function make_editor_form() { $form = new disco(); $editor_name = html_editor_name($this->site_id); $params = html_editor_params($this->site_id); if (strpos($editor_name, 'loki') === 0) { unset($params['paths']['site_feed']); unset($params['paths']['finder_feed']); unset($params['paths']['default_site_regexp']); unset($params['paths']['default_type_regexp']); $params['widgets'] .= ' +source +debug'; } $form->add_element('demo', $editor_name, $params); $form->set_display_name('demo', ' '); $form->set_actions(array('Submit')); $form->run(); if ($form->get_value('demo')) { echo '<h3>Output</h3>' . "\n"; echo '<p>(For security reasons, this may differ from the Raw and Tidied markup -- it has been run through <a href="http://htmlpurifier.org/">HTML Purifier</a>)</p>'; echo '<div class="echoBack">' . "\n"; echo carl_get_safer_html($form->get_value('demo')); echo '</div>' . "\n"; echo '<h3>Tidied Markup</h3>' . "\n"; echo '<p>This is what you submitted after being run through <a href="http://tidy.sourceforge.net/">Tidy</a></p>'; echo '<div class="echoBack">' . "\n"; echo nl2br(htmlspecialchars($form->get_value('demo'))); echo '</div>' . "\n"; echo '<h3>Raw Markup</h3>' . "\n"; echo '<p>This is exactly what you submitted</p>'; echo '<div class="echoBack">' . "\n"; echo nl2br(htmlspecialchars(conditional_stripslashes($_POST['demo']))); echo '</div>' . "\n"; } }
function AbstractFormController() { $request =& $this->get_request(); $cleanup_rules =& $this->get_cleanup_rules(); if (empty($request) && !empty($cleanup_rules)) { $unclean_request = conditional_stripslashes($_REQUEST); $request = carl_clean_vars($unclean_request, $cleanup_rules); $this->set_request($request); } }
/** * Inits the DiscoDB form using class variables $db_conn, $table, and $id */ function init($externally_set_up = false) { if (isset($this->_inited) == false) { $cleanup_rules = $this->get_cleanup_rules(); $request = conditional_stripslashes($_REQUEST); $this->request = carl_clean_vars($request, $cleanup_rules); $this->pre_init_and_run_form(); if ($this->init_and_run_form) { parent::init(); } else { $this->init_no_form(); } } }
function carl_construct_query_string($new_request_vars, $preserve_request_vars = array('')) { if (empty($preserve_request_vars)) { return carl_make_link($new_request_vars, '', 'qs_only', true, false); } else { $url = get_current_url(); $preserve_array = ''; $parts = parse_url($url); if (!empty($parts['query'])) { parse_str($parts['query'], $cur_request_vars); } if (isset($cur_request_vars)) { $cur_request_vars = conditional_stripslashes($cur_request_vars); } foreach ($preserve_request_vars as $key) { if (isset($cur_request_vars[$key])) { $preserve_array[$key] = $cur_request_vars[$key]; } } $params = isset($preserve_array) ? array_merge((array) $preserve_array, (array) $new_request_vars) : $new_request_vars; return carl_make_link($params, '', 'qs_only', true, false); } }
function clean_external_vars($rules) // Cleanup rules can include a 'method' // parameter which indicates where the value should come from -- options are get, post, and // nothing/anything else, which means the $_REQUEST array. { $request = $cleanup_params = array(); $prepped_request = conditional_stripslashes($_REQUEST); $prepped_post = conditional_stripslashes($_POST); $prepped_get = conditional_stripslashes($_GET); foreach ($rules as $param => $rule) { if (isset($rule['method'])) { switch ($rule['method']) { case 'get': case 'GET': $cleanup_params['prepped_get'][$param] = $rule; break; case 'post': case 'POST': $cleanup_params['prepped_post'][$param] = $rule; break; default: $cleanup_params['prepped_request'][$param] = $rule; break; } } else { $cleanup_params['prepped_request'][$param] = $rule; } } foreach ($cleanup_params as $source => $rules) { $cleaned = $this->clean_vars( $$source, $rules ); $request = array_merge($request, $cleaned); } return $request; } // }}}
/** * Strip slashes *if magic quotes are turned on* * * Most of the Reason and Carl Util tools expect to work with unescaped values * and will double-escape values if they are written to the db that way. * It is good practice to run userland values through this function so that code * will work whether or not magic quotes are on. * * * @param string $string_that_may_be_escaped * @return string $unescaped_string */ function conditional_stripslashes($value) { if (!get_magic_quotes_gpc()) { return $value; } else { if (is_array($value)) { foreach ($value as $k => $v) { $z = is_array($v) ? array_map("conditional_stripslashes", $v) : conditional_stripslashes($v); $value[$k] = $z; } return $value; } else { return stripslashes($value); } } }
function init($externally_set_up = false) { if (!$this->load_has_run) { if (!empty($this->table) && !empty($this->db_conn)) { if (!empty($this->table)) { $this->_use_db_connection_string(); $this->load($this->db_conn, $this->table, $this->_id); } } else { trigger_error('the disco db form must have the class variables $table and $db_conn defined if you are running init prior to load'); } } if (!isset($this->_inited) or empty($this->_inited)) { if ($this->_use_db_connection_string) { $this->disco_db_connect(); } // are we first timing it? if (empty($this->_request)) { $this->_request = conditional_stripslashes($_REQUEST); } $HTTP_VARS = $this->_request; $this->_first_time = (isset($HTTP_VARS['submitted']) and !empty($HTTP_VARS['submitted'])) ? false : true; // tables should not be empty if (!isset($this->tables) or empty($this->tables)) { $this->_internal_error('Your Disco DB must have tables specified'); } if (!isset($this->required) or !is_array($this->required)) { $this->required = array(); } // determine action that was chosen foreach ($this->_request as $key => $val) { if (preg_match('/__button_/', $key)) { $this->chosen_action = preg_replace('/__button_/', '', $key); } } $HTTP_VARS = $this->_request; $this->_first_time = (isset($HTTP_VARS['submitted']) and !empty($HTTP_VARS['submitted'])) ? false : true; // initialize values $this->_error_required = array(); $this->_error_messages = array(); $this->_error_flag = false; // run through the tables array setting everything and getting any kinds of types from the database as needed reset($this->tables); while (list($key, $val) = each($this->tables)) { // just a table name - this table needs to be loaded from DB if (is_int($key) and is_string($val)) { // load elements for this table $this->load_elements_from_db($this->_db, array($val)); } else { if (is_string($key)) { if (empty($val)) { $this->load_elements_from_db($this->_db, array($key)); } else { // inspect elements in this array reset($val); while (list($el_key, $el_val) = each($val)) { $element = ''; $type = ''; $args = array(); // probably an element with a type if (is_string($el_key)) { $element = $el_key; // this element has extra args if (is_array($el_val)) { $type = $el_val['type']; $args = $el_val; } else { $type = $el_val; } } else { $element = $el_val; } $this->add_element($element, $type, $args); $this->_tables[$key][$element] = array('type' => $type, 'field' => $element); } } } else { $this->_internal_error('Your tables are malformed.'); } } } // now load values from db if (!isset($this->_id)) { $HTTP_VARS = conditional_stripslashes($_REQUEST); $this->_id = isset($HTTP_VARS['id']) ? $HTTP_VARS['id'] : ''; } $this->load_values(); // required should only contain defined elements & element groups foreach ($this->required as $name) { if (!$this->_is_element($name) && !$this->_is_element_group($name)) { trigger_error($name . ' is present in your required fields, but it is not a defined element or element group.'); } } $this->_inited = true; if ($this->_use_db_connection_string) { $this->disco_db_disconnect(); } } }
function grab_request() // {{{ { $request = array_diff( conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE) ); $columns = (isset($this->columns)) ? array_keys($this->columns) : array(''); $cleanup_rules = array('state' => array('function' => 'check_against_array', 'extra_args' => array('live', 'Live', 'pending', 'Pending', 'deleted', 'Deleted')), 'dir' => array('function' => 'check_against_array', 'extra_args' => array('desc', 'DESC', 'asc', 'ASC')), 'order_by' => array('function' => 'check_against_array', 'extra_args' => $columns), 'site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'type_id'=> array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'open' => array('function' => 'check_against_regexp', 'extra_args' => array('/^[0-9,]*$/')), 'lister' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_type_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_rel_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), '__old_cur_module' => array('function' => 'turn_into_string'), '__old_user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'cur_module' => array('function' => 'turn_into_string'), 'textonly' => array('function' => 'turn_into_int'), 'new_entity' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'refresh_lister_state' => array('function' => 'check_against_array', 'extra_args' => array('0','1')) ); $this->append_filters($cleanup_rules); // apply the cleanup rules $this->request = carl_clean_vars($request, $cleanup_rules); $this->_consult_and_save_session_state(); // special case a few that unfortunately need localization ... if (isset($this->request['state'])) $this->state = $this->request['state'] = strtolower($this->request['state']); if (isset($this->request['dir'])) $this->dir = $this->request['dir'] = strtoupper($this->request['dir']); if (isset($this->request['order_by'])) $this->order_by = $this->request['order_by']; if (isset($this->request['page'])) $this->page = $this->request['page']; if (isset($this->request['open'])) $this->open = $this->request['open']; // setup some defaults if (!$this->page) $this->page = 1; if (!$this->state) $this->state = 'Live'; }
<?php /** * Provides a web service for the Thor WYSIWYG editor to update the temporary XML file in the DB * @package thor */ include_once 'paths.php'; include_once SETTINGS_INC . 'thor_settings.php'; include_once CARL_UTIL_INC . 'dev/prp.php'; include_once CARL_UTIL_INC . 'db/db.php'; include_once CARL_UTIL_INC . 'db/sqler.php'; $tmp_id = $_REQUEST["tmp_id"]; $xml = $_REQUEST["xml"]; connectDB(THOR_FORM_DB_CONN); $sqler = new SQLER(); if (!empty($xml)) { if (!empty($tmp_id)) { $sqler->update_one('thor', array('content' => conditional_stripslashes($xml)), $tmp_id); } else { $sqler->insert('thor', array('content' => conditional_stripslashes($xml))); $tmp_id = mysql_insert_id(); echo $tmp_id; } } else { die('Please provide xml content.'); }
/** * Should include only those items needed by the minisite navigation builder */ function grab_request() { $request = array_diff(conditional_stripslashes($_REQUEST), conditional_stripslashes($_COOKIE)); $columns = isset($this->columns) ? array_keys($this->columns) : array(''); $cleanup_rules = array('site_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'page_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => true)), 'textonly' => array('function' => 'turn_into_int'), 'editing' => array('function' => 'check_against_array', 'extra_args' => array('off', 'on'))); // apply the cleanup rules $this->request = carl_clean_vars($request, $cleanup_rules); }
/** * Handles the transition from the end of the form to wherever or whatever the form should go/do. * Called by {@link run_process_phase()}. Available hook: {@link where_to()}. * @param string $kludge kludge variables to handle the old finish method * @access public */ function handle_transition($kludge) { $where_to = $this->where_to(); if ($callback_where_tos = $this->_run_callbacks('where_to')) { $where_to = array_pop($callback_where_tos); } elseif (!$where_to) { $where_to = $kludge; } if ($where_to) { if (!$where_to or !is_string($where_to)) { $where_to = conditional_stripslashes($_SERVER['REQUEST_URI']); } if (function_exists('is_developer') && is_developer()) { $errors = carl_util_get_error_list(); if (!empty($errors)) { echo '<h3>PHP errors were encountered during the processing of this form.</h3>' . "\n"; echo '<p>Because you are accessing this form from an IP address listed as a developer\'s, rather than redirecting your browser to the next step (which would hide the errors) the form is pausing to let you see the errors displayed above.</p>' . "\n"; echo '<p><a href="' . htmlspecialchars($where_to) . '">Thanks for the info; continue on.</a></p>'; exit; } } header('Location: ' . $where_to); exit; } }
$es = new entity_selector(); $es->add_type(id_of('minisite_page')); $es->limit_tables(array('page_node', 'url')); $es->limit_fields('entity.name, page_node.custom_page, page_node.url_fragment, url.url'); $es->add_right_relationship_field('owns', 'entity', 'id', 'owner_id'); $es->add_right_relationship_field('owns', 'entity', 'name', 'site_name'); $es->add_left_relationship_field('minisite_page_parent', 'entity', 'id', 'parent_id'); // we add some relations so that we grab only valid pages with names that are not custom url pages $es->add_relation('(entity.name != "") AND ((url.url = "") OR (url.url IS NULL))'); $result = $es->run_one(); $builder = new reasonPageURL(); $builder->provide_page_entities($result); $request = carl_get_request(); $detail_mode = isset($request['detail']) ? $request['detail'] == 'true' : false; $module_limiter = isset($request['limit']) ? conditional_stripslashes(turn_into_string($request['limit'])) : ''; $detail_limiter = isset($request['detail_limit']) ? conditional_stripslashes(turn_into_string($request['detail_limit'])) : ''; $core_local_limiter = isset($request['core_local_limit']) ? check_against_array($request['core_local_limit'], array('core', 'local')) : ''; $num = isset($request['num']) ? turn_into_int($request['num']) : 'All'; if (isset($request['reset'])) { header("Location: " . carl_make_redirect(array('limit' => '', 'core_local_limit' => ''))); exit; } // Make an array with first dimension of page type name, second dimension of every page // ID using the pt, third dimension 'true' for every page type returned by the query. foreach ($result as $k => $mypage) { $page_type_value = $mypage->get_value('custom_page'); if (empty($page_type_value)) { $page_type_value = 'default'; } $reason_page_types[$page_type_value][$k] = 'true'; }
/** * This is a replacement for referencing $_REQUEST directly, and gives us a consistent result that includes just $_GET and $_POST. * * It should be used instead of $_REQUEST, as the makeup of $_REQUEST depends upon the PHP version and settings. * * If $_POST and $_GET are set for a named item, $_POST is preferred. * * @param boolean run_conditional_stripslashes - defaults to true ... makes sure stripslashes gets run if magic_quotes is on. * @author Nathan White * @return array */ function carl_get_request($run_conditional_stripslashes = true) { $merged = array_merge_recursive2((array) $_GET, (array) $_POST); return $run_conditional_stripslashes ? conditional_stripslashes($merged) : $merged; }
/** * Handles all the internal logic for an instantiated table viewer - request variables will override any settings that correspond to a request * variable that may have been specified prior to the init ... */ function _set_params_from_request() { // alter cleanup rules $this->cleanup_rules['table_sort_field'] = array('function' => 'check_against_array', 'extra_args' => array_keys($this->_display_values)); // dynamically add $va = $this->_get_valid_actions(); $vra = $this->_get_valid_row_actions(); if (!empty($va)) { $this->cleanup_rules['table_action'] = array('function' => 'check_against_array', 'extra_args' => $va); } if (!empty($vra)) { $this->cleanup_rules['table_row_action'] = array('function' => 'check_against_array', 'extra_args' => $vra); } $this->request = carl_clean_vars(conditional_stripslashes($_REQUEST), $this->cleanup_rules); if (isset($this->request['table_action'])) { $this->set_action($this->request['table_action']); } if (isset($this->request['table_row_action'])) { $this->set_row_action($this->request['table_row_action']); } if (isset($this->request['table_action_id'])) { $this->set_action_id($this->request['table_action_id']); } if (isset($this->request['table_sort_order'])) { $this->set_sort_order($this->request['table_sort_order']); } if (isset($this->request['table_sort_field'])) { $this->set_sort_field($this->request['table_sort_field']); } if (isset($this->request['table_filters'])) { $this->set_filters($this->request['table_filters']); } if (isset($this->request['table_filter_clear'])) { $this->clear_filters($this->request['table_filters']); } }
function clean_external_vars($rules) { $request = $cleanup_params = array(); $prepped_request = conditional_stripslashes($_REQUEST); $prepped_post = conditional_stripslashes($_POST); $prepped_get = conditional_stripslashes($_GET); foreach ($rules as $param => $rule) { if (isset($rule['method'])) { switch ($rule['method']) { case 'get': case 'GET': $cleanup_params['prepped_get'][$param] = $rule; break; case 'post': case 'POST': $cleanup_params['prepped_post'][$param] = $rule; break; default: $cleanup_params['prepped_request'][$param] = $rule; break; } } else { $cleanup_params['prepped_request'][$param] = $rule; } } foreach ($cleanup_params as $source => $rules) { $cleaned = $this->clean_vars(${$source}, $rules); $request = array_merge($request, $cleaned); } return $request; }