function testNoDefault() { $filter = new DeclFilter(); $filter->addStaticKeyFilters(array('hello' => 'digits')); $data = $filter->filter(array('hello' => '123abc', 'world' => '123abc')); $this->assertEquals($data['world'], '123abc'); $this->assertEquals($data['hello'], '123'); }
require_once ('lib/setup/perms.php'); // -------------------------------------------------------------- // deal with register_globals if (ini_get('register_globals')) { foreach (array($_ENV, $_GET, $_POST, $_COOKIE, $_SERVER) as $superglob) { foreach ($superglob as $key => $val) { if (isset($GLOBALS[$key]) && $GLOBALS[$key] == $val) { // if global has been set some other way // that is OK (prevents munging of $_SERVER with ?_SERVER=rubbish etc.) unset($GLOBALS[$key]); } } } } $serverFilter = new DeclFilter; if ( ( isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input'] ) !== 'y' || $tiki_p_trust_input != 'y') { $serverFilter->addStaticKeyFilters(array('QUERY_STRING' => 'xss', 'REQUEST_URI' => 'xss', 'PHP_SELF' => 'xss',)); } $jitServer = new JitFilter($_SERVER); $_SERVER = $serverFilter->filter($_SERVER); // Rebuild request after gpc fix // _REQUEST should only contain GET and POST in the app $prepareInput = new TikiFilter_PrepareInput('~'); $_GET = $prepareInput->prepare($_GET); $_POST = $prepareInput->prepare($_POST); $_REQUEST = array_merge($_GET, $_POST); // Preserve unfiltered values accessible through JIT filtering $jitPost = new JitFilter($_POST); $jitGet = new JitFilter($_GET); $jitRequest = new JitFilter($_REQUEST);
foreach ($virtuals as $v) { if ($v) { if (is_file("db/{$v}/local.php") && is_readable("db/{$v}/local.php")) { $virt[$v] = 'y'; } else { $virt[$v] = 'n'; } } } } else { $virt = false; $virtuals = false; } $serverFilter = new DeclFilter(); if ((isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input']) !== 'y' || $tiki_p_trust_input != 'y') { $serverFilter->addStaticKeyFilters(array('TIKI_VIRTUAL' => 'striptags', 'SERVER_NAME' => 'striptags', 'HTTP_HOST' => 'striptags')); } $jitServer = new JitFilter($_SERVER); $_SERVER = $serverFilter->filter($_SERVER); $multi = ''; // If using multiple Tiki installations (MultiTiki) if ($virtuals) { if (isset($_POST['multi']) && in_array($_POST['multi'], $virtuals)) { $multi = $_POST['multi']; } else { if (isset($_SERVER['TIKI_VIRTUAL']) && is_file('db/' . $_SERVER['TIKI_VIRTUAL'] . '/local.php')) { $multi = $_SERVER['TIKI_VIRTUAL']; } elseif (isset($_SERVER['SERVER_NAME']) && is_file('db/' . $_SERVER['SERVER_NAME'] . '/local.php')) { $multi = $_SERVER['SERVER_NAME']; } elseif (isset($_SERVER['HTTP_HOST']) && is_file('db/' . $_SERVER['HTTP_HOST'] . '/local.php')) { $multi = $_SERVER['HTTP_HOST'];
function wikiplugin_rss($data, $params) { global $smarty; global $tikilib; global $dbTiki; global $rsslib; if (!isset($rsslib)) { include_once 'lib/rss/rsslib.php'; } extract($params, EXTR_SKIP); if (!isset($max)) { $max = '10'; } if (!isset($id)) { return tra('You need to specify a RSS Id'); } if (!isset($date)) { $date = 0; } if (!isset($desc)) { $desc = 0; } if (!isset($author)) { $author = 0; } $ids = explode(':', $id); $repl = ''; $items = array(); $filter = new DeclFilter(); $filter->addStaticKeyFilters(array('link' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'pubDate' => 'striptags', 'description' => 'striptags')); foreach ($ids as $val) { if (!($rssdata = $rsslib->get_rss_module_content($val))) { $repl = tra('RSS Id incorrect:') . ' ' . $val; } $itemsrss = $rsslib->parse_rss_data($rssdata, $val, $rssdata); foreach ($itemsrss as &$item) { foreach ($item as &$v) { $v = TikiLib::htmldecode($v); } $item = $filter->filter($item); if ($desc > 1 && strlen($item['description']) > $desc) { $item['description'] = substr($item['description'], 0, $desc) . ' [...]'; } } $items = array_merge($items, $itemsrss); } $title = null; if (isset($items[0]) && $items[0]['isTitle'] == 'y') { $title = array_shift($items); } // No need to waste time sorting with only one feed if (count($ids) > 1) { usort($items, 'rss_sort'); } $items = array_slice($items, 0, $max); if (count($items) < $max) { $max = count($items); } global $smarty; $smarty->assign('title', $title); $smarty->assign('items', $items); $smarty->assign('showdate', $date > 0); $smarty->assign('showdesc', $desc > 0); $smarty->assign('showauthor', $author > 0); return '~np~' . $smarty->fetch('wiki-plugins/wikiplugin_rss.tpl') . '~/np~'; }
private function update_feed($rssId, $url, $actions) { global $tikilib; $filter = new DeclFilter(); $filter->addStaticKeyFilters(array('url' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'description' => 'striptags', 'content' => 'purifier')); $guidFilter = TikiFilter::get('url'); try { $content = $tikilib->httprequest($url); $feed = Zend_Feed_Reader::importString($content); } catch (Zend_Exception $e) { $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => 'N/A', 'siteurl' => '#'), array('rssId' => $rssId)); return; } $siteTitle = TikiFilter::get('striptags')->filter($feed->getTitle()); $siteUrl = TikiFilter::get('url')->filter($feed->getLink()); $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => $siteTitle, 'siteurl' => $siteUrl), array('rssId' => $rssId)); foreach ($feed as $entry) { // TODO: optimize. Atom entries have an 'updated' element which can be used to only update updated entries $guid = $guidFilter->filter($entry->getId()); $authors = $entry->getAuthors(); $data = $filter->filter(array('title' => $entry->getTitle(), 'url' => $entry->getLink(), 'description' => $entry->getDescription(), 'content' => $entry->getContent(), 'author' => $authors ? implode(', ', $authors->getValues()) : '')); $data['guid'] = $guid; if (method_exists($entry, 'getDateCreated') && ($createdDate = $entry->getDateCreated())) { $data['publication_date'] = $createdDate->get(Zend_Date::TIMESTAMP); } else { global $tikilib; $data['publication_date'] = $tikilib->now; } $count = $this->items->fetchCount(array('rssId' => $rssId, 'guid' => $guid)); if (0 == $count) { $this->insert_item($rssId, $data, $actions); } else { $this->update_item($rssId, $data['guid'], $data); } } }