/** * Encodes mixed params before they are sent to the database. * * @param mixed $data The unencoded object/array/string/etc * @return mixed The encoded version */ static function encode(&$data) { if (is_object($data) || is_array($data)) { // skip the ilp_flexible_table if (!is_a($data, 'ilp_flexible_table')) { foreach ($data as $index => &$datum) { //we will skip any index with the prefix binary if (substr($index, 0, 7) != 'binary_') { $datum = ilp_db::encode($datum); } } } return $data; } else { // decode any special characters prevent malicious code slipping through $data = ilp_db::decode_htmlchars($data, ENT_QUOTES); // purify all data (e.g. validate html, remove js and other bad stuff) //I have had to remove the purify call as it was causing pages to timeout in 1.9 //this should be put back in once the ilp is moodle 2.0 only $data = purify_html($data); // encode the purified string $data = trim(preg_replace('/\\\\/', '\', htmlentities($data, ENT_QUOTES, 'utf-8', false))); // convert the empty string into null as such values break nullable FK fields return $data == '' ? null : $data; } }
/** * A PHP magic method that matches on all Moodle 2.x style db method calls * and converts them back to the Moodle 1.x functional syntax before * executing them. * * @param string $method The name of the method being called. * @param array $params The array of parameters passed to the method. * @return mixed The result of the query. */ function __call($method, $params) { // if this is a raw SQL query then we need to add the table prefixes if (preg_match('/_sql$/', $method)) { $params = array_map(array($this, 'addprefix'), $params); } // handle differences in function params switch ($method) { case 'record_exists_sql': case 'count_records_sql': case 'get_records_sql': //unset($params[1]); break; case 'get_field_sql': unset($params[1]); unset($params[2]); break; case 'get_record_select': case 'get_records_select': case 'delete_records_select': case 'update_record': unset($params[2]); break; case 'insert_record': unset($params[3]); break; case 'get_record': case 'get_records': case 'record_exists': case 'delete_records': case 'set_field': case 'get_field': case 'count_records': $params = $this->flatten($params); } // execute the query and return the sanatised result return ilp_db::encode(call_user_func_array($method, $params)); }
/** * Truncates long strings and adds a tooltip with a longer verison. * * @param string $string The string to truncate * @param int $maxlength The maximum length the string can be. -1 means unlimited, in case you just want a tooltip * @param string $tooltip (optional) tooltip to display. defaults to $string * @param array $special_case (optional) array of characters/entities that if found in string * stop the truncation and deceoding * @return string HTML */ function ilp_limit_length($html, $maxlength, $tooltip = null) { // permit only html tags and quotes so we can parse the tags properly $html = ilp_db::decode_htmlchars(assmgr_db::encode($html)); $printedlength = 0; $position = 0; $tags = array(); $return = null; while ($printedlength < $maxlength && preg_match('{</?([a-z]+)[^>]*>|&#?[a-zA-Z0-9]+;}', $html, $match, PREG_OFFSET_CAPTURE, $position)) { list($tag, $tagPosition) = $match[0]; // print text leading up to the tag $str = substr($html, $position, $tagPosition - $position); if ($printedlength + strlen($str) > $maxlength) { $return .= substr($str, 0, $maxlength - $printedlength); $printedlength = $maxlength; break; } $return .= $str; $printedlength += strlen($str); if ($tag[0] == '&') { // handle the entity $return .= $tag; $printedlength++; } else { // handle the tag $tagName = $match[1][0]; if ($tag[1] == '/') { // this is a closing tag $openingTag = array_pop($tags); assert($openingTag == $tagName); // check that tags are properly nested $return .= $tag; } else { if ($tag[strlen($tag) - 2] == '/') { // self-closing tag $return .= $tag; } else { // opening tag $return .= $tag; $tags[] = $tagName; } } } // continue after the tag $position = $tagPosition + strlen($tag); } // print any remaining text if ($printedlength < $maxlength && $position < strlen($html)) { $return .= substr($html, $position, $maxlength - $printedlength); } // add the ellipsis, if truncated $return .= strip_tags($return) != strip_tags($html) ? '…' : null; // close any open tags while (!empty($tags)) { $return .= sprintf('</%s>', array_pop($tags)); } // don't show a tooltip if it's set to false, or if no truncate has been done if ($tooltip === false || $return == $html && empty($tooltip)) { return $return; } else { // make the tooltip the original string if a specific value was not set if (empty($tooltip)) { $tooltip = $html; } $tooltip = ilp_db::encode($tooltip); // generate the unique id needed for the YUI tooltip $id = 'tootlip' . ilp_uniqueNum(); $script = "<script type='text/javascript'>\r\n //<![CDATA[\r\n new YAHOO.widget.Tooltip('ttA{$id}', {\r\n context:'{$id}',\r\n effect:{effect:YAHOO.widget.ContainerEffect.FADE,duration:0.20}\r\n });\r\n //]]>\r\n </script>"; return "<span id='{$id}' class='tooltip' title='{$tooltip}'>{$return}</span>{$script}"; } }