コード例 #1
0
/**
 * clean
 *
 * @since 2.2.0
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Migrate
 * @author Henry Ruhs
 *
 * @param string $input
 * @param integer $mode
 * @return string
 */
function clean($input = null, $mode = null)
{
    $output = $input;
    $registry = Redaxscript\Registry::getInstance();
    /* if untrusted user */
    if ($registry->get('filter') == 1) {
        if ($mode == 0) {
            $specialFilter = new Redaxscript\Filter\Special();
            $output = $specialFilter->sanitize($output);
        }
        if ($mode == 1) {
            $htmlFilter = new Redaxscript\Filter\Html();
            $output = $htmlFilter->sanitize($output);
        }
        if ($mode == 5) {
            $output = strip_tags($output);
        }
    }
    /* type related clean */
    if ($mode == 2) {
        $aliasFilter = new Redaxscript\Filter\Alias();
        $output = $aliasFilter->sanitize($output);
    }
    if ($mode == 3) {
        $emailFilter = new Redaxscript\Filter\Email();
        $output = $emailFilter->sanitize($output);
    }
    if ($mode == 4) {
        $urlFilter = new Redaxscript\Filter\Url();
        $output = $urlFilter->sanitize($output);
    }
    $output = stripslashes($output);
    return $output;
}
コード例 #2
0
/**
 * anchor element
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Generate
 * @author Henry Ruhs
 *
 * @param string $type
 * @param string $id
 * @param string $class
 * @param string $name
 * @param string $value
 * @param string $title
 * @param string $code
 * @return string
 */
function anchor_element($type = '', $id = '', $class = '', $name = '', $value = '', $title = '', $code = '')
{
    /* build attribute strings */
    if ($id) {
        $selector_string = ' id="' . $id . '"';
    }
    if ($class) {
        $selector_string .= ' class="' . $class . '"';
    }
    if ($value) {
        $value_string = ' href="';
        /* switch type */
        switch ($type) {
            case 'external':
                $urlFilter = new Redaxscript\Filter\Url();
                $urlFilter->sanitize($value);
                break;
            case 'internal':
                $value_string .= REWRITE_ROUTE;
                break;
            case 'email':
                $emailFilter = new Redaxscript\Filter\Email();
                $emailFilter->sanitize($value);
                $value_string .= 'mailto:';
                break;
        }
        $value_string .= $value . '"';
    }
    if ($value_string == ' href=""') {
        $value_string = '';
    }
    if ($title) {
        $title_string = ' title="' . $title . '"';
    }
    if ($code) {
        $code_string = ' ' . $code;
    }
    /* collect output */
    $output = '<a' . $selector_string . $value_string . $title_string . $code_string . '>' . $name . '</a>';
    return $output;
}
コード例 #3
0
/**
 * admin process
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Admin
 * @author Henry Ruhs
 */
function admin_process()
{
    $aliasFilter = new Redaxscript\Filter\Alias();
    $emailFilter = new Redaxscript\Filter\Email();
    $urlFilter = new Redaxscript\Filter\Url();
    $htmlFilter = new Redaxscript\Filter\Html();
    $aliasValidator = new Redaxscript\Validator\Alias();
    $loginValidator = new Redaxscript\Validator\Login();
    $specialFilter = new Redaxscript\Filter\Special();
    $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance());
    $filter = Redaxscript\Registry::get('filter');
    $tableParameter = Redaxscript\Registry::get('tableParameter');
    $idParameter = Redaxscript\Registry::get('idParameter');
    /* clean post */
    switch ($tableParameter) {
        /* categories */
        case 'categories':
            $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']);
            /* articles */
        /* articles */
        case 'articles':
            $r['keywords'] = $_POST['keywords'];
            $r['robots'] = $specialFilter->sanitize($_POST['robots']);
            $r['template'] = $specialFilter->sanitize($_POST['template']);
            /* extras */
        /* extras */
        case 'extras':
            $title = $r['title'] = $_POST['title'];
            if ($tableParameter != 'categories') {
                $r['headline'] = $specialFilter->sanitize($_POST['headline']);
            }
            $r['sibling'] = $specialFilter->sanitize($_POST['sibling']);
            $author = $r['author'] = Redaxscript\Registry::get('myUser');
            /* comments */
        /* comments */
        case 'comments':
            if ($tableParameter == 'comments') {
                $r['url'] = $urlFilter->sanitize($_POST['url']);
                $author = $r['author'] = $_POST['author'];
            }
            if ($tableParameter != 'categories') {
                $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text'];
                $date = $r['date'] = $_POST['date'];
            }
            $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']);
            /* groups */
        /* groups */
        case 'groups':
            if ($tableParameter != 'comments') {
                $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']);
            }
            /* users */
        /* users */
        case 'users':
            if ($tableParameter != 'groups') {
                $language = $r['language'] = $specialFilter->sanitize($_POST['language']);
            }
            /* modules */
        /* modules */
        case 'modules':
            $alias = $aliasFilter->sanitize($_POST['alias']);
            $status = $r['status'] = $specialFilter->sanitize($_POST['status']);
            if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) {
                $access = array_map([$specialFilter, 'sanitize'], $_POST['access']);
                $access_string = implode(', ', $access);
                if (!$access_string) {
                    $access_string = null;
                }
                $access = $r['access'] = $access_string;
            }
            if ($tableParameter != 'extras' && $tableParameter != 'comments') {
                $r['description'] = $_POST['description'];
            }
            $token = $_POST['token'];
            break;
    }
    /* clean contents post */
    if ($tableParameter == 'articles') {
        $r['byline'] = $specialFilter->sanitize($_POST['byline']);
        $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']);
        if ($category && !$idParameter) {
            $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status;
        }
    }
    if ($tableParameter == 'articles' || $tableParameter == 'extras') {
        $category = $r['category'] = $specialFilter->sanitize($_POST['category']);
    }
    if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') {
        if ($date > Redaxscript\Registry::get('now')) {
            $status = $r['status'] = 2;
        }
        if (!$date) {
            $r['date'] = Redaxscript\Registry::get('now');
        }
    }
    if ($tableParameter == 'extras' || $tableParameter == 'comments') {
        $article = $r['article'] = $specialFilter->sanitize($_POST['article']);
    }
    if ($tableParameter == 'comments' && !$idParameter) {
        $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status;
    }
    if ($tableParameter == 'comments' || $tableParameter == 'users') {
        $email = $r['email'] = $emailFilter->sanitize($_POST['email']);
    }
    /* clean groups post */
    if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) {
        $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules'];
        foreach ($groups_array as $value) {
            ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]);
            $groups_string = implode(', ', ${$value});
            if (!$groups_string) {
                $groups_string = 0;
            }
            $r[$value] = $groups_string;
        }
        $r['settings'] = $specialFilter->sanitize($_POST['settings']);
        $r['filter'] = $specialFilter->sanitize($_POST['filter']);
    }
    if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) {
        $status = $r['status'] = 1;
    }
    if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') {
        $name = $r['name'] = $specialFilter->sanitize($_POST['name']);
    }
    /* clean users post */
    if ($tableParameter == 'users') {
        if ($_POST['user']) {
            $user = $r['user'] = $specialFilter->sanitize($_POST['user']);
        } else {
            $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
        }
        $password_check = $password_confirm = 1;
        if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) {
            $password_check = 0;
        }
        if ($_POST['password'] != $_POST['password_confirm']) {
            $password_confirm = 0;
        }
        $password = $specialFilter->sanitize($_POST['password']);
        if ($password_check == 1 && $password_confirm == 1) {
            $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
            $passwordHash->init($password);
            $r['password'] = $passwordHash->getHash();
        }
        if ($_POST['new']) {
            $r['first'] = $r['last'] = Redaxscript\Registry::get('now');
        }
        if (!$idParameter || $idParameter > 1) {
            $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']);
            $groups_string = implode(', ', $groups);
            if (!$groups_string) {
                $groups_string = 0;
            }
            $groups = $r['groups'] = $groups_string;
        }
    }
    $r_keys = array_keys($r);
    $last = end($r_keys);
    /* validate post */
    switch ($tableParameter) {
        /* contents */
        case 'categories':
        case 'articles':
        case 'extras':
            if (!$title) {
                $error = Redaxscript\Language::get('title_empty');
            }
            if ($tableParameter == 'categories') {
                $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id;
            }
            if ($tableParameter == 'articles') {
                $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id;
            }
            if ($opponent_id) {
                $error = Redaxscript\Language::get('alias_exists');
            }
            if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) {
                $error = Redaxscript\Language::get('alias_incorrect');
            }
            /* groups */
        /* groups */
        case 'groups':
            if (!$alias) {
                $error = Redaxscript\Language::get('alias_empty');
            } else {
                $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias;
                $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id;
            }
            if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
                $error = Redaxscript\Language::get('alias_exists');
            }
    }
    /* validate general post */
    switch ($tableParameter) {
        case 'articles':
        case 'extras':
        case 'comments':
            if (!$text) {
                $error = Redaxscript\Language::get('text_empty');
            }
            break;
        case 'groups':
        case 'users':
        case 'modules':
            if (!$name) {
                $error = Redaxscript\Language::get('name_empty');
            }
            break;
    }
    /* validate users post */
    if ($tableParameter == 'users') {
        if (!$user) {
            $error = Redaxscript\Language::get('user_incorrect');
        } else {
            $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
            $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id;
        }
        if ($id_user && strcasecmp($user_id, $user) < 0) {
            $error = Redaxscript\Language::get('user_exists');
        }
        if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
            $error = Redaxscript\Language::get('user_incorrect');
        }
        if ($password_check == 1) {
            if (!$password) {
                $error = Redaxscript\Language::get('password_empty');
            }
            if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = Redaxscript\Language::get('password_incorrect');
            }
        }
    }
    /* validate last post */
    $emailValidator = new Redaxscript\Validator\Email();
    switch ($tableParameter) {
        case 'comments':
            if (!$author) {
                $error = Redaxscript\Language::get('author_empty');
            }
        case 'users':
            if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = Redaxscript\Language::get('email_incorrect');
            }
    }
    $route = 'admin';
    /* handle error */
    if ($error) {
        if (!$idParameter) {
            $route .= '/new/' . $tableParameter;
        } else {
            $route .= '/edit/' . $tableParameter . '/' . $idParameter;
        }
        /* show error */
        echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred'));
        return;
    } else {
        if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) {
            $route .= '/view/' . $tableParameter;
            if ($alias) {
                $route .= '#' . $alias;
            } else {
                if ($user) {
                    $route .= '#' . $user;
                }
            }
        }
    }
    /* select to null */
    foreach ($r as $key => $value) {
        if ($value == 'select') {
            $r[$key] = null;
        }
    }
    /* process */
    switch (true) {
        /* query new */
        case $_POST['new']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save();
            /* show success */
            echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
            return;
            /* query edit */
        /* query edit */
        case $_POST['edit']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save();
            /* query categories */
            if ($tableParameter == 'categories') {
                $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter);
                $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]);
                $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray);
                $articleArray = $articleChildren->findFlatArray();
                if (count($articleArray) > 0) {
                    Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save();
                }
                $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
                $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
            }
            /* query articles */
            if ($tableParameter == 'articles') {
                if ($comments == 0) {
                    $status = 0;
                }
                Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save();
            }
            if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) {
                $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance());
                $auth->init();
                $auth->setUser('name', $name);
                $auth->setUser('email', $email);
                $auth->setUser('language', $language);
                $auth->save();
                Redaxscript\Request::setSession('language', $language);
            }
            /* show success */
            echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
            return;
    }
}