function htmlspecialchars_deep($mixed, $quote_style = ENT_QUOTES, $charset = 'UTF-8') { if (is_array($mixed)) { foreach ($mixed as $key => $value) { $mixed[$key] = htmlspecialchars_deep($value, $quote_style, $charset); } } elseif (is_string($mixed)) { $mixed = htmlspecialchars(htmlspecialchars_decode($mixed, $quote_style), $quote_style, $charset); } return $mixed; }
/** 转义html字符 htmlspecialchars 包含括号 * @param string|array $s */ function htmlspecialchars_deep($s) { if (!is_array($s)) { $s = htmlspecialchars($s, ENT_QUOTES, 'ISO-8859-1'); return $s; } else { foreach ($s as $i => $j) { $s[$i] = htmlspecialchars_deep($j); } return $s; } }
// --- empty variables for values of $_POST - begin --- $post_var_names = array('li', 'ai', 'ld'); $li = array('file' => 'example', 'name' => 'Example'); $ai = array('name' => 'Benny Baumann', 'email' => '*****@*****.**', 'web' => 'http://qbnz.com/highlighter/'); $ld = array('cmt' => array('sl' => array(1 => array('start' => '//', 'style' => 'font-style: italic; color: #666666;'), 2 => array('start' => '#', 'style' => 'font-style: italic; color: #666666;')), 'ml' => array(1 => array('start' => '/*', 'end' => '*/', 'style' => 'font-style: italic; color: #666666;'), 2 => array('start' => '/**', 'end' => '*/', 'style' => 'font-style: italic; color: #006600;')), 'rxc' => array(1 => array('rx' => '/Hello RegExp/', 'style' => 'font-style: italic; color: #666666;'))), 'str' => array('qm' => array(1 => array('delim' => "'", 'style' => 'color: #0000FF;'), 2 => array('delim' => """, 'style' => 'color: #0000FF;')), 'ec' => array('char' => '\\', 'style' => 'font-weight: bold; color: #000080;'), 'erx' => array(1 => array('rx' => '/\\{\\\\$\\w+\\}/', 'style' => 'font-weight: bold; color: #008080;'), 2 => array('rx' => '/\\{\\\\$\\w+\\}/', 'style' => 'font-weight: bold; color: #008080;'))), 'kw_case' => 'GESHI_CAPS_NO_CHANGE', 'kw' => array(1 => array('list' => '', 'case' => '0', 'style' => 'color: #0000FF; font-weight: bold;', 'docs' => '')), 'sy' => array(0 => array('list' => '', 'style' => 'color: #0000FF; font-weight: bold;'))); $kw_case_sel = array('GESHI_CAPS_NO_CHANGE' => '', 'GESHI_CAPS_UPPER' => '', 'GESHI_CAPS_LOWER' => ''); $kw_cases_sel = array(1 => array(0 => '', 1 => '')); // --- empty variables for values of $_POST - end --- echo "<pre>"; //var_dump($languages); var_dump($_GET); var_dump($_POST); foreach ($post_var_names as $varName) { // export wanted variables of $_POST array... if (array_key_exists($varName, $_POST)) { ${$varName} = htmlspecialchars_deep($_POST[$varName]); } } // determine the selected kw_case... $kw_case_sel[$ld['kw_case']] = ' selected="selected"'; // determine the selected kw_cases... for ($i = 1; $i <= count($kw_cases_sel); $i += 1) { $kw_cases_sel[$i][(int) $ld['kw'][$i]['case']] = ' selected="selected"'; } $lang = validate_lang(); var_dump($lang); echo "</pre>"; ?> <form action="?action=test" method="post"> <fieldset> <legend>Generic Information</legend>
function write_description($key, $insert_id, $name) { $sql = "insert into product_description set product_id = '?', language_id = '?', name = '?', description = '?', technical = '?', technical_name = '?',model = '?', model_number = '?', alt_description = '?', meta_title = '?', meta_description = '?', meta_keywords = '?'"; $this->database->query($this->database->parse($sql, $insert_id, $key, htmlspecialchars_deep($name), $this->description[$key], $this->technical[$key], htmlspecialchars_deep($this->technical_name[$key]), htmlspecialchars_deep($this->model[$key]), htmlspecialchars_deep($this->model_number[$key]), $this->alt_description[$key], strip_tags($this->meta_title[$key]), strip_tags($this->meta_description[$key]), strip_tags($this->meta_keywords[$key]))); }
function requestBody($products) { $language = $this->language->getCode() == 'fr' ? 'fr' : 'en'; $shipping_address_id = $this->session->get('shipping_address_id'); $output = "<?xml version=\"1.0\" ?>\n"; $output .= "<eparcel>\n"; $output .= "<language>" . $language . "</language>\n"; $output .= "<ratesAndServicesRequest>\n"; $output .= "<merchantCPCID>" . $this->config->get('canadapost_merchant_id') . "</merchantCPCID>\n"; $output .= "<fromPostalCode>" . $this->config->get('canadapost_postcode') . "</fromPostalCode>\n"; if ($this->config->get('canadapost_turnaround')) { $output .= "<turnAroundTime>" . $this->config->get('canadapost_turnaround') . "</turnAroundTime>\n"; } $output .= "<itemsPrice>" . str_replace(',', '', $this->currency->format($this->cart->getTotal(), 'CAD', FALSE, FALSE)) . "</itemsPrice>\n"; $output .= "<lineItems>\n"; foreach ($products as $product) { $output .= "<item>\n"; $output .= "<quantity>" . $product['quantity'] . "</quantity>\n"; $output .= "<weight>" . str_replace(',', '.', $product['weight']) . "</weight>\n"; $output .= "<length>" . str_replace(',', '.', $product['length']) . "</length>\n"; $output .= "<width>" . str_replace(',', '.', $product['width']) . "</width>\n"; $output .= "<height>" . str_replace(',', '.', $product['height']) . "</height>\n"; $output .= "<description>" . $product['item'] . "</description>\n"; $output .= "</item>\n"; } $output .= "</lineItems>\n"; if ($this->customer->isLogged()) { $output .= "<city>" . htmlspecialchars_deep($this->address->getCity($shipping_address_id)) . "</city>\n"; $output .= "<provOrState>" . htmlspecialchars_deep($this->address->getZone($shipping_address_id)) . "</provOrState>\n"; $output .= "<country>" . htmlspecialchars_deep($this->address->getCountry($shipping_address_id)) . "</country>\n"; $output .= "<postalCode>" . str_replace(" ", '', $this->address->getPostCode($shipping_address_id)) . "</postalCode>\n"; } else { $output .= "<provOrState>" . htmlspecialchars_deep($this->modelShipping->getZoneName($this->session->get('zone_id'))) . "</provOrState>\n"; $output .= "<country>" . htmlspecialchars_deep($this->modelShipping->getCountryName($this->session->get('country_id'))) . "</country>\n"; $output .= "<postalCode>" . str_replace(" ", '', $this->session->get('postcode')) . "</postalCode>\n"; } $output .= "</ratesAndServicesRequest>\n"; $output .= "</eparcel>\n"; return $output; }
function clean($key) { return htmlspecialchars_deep($this->sanitizer($key)); }
function message_send() { exit('Function ' . __FUNCTION__ . ' moved to the users API'); if ($_POST) { $this->_requireLogin(); $currentUser = CI::library('session')->userdata('user'); $messageKey = $_POST['mk']; unset($_POST['mk']); $messageKey = base64_decode($messageKey); $messageKey = CI::model('core')->securityDecryptString($messageKey); if ($currentUser['email'] != $messageKey) { exit(1); } $data = $_POST; $data = stripFromArray($data); $data = htmlspecialchars_deep($data); /* * Format data array */ // from user $data['from_user'] = intval($currentUser['id']); // to user $data['to_user'] = intval($data['receiver']); unset($data['receiver']); // parent id if ($data['conversation']) { $data['parent_id'] = $data['conversation']; } unset($data['conversation']); // validate 'to_user' if ($data['parent_id']) { $parentMessage = CI::model('core')->fetchDbData('firecms_messages', array(array('id', $data['parent_id']))); $parentMessage = $parentMessage[0]; if (!in_array($data['to_user'], array($parentMessage['from_user'], $parentMessage['to_user']))) { throw new Exception('Cheating detected.'); } } $sent = CI::model('core')->saveData('firecms_messages', $data); echo $sent; CI::model('core')->cleanCacheGroup('messages'); } }
function check_barcode_id($value, $product_option = '') { $result = $this->database->getRow("select barcode, product_id from product where barcode = '" . htmlspecialchars_deep($value) . "' and product_id != '" . (int) $this->request->gethtml('product_id') . "'union select barcode, product_option from product_options where barcode = '" . htmlspecialchars_deep($value) . "' and product_option != '" . $product_option . "'"); return $result; }
function commentsSave($data) { global $cms_db_tables; $data = stripFromArray($data); $data = htmlspecialchars_deep($data); $table = $cms_db_tables['table_comments']; //$data_to_save_options ['delete_cache_groups'] = array ('comments' ); $id = CI::model('core')->saveData($table, $data); if (intval($id) != 0) { CI::model('core')->cleanCacheGroup('comments/' . $id); } CI::model('core')->cleanCacheGroup('comments/global'); if (trim($data['to_table']) != '' and trim($data['to_table_id']) != '') { $cache_group = "comments/{$data['to_table']}/{$data['to_table_id']}"; //var_dump($cache_group); CI::model('core')->cleanCacheGroup($cache_group); } return $id; }
function message_send() { require_once APPPATH . 'controllers/api/_api_require_login.php'; if ($_POST) { $currentUser = CI::library('session')->userdata('user'); $messageKey = $_POST['mk']; unset($_POST['mk']); //$messageKey = ( $messageKey ); $messageKey = CI::model('core')->securityDecryptString($messageKey); //var_dump( CI::model('core')->userId (), $messageKey); if (CI::model('core')->userId() != $messageKey) { exit('Error in $messageKey'); } $data = $_POST; $data = stripFromArray($data); $data = htmlspecialchars_deep($data); /* * Format data array */ // from user $data['from_user'] = intval(CI::model('core')->userId()); // to user if (intval($data['receiver']) == 0) { $data['receiver'] = $data['to_user']; } $data['to_user'] = intval($data['receiver']); unset($data['receiver']); // parent id if ($data['conversation']) { $data['parent_id'] = $data['conversation']; } unset($data['conversation']); // validate 'to_user' if ($data['parent_id']) { $parentMessage = CI::model('core')->fetchDbData(TABLE_PREFIX . 'messages', array(array('id', $data['parent_id']))); $parentMessage = $parentMessage[0]; if (!in_array($data['to_user'], array($parentMessage['from_user'], $parentMessage['to_user']))) { //throw new Exception ( 'Cheating detected.' ); } } $data['is_read'] = 'n'; $sent = CI::model('messages')->messageSave($data); if (intval($data['parent_id']) != 0) { $data2 = array(); $data2['is_read'] = 'n'; $data2 = CI::model('messages')->messageSave($data2); $cache_group = 'users/messages/' . $data['parent_id']; CI::model('core')->cleanCacheGroup($cache_group); } //echo $sent; echo 'Message sent'; $cache_group = 'users/messages/global/'; CI::model('core')->cleanCacheGroup($cache_group); } }