public static function getSafeHTML($html, $allowedTags = "basic") { $aSafe = self::getSafeTagsAttributes($allowedTags); $sTag = implode(",", $aSafe["tag"]); $aAttribute = $aSafe["attribute"]; $sHTML = FlexiStringUtil::stripTagsAttributes($html, $sTag, $aAttribute); return $sHTML; }
public function checkValid() { if (empty($this->sName)) { throw new Exception("Name is required"); } if (empty($this->iVersion)) { throw new Exception("Version is required"); } if (!FlexiStringUtil::isCleanName($this->sName)) { throw new Exception("Invalid value for name"); } }
/** * upload a field * @param FlexiTableFieldObject $oField * @param array $oStore * @param array $oRow (new form row) * @param array $oCurrentRow (old row) */ public function doUploadField(FlexiTableFieldObject $oField, &$oStore, &$oForm, $oCurrentRow) { $sName = $oField->getName(); $sSavePath = is_null($oField->savepath) ? FlexiFileUtil::getFullUploadPath("media/libraries") : $oField->savepath; //relative path is to cut out prefix of path before saving to field $sFullRelativeBasePath = empty($oField->savepath) ? "" : realpath($oField->savepath); //if multiple file //var_dump($oField->type); if ($oField->type == "multiimage-text") { $aCurrentFile = array(); if (!empty($oCurrentRow[$sName])) { $aCurrentFile = explode($oField->uploadseparator, $oCurrentRow[$sName]); } $aResultFile = array(); //var_dump($oForm); for ($c = 1; $c <= $oField->uploadcount; $c++) { if (isset($oForm[$sName . "_" . $c])) { $sNewFile = "media." . FlexiStringUtil::createRandomAlphaNumeric() . "_" . time(); $aStatus = FlexiFileUtil::storeUploadFile($oForm[$sName . "_" . $c], $sSavePath, $sNewFile . "."); $this->onGetUploadFileName($sSaveDir, $sNewFile); if ($aStatus["status"]) { //replace photo if already exists if (!empty($aCurrentFile[$c - 1])) { unlink(FlexiFileUtil::getFullPathFrom($aCurrentFile[$c - 1], $sFullRelativeBasePath)); } if ($oField->isUploadImage() && !empty($oField->maxwidth) || !empty($oField->maxheight)) { FlexiImageUtil::imageResize($oField->maxwidth, $oField->maxheight, $aStatus["path"]); } //if savepath not declared, full path from root is saved // if declared, only save filename // "" => use base root path //resize image based on max width, height //FlexiImageUtil::imageResize(345, 287, $aStatus["path"]); $aResultFile[$c - 1] = FlexiFileUtil::getRelativePathFrom($aStatus["path"], $sFullRelativeBasePath); } else { //No file $aResultFile[$c - 1] = $aCurrentFile[$c - 1]; } } } //for each file $oStore[$sName] = implode($oField->uploadseparator, $aResultFile); } else { //single file upload if (!isset($oForm[$sName])) { return; } //isupload form, presume if (is_array($oForm[$sName])) { $sNewFile = "media." . FlexiStringUtil::createRandomAlphaNumeric() . "_" . time(); //var_dump($oRow[$sName]); $aStatus = FlexiFileUtil::storeUploadFile($oForm[$sName], $sSavePath, $sNewFile . "."); $this->onGetUploadFileName($sSaveDir, $sNewFile); if ($aStatus["status"]) { //replace photo if already exists if (!empty($oCurrentRow[$sName])) { $sOldPath = FlexiFileUtil::getRelativePathFrom($oCurrentRow[$sName], $sFullRelativeBasePath); unlink($sOldPath); } if ($oField->isUploadImage() && !empty($oField->maxwidth) || !empty($oField->maxheight)) { FlexiImageUtil::imageResize($oField->maxwidth, $oField->maxheight, $aStatus["path"]); } //if savepath not declared, full path from root is saved // if declared, only save filename // "" => use base root path //resize image based on max width, height //FlexiImageUtil::imageResize(345, 287, $aStatus["path"]); $oStore[$sName] = FlexiFileUtil::getRelativePathFrom($aStatus["path"], $sFullRelativeBasePath); } else { //No file } } else { if (is_string($oForm[$sName])) { //could be manually saved or from old path $sNewFile = $oForm[$sName]; //delete old file if different from new file if (!empty($oCurrentRow[$sName]) && !empty($sNewFile)) { $sOldPath = FlexiFileUtil::getFullPathFrom($oCurrentRow[$sName], $sFullRelativeBasePath); $sNewPath = FlexiFileUtil::getFullPathFrom($sNewFile, $sFullRelativeBasePath); $sOldPathReal = realpath($sOldPath); if (!empty($sOldPathReal) && $sOldPathReal != realpath($sNewPath)) { unlink($sOldPathReal); } } $oStore[$sName] = FlexiFileUtil::getRelativePathFrom($sNewFile, $sFullRelativeBasePath); } else { throw new Exception("Invalid upload value: " . $oForm[$sName]); } } //else error } //if single file }
<?php $sTitle = empty($vars["#title"]) ? "" : $vars["#title"]; ?> <div id="div-<?php echo $vars["#id"]; ?> " <? if (isset($vars["#attributes"])) { echo FlexiStringUtil::attributesToString($vars["#attributes"]); } ?>> <?php echo isset($vars["#prefix"]) ? $vars["#prefix"] : ""; ?> <fieldset id="<?php echo $vars["#id"]; ?> "> <legend><?php echo $sTitle; ?> </legend> <?php echo $vars["#childs"]; ?> </fieldset> <?php echo isset($vars["#suffix"]) ? $vars["#suffix"] : ""; ?> </div>
/** * Filtering hook to update markups setting * @param array $aValue * @return void */ protected function renderFilterMarkup(&$aValue) { if (isset($aValue["#filterrendered"])) { if ($aValue["#filterrendered"]) { return; } } if (!isset($aValue["#id"])) { $aValue["#id"] = "id_" . FlexiStringUtil::createRandomPassword(15); } //TODO general markup filter for security $aValue["#filterrendered"] = true; }
/** * validate a form value populated by $_REQUEST * @param array $aForm merged with request value * @return boolean */ public function validateForm(&$aForm) { $bOK = true; foreach ($aForm as $sKey => &$mValue) { FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ",val: " . @$mValue["#value"]); //is a form field, and is not already set value if ($sKey[0] != "#") { $bRequired = isset($mValue["#required"]) ? $mValue["#required"] : false; //echo $sKey. "\r\n<br>"; if ($bRequired && (!isset($mValue["#value"]) || isset($mValue["#value"]) && strlen($mValue["#value"]) == 0)) { //echo "is empty!"; //var_dump($mValue["#value"]); FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ", is empty"); if (!isset($mValue["#notice"])) { $mValue["#notice"] = array("msg" => ""); } $mValue["#notice"]["msg"] .= flexiT("field is required") . "\r\n<br/>"; $bOK = false; } if ($mValue["#type"] == "email" && !empty($mValue["#value"])) { $bValid = FlexiStringUtil::isValidEmail($mValue["#value"]); if (!$bValid) { $bOK = false; if (!isset($mValue["#notice"])) { $mValue["#notice"] = array("msg" => ""); } //echo "invalid email"; FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ", invalid email"); $mValue["#notice"]["msg"] .= flexiT("field must be an email") . "\r\n<br/>"; } } } } return $bOK; }
public static function parseSQLKey($sKey, $sValue, $bStatementValue = false) { $bDebug = false; $result = ""; $aParam = array(); $aCond = explode(":", $sKey); //default $sType = "and"; $sOperator = ""; $bHasParam = true; if (is_numeric($sKey)) { //is condition without field name return array("type" => $sType, "sql" => "(" . $sValue . ")", "param" => array()); } else { if (count($aCond) == 1) { $sField = $sKey; $sOperator = "="; $sType = "and"; //not :s } else { if (count($aCond) == 2) { if ($bDebug) { echo __METHOD__ . ":Is 2 condition<br/>\n"; } if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") { $sType = $aCond[0]; $sField = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":with type cond<br/>\n"; } $sOperator = "="; } else { $sField = $aCond[0]; $sOperator = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":without type condition<br/>\n"; } } //2condition } else { if (count($aCond) >= 3) { if ($bDebug) { echo __METHOD__ . ":Is 3 condition<br/>\n"; } if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") { $sType = $aCond[0]; $sField = $aCond[1]; $sOperator = $aCond[2]; if ($bDebug) { echo __METHOD__ . ":with type<br/>\n"; } } else { $sField = $aCond[0]; $sOperator = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":without type<br/>\n"; } //wats up with aCond[2]? todo... } } } } } //3condition or more if ($bDebug) { echo __METHOD__ . ":result type: " . $sType . "<br/>\n"; } //$sParamName = ":" . $sField . FlexiStringUtil::createRandomPassword(4); $sParamName = ":" . preg_replace("/[^a-zA-Z0-9_]/", "_", $sField) . FlexiStringUtil::createRandomPassword(4); switch (strtolower(trim($sOperator))) { case "in": //we are hardcoding value into it, // direct sql injection $bHasParam = false; if (is_array($sValue)) { $sSQLValue = self::getSQLValue($sValue); } else { $sSQLValue = $sValue; //expect statement in there } $sSQL = $sField . " " . $sOperator . " (" . $sSQLValue . ")"; break; case "isnull": case "is null": $sSQL = $sField . " IS NULL"; break; case "isnotnull": case "is not null": $sSQL = $sField . " IS NOT NULL"; break; default: $sSQL = $sField . " " . $sOperator . " " . $sParamName; } if ($bHasParam) { $aParam[$sParamName] = $sValue; } return array("type" => $sType, "sql" => $sSQL, "param" => $aParam); }
public function checkValidData($oRow, $sType) { foreach ($this->aChild["field"] as $sName => $oField) { //only check active, none deleted only if ($oField->iStatus == 1) { //check nulls $sFieldType = $oField->type; $sDBType = $oField->dbtype; $sField = $oField->getName(); $sValue = isset($oRow[$sField]) ? $oRow[$sField] : null; $sLabel = $oField->label; if ($sType == "update" && $oField->primary && (!isset($oRow[$sField]) || strlen($oRow[$sField] . "") < 1)) { throw new Exception($this->getTableName() . ", Field " . $oField->label . " is primary therefore, required for update" . print_r($oRow, true)); } if (!$oField->cannull) { if ($sType == "insert" && $oField->primary) { //is ok, since is primary } else { if (!isset($oRow[$sField])) { $sCanName = "input" . $sType; switch ($oField->{$sCanName}) { case "readonly": case "none": //is okay, we dont need it break; default: //we need it! throw new Exception("Field " . $oField->label . "(" . $this->getTableName() . ":" . $oField->getName() . ") is required"); } } else { if (strlen($oRow[$sField] . "") < 1) { throw new Exception("Field " . $oField->label . "(" . $this->getTableName() . ":" . $oField->getName() . ") is required"); } } } } if (strlen($sValue . "") > 0) { switch ($sDBType) { case "tinyint": case "int": if (!is_numeric($sValue)) { throw new Exception("Field " . $sLabel . " is not a number: " . $sValue . "(" . gettype($sValue) . ")"); } break; case "tinyint": if ($sValue < -127 || $sValue > 127) { throw new Exception("Field " . $sLabel . " is invalid: " . $sValue); } break; case "double": case "decimal": if (!is_numeric($sValue)) { throw new Exception("Field " . $sLabel . " is not a number"); } break; } switch ($sFieldType) { case "email": if (!FlexiStringUtil::isValidEmail($sValue)) { throw new Exception("Field " . $sLabel . " is not a valid email"); } break; } } //end if } //status } //foreach fields }
public function preSave() { $this->Extend->verifycode = FlexiStringUtil::createRandomPassword(10); $this->Extend->verified = 0; }
public function getFieldInput(FlexiTableFieldObject $oField, $oRow) { $sName = $oField->getName(); $aResult = array("#name" => $this->getFieldInputName($sName), "#id" => $this->getFieldInputName($sName) . "_" . FlexiStringUtil::createRandomPassword(8), "#title" => $oField->label, "#required" => $oField->cannull == 1 ? false : true, "#default_value" => $oField->getPHPDefaultValue(), "#dbfield" => $sName, "#insert" => $oField->caninsert, "#update" => $oField->canupdate); switch ($oField->type) { case "string": case "int": case "tinyint": case "smallint": case "mediumint": case "bigint": case "money": case "decimal": case "double": case "email": $aResult["#type"] = "textfield.raw"; break; case "html": $aResult["#type"] = "html.raw"; break; case "text": $aResult["#type"] = "textarea.raw"; break; case "select-text": case "select-tinyint": case "select-smallint": case "select-bigint": case "select-mediumint": case "select-enum": case "select-int": case "select-char": $aResult["#type"] = "select.raw"; $aResult["#options"] = $oField->getOptions(); break; case "check-char": case "check-varchar": case "check-text": $aResult["#type"] = "checkboxes.raw"; $aResult["#options"] = $oField->getOptions(); $aResult["#multiple"] = true; break; case "json": $aResult["#type"] = "textarea.raw"; break; case "date": $aResult["#type"] = "date.raw"; break; case "datetime": $aResult["#type"] = "datetime.raw"; break; case "timestamp": case "timestamp-int": $aResult["#type"] = "datetime.raw"; break; case "monthyear": $aResult["#type"] = "datemonthyear.raw"; break; case "file-varchar": case "file-text": $aResult["#type"] = "file.raw"; $aResult["#savepath"] = $oField->savepath; break; case "image-varchar": case "image-text": $aResult["#type"] = "image.raw"; $aResult["#maximagewidth"] = $this->iMaxImageWidth; $aResult["#savepath"] = $oField->savepath; break; case "multiimage-text": $aResult["#type"] = "multiimage.raw"; $aResult["#maximagewidth"] = $this->iMaxImageWidth; $aResult["#savepath"] = $oField->savepath; $aResult["#uploadcount"] = $oField->uploadcount; $aResult["#uploadseparator"] = $oField->uploadseparator; break; case "hidden": $aResult["#type"] = "hidden.raw"; break; case "html-tiny": $aResult["#type"] = "html.raw"; break; default: throw new Exception("Unsupported type: " . $oField->type); } if (!empty($oField->formsize)) { if (substr($oField->type, 0, 4) == "html" || substr($oField->type, 0, 4) == "text" || substr($oField->type, 0, 4) == "json") { $aSize = explode(",", $oField->formsize); $aResult["#cols"] = $aSize[0]; if (count($aSize) >= 2) { $aResult["#rows"] = $aSize[1]; } } else { //default $aResult["#size"] = $oField->formsize; } } else { } if (isset($oRow[$sName])) { $sValue = $oRow[$sName]; switch ($oField->type) { case "date": case "datetime": //dont need this as actual value is already hidden if ($sValue == "0000-00-00" || $sValue == "0000-00-00 00:00:00") { $sValue = ""; } break; case "timestamp": if (empty($sValue)) { $sValue = ""; } else { $sValue = date("Y-m-d H:i:s", $sValue); } breal; case "check-char": case "check-varchar": case "check-text": $sValue = empty($sValue) ? array() : explode($oField->uploadseparator, $sValue); break; } //switch $aResult["#value"] = $sValue; } return $aResult; }
/** * Save upload file * @param String $sFormName * @param String $sMovePath: path to move, null for not moving, * @param String $sPrefix : prefix of name * @param String $sSuffix: suffix of name * @param int $iRandomNameSize: length of random name to generate, 0 for using only $sPrefix+sSuffix as file name * @return false / array("status:bool", "path:String", "size:number", "type(extension):String") */ public static function doUploadFile($sFormName, $sMovePath = "", $sPrefix = "", $sSuffix = "", $iRandomNameSize = 10) { if (!self::getIsUploaded($sFormName)) { return array("status" => false); } $sTempFile = $_FILES[$sFormName]['tmp_name']; $aInfo = pathinfo($_FILES[$sFormName]["name"]); $aReturn = array("status" => false, "path" => $sTempFile, "size" => filesize($sTempFile), "type" => $aInfo["extension"]); $aReturn["path"] = $sMovePath . "/" . $sPrefix . ($iRandomNameSize > 0 ? FlexiStringUtil::createRandomPassword($iRandomNameSize) : "") . $sSuffix . "." . $aInfo["extension"]; return self::_doUploadFile($sFormName, $aReturn["path"]); }