function run_create_translation($args, $opts) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $opts = $filter->xssFilterHard($opts); $args = $filter->xssFilterHard($args); $rootDir = realpath(__DIR__."/../../../../"); $app = new Maveriks\WebApplication(); $app->setRootDir($rootDir); $loadConstants = false; $workspaces = get_workspaces_from_args($args); $lang = array_key_exists("lang", $opts) ? $opts['lang'] : 'en'; $translation = new Translation(); CLI::logging("Updating labels Mafe ...\n"); foreach ($workspaces as $workspace) { try { echo "Updating labels for workspace " . pakeColor::colorize($workspace->name, "INFO") . "\n"; $translation->generateTransaltionMafe($lang); } catch (Exception $e) { echo "Errors upgrading labels for workspace " . CLI::info($workspace->name) . ": " . CLI::error($e->getMessage()) . "\n"; } } CLI::logging("Create successful\n"); }
/** * Dump the contents of the file using fpassthru(). * * @return void * @throws Exception if no file or contents. */ function dump() { if (!$this->data) { // hmmm .. must be a file that needs to read in if ($this->inFile) { $fp = @fopen($this->inFile, "rb"); if (!$fp) { throw new Exception('Unable to open file: ' . $this->inFile); } fpassthru($fp); @fclose($fp); } else { throw new Exception('No data to dump'); } } else { $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.inputfilter.php'; $filter = new InputFilter(); $data = $filter->xssFilterHard($this->data); echo $data; } }
function rangeDownload($location, $mimeType) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $location = $filter->xssFilterHard($location, "path"); if (!file_exists($location)) { header("HTTP/1.0 404 Not Found"); return; } $size = filesize($location); $time = date('r', filemtime($location)); $fm = @fopen($location, 'rb'); if (!$fm) { header("HTTP/1.0 505 Internal server error"); return; } $begin = 0; $end = $size - 1; if (isset($_SERVER['HTTP_RANGE'])) { if (preg_match('/bytes=\\h*(\\d+)-(\\d*)[\\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches)) { $begin = intval($matches[1]); if (!empty($matches[2])) { $end = intval($matches[2]); } } } header('HTTP/1.0 206 Partial Content'); header("Content-Type: {$mimeType}"); header('Cache-Control: public, must-revalidate, max-age=0'); header('Pragma: no-cache'); header('Accept-Ranges: bytes'); header('Content-Length:' . ($end - $begin + 1)); if (isset($_SERVER['HTTP_RANGE'])) { header("Content-Range: bytes {$begin}-{$end}/{$size}"); } header("Content-Disposition: inline; filename={$location}"); header("Content-Transfer-Encoding: binary"); header("Last-Modified: {$time}"); $cur = $begin; fseek($fm, $begin, 0); while (!feof($fm) && $cur <= $end && connection_status() == 0) { set_time_limit(0); print fread($fm, min(1024 * 16, $end - $cur + 1)); $cur += 1024 * 16; flush(); } }
function DumpHeaders($filename) { global $root_path; if (!$filename) { return; } $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; $isIE = 0; if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false && strstr($HTTP_USER_AGENT, 'Opera') === false) { $isIE = 1; } if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false && strstr($HTTP_USER_AGENT, 'Opera') === false) { $isIE6 = 1; } $aux = preg_replace('[^-a-zA-Z0-9\\.]', '_', $filename); $aux = explode('_', $aux); $downloadName = $aux[count($aux) - 1]; // $downloadName = $filename; //$downloadName = ereg_replace('[^-a-zA-Z0-9\.]', '_', $filename); if ($isIE && !isset($isIE6)) { // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp // Do not have quotes around filename, but that applied to // "attachment"... does it apply to inline too? // This combination seems to work mostly. IE 5.5 SP 1 has // known issues (see the Microsoft Knowledge Base) header("Content-Disposition: inline; filename={$downloadName}"); // This works for most types, but doesn't work with Word files header("Content-Type: application/download; name=\"{$downloadName}\""); //header("Content-Type: $type0/$type1; name=\"$downloadName\""); //header("Content-Type: application/x-msdownload; name=\"$downloadName\""); //header("Content-Type: application/octet-stream; name=\"$downloadName\""); } else { header("Content-Disposition: attachment; filename=\"{$downloadName}\""); header("Content-Type: application/octet-stream; name=\"{$downloadName}\""); } //$filename = PATH_UPLOAD . "$filename"; G::LoadSystem('inputfilter'); $filter = new InputFilter(); $filename = $filter->xssFilterHard($filename, 'path'); readfile($filename); }
/** * soapRequest * * make a SOAP request to Zimbra server, returns the XML * * @since version 1.0 * @access public * @param string $body body of page * @param boolean $header * @param boolean $footer * @return string $response */ protected function soapRequest($body, $header = false, $connecting = false) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); if (!$connecting && !$this->_connected) { throw new Exception('zimbra.class: soapRequest called without a connection to Zimbra server'); } if ($header == false) { $header = '<context xmlns="urn:zimbra"> <authToken>' . $this->auth_token . '</authToken> <sessionId id="' . $this->session_id . '">' . $this->session_id . '</sessionId> </context>'; } $soap_message = '<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header>' . $header . '</soap:Header> <soap:Body>' . $body . '</soap:Body> </soap:Envelope>'; $this->message('SOAP message:<textarea>' . $soap_message . '</textarea>'); curl_setopt($this->_curl, CURLOPT_POSTFIELDS, $soap_message); $this->_curl = $filter->xssFilterHard($this->_curl, "url"); $response = curl_exec($this->_curl); if (!$response) { $this->error = 'ERROR: curl_exec - (' . curl_errno($this->_curl) . ') ' . curl_error($this->_curl); return false; } elseif (strpos($response, '<soap:Body><soap:Fault>') !== false) { $error_code = $this->extractErrorCode($response); $this->error = 'ERROR: ' . $error_code . ':<textarea>' . $response . '</textarea>'; $this->message($this->error); $aError = array('error' => $error_code); return $aError; //return false; } $this->message('SOAP response:<textarea>' . $response . '</textarea><br/><br/>'); $this->_num_soap_calls++; return $response; }
public function saveDataLicense($results, $path) { try { //getting info about file $LicenseUid = G::generateUniqueID(); $LicenseUser = $results['DATA']['FIRST_NAME'] . ' ' . $results['DATA']['LAST_NAME']; $LicenseStart = $results['DATE']['START']; $LicenseEnd = $results['DATE']['END']; $LicenseSpan = $results['DATE']['SPAN']; $LicenseStatus = $this->lookForStatusLicense(); //we're looking for a status ACTIVE //getting the content from file G::LoadSystem('inputfilter'); $filter = new InputFilter(); $path = $filter->xssFilterHard($path, 'path'); $handle = fopen($path, "r"); $contents = fread($handle, filesize($path)); fclose($handle); $LicenseData = $contents; $LicensePath = $path; $LicenseWorkspace = isset($results['DATA']['DOMAIN_WORKSPACE']) ? $results['DATA']['DOMAIN_WORKSPACE'] : ''; $LicenseType = $results['DATA']['TYPE']; require_once "classes/model/LicenseManager.php"; //if exists the row in the database propel will update it, otherwise will insert. $tr = LicenseManagerPeer::retrieveByPK($LicenseUid); if (!(is_object($tr) && get_class($tr) == 'LicenseManager')) { $tr = new LicenseManager(); } $tr->setLicenseUid($LicenseUid); $tr->setLicenseUser($LicenseUser); $tr->setLicenseStart($LicenseStart); $tr->setLicenseEnd($LicenseEnd); $tr->setLicenseSpan($LicenseSpan); $tr->setLicenseStatus($LicenseStatus); $tr->setLicenseData($LicenseData); $tr->setLicensePath($LicensePath); $tr->setLicenseWorkspace($LicenseWorkspace); $tr->setLicenseType($LicenseType); $res = $tr->save(); } catch (Exception $e) { G::pr($e); } }
/** * Add a input document * * Return the application document ID * * @param string $inputDocumentUid Input document ID * @param string $appDocUid Application document ID * @param int $docVersion Document version * @param string $appDocType Document type * @param string $appDocComment Document comment * @param string $inputDocumentAction Action, posible values: null or empty (Add), "R" (Replace), "NV" (New Version) * @param string $applicationUid Application ID * @param int $delIndex Delegation index * @param string $taskUid Task ID * @param string $userUid User ID * @param string $option Option, posible values: "xmlform", "file" * @param string $file File ($_FILES["form"]["name"]["APP_DOC_FILENAME"] or path to file) * @param int $fileError File error ($_FILES["form"]["error"]["APP_DOC_FILENAME"] or 0) * @param string $fileTmpName File temporal name ($_FILES["form"]["tmp_name"]["APP_DOC_FILENAME"] or null) * @param string $fileSize File size ($_FILES["form"]["size"]["APP_DOC_FILENAME"] or 0) * @return string Return application document ID */ public function addInputDocument($inputDocumentUid, $appDocUid, $docVersion, $appDocType, $appDocComment, $inputDocumentAction, $applicationUid, $delIndex, $taskUid, $userUid, $option, $file, $fileError = 0, $fileTmpName = null, $fileSize = 0) { $appDocFileName = null; $sw = 0; switch ($option) { case "xmlform": $appDocFileName = $file; if ($fileError == 0) { $sw = 1; } break; case "file": $appDocFileName = basename($file); if (file_exists($file) && is_file($file)) { $sw = 1; } break; } if ($sw == 0) { return null; } //Info $inputDocument = new InputDocument(); $arrayInputDocumentData = $inputDocument->load($inputDocumentUid); //--- Validate Filesize of $_FILE $inpDocMaxFilesize = $arrayInputDocumentData["INP_DOC_MAX_FILESIZE"]; $inpDocMaxFilesizeUnit = $arrayInputDocumentData["INP_DOC_MAX_FILESIZE_UNIT"]; $inpDocMaxFilesize = $inpDocMaxFilesize * (($inpDocMaxFilesizeUnit == "MB")? 1024 *1024 : 1024); //Bytes if ($inpDocMaxFilesize > 0 && $fileSize > 0) { if ($fileSize > $inpDocMaxFilesize) { throw new Exception(G::LoadTranslation("ID_SIZE_VERY_LARGE_PERMITTED")); } } //Get the Custom Folder ID (create if necessary) $appFolder = new AppFolder(); $folderId = $appFolder->createFromPath($arrayInputDocumentData["INP_DOC_DESTINATION_PATH"], $applicationUid); $tags = $appFolder->parseTags($arrayInputDocumentData["INP_DOC_TAGS"], $applicationUid); $appDocument = new AppDocument(); $arrayField = array(); switch ($inputDocumentAction) { case "R": //Replace $arrayField = array( "APP_DOC_UID" => $appDocUid, "APP_UID" => $applicationUid, "DOC_VERSION" => $docVersion, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => $inputDocumentUid, "APP_DOC_TYPE" => $appDocType, "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => $appDocComment, "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $appDocFileName, "FOLDER_UID" => $folderId, "APP_DOC_TAGS" => $tags ); $appDocument->update($arrayField); break; case "NV": //New Version $arrayField = array( "APP_DOC_UID" => $appDocUid, "APP_UID" => $applicationUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => $inputDocumentUid, "APP_DOC_TYPE" => $appDocType, "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => $appDocComment, "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $appDocFileName, "FOLDER_UID" => $folderId, "APP_DOC_TAGS" => $tags ); $appDocument->create($arrayField); break; default: //New $arrayField = array( "APP_UID" => $applicationUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => $inputDocumentUid, "APP_DOC_TYPE" => $appDocType, "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => $appDocComment, "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $appDocFileName, "FOLDER_UID" => $folderId, "APP_DOC_TAGS" => $tags ); $appDocument->create($arrayField); break; } //Save the file $appDocUid = $appDocument->getAppDocUid(); $docVersion = $appDocument->getDocVersion(); $arrayInfo = pathinfo($appDocument->getAppDocFilename()); $extension = (isset($arrayInfo["extension"])) ? $arrayInfo["extension"] : null; $strPathName = PATH_DOCUMENT . G::getPathFromUID($applicationUid) . PATH_SEP; $strFileName = $appDocUid . "_" . $docVersion . "." . $extension; switch ($option) { case "xmlform": G::uploadFile($fileTmpName, $strPathName, $strFileName); break; case "file": $umaskOld = umask(0); if (!is_dir($strPathName)) { G::verifyPath($strPathName, true); } G::LoadSystem('inputfilter'); $filter = new InputFilter(); $file = $filter->xssFilterHard($file, 'path'); copy($file, $strPathName . $strFileName); chmod($strPathName . $strFileName, 0666); umask($umaskOld); break; } //Plugin Hook PM_UPLOAD_DOCUMENT for upload document $pluginRegistry = &PMPluginRegistry::getSingleton(); if ($pluginRegistry->existsTrigger(PM_UPLOAD_DOCUMENT) && class_exists("uploadDocumentData")) { $triggerDetail = $pluginRegistry->getTriggerInfo(PM_UPLOAD_DOCUMENT); $documentData = new uploadDocumentData( $applicationUid, $userUid, $strPathName . $strFileName, $arrayField["APP_DOC_FILENAME"], $appDocUid, $docVersion ); $uploadReturn = $pluginRegistry->executeTriggers(PM_UPLOAD_DOCUMENT, $documentData); if ($uploadReturn) { $arrayField["APP_DOC_PLUGIN"] = $triggerDetail->sNamespace; if (!isset($arrayField["APP_DOC_UID"])) { $arrayField["APP_DOC_UID"] = $appDocUid; } if (!isset($arrayField["DOC_VERSION"])) { $arrayField["DOC_VERSION"] = $docVersion; } $appDocument->update($arrayField); unlink($strPathName . $strFileName); } } //End plugin return $appDocUid; }
* Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ $path = PATH_DB; //using the opendir function if (!($dir_handle = @opendir(PATH_DB))) { header("location: /errors/error704.php"); die; } G::LoadSystem('inputfilter'); $filter = new InputFilter(); echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>"; echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>"; echo "<tr valign='top'>"; $curPage = getenv("REQUEST_URI"); $curPage = $filter->xssFilterHard($curPage, "url"); //running the while loop $first = 0; while ($file = readdir($dir_handle)) { if (substr($file, 0, 3) == 'db_') { if ($first == 0) { echo "<td><table class='Record' ><tr class='formLabel''><td>RBAC built-in workspaces</td></tr>"; $first = 1; } $name = substr(substr($file, 0, strlen($file) - 4), 3); $link = str_replace("/sys/", "/sys{$name}/", $curPage); echo "<tr><td><li><a href='{$link}'>{$name}</a></td></tr>"; } } //closing the directory closedir($dir_handle);
/** * Writes $message to the text browser. Also, passes the message * along to any Log_observer instances that are observing this Log. * * @param mixed $message String or object containing the message to log. * @param string $priority The priority of the message. Valid * values are: PEAR_LOG_EMERG, PEAR_LOG_ALERT, * PEAR_LOG_CRIT, PEAR_LOG_ERR, PEAR_LOG_WARNING, * PEAR_LOG_NOTICE, PEAR_LOG_INFO, and PEAR_LOG_DEBUG. * @return boolean True on success or false on failure. * @access public */ function log($message, $priority = null) { /* If a priority hasn't been specified, use the default value. */ if ($priority === null) { $priority = $this->_priority; } /* Abort early if the priority is above the maximum logging level. */ if (!$this->_isMasked($priority)) { return false; } /* Extract the string representation of the message. */ $message = $this->_extractMessage($message); /* Build and output the complete log line. */ $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.inputfilter.php'; $filter = new InputFilter(); $tag = $filter->xssFilterHard(ucfirst($this->priorityToString($priority))); echo $this->_error_prepend . '<b>' . $tag . '</b>: ' . nl2br(htmlspecialchars($message)) . $this->_error_append . $this->_linebreak; /* Notify observers about this log message. */ $this->_announce(array('priority' => $priority, 'message' => $message)); return true; }
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ td {font-family: Tahoma, Verdana, sans-serif; font-size: 11px;} </style> <?php G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET); $ARR_MONTHS = array("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"); $ARR_WEEKDAYS = array("Su", "Mo", "Tu", "We", "Th", "Fr", "Sa"); $NUM_WEEKSTART = 1; //day week starts from (normally 0-Su or 1-Mo) $STR_ICONPATH = '/controls/'; $prevYear = $STR_ICONPATH . 'prev_year.gif'; $prevMonth = $STR_ICONPATH . 'prev.gif'; $nextMonth = $STR_ICONPATH . 'next.gif'; $nextYear = $STR_ICONPATH . 'next_year.gif'; if (isset($_GET['v']) && $_GET['v'] != '') { $dt_value = $_GET['v']; $dt_aux = explode('-', $dt_value); $dt_valueDay = $dt_aux[2]; $dt_valueMonth = $dt_aux[1]; $dt_valueYear = $dt_aux[0];
function deleteSkin() { G::LoadSystem('inputfilter'); $filter = new InputFilter(); try { $_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']); if (!isset($_REQUEST['SKIN_FOLDER_ID'])) { throw new Exception(G::LoadTranslation('ID_SKIN_FOLDER_REQUIRED')); } if ($_REQUEST['SKIN_FOLDER_ID'] == "classic") { throw new Exception(G::LoadTranslation('ID_SKIN_FOLDER_NOT_DELETEABLE')); } $folderId = $_REQUEST['SKIN_FOLDER_ID']; if (!is_dir(PATH_CUSTOM_SKINS . $folderId)) { throw new Exception(G::LoadTranslation('ID_SKIN_NOT_EXISTS')); } //Delete G::rm_dir(PATH_CUSTOM_SKINS . $folderId); $response['success'] = true; $response['message'] = "{$folderId} deleted"; G::auditLog("DeleteSkin", "Skin Name: " . $folderId); } catch (Exception $e) { $response['success'] = false; $response['error'] = $response['message'] = $e->getMessage(); $response = $filter->xssFilterHard($response); print_r(G::json_encode($response)); } }
$oFieldCondition = new FieldCondition(); $aConditions = $oFieldCondition->getAllByDynUid($DYN_UID); $dynaform = new dynaform(); $arrayData = array(); $arrayData["PRO_UID"] = $PRO_UID; $arrayData["DYN_TYPE"] = $DYN_TYPE; $arrayData["DYN_TITLE"] = $frm["DYN_TITLENEW"]; if (isset($frm["DYN_DESCRIPTIONNEW"])) { $arrayData["DYN_DESCRIPTION"] = $frm["DYN_DESCRIPTIONNEW"]; } $aFields = $dynaform->create($arrayData); $dynUid = $dynaform->getDynUid(); $hd = fopen(PATH_DYNAFORM . $PRO_UID . '/' . $DYN_UID . '.xml', "r"); $hd1 = fopen(PATH_DYNAFORM . $PRO_UID . '/' . $dynUid . '.xml', "w"); $templateFilename = PATH_DYNAFORM . $PRO_UID . '/' . $DYN_UID . '.html'; $templateFilename = $filter->xssFilterHard($templateFilename, 'path'); // also make a copy of the template file in case that the html edition is enabled if (file_exists($templateFilename)) { $templateHd = fopen($templateFilename, "r"); $templateHd1 = fopen(PATH_DYNAFORM . $PRO_UID . '/' . $dynUid . '.html', "w"); } // also copy all the necessarily conditions if there are any foreach ($aConditions as $condition) { $condition['FCD_UID'] = G::generateUniqueID(); $condition['FCD_DYN_UID'] = $dynUid; $oFieldCondition->quickSave($condition); } // checks if the physical dynaform file exists and copy the contents if ($hd) { while (!feof($hd)) { $line = fgets($hd, 4096);
static public function dirPerms($filename, $owner, $group, $perms) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $filename = $filter->xssFilterHard($filename, 'path'); $chown = @chown($filename, $owner); $chgrp = @chgrp($filename, $group); $chmod = @chmod($filename, $perms); if ($chgrp === false || $chmod === false || $chown === false) { if (strtoupper( substr( PHP_OS, 0, 3 ) ) === 'WIN') { exec( 'icacls ' . $filename . ' /grant Administrador:(D,WDAC) /T', $res ); } else { CLI::logging(CLI::error("Failed to set permissions for $filename") . "\n"); } } if (is_dir($filename)) { foreach (array_merge(glob($filename . "/*"), glob($filename . "/.*")) as $item) { if (basename($item) == "." || basename($item) == "..") { continue; } workspaceTools::dirPerms($item, $owner, $group, $perms); } } }
<?php G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_POST['qs'] = $filter->xssFilterHard($_POST['qs']); ?> <html> <style type="text/css"> .Footer .content { padding :0px !important; } *html body { overflow-y: hidden; } </style> <body onresize="autoResizeScreen()" onload="autoResizeScreen()"> <iframe name="casesFrame" id="casesFrame" src ="../cases/main_init<?php echo $_POST['qs']; ?> " width="99%" height="768" frameborder="0"> <p>Your browser does not support iframes.</p> </iframe> </body> <script> if ( document.getElementById('pm_submenu') ) document.getElementById('pm_submenu').style.display = 'none'; document.documentElement.style.overflowY = 'hidden'; var oClientWinSize = getClientWindowSize();
/** * GET method handler * * @param array parameter passing array * @return bool true on success */ public function GET(&$options) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $options = $filter->xssFilterHard($options); $paths = $filter->xssFilterHard($this->paths); $pathClasses = PATH_DB . SYS_SYS . PATH_SEP . 'classes' . PATH_SEP; if (count($paths) > 0 && $paths[0] == 'classes' && is_dir($pathClasses)) { $fsFile = $pathClasses . $paths[1]; $fsFile = $filter->xssFilterHard($fsFile); if (count($paths) == 2 && file_exists($fsFile)) { $content = file_get_contents($fsFile); $content = $filter->xssFilterHard($content); print $content; header("Content-Type: " . mime_content_type($fsFile)); header("Last-Modified: " . date("D, j M Y H:m:s ", file_mtime($fsFile)) . "GMT"); header("Content-Length: " . filesize($fsFile)); return true; } } $pathProcesses = PATH_DB . SYS_SYS . PATH_SEP; if (count($paths) > 0 && $paths[0] == 'processes' && is_dir($pathProcesses)) { if (count($paths) == 4 && $paths[2] == 'xmlforms') { $pathXmlform = $pathProcesses . 'xmlForms' . PATH_SEP . $paths[1] . PATH_SEP; $fsFile = $pathXmlform . $paths[3]; $fsFile = $filter->xssFilterHard($fsFile); if (count($paths) == 4 && file_exists($fsFile)) { $content = file_get_contents($fsFile); $content = $filter->xssFilterHard($content); print $content; header("Content-Type: " . mime_content_type($fsFile)); header("Last-Modified: " . date("D, j M Y H:m:s ", file_mtime($fsFile)) . "GMT"); header("Content-Length: " . filesize($fsFile)); return true; } } if (count($paths) == 4 && $paths[2] == 'mailTemplates') { $pathTemplates = $pathProcesses . 'mailTemplates' . PATH_SEP . $paths[1] . PATH_SEP; $fsFile = $pathTemplates . $paths[3]; $fsFile = $filter->xssFilterHard($fsFile); if (count($paths) == 4 && file_exists($fsFile)) { $content = file_get_contents($fsFile); $content = $filter->xssFilterHard($content); print $content; header("Content-Type: " . mime_content_type($fsFile)); header("Last-Modified: " . date("D, j M Y H:m:s ", file_mtime($fsFile)) . "GMT"); header("Content-Length: " . filesize($fsFile)); return true; } } if (count($paths) == 4 && $paths[2] == 'public_html') { $pathPublic = $pathProcesses . 'public' . PATH_SEP . $paths[1] . PATH_SEP; $fsFile = $pathPublic . $paths[3]; $fsFile = $filter->xssFilterHard($fsFile); if (count($paths) == 4 && file_exists($fsFile)) { $content = file_get_contents($fsFile); $content = $filter->xssFilterHard($content); print $content; header("Content-Type: " . mime_content_type($fsFile)); header("Last-Modified: " . date("D, j M Y H:m:s ", file_mtime($fsFile)) . "GMT"); header("Content-Length: " . filesize($fsFile)); return true; } } } print_r($paths); return true; if ($options["path"] == '/') { return $this->getRoot($options); } //print_r ($options); // get absolute fs path to requested resource $fspath = $this->base . $options["path"]; // sanity check if (!file_exists($fspath)) { return false; } // is this a collection? if (is_dir($fspath)) { return $this->GetDir($fspath, $options); } // detect resource type $options['mimetype'] = $this->_mimetype($fspath); // detect modification time // see rfc2518, section 13.7 // some clients seem to treat this as a reverse rule // requiering a Last-Modified header if the getlastmodified header was set $options['mtime'] = filemtime($fspath); // detect resource size $options['size'] = filesize($fspath); // no need to check result here, it is handled by the base class $options['stream'] = fopen($fspath, "r"); return true; }
<?php G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET); $_REQUEST = $filter->xssFilterHard($_REQUEST); $_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']); if (!isset($_SESSION['USER_LOGGED'])) { $responseObject = new stdclass(); $responseObject->error = G::LoadTranslation('ID_LOGIN_AGAIN'); $responseObject->success = true; $responseObject->lostSession = true; print G::json_encode($responseObject); die; } try { $userUid = $_SESSION['USER_LOGGED']; $filters['paged'] = isset($_REQUEST["paged"]) ? $_REQUEST["paged"] : true; $filters['count'] = isset($_REQUEST['count']) ? $_REQUEST['count'] : true; $filters['category'] = isset($_REQUEST["category"]) ? $_REQUEST["category"] : ""; $filters['process'] = isset($_REQUEST["process"]) ? $_REQUEST["process"] : ""; $filters['search'] = isset($_REQUEST["search"]) ? $_REQUEST["search"] : ""; $filters['filter'] = isset($_REQUEST["filter"]) ? $_REQUEST["filter"] : ""; $filters['dateFrom'] = !empty($_REQUEST["dateFrom"]) ? substr($_REQUEST["dateFrom"], 0, 10) : ""; $filters['dateTo'] = !empty($_REQUEST["dateTo"]) ? substr($_REQUEST["dateTo"], 0, 10) : ""; $filters['start'] = isset($_REQUEST["start"]) ? $_REQUEST["start"] : "0"; $filters['limit'] = isset($_REQUEST["limit"]) ? $_REQUEST["limit"] : "25"; $filters['sort'] = isset($_REQUEST['sort']) ? $_REQUEST['sort'] == 'APP_STATUS_LABEL' ? 'APP_STATUS' : $_REQUEST['sort'] : ''; $filters['dir'] = isset($_REQUEST["dir"]) ? $_REQUEST["dir"] : "DESC"; $filters['action'] = isset($_REQUEST["action"]) ? $_REQUEST["action"] : ""; $listName = isset($_REQUEST["list"]) ? $_REQUEST["list"] : "inbox";
<?php G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET, "url"); $_POST = $filter->xssFilterHard($_POST, "url"); $_REQUEST = $filter->xssFilterHard($_REQUEST, "url"); $_SESSION = $filter->xssFilterHard($_SESSION, "url"); $request = isset($_POST['request']) ? $_POST['request'] : null; if (!isset($request)) { $request = isset($_GET['request']) ? $_GET['request'] : null; } if (isset($request)) { switch ($request) { case 'deleteGridRowOnDynaform': //This code is to update the SESSION variable for dependent fields in grids if (!defined("XMLFORM_AJAX_PATH")) { define("XMLFORM_AJAX_PATH", PATH_XMLFORM); } if (is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { if (!is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { $_SESSION[$_POST["formID"]][$_POST["gridname"]] = (array) $_SESSION[$_POST["formID"]][$_POST["gridname"]]; } ksort($_SESSION[$_POST["formID"]][$_POST["gridname"]]); $oFields = array(); $initialKey = 1; foreach ($_SESSION[$_POST["formID"]][$_POST["gridname"]] as $key => $value) { if ($key != $_POST["rowpos"]) { $oFields[$initialKey] = $value; $initialKey++; }
<?php G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_REQUEST = $filter->xssFilterHard($_REQUEST); $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; // Function call from ajax_function for calling to lookForNameOutput. if ($action == '') { $action = isset($_REQUEST['function']) ? $_REQUEST['function'] : ''; } switch ($action) { case 'setTemplateFile': $_FILES = $filter->xssFilterHard($_FILES); //print_r($_FILES); $_SESSION['outpudocs_tmpFile'] = PATH_DATA . $_FILES['templateFile']['name']; // file_put_contents($_FILES['templateFile']['name'], file_get_contents($_FILES['templateFile']['tmp_name'])); copy($_FILES['templateFile']['tmp_name'], $_SESSION['outpudocs_tmpFile']); $result = new stdClass(); $result->success = true; $result->msg = 'success - saved ' . $_SESSION['outpudocs_tmpFile']; echo G::json_encode($result); break; case 'getTemplateFile': $_SESSION['outpudocs_tmpFile'] = $filter->xssFilterHard($_SESSION['outpudocs_tmpFile']); $aExtensions = array("exe", "com", "dll", "ocx", "fon", "ttf", "doc", "xls", "mdb", "rtf", "bin", "jpeg", "jpg", "jif", "jfif", "gif", "tif", "tiff", "png", "bmp", "pdf", "aac", "mp3", "mp3pro", "vorbis", "realaudio", "vqf", "wma", "aiff", "flac", "wav", "midi", "mka", "ogg", "jpeg", "ilbm", "tar", "zip", "rar", "arj", "gzip", "bzip2", "afio", "kgb", "gz", "asf", "avi", "mov", "iff", "ogg", "ogm", "mkv", "3gp"); $sFileName = strtolower($_SESSION['outpudocs_tmpFile']); $strRev = strrev($sFileName); $searchPos = strpos($strRev, '.'); $pos = strlen($sFileName) - 1 - $searchPos; $sExtension = substr($sFileName, $pos + 1, strlen($sFileName)); if (!in_array($sExtension, $aExtensions)) {
/** * processes request and returns response * * @param string $data usually is the value of $HTTP_RAW_POST_DATA * @access public */ function service($data) { global $HTTP_SERVER_VARS; if (isset($_SERVER['QUERY_STRING'])) { $qs = $_SERVER['QUERY_STRING']; } elseif (isset($HTTP_SERVER_VARS['QUERY_STRING'])) { $qs = $HTTP_SERVER_VARS['QUERY_STRING']; } else { $qs = ''; } $this->debug("In service, query string={$qs}"); if (ereg('wsdl', $qs)) { $this->debug("In service, this is a request for WSDL"); if ($this->externalWSDLURL) { if (strpos($this->externalWSDLURL, "://") !== false) { // assume URL header('Location: ' . $this->externalWSDLURL); } else { // assume file header("Content-Type: text/xml\r\n"); $fp = fopen($this->externalWSDLURL, 'r'); fpassthru($fp); } } elseif ($this->wsdl) { header("Content-Type: text/xml; charset=ISO-8859-1\r\n"); print $this->wsdl->serialize($this->debug_flag); if ($this->debug_flag) { $this->debug('wsdl:'); $this->appendDebug($this->varDump($this->wsdl)); print $this->getDebugAsXMLComment(); } } else { header("Content-Type: text/html; charset=ISO-8859-1\r\n"); print "This service does not provide WSDL"; } } elseif ($data == '' && $this->wsdl) { $this->debug("In service, there is no data, so return Web description"); if (!class_exists('G')) { $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.g.php'; } G::LoadSystem('inputfilter'); $filter = new InputFilter(); $webDescription = $filter->xssFilterHard($this->wsdl->webDescription()); print $webDescription; } else { $this->debug("In service, invoke the request"); $this->parse_request($data); if (!$this->fault) { $this->invoke_method(); } if (!$this->fault) { $this->serialize_return(); } $this->send_response(); } }
/** * Display all the data that the response could got. */ public function displayResponse() { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $error = curl_error($this->ch); $error = $filter->xssFilterHard($error); $result = array('header' => '', 'body' => '', 'curl_error' => '', 'http_code' => '', 'last_url' => ''); if ($error != "") { $result['curl_error'] = $error; return $result; } $response = $this->output; $response = $filter->xssFilterHard($response); $header_size = curl_getinfo($this->ch, CURLINFO_HEADER_SIZE); $result['header'] = substr($response, 0, $header_size); $result['body'] = substr($response, $header_size); $result['http_code'] = curl_getinfo($this->ch, CURLINFO_HTTP_CODE); $result['last_url'] = curl_getinfo($this->ch, CURLINFO_EFFECTIVE_URL); $result = $filter->xssFilterHard($result); $this->type = $filter->xssFilterHard($this->type); echo $this->type . " Response: " . $response . "<BR>"; foreach ($result as $index => $data) { if ($data != "") { echo $index . "=" . $data . "<BR>"; } } echo "<BR>"; }
function showPopUp($PopupText) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $PopupText = $filter->xssFilterHard($PopupText); echo "<script type=\"text/javascript\" language=\"javascript\">alert (\"{$PopupText}\");</script>"; }
function run_database_generate_self_service_by_value($args, $opts) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $opts = $filter->xssFilterHard($opts); $args = $filter->xssFilterHard($args); try { $arrayWorkspace = get_workspaces_from_args($args); foreach ($arrayWorkspace as $value) { $workspace = $value; try { echo "Generating the table \"self-service by value\" for " . pakeColor::colorize($workspace->name, "INFO") . "\n"; $workspace->appAssignSelfServiceValueTableGenerateData(); } catch (Exception $e) { echo "Errors generating the table \"self-service by value\" of workspace " . CLI::info($workspace->name) . ": " . CLI::error($e->getMessage()) . "\n"; } echo "\n"; } echo "Done!\n"; } catch (Exception $e) { echo CLI::error($e->getMessage()) . "\n"; } }
case -2: G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels'); G::header('location: ../login/login'); die; break; case -1: G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels'); G::header('location: ../login/login'); die; break; } */ //$oJSON = new Services_JSON(); G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET); $_POST = $filter->xssFilterHard($_POST); $_REQUEST = $filter->xssFilterHard($_REQUEST); //$_SESSION = $filter->xssFilterHard($_SESSION); if (isset($_REQUEST['data'])) { if($_REQUEST['action']=="addText"||$_REQUEST['action']=="updateText") { $oData = Bootstrap::json_decode($_REQUEST['data']); $oDataAux = G::json_decode($_REQUEST['data']); $oDataAux = (array)$oDataAux; } else { $oData = Bootstrap::json_decode(stripslashes($_REQUEST['data'])); $oDataAux = G::json_decode(stripslashes($_REQUEST['data'])); $oDataAux = (array)$oDataAux; } //$oData = $oJSON->decode( stripslashes( $_REQUEST['data'] ) );
* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ /* Permissions */ G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET, "url"); switch ($RBAC->userCanAccess('PM_SUPERVISOR')) { case -2: G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels'); G::header('location: ../login/login'); die; break; case -1: G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels'); G::header('location: ../login/login'); die; break; } $_SESSION = $filter->xssFilterHard($_SESSION, "url"); /* Includes */ G::LoadClass('case');
* This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ // die("first"); /* Permissions */ G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_GET = $filter->xssFilterHard($_GET,"url"); switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) { case - 2: G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); G::header( 'location: ../login/login' ); die(); break; case - 1: G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); G::header( 'location: ../login/login' ); die(); break; } $_SESSION = $filter->xssFilterHard($_SESSION,"url"); if ((int) $_SESSION['INDEX'] < 1) { $_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
* GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ /** * this file is a fix to a dependency bug it was just a minor improvement, * also the functionality of dependent fields in grids doesn't depends in this * file so this is somewhat expendable. */ G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_POST = $filter->xssFilterHard($_POST); function subDependencies($k, &$G_FORM, &$aux, $grid = '') { $myDependentFields = ''; if (array_search($k, $aux) !== false) { return array(); } if ($grid == '') { if (!array_key_exists($k, $G_FORM->fields)) { return array(); } if (!isset($G_FORM->fields[$k]->dependentFields)) { return array(); } $aux[] = $k; $mydependentFields = $G_FORM->fields[$k]->dependentFields;
/** * pr * * @param string $var * * @return void */ public function pr($var) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $var = $filter->xssFilterHard($var); print "<pre>"; print_r($var); print "</pre>"; }
/** * import a CSV to pm tables record * * @param string $httpData->id */ public function importCSVDeprecated ($httpData) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE']; //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path'); if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) { $filename = $_FILES['form']['name']['CSV_FILE']; $filename = $filter->xssFilterHard($filename, 'path'); if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) { require_once 'classes/model/AdditionalTables.php'; $oAdditionalTables = new AdditionalTables(); $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); $sErrorMessages = ''; $i = 1; $swHead = false; while (($aAux = fgetcsv( $oFile, 4096, $_POST['form']['CSV_DELIMITER'] )) !== false) { if (! is_null( $aAux[0] )) { if (count( $aAdditionalTables['FIELDS'] ) > count( $aAux )) { $this->success = false; $this->message = G::LoadTranslation( 'INVALID_FILE' ); return 0; } if ($i == 1) { $j = 0; foreach ($aAdditionalTables['FIELDS'] as $aField) { if ($aField['FLD_NAME'] === $aAux[$j]) { $swHead = true; } $j ++; } } if ($swHead == false) { $aData = array (); $j = 0; foreach ($aAdditionalTables['FIELDS'] as $aField) { $aData[$aField['FLD_NAME']] = (isset( $aAux[$j] ) ? $aAux[$j] : ''); if ($aData[$aField['FLD_NAME']] == '') { switch ($aField['FLD_TYPE']) { case 'DATE': case 'TIMESTAMP': $aData[$aField['FLD_NAME']] = null; break; } } $j ++; } try { if (! $oAdditionalTables->saveDataInTable( $_POST['form']['ADD_TAB_UID'], $aData )) { $sErrorMessages .= G::LoadTranslation( 'ID_DUPLICATE_ENTRY_PRIMARY_KEY' ) . ', ' . G::LoadTranslation( 'ID_LINE' ) . ' ' . $i . '. '; } } catch (Exception $oError) { $sErrorMessages .= G::LoadTranslation( 'ID_ERROR_INSERT_LINE' ) . ': ' . G::LoadTranslation( 'ID_LINE' ) . ' ' . $i . '. '; } } else { $swHead = false; } $i ++; } } fclose( $oFile ); } if ($sErrorMessages != '') { $this->success = false; $this->message = $sErrorMessages; } else { $this->success = true; $this->message = G::loadTranslation( 'ID_FILE_IMPORTED_SUCCESSFULLY', array ($filename ) ); G::auditLog("ImportTable", $filename); } } else { $sMessage = G::LoadTranslation( 'ID_UPLOAD_VALID_CSV_FILE' ); $this->success = false; $this->message = $sMessage; } }
function startCase() { G::LoadClass('case'); G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_POST = $filter->xssFilterHard($_POST); $_REQUEST = $filter->xssFilterHard($_REQUEST); $_SESSION = $filter->xssFilterHard($_SESSION); /* GET , POST & $_SESSION Vars */ /* unset any variable, because we are starting a new case */ if (isset($_SESSION['APPLICATION'])) { unset($_SESSION['APPLICATION']); } if (isset($_SESSION['PROCESS'])) { unset($_SESSION['PROCESS']); } if (isset($_SESSION['TASK'])) { unset($_SESSION['TASK']); } if (isset($_SESSION['INDEX'])) { unset($_SESSION['INDEX']); } if (isset($_SESSION['STEP_POSITION'])) { unset($_SESSION['STEP_POSITION']); } /* Process */ try { $oCase = new Cases(); lookinginforContentProcess($_POST['processId']); $aData = $oCase->startCase($_REQUEST['taskId'], $_SESSION['USER_LOGGED']); $aData = $filter->xssFilterHard($aData); $_SESSION['APPLICATION'] = $aData['APPLICATION']; $_SESSION['INDEX'] = $aData['INDEX']; $_SESSION['PROCESS'] = $aData['PROCESS']; $_SESSION['TASK'] = $_REQUEST['taskId']; $_SESSION['STEP_POSITION'] = 0; $_SESSION['CASES_REFRESH'] = true; /*----------------------------------********---------------------------------*/ $oCase = new Cases(); $aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']); $aNextStep['PAGE'] = 'open?APP_UID=' . $aData['APPLICATION'] . '&DEL_INDEX=' . $aData['INDEX'] . '&action=draft'; $_SESSION['BREAKSTEP']['NEXT_STEP'] = $aNextStep; $aData['openCase'] = $aNextStep; $aData['status'] = 'success'; print G::json_encode($aData); } catch (Exception $e) { $aData['status'] = 'failure'; $aData['message'] = $e->getMessage(); print_r(G::json_encode($aData)); } }
* License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ G::LoadSystem('inputfilter'); $filter = new InputFilter(); $_POST = $filter->xssFilterHard($_POST); $_REQUEST = $filter->xssFilterHard($_REQUEST); $arrayToTranslation = array("TRIGGER" => G::LoadTranslation("ID_TRIGGER_DB"), "DERIVATION" => G::LoadTranslation("ID_DERIVATION_DB")); $actionAjax = isset($_REQUEST['actionAjax']) ? $_REQUEST['actionAjax'] : null; if ($actionAjax == 'messageHistoryGridList_JXP') { if (!isset($_REQUEST['start']) || $_REQUEST['start'] == '') { $_REQUEST['start'] = 0; } if (!isset($_REQUEST['limit']) || $_REQUEST['limit'] == '') { $_REQUEST['limit'] = 20; } G::LoadClass('case'); G::LoadClass("BasePeer"); $dir = isset($_POST['dir']) ? $_POST['dir'] : 'ASC'; $sort = isset($_POST['sort']) ? $_POST['sort'] : ''; global $G_PUBLISH;