function pdf_create($html, $filename = '', $stream = TRUE, $invoice_id, $type) { require_once "dompdf/dompdf_config.inc.php"; if (get_magic_quotes_gpc()) { $html = stripslashes($html); } $dompdf = new DOMPDF(); $dompdf->load_html($html); $dompdf->set_paper("a4", "portrait"); $dompdf->render(); $timestamp = date('YmdGis') . $invoice_id; $filename = $timestamp . '.pdf'; if ($stream) { $dompdf->stream($filename); } else { if ($type == 'invoice') { $CI =& get_instance(); $CI->load->helper('file'); write_file("invoice/" . $filename, $dompdf->output()); return $filename; } else { if ($type == 'salary') { $CI =& get_instance(); $CI->load->helper('file'); write_file("salary_slip/" . $filename, $dompdf->output()); return $filename; } } } }
function clean($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } return trim(mysql_real_escape_string($value)); }
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { if (!is_array($array)) { return FALSE; } $is_magic_quotes = get_magic_quotes_gpc(); foreach ($array as $key => $value) { /** * 2005-02-22, rabus: * * This is just an ugly hotfix to avoid changing internal config * parameters. * * Currently, the following variable names are rejected when found in * $_GET or $_POST: cfg, GLOBALS, str* and _* */ if ($sanitize && is_string($key) && ($key == 'cfg' || $key == 'GLOBALS' || substr($key, 0, 3) == 'str' || $key[0] == '_')) { continue; } if (is_array($value)) { // there could be a variable coming from a cookie of // another application, with the same name as this array unset($target[$key]); PMA_gpc_extract($value, $target[$key], FALSE); } else { if ($is_magic_quotes) { $target[$key] = stripslashes($value); } else { $target[$key] = $value; } } } return TRUE; }
function stripStr($str) { if (get_magic_quotes_gpc()) { $str = stripslashes($str); } return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); }
function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) { $string = stripslashes($string); } return $conn->real_escape_string($string); }
public function check_input($value) { if (get_magic_quotes_gpc()) { $value = sqlite_escape_string($value); } return $value; }
function mres($input) { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } return mysql_real_escape_string($input); }
function backslash(&$arr, $escape) { $magic_on = get_magic_quotes_gpc(); if ($escape && !$magic_on) { foreach ($arr as $k => $v) { switch (gettype($v)) { case 'string': $arr[$k] = addslashes($v); break; case 'array': backslash($arr[$k], true); } } } if (!$escape && $magic_on) { foreach ($arr as $k => $v) { switch (gettype($v)) { case 'string': $arr[$k] = stripslashes($v); break; case 'array': backslash($arr[$k], false); } } } }
function set_configuration($meeting) { global $strOmegaPathWriteFailed, $strOmegaNoPath; //if(@is_dir($_POST['path'])){ // test local path for writing $fp = fopen($_POST['path'] . "/test.txt", 'w'); if (!$fp) { $GLOBALS['ERROR'] = $strOmegaPathWriteFailed; } else { fclose($fp); unlink($_POST['path'] . "/test.txt"); } mysql_query("LOCK TABLES zeitmessung WRITE"); $res = mysql_query("SELECT * FROM zeitmessung WHERE xMeeting = {$meeting}"); if (mysql_errno() > 0) { AA_printErrorMsg(mysql_errno() . ": " . mysql_error()); } else { if (!get_magic_quotes_gpc()) { $_POST['path'] = addslashes($_POST['path']); $_POST['ftppath'] = addslashes($_POST['ftppath']); $_POST['sponsor'] = addslashes($_POST['sponsor']); } if (mysql_num_rows($res) == 0) { mysql_query("\r\n\t\t\t\t\t\tINSERT INTO zeitmessung\r\n\t\t\t\t\t\tSET\tOMEGA_Verbindung = '" . $_POST['connection'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Pfad = '" . $_POST['path'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Server = '" . $_POST['host'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Benutzer = '" . $_POST['user'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Passwort = '" . $_POST['pass'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Ftppfad = '" . $_POST['ftppath'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Sponsor = '" . $_POST['sponsor'] . "'\r\n\t\t\t\t\t\t\t, xMeeting = {$meeting}\r\n\t\t\t\t\t\t"); } else { mysql_query("\r\n\t\t\t\t\t\tUPDATE zeitmessung\r\n\t\t\t\t\t\tSET\tOMEGA_Verbindung = '" . $_POST['connection'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Pfad = '" . $_POST['path'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Server = '" . $_POST['host'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Benutzer = '" . $_POST['user'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Passwort = '" . $_POST['pass'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Ftppfad = '" . $_POST['ftppath'] . "'\r\n\t\t\t\t\t\t\t, OMEGA_Sponsor = '" . $_POST['sponsor'] . "'\r\n\t\t\t\t\t\tWHERE\txMeeting = {$meeting}\r\n\t\t\t\t\t\t"); } } mysql_query("UNLOCK TABLES"); /*} else { $GLOBALS['ERROR'] = $strOmegaNoPath; }*/ }
/** * Override the default Symphony constructor to initialise the Log, Config * and Database objects for installation/update. This allows us to use the * normal accessors. */ protected function __construct() { if (get_magic_quotes_gpc()) { General::cleanArray($_SERVER); General::cleanArray($_COOKIE); General::cleanArray($_GET); General::cleanArray($_POST); } // Include the default Config for installation. include INSTALL . '/includes/config_default.php'; $this->initialiseConfiguration($settings); // Initialize date/time define_safe('__SYM_DATE_FORMAT__', self::Configuration()->get('date_format', 'region')); define_safe('__SYM_TIME_FORMAT__', self::Configuration()->get('time_format', 'region')); define_safe('__SYM_DATETIME_FORMAT__', __SYM_DATE_FORMAT__ . self::Configuration()->get('datetime_separator', 'region') . __SYM_TIME_FORMAT__); DateTimeObj::setSettings(self::Configuration()->get('region')); // Initialize language $this->initialiseLang(); // Initialize logs $this->initialiseLog(INSTALL_LOGS . '/install'); // Initialize database $this->initialiseDatabase(); // Initialize error handlers GenericExceptionHandler::initialise(Symphony::Log()); GenericErrorHandler::initialise(Symphony::Log()); }
/** * Méthode qui supprime les antislashs * * @param content variable ou tableau * @return array ou string tableau ou variable avec les antislashs supprimés **/ public static function unSlash($content) { if (get_magic_quotes_gpc() == 1) { if (is_array($content)) { # On traite un tableau foreach ($content as $k => $v) { # On parcourt le tableau if (is_array($v)) { foreach ($v as $key => $val) { $new_content[$k][$key] = stripslashes($val); } } else { $new_content[$k] = stripslashes($v); } } } else { # On traite une chaine $new_content = stripslashes($content); } # On retourne le tableau modifie return $new_content; } else { return $content; } }
public function __construct() { if (!get_magic_quotes_gpc()) { $_POST = new_addslashes($_POST); $_GET = new_addslashes($_GET); $_REQUEST = new_addslashes($_REQUEST); $_COOKIE = new_addslashes($_COOKIE); } $this->route_config = pc_base::load_config('route', SITE_URL) ? pc_base::load_config('route', SITE_URL) : pc_base::load_config('route', 'default'); if (isset($this->route_config['data']['POST']) && is_array($this->route_config['data']['POST'])) { foreach ($this->route_config['data']['POST'] as $_key => $_value) { if (!isset($_POST[$_key])) { $_POST[$_key] = $_value; } } } if (isset($this->route_config['data']['GET']) && is_array($this->route_config['data']['GET'])) { foreach ($this->route_config['data']['GET'] as $_key => $_value) { if (!isset($_GET[$_key])) { $_GET[$_key] = $_value; } } } if (isset($_GET['page'])) { $_GET['page'] = max(intval($_GET['page']), 1); } return true; }
static function init() { $version_file = APP_PATH . '/../version'; if (file_exists($version_file)) { self::$version = trim(@file_get_contents($version_file)); } $config_file = APP_PATH . '/config/config.php'; if (!file_exists($config_file)) { throw new Exception("No config file"); } $config = (include $config_file); self::$config = $config; self::$env = $config['env']; #self::$context = new stdClass(); self::$context = new Context(); Logger::init($config['logger']); if (isset($config['db'])) { Db::init($config['db']); } if (get_magic_quotes_gpc()) { foreach ($_GET as $k => $v) { $_GET[$k] = Text::stripslashes($v); } foreach ($_POST as $k => $v) { $_POST[$k] = Text::stripslashes($v); } foreach ($_COOKIE as $k => $v) { $_COOKIE[$k] = Text::stripslashes($v); } } $_REQUEST = $_GET + $_POST + $_COOKIE; }
/** * Anti-Mysql-Injection method, escapes a string. * * @param string $text_to_escape */ public static function setEscape($text_to_escape) { if (!get_magic_quotes_gpc()) { $text_to_escape = mysql_real_escape_string($text_to_escape); } return $text_to_escape; }
function __construct() { $this->open_connection(); $this->magic_quotes_active = get_magic_quotes_gpc(); $this->real_escape_string_exists = function_exists("mysql_real_escape_string"); // i.e. PHP >= v4.3.0 }
function SafeStripSlashes($text) { if (get_magic_quotes_gpc()) { return stripslashes($text); } return $text; }
/** * 변수 유무 체크 처리 * * @param string $vars 변수명 * @param string $message 에러메시지 * @param string $code 반환코드 * @param string $type Y일경우 변수값이 없으면 에러, N일 경우 필수가 아님 * @return string $clean_input 보안처리된 변수값 반환 */ private function param_proc($vars, $message = '', $code, $type = 'Y') { if ($type == 'Y') { if (@$this->_request[$vars] == '') { $this->response($message, $code); exit; } else { //변수에 대한 보안처리 if (get_magic_quotes_gpc()) { $data = trim(stripslashes($this->_request[$vars])); } else { $data = $this->_request[$vars]; } $data = strip_tags($data); $clean_input = trim($data); return $clean_input; } } else { if ($type == 'N') { //변수에 대한 보안처리 if (get_magic_quotes_gpc()) { $data = trim(stripslashes(@$this->_request[$vars])); } else { $data = @$this->_request[$vars]; } $data = strip_tags($data); $clean_input = trim($data); return $clean_input; } } }
/** * Validates a IPN message * * @return boolean */ public function validate() { if (isset($this->isIpnVerified)) { return $this->isIpnVerified; } else { $request = self::IPN_CMD; if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() == 1) { $get_magic_quotes_exists = true; } else { $get_magic_quotes_exists = false; } foreach ($this->ipnData as $key => $value) { if ($get_magic_quotes_exists) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $request .= "&{$key}={$value}"; } $httpConfig = new PPHttpConfig(PPConfigManager::getInstance()->get('service.EndPoint.IPN')); $httpConfig->addCurlOption(CURLOPT_FORBID_REUSE, 1); $httpConfig->addCurlOption(CURLOPT_HTTPHEADER, array('Connection: Close')); $connection = PPConnectionManager::getInstance()->getConnection($httpConfig); $response = $connection->execute($request); if ($response == 'VERIFIED') { $this->isIpnVerified = true; return true; } $this->isIpnVerified = false; return false; // value is 'INVALID' } }
static function undecorate($str) { if (!get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; }
/** * Send an e-mail to the admin and another to the user if form passes * validation. */ public function add_ics_feed_frontend() { global $wpdb, $ai1ec_settings; $table_name = $wpdb->prefix . 'ai1ec_event_feeds'; $check = $this->validate_form(); $check['nonce'] = wp_nonce_field('ai1ec_submit_ics_form', AI1EC_POST_TYPE, true, false); if (true === $check['success']) { // Strip slashes if ridiculous PHP setting magic_quotes_gpc is enabled. if (get_magic_quotes_gpc()) { foreach ($_POST as &$param) { $param = stripslashes($param); } } // Send admin e-mail. $admin_email = get_option('admin_email'); $admin_mail_subject = $this->parse_mail($ai1ec_settings->admin_mail_subject); $admin_mail_body = $this->parse_mail($ai1ec_settings->admin_mail_body); wp_mail($admin_email, $admin_mail_subject, $admin_mail_body); // Send user e-mail. $user_email = $_POST['ai1ec_submitter_email']; $user_mail_subject = $this->parse_mail($ai1ec_settings->user_mail_subject); $user_mail_body = $this->parse_mail($ai1ec_settings->user_mail_body); wp_mail($user_email, $user_mail_subject, $user_mail_body); } echo json_encode($check); exit; }
protected function _configureViaDSN($dsn) { $dsnVars = array(); if (strpos($dsn, '=') === false) { throw new Zend_Tool_Project_Provider_Exception('At least one name value pair is expected, typcially ' . 'in the format of "adapter=Mysqli&username=uname&password=mypass&dbname=mydb"'); } parse_str($dsn, $dsnVars); // parse_str suffers when magic_quotes is enabled if (get_magic_quotes_gpc()) { array_walk_recursive($dsnVars, array($this, '_cleanMagicQuotesInValues')); } $dbConfigValues = array('resources' => array('db' => null)); if (isset($dsnVars['adapter'])) { $dbConfigValues['resources']['db']['adapter'] = $dsnVars['adapter']; unset($dsnVars['adapter']); } $dbConfigValues['resources']['db']['params'] = $dsnVars; $isPretend = $this->_registry->getRequest()->isPretend(); // get the config resource $applicationConfig = $this->_loadedProfile->search('ApplicationConfigFile'); $applicationConfig->addItem($dbConfigValues, $this->_sectionName, null); $response = $this->_registry->getResponse(); if ($isPretend) { $response->appendContent('A db configuration for the ' . $this->_sectionName . ' section would be written to the application config file with the following contents: '); $response->appendContent($applicationConfig->getContents()); } else { $applicationConfig->create(); $response->appendContent('A db configuration for the ' . $this->_sectionName . ' section has been written to the application config file.'); } }
/** * __construct() */ public function __construct() { global $debug; $this->_debug = $debug; $this->open_connection(); $this->_magic_quotes_active = get_magic_quotes_gpc(); }
/** * Handle a POST request for this map save ressource * @param Request request * @return Response */ function post($request) { $response = new Response($request); if (isset($_POST['map'])) { // Remove those slashes if (get_magic_quotes_gpc()) { $map = stripslashes($_POST['map']); } else { $map = $_POST['map']; } $map_obj = json_decode($map); $geocacheManager = GeocacheManager::getInstance(); $geocaches = $geocacheManager->parseGeocaches($map_obj->{"geocaches"}); foreach ($geocaches as $geocache) { $geocache->save(); } $ownWaypoints = $geocacheManager->parseOwnWaypoints($map_obj->{"costumMarkers"}); foreach ($ownWaypoints as $ownWaypoint) { $ownWaypoint->save(); } $response->code = Response::OK; $response->addHeader('Content-type', 'text/plain'); $response->body = print_r($map, true); } else { $response->code = Response::BADREQUEST; } return $response; }
/** * The Symphony constructor initialises the class variables of Symphony. * It will set the DateTime settings, define new date constants and initialise * the correct Language for the currently logged in Author. If magic quotes * are enabled, Symphony will sanitize the `$_SERVER`, `$_COOKIE`, * `$_GET` and `$_POST` arrays. The constructor loads in * the initial Configuration values from the `CONFIG` file */ protected function __construct() { self::$Profiler = Profiler::instance(); if (get_magic_quotes_gpc()) { General::cleanArray($_SERVER); General::cleanArray($_COOKIE); General::cleanArray($_GET); General::cleanArray($_POST); } // Set date format throughout the system define_safe('__SYM_DATE_FORMAT__', self::Configuration()->get('date_format', 'region')); define_safe('__SYM_TIME_FORMAT__', self::Configuration()->get('time_format', 'region')); define_safe('__SYM_DATETIME_FORMAT__', __SYM_DATE_FORMAT__ . self::Configuration()->get('datetime_separator', 'region') . __SYM_TIME_FORMAT__); DateTimeObj::setSettings(self::Configuration()->get('region')); self::initialiseErrorHandler(); // Initialize language management Lang::initialize(); Lang::set(self::$Configuration->get('lang', 'symphony')); self::initialiseCookie(); // If the user is not a logged in Author, turn off the verbose error messages. if (!self::isLoggedIn() && is_null(self::$Author)) { GenericExceptionHandler::$enabled = false; } // Engine is ready. self::$Profiler->sample('Engine Initialisation'); }
public static function prepareSuperglobal($array) { if (!get_magic_quotes_gpc()) { return $array; } return self::recursiveStripslashes($array); }
/** * Process notification from google * @return Mage_GoogleCheckout_Model_Api_Xml_Callback */ public function process() { // Retrieve the XML sent in the HTTP POST request to the ResponseHandler $xmlResponse = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : file_get_contents("php://input"); if (get_magic_quotes_gpc()) { $xmlResponse = stripslashes($xmlResponse); } $debugData = array('request' => $xmlResponse, 'dir' => 'in'); if (empty($xmlResponse)) { $this->getApi()->debugData($debugData); return false; } list($root, $data) = $this->getGResponse()->GetParsedXML($xmlResponse); $this->getGResponse()->SetMerchantAuthentication($this->getMerchantId(), $this->getMerchantKey()); $status = $this->getGResponse()->HttpAuthentication(); if (!$status || empty($data[$root])) { exit; } $this->setRootName($root)->setRoot($data[$root]); $this->getGResponse()->setSerialNumber($this->getData('root/serial-number')); $method = '_response' . uc_words($root, '', '-'); if (method_exists($this, $method)) { ob_start(); try { $this->{$method}(); } catch (Exception $e) { $this->getGResponse()->log->logError($e->__toString()); } $debugData['result'] = ob_get_flush(); $this->getApi()->debugData($debugData); } else { $this->getGResponse()->SendBadRequestStatus("Invalid or not supported Message"); } return $this; }
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = $theValue != "" ? intval($theValue) : "NULL"; break; case "double": $theValue = $theValue != "" ? doubleval($theValue) : "NULL"; break; case "date": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }
/** * @see ExportTypePlugin::generate() */ public function generate($generator) { $exportTarget = $generator->getExportTarget(); $postData = $generator->getPostData(); $data = $generator->generateExportData(); $content = ""; $htmlFormat = isset($postData["etHTMLExportFormat"]) ? $postData["etHTMLExportFormat"] : "custom"; if ($htmlFormat == "custom") { $smartyTemplate = get_magic_quotes_gpc() ? stripslashes($postData["etHTMLCustomHTMLSource"]) : $postData["etHTMLCustomHTMLSource"]; $content .= $this->genFormatCustom($data, $smartyTemplate); } else { // if we're generating the data in the context of a new window/tab, include the additional // necessary HTML & styles to prettify it a bit if ($exportTarget == "newTab" || $exportTarget == "promptDownload") { $content .= $this->generateExportHeader(); } switch ($htmlFormat) { case "table": $content .= $this->genFormatTable($data); break; case "ul": $content .= $this->genFormatUl($data); break; case "dl": $content .= $this->genFormatDl($data); break; } if ($exportTarget == "newTab" || $exportTarget == "promptDownload") { $content .= $this->generateExportFooter(); } } return array("success" => true, "content" => $content); }
private function _init_env() { error_reporting(E_ERROR); define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()); // ' " \ NULL 等字符转义 当magic_quotes_gpc=On的时候,函数get_magic_quotes_gpc()就会返回1 define('GZIP', function_exists('ob_gzhandler')); // ob 缓存压缩输出 if (function_exists('date_default_timezone_set')) { @date_default_timezone_set('Etc/GMT-8'); //东八区 北京时间 } define('TIMESTAMP', time()); if (!defined('BLOG_FUNCTION') && !@(include BLOG_ROOT . '/source/functions.php')) { exit('functions.php is missing'); } define('IS_ROBOT', checkrobot()); global $_B; $_B = array('uid' => 0, 'username' => '', 'groupid' => 0, 'timestamp' => TIMESTAMP, 'clientip' => $this->_get_client_ip(), 'mobile' => '', 'agent' => '', 'admin' => 0); checkmobile(); $_B['PHP_SELF'] = bhtmlspecialchars($this->_get_script_url()); $_B['basefilename'] = basename($_B['PHP_SELF']); $sitepath = substr($_B['PHP_SELF'], 0, strrpos($_B['PHP_SELF'], '/')); $_B['siteurl'] = bhtmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . $sitepath . '/'); getReferer(); $url = parse_url($_B['siteurl']); $_B['siteroot'] = isset($url['path']) ? $url['path'] : ''; $_B['siteport'] = empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']; $this->b =& $_B; }
function ADVT_stripslashes($text) { if (get_magic_quotes_gpc() == 1) { return filter($text, "nohtml"); } return $text; }