public function filterPost($name) { $e = array(); if (!empty($_POST)) { // captcha verification if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) { if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) { $e['result_captcha'] = 'error'; } } // test token validation // if (!$this->isToken($name,$e)) { // $e[$name.'_token'] = 'error'; // }else{ // unset($_POST[$name.'_token']); // } // $_POST checking foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') { $_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING); } } $HTMLPurifierService = new HTMLPurifierService(); // onclic submit form if (isset($_POST[$name . '_submit'])) { unset($_POST[$name . '_submit']); foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); $k = str_replace($name . '_', '', $k); if ($restHtml !== '_nofi') { if ($rest === '_tinymce' || $restHtml === '_html') { //if (!empty($this->i) && empty($e)) { //$_POST[$k] = stripcslashes($_POST[$k]); $v = str_replace('</textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('%3c/textarea', '', $v); $v = str_replace('</textarea', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('<body', '', $v); $v = str_replace('%3c/body', '', $v); $v = str_replace('</body', '', $v); $this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); //} } else { $this->i[$k] = Convertag::get($v); } } else { $this->i[$k] = Convertag::get($v); } } } // reset captcha if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($e['result_captcha'])) { unset($_POST['captcha_num1']); unset($_POST['captcha_num2']); unset($_POST['captcha_result']); } } return $e; }
public function view($nameForm) { $name = $nameForm; $isView = null; if (!empty($_POST)) { // captcha verification if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST)) { if ((int) $_POST['captcha_num1'] + (int) $_POST['captcha_num2'] !== (int) $_POST['captcha_result']) { $this->e['result_captcha'] = 'ok'; } } // test token validation if (!$this->isToken()) { $this->e[$this->name . '_token'] = 'ok'; } else { unset($_POST[$this->name . '_token']); } // $_POST checking foreach ($_POST as $k => $v) { $rest = substr($k, -8); $restHtml = substr($k, -5); if ($rest !== '_tinymce' && $restHtml !== '_html' && $restHtml !== '_nofi') { if (!is_array($v)) { $_POST[$k] = filter_input(INPUT_POST, $k, FILTER_SANITIZE_STRING); } } } $HTMLPurifierService = new HTMLPurifierService(); // onclic submit form if (isset($_POST[$nameForm . '_submit'])) { unset($_POST[$nameForm . '_submit']); foreach ($_POST as $k => $v) { $_k = $k; $rest = substr($k, -8); $restHtml = substr($k, -5); $k = str_replace($nameForm . '_', '', $k); if ($restHtml !== '_nofi') { if ($rest === '_tinymce' || $restHtml === '_html') { if (!empty($this->i) && empty($this->e)) { $_POST[$_k] = stripcslashes($_POST[$_k]); $replace = array('</textarea', '</textarea', '%3c/textarea', '</textarea', '<body', '<body', '%3c/body', '</body'); $replaceNext = array('scr=""'); $v = str_replace($replace, '', $_POST[$_k]); $v = str_replace('scr=""', 'scr=', $_POST[$_k]); $v = str_replace('scr=""', 'scr=', $_POST[$_k]); $this->i[$k] = htmlentities($HTMLPurifierService->purify($v), ENT_QUOTES); } } else { $this->i[$k] = Convertag::get($v); } } else { $_POST[$_k] = stripcslashes($_POST[$_k]); } } } // reset captcha if (array_key_exists('captcha_num1', $_POST) && array_key_exists('captcha_num2', $_POST) && array_key_exists('captcha_result', $_POST) && empty($this->e['result_captcha'])) { unset($_POST['captcha_num1']); unset($_POST['captcha_num2']); unset($_POST['captcha_result']); } } }