the input as an array of integers.
         // Filter the input as an array of integers.
         case 'INT_ARRAY':
             // Make sure the input is an array.
             if (is_object($value)) {
                 $value = get_object_vars($value);
             }
             $value = is_array($value) ? $value : array($value);
             Arr::toInteger($value);
             $return = $value;
             break;
             // Filter safe HTML.
         // Filter safe HTML.
         case 'SAFEHTML':
             $return = String::clean($value, 'string');
             break;
             // Convert a date to UTC based on the server timezone offset.
         // Convert a date to UTC based on the server timezone offset.
         case 'SERVER_UTC':
             if (intval($value) > 0) {
                 // Get the server timezone setting.
                 $offset = App::get('config')->get('offset');
                 // Return an SQL formatted datetime string in UTC.
                 $return = with(new Date($value, $offset))->toSql();
             } else {
                 $return = '';
             }
             break;
             // Convert a date to UTC based on the user timezone offset.
         // Convert a date to UTC based on the user timezone offset.
         case 'USER_UTC':
             if (intval($value) > 0) {
                 // Get the user timezone setting defaulting to the server timezone setting.
                 $offset = App::get('user')->getParam('timezone', App::get('config')->get('offset'));
                 // Return a MySQL formatted datetime string in UTC.
                 $return = with(new Date($value, $offset))->toSql();
             } else {
                 $return = '';
             }
             break;
             // Ensures a protocol is present in the saved field. Only use when
             // the only permitted protocols requre '://'. See FormRuleUrl for list of these.
         // Ensures a protocol is present in the saved field. Only use when
         // the only permitted protocols requre '://'. See FormRuleUrl for list of these.
         case 'URL':
             if (empty($value)) {
                 return false;
             }
             $value = String::clean($value);
             $value = trim($value);
             // <>" are never valid in a uri see http://www.ietf.org/rfc/rfc1738.txt.
             $value = str_replace(array('<', '>', '"'), '', $value);
             // Check for a protocol
             $protocol = parse_url($value, PHP_URL_SCHEME);
             // If there is no protocol and the relative option is not specified,
             // we assume that it is an external URL and prepend http://.
             if ($element['type'] == 'url' && !$protocol && !$element['relative'] || !$element['type'] == 'url' && !$protocol) {
                 $protocol = 'http';
                 // If it looks like an internal link, then add the root.
                 if (substr($value, 0, 9) == 'index.php') {
                     $value = App::get('request')->root() . $value;
                 } else {
                     // Put the url back together.
                     $value = $protocol . '://' . $value;
                 }
             } elseif (!$protocol && $element['relative']) {
                 $host = App::get('request')->host();
                 // If it starts with the host string, just prepend the protocol.
                 if (substr($value, 0) == $host) {
                     $value = 'http://' . $value;
                 } else {
                     $value = App::get('request')->root() . $value;
                 }
             }
             $return = $value;
             break;
         case 'TEL':
             $value = trim($value);
             // Does it match the NANP pattern?
             if (preg_match('/^(?:\\+?1[-. ]?)?\\(?([2-9][0-8][0-9])\\)?[-. ]?([2-9][0-9]{2})[-. ]?([0-9]{4})$/', $value) == 1) {
                 $number = (string) preg_replace('/[^\\d]/', '', $value);
                 if (substr($number, 0, 1) == 1) {
                     $number = substr($number, 1);
                 }
                 if (substr($number, 0, 2) == '+1') {
                     $number = substr($number, 2);
                 }
                 $result = '1.' . $number;
             } elseif (preg_match('/^\\+(?:[0-9] ?){6,14}[0-9]$/', $value) == 1) {
                 $countrycode = substr($value, 0, strpos($value, ' '));
                 $countrycode = (string) preg_replace('/[^\\d]/', '', $countrycode);
                 $number = strstr($value, ' ');
                 $number = (string) preg_replace('/[^\\d]/', '', $number);
                 $result = $countrycode . '.' . $number;
             } elseif (preg_match('/^\\+[0-9]{1,3}\\.[0-9]{4,14}(?:x.+)?$/', $value) == 1) {
                 if (strstr($value, 'x')) {
                     $xpos = strpos($value, 'x');
                     $value = substr($value, 0, $xpos);
                 }
                 $result = str_replace('+', '', $value);
             } elseif (preg_match('/[0-9]{1,3}\\.[0-9]{4,14}$/', $value) == 1) {
                 $result = $value;
             } else {
                 $value = (string) preg_replace('/[^\\d]/', '', $value);
                 if ($value != null && strlen($value) <= 15) {
                     $length = strlen($value);
                     // if it is fewer than 13 digits assume it is a local number
                     if ($length <= 12) {
                         $result = '.' . $value;
                     } else {
                         // If it has 13 or more digits let's make a country code.
                         $cclen = $length - 12;
                         $result = substr($value, 0, $cclen) . '.' . substr($value, $cclen);
                     }
                 } else {
                     $result = '';
                 }
             }
             $return = $result;
             break;
         default:
             // Check for a callback filter.
             if (strpos($filter, '::') !== false && is_callable(explode('::', $filter))) {
                 $return = call_user_func(explode('::', $filter), $value);
             } elseif (function_exists($filter)) {
                 $return = call_user_func($filter, $value);
             } else {
                 $return = String::clean($value, $filter);
             }
             break;
     }
     return $return;
 }