/**
* Is used as error handler
*
* @param int $level Error level
* @param null|string $string Error message
*/
function trigger($level, $string = null)
{
if (!$this->error) {
return;
}
$string = xap($string);
$dump = 'null';
$debug_backtrace = debug_backtrace();
if (isset($debug_backtrace[0]['file'], $debug_backtrace[0]['file'])) {
$file = $debug_backtrace[0]['file'];
$line = $debug_backtrace[0]['line'];
} else {
$file = $debug_backtrace[1]['file'];
$line = $debug_backtrace[1]['line'];
}
if (DEBUG) {
$dump = _json_encode($debug_backtrace);
}
unset($debug_backtrace);
$log_file = LOGS . '/' . date('d-m-Y') . '_' . strtr(date_default_timezone_get(), '/', '_');
$time = date('d-m-Y h:i:s') . ' [' . microtime(true) . ']';
switch ($level) {
case E_USER_ERROR:
case E_ERROR:
++$this->num;
file_put_contents($log_file, "E {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND);
unset($dump);
$this->errors_list[] = "E {$time} {$string} Occurred: {$file}:{$line}";
error_code(500);
/**
* If Index instance exists - execution will be stopped there, otherwise in Page instance
*/
Index::instance(true)->__finish();
Page::instance()->error();
break;
case E_USER_WARNING:
case E_WARNING:
++$this->num;
file_put_contents($log_file, "W {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND);
unset($dump);
$this->errors_list[] = "W {$time} {$string} Occurred: {$file}:{$line}";
break;
default:
file_put_contents($log_file, "N {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND);
unset($dump);
$this->errors_list[] = "N {$time} {$string} Occurred: {$file}:{$line}";
break;
}
/**
* If too many non-critical errors - also stop execution
*/
if ($this->num >= 100) {
/**
* If Index instance exists - execution will be stopped there, otherwise in Page instance
*/
Index::instance(true)->__finish();
Page::instance()->error();
}
}
/**
* Set client data
*
* @param string $id
* @param string $secret
* @param string $name
* @param string $domain
* @param int $active
*
* @return bool
*/
function set_client($id, $secret, $name, $domain, $active)
{
if (!is_md5($id) || !is_md5($secret) || !$domain || strpos($domain, '/') !== false) {
return false;
}
$result = $this->db_prime()->q("UPDATE `[prefix]oauth2_clients`\n\t\t\tSET\n\t\t\t\t`secret`\t\t= '%s',\n\t\t\t\t`name`\t\t\t= '%s',\n\t\t\t\t`domain`\t\t= '%s',\n\t\t\t\t`active`\t\t= '%s'\n\t\t\tWHERE `id` = '%s'\n\t\t\tLIMIT 1", $secret, xap($name), xap($domain), (int) (bool) $active, $id);
unset($this->cache->{$id});
return $result;
}
$Config->core['default_module'] = $module_name;
$a->save();
}
break;
case 'db':
if (Trigger::instance()->run('admin/System/components/modules/db/process', ['name' => $module_name])) {
if (isset($_POST['db']) && is_array($_POST['db']) && count($Config->db) > 1) {
$module_data['db'] = xap($_POST['db']);
$a->save();
}
}
break;
case 'storage':
if (Trigger::instance()->run('admin/System/components/modules/storage/process', ['name' => $module_name])) {
if (isset($_POST['storage']) && is_array($_POST['storage']) && count($Config->storage) > 1) {
$module_data['storage'] = xap($_POST['storage']);
$a->save();
}
}
break;
case 'enable':
$module_data['active'] = 1;
$a->save();
clean_pcache();
Trigger::instance()->run('admin/System/components/modules/enable', ['name' => $module_name]);
unset($Cache->functionality, $Cache->languages);
break;
case 'disable':
$module_data['active'] = 0;
$a->save();
clean_pcache();
<?php
/**
* Xap bootstrap
*/
// import Xap engine
require_once './lib/Xap/Engine.php';
// import Xap Model class (if using '/model' query option)
// require_once './lib/Xap/Model.php';
// import Xap Decorate class (if using decorators)
// require_once './lib/Xap/Decorate.php';
// import Xap Cache class (if using '/cache' query option for caching)
// require_once './lib/Xap/Cache.php';
// import xap() function
require_once './lib/Xap/xap.php';
// register database connection
xap(['host' => 'localhost', 'database' => 'test', 'user' => 'myuser', 'password' => 'mypass']);
// set global pagination records per page (default 10)
// xap(':pagination', ['rpp' => 10]);
// set global cache settings
// \Xap\Cache::setExpireGlobal('10 seconds'); // global cache expire time (default '30 seconds')
// \Xap\Cache::setPath('/var/www/app/cache'); // global cache directory path
// \Xap\Cache::$use_compression = false; // globally turn off cache file compression (enabled by default)
/**
* XSS Attack Protection. Returns secure string using several types of filters
*
* @param string|string[] $in HTML code
* @param bool|string $html <b>text</b> - text at output (default)<br>
* <b>true</b> - processed HTML at output<br>
* <b>false</b> - HTML tags will be deleted
* @param bool $iframe Whether to allow iframes without inner content (for example, video from youtube)<br>
* Works only if <i>$html === true</i>
* @return string|string[]
*/
function xap($in, $html = 'text', $iframe = false)
{
if (is_array($in)) {
foreach ($in as &$item) {
$item = xap($item, $html, $iframe);
}
return $in;
/**
* Make safe HTML
*/
} elseif ($html === true) {
$in = preg_replace('/
<[^a-z=>]*(link|script|object|applet|embed|[a-z0-9]+-[a-z0-9]+)[^>]*>? # Open tag
(
.* # Some content
<\\/[^>]*\\1[^>]*> # Close tag (with reference for tag name to open tag)
)? # Section is optional
/xims', '', $in);
/**
* Remove iframes (regular expression the same as previous)
*/
if (!$iframe) {
$in = preg_replace('/
<[^a-z=>]*iframe[^>]*>? # Open tag
(
.* # Some content
<\\/[^>]*iframe[^>]*> # Close tag
)? # Section is optional
/xims', '', $in);
/**
* Allow iframes without inner content (for example, video from youtube)
*/
} else {
$in = preg_replace('/
(<[^a-z=>]*iframe[^>]*>\\s*) # Open tag
[^<\\s]+ # Search if there something that is not space or < character
(<\\/[^>]*iframe[^>]*>)? # Optional close tag
/xims', '', $in);
$in = preg_replace_callback('/
<[^\\/a-z=>]*iframe[^>]*>
/xims', function ($matches) {
$result = preg_replace('/sandbox\\s*=\\s*([\'"])?[^\\1>]*\\1?/ims', '', $matches[0]);
$result = str_replace('>', ' sandbox="allow-same-origin allow-forms allow-popups allow-scripts">', $result);
return $result;
}, $in);
}
$in = preg_replace('/(script|data|vbscript):/i', '\\1:', $in);
$in = preg_replace('/(expression[\\s]*)\\(/i', '\\1(', $in);
$in = preg_replace('/<[^>]*\\s(on[a-z]+|dynsrc|lowsrc|formaction|is)=[^>]*>?/ims', '', $in);
$in = preg_replace('/(href[\\s\\t\\r\\n]*=[\\s\\t\\r\\n]*["\'])((?:http|https|ftp)\\:\\/\\/.*?["\'])/ims', '\\1redirect/\\2', $in);
return $in;
} elseif ($html === false) {
return strip_tags($in);
} else {
return htmlspecialchars($in, ENT_NOQUOTES | ENT_HTML5 | ENT_DISALLOWED | ENT_SUBSTITUTE | ENT_HTML5);
}
}
$User->set($_POST['user'], null, $id);
$User->__finish();
$Index->save(true);
}
break;
case 'edit':
if (isset($_POST['user'])) {
$id = (int) $_POST['user']['id'];
if ($id == User::GUEST_ID || $id == User::ROOT_ID) {
break;
}
$user_data =& $_POST['user'];
$columns = array('id', 'login', 'username', 'password', 'email', 'language', 'timezone', 'status', 'block_until', 'avatar');
foreach ($user_data as $item => &$value) {
if (in_array($item, $columns) && $item != 'data') {
$value = xap($value, false);
} elseif ($item != 'data') {
unset($user_data[$item]);
}
}
unset($item, $value, $columns);
if ($_POST['user']['block_until'] > TIME) {
$block_until = $user_data['block_until'];
$block_until = explode('T', $block_until);
$block_until[0] = explode('-', $block_until[0]);
$block_until[1] = explode(':', $block_until[1]);
$user_data['block_until'] = mktime($block_until[1][0], $block_until[1][1], 0, $block_until[0][1], $block_until[0][2], $block_until[0][0]);
unset($block_until);
} else {
$user_data['block_until'] = 0;
}
/**
* Set group data
*
* @param array $data May contain items title|description|data
* @param int $group
*
* @return bool
*/
function set($data, $group)
{
$group = (int) $group;
if (!$group) {
return false;
}
$update = [];
if (isset($data['title'])) {
$update[] = '`title` = ' . $this->db_prime()->s(xap($data['title'], false));
}
if (isset($data['description'])) {
$update[] = '`description` = ' . $this->db_prime()->s(xap($data['description'], false));
}
if (isset($data['data'])) {
$update[] = '`data` = ' . $this->db_prime()->s(_json_encode($data['data']));
}
$update = implode(', ', $update);
if (!empty($update) && $this->db_prime()->q("UPDATE `[prefix]groups` SET {$update} WHERE `id` = '{$group}' LIMIT 1")) {
$Cache = $this->cache;
unset($Cache->{$group}, $Cache->all);
return true;
} else {
return false;
}
}
/**
* Getting of debug information
*
* @return Page
*/
protected function get_debug_info()
{
$Config = Config::instance();
$db = DB::instance();
$L = Language::instance();
$debug_tabs = [];
$debug_tabs_content = '';
/**
* DB queries
*/
if ($Config->core['show_db_queries']) {
$debug_tabs[] = $L->db_queries;
$tmp = '';
foreach ($db->get_connections_list() as $name => $database) {
$queries = $database->queries();
$tmp .= h::{'p.cs-padding-left'}($L->debug_db_info($name != 0 ? $L->db . ' ' . $database->database() : $L->core_db . ' (' . $database->database() . ')', format_time(round($database->connecting_time(), 5)), $queries['num'], format_time(round($database->time(), 5))));
foreach ($queries['text'] as $i => $text) {
$tmp .= h::code($text . h::br(2) . '#' . h::i(format_time(round($queries['time'][$i], 5))), ['class' => ($queries['time'][$i] > 0.1 ? 'uk-alert-danger ' : '') . 'uk-alert']);
}
}
unset($error, $name, $database, $i, $text);
$debug_tabs_content .= h::div(h::p($L->debug_db_total($db->queries, format_time(round($db->time, 5))), $L->failed_connections . ': ' . h::b(implode(', ', $db->get_connections_list(false)) ?: $L->no), $L->successful_connections . ': ' . h::b(implode(', ', $db->get_connections_list(true)) ?: $L->no), $L->mirrors_connections . ': ' . h::b(implode(', ', $db->get_connections_list('mirror')) ?: $L->no), $L->active_connections . ': ' . (count($db->get_connections_list()) ? '' : h::b($L->no))) . $tmp);
unset($tmp);
}
/**
* Cookies
*/
if ($Config->core['show_cookies']) {
$debug_tabs[] = $L->cookies;
$tmp = [h::td($L->key . ':', ['style' => 'width: 20%;']) . h::td($L->value)];
foreach ($_COOKIE as $i => $v) {
$tmp[] = h::td($i . ':', ['style' => 'width: 20%;']) . h::td(xap($v));
}
unset($i, $v);
$debug_tabs_content .= h::{'table.cs-padding-left tr'}($tmp);
unset($tmp);
}
$this->debug_info = $this->process_replacing(h::{'ul.cs-tabs li'}($debug_tabs) . h::div($debug_tabs_content));
return $this;
}
<?php
/**
* @package Plupload
* @category modules
* @author Moxiecode Systems AB
* @author Nazar Mokrynskyi <*****@*****.**> (integration with CleverStyle CMS)
* @copyright Moxiecode Systems AB
* @license GNU GPL v2, see license.txt
*/
namespace cs;
use h;
if (isset($_POST['edit_settings'], $_POST['max_file_size']) && $_POST['edit_settings'] == 'save') {
$module_data = Config::instance()->module('Plupload');
$module_data->max_file_size = xap($_POST['max_file_size']);
$module_data->confirmation_time = (int) $_POST['confirmation_time'];
Index::instance()->save(true);
}
Page::instance()->main_sub_menu = h::{'li.uk-active a'}('Plupload', ['href' => 'admin/Plupload']);
/**
* @param Closure[]|string[] $data_model
* @param array $arguments
*/
private function crud_arguments_preparation($data_model, &$arguments)
{
$arguments = array_combine(array_keys($data_model), $arguments);
array_walk($arguments, function (&$argument, $item) use($data_model) {
$model = $data_model[$item];
if ($model instanceof Closure) {
$argument = $model($argument);
return;
}
$model = explode(':', $model, 2);
$type = $model[0];
if (isset($model[1])) {
$format = $model[1];
}
switch ($type) {
case 'int':
case 'float':
$argument = $type == 'int' ? (int) $argument : (double) $argument;
/**
* Ranges processing
*/
if (isset($format)) {
$format = explode('..', $format);
$min = $format[0];
if (isset($format[1])) {
$max = $format[1];
}
/**
* Minimum
*/
$argument = max($argument, $min);
/**
* Maximum
*/
if (isset($max)) {
$argument = min($argument, $max);
}
}
break;
case 'text':
case 'html':
$argument = xap($argument, $model[0] == 'text' ? 'text' : true);
/**
* Truncation
*/
if (isset($format)) {
$format = explode(':', $format);
$length = $format[0];
if (isset($format[1])) {
$ending = $format[1];
}
$argument = truncate($argument, $length, isset($ending) ? $ending : '...', true);
}
break;
case 'set':
/**
* @var $format
*/
$allowed_arguments = explode(',', $format);
if (array_search($argument, $allowed_arguments) === false) {
$argument = $allowed_arguments[0];
}
break;
}
});
}
case 'mail_from_name':
case 'mail_signature':
case 'rules':
$value = set_core_ml_text($item, $value);
break;
case 'url':
case 'cookie_domain':
case 'cookie_path':
case 'ip_black_list':
case 'ip_admin_list':
$value = _trim(explode("\n", $value));
if ($value[0] == '') {
$value = [];
}
}
$temp[$item] = xap($value, true);
if ($item == 'theme') {
$temp['color_scheme'] = $Config->core['color_schemes'][$temp['theme']][0];
}
}
unset($item, $value);
if ($part == 'routing' || $part == 'replace') {
$temp['in'] = explode("\n", $temp['in']);
$temp['out'] = explode("\n", $temp['out']);
foreach ($temp['in'] as $i => $value) {
if (empty($value)) {
unset($temp['in'][$i], $temp['out'][$i]);
}
}
unset($i, $value);
}
/**
* Saving changes of cache and users data
*/
function __finish()
{
/**
* Updating users data
*/
if (is_array($this->data_set) && !empty($this->data_set)) {
$update = [];
foreach ($this->data_set as $id => &$data_set) {
$data = [];
foreach ($data_set as $i => &$val) {
if (in_array($i, $this->users_columns) && $i != 'id') {
$val = xap($val, false);
$data[] = "`{$i}` = " . $this->db_prime()->s($val);
} elseif ($i != 'id') {
unset($data_set[$i]);
}
}
if (!empty($data)) {
$data = implode(', ', $data);
$update[] = "UPDATE `[prefix]users`\n\t\t\t\t\t\tSET {$data}\n\t\t\t\t\t\tWHERE `id` = '{$id}'";
unset($i, $val, $data);
}
}
if (!empty($update)) {
$this->db_prime()->q($update);
}
unset($update);
}
/**
* Updating users cache
*/
foreach ($this->data as $id => &$data) {
if (isset($this->update_cache[$id]) && $this->update_cache[$id]) {
$data['id'] = $id;
$this->cache->{$id} = $data;
}
}
$this->update_cache = [];
unset($id, $data);
$this->data_set = [];
}
/**
* Set permission
*
* @param int $id
* @param string $group
* @param string $label
*
* @return bool
*/
function set($id, $group, $label)
{
$id = (int) $id;
if (!$id) {
return false;
}
if ($this->db_prime()->q("UPDATE `[prefix]permissions`\n\t\t\tSET\n\t\t\t\t`label` = '%s',\n\t\t\t\t`group` = '%s'\n\t\t\tWHERE `id` = '{$id}'\n\t\t\tLIMIT 1", xap($label), xap($group))) {
$this->del_all_cache();
return true;
} else {
return false;
}
}
/**
* Sending of email
*
* @param array|string|string[] $email if emails without names - string (may be several emails separated by comma) or
* 1-dimensional array(<i>email</i>)<br>
* else - 2-dimensional array(<i>email</i>, <i>name</i>) must be given
* @param string $subject Mail subject
* @param string $body html body
* @param string|null $body_text plain text body
* @param array|null|string $attachments 1- or 2-dimensional array of array(<i>path</i>, <i>name</i>) or simply string
* with path to the file in file system
* @param array|null|string|string[] $reply_to Similar to <b>$email</b>
* @param bool|string $signature <b>true</b> - add system signature<br>
* <b>false</b> - without signature<br>
* <b>string</b> - custom signature
* @return bool
*/
function send_to($email, $subject, $body, $body_text = null, $attachments = null, $reply_to = null, $signature = true)
{
if (empty($email) || empty($subject) || empty($body)) {
return false;
}
if (is_array($email)) {
if (count($email) == 2) {
$this->AddAddress($email[0], $email[1]);
} else {
foreach ($email as $m) {
if (is_array($m)) {
$this->AddAddress($m[0], $m[1]);
} else {
$this->AddAddress($m);
}
}
}
} else {
$email = _trim(explode(',', $email));
foreach ($email as $e) {
$this->AddAddress($e);
}
unset($e, $email);
}
$this->Subject = $subject;
if ($signature === true) {
if ($signature = get_core_ml_text('mail_signature')) {
$signature = "{$this->LE}-- {$this->LE}.{$signature}";
}
} elseif ($signature) {
$signature = "{$this->LE}-- {$this->LE}" . xap($signature, true);
} else {
$signature = '';
}
$this->Body = $this->body_normalization($body, $signature);
if ($body_text) {
$this->AltBody = $body_text . strip_tags($signature);
}
if (is_array($attachments)) {
if (count($attachments) == 2) {
$this->AddStringAttachment($attachments[0], $attachments[1]);
} else {
foreach ($attachments as $a) {
if (is_array($a)) {
$this->AddStringAttachment($a[0], $a[1]);
} else {
$this->AddStringAttachment($a, pathinfo($a, PATHINFO_FILENAME));
}
}
}
} elseif (is_string($attachments)) {
$this->AddStringAttachment($attachments, pathinfo($attachments, PATHINFO_FILENAME));
}
if (is_array($reply_to)) {
if (count($reply_to) == 2) {
$this->AddReplyTo($reply_to[0], $reply_to[1]);
} else {
foreach ($reply_to as $r) {
if (is_array($r)) {
$this->AddReplyTo($r[0], $r[1]);
} else {
$this->AddReplyTo($r);
}
}
}
} elseif (is_string($reply_to)) {
$this->AddReplyTo($reply_to);
}
$result = $this->Send();
$this->ClearAddresses();
$this->ClearAttachments();
$this->ClearReplyTos();
return $result;
}
$start[0] = explode('-', $start[0]);
$start[1] = explode(':', $start[1]);
$block['start'] = mktime($start[1][0], $start[1][1], 0, $start[0][1], $start[0][2], $start[0][0]);
unset($start);
if ($block_new['expire']['state']) {
$expire =& $block_new['expire']['date'];
$expire = explode('T', $expire);
$expire[0] = explode('-', $expire[0]);
$expire[1] = explode(':', $expire[1]);
$block['expire'] = mktime($expire[1][0], $expire[1][1], 0, $expire[0][1], $expire[0][2], $expire[0][0]);
unset($expire);
} else {
$block['expire'] = 0;
}
if ($block['type'] == 'html') {
$block['content'] = $Text->set($Config->module('System')->db('texts'), 'System/Config/blocks/content', $block['index'], xap($block_new['html'], true));
} elseif ($block['type'] == 'raw_html') {
$block['content'] = $Text->set($Config->module('System')->db('texts'), 'System/Config/blocks/content', $block['index'], $block_new['raw_html']);
} elseif ($_POST['mode'] == 'add') {
$block['content'] = '';
}
if ($_POST['mode'] == 'add') {
$Config->components['blocks'][] = $block;
$Permission->add('Block', $block['index']);
} else {
unset($Cache->{'blocks/' . $block['index'] . '_' . $L->clang});
}
unset($block, $block_new);
$a->save();
break;
case 'delete':
