public static function validate($type, $input = "")
{
switch ($type) {
case _EW_INPUT_IP:
$inputModified = $input;
if (@strstr($inputModified, _EW_IP_SEPARATOR)) {
//has multiple entries splitted by "," ?
self::splitAndValidateMultipleIp($inputModified);
return $inputModified;
} else {
$inputModified = self::replaceWildcardWithRealNumber($inputModified);
if (!(filter_var($inputModified, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var($inputModified, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
throw new ExtraWatchInputException(_EW_INPUT_IP, $input);
}
}
return $input;
case _EW_INPUT_URL:
if (!filter_var($input, FILTER_VALIDATE_URL)) {
throw new ExtraWatchInputException(_EW_INPUT_URL, $input);
}
return $input;
case _EW_INPUT_ONE_STRING:
if (@$input && !filter_var($input, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH)) {
throw new ExtraWatchInputException(_EW_INPUT_ONE_STRING, $input);
}
return $input;
case _EW_INPUT_FILE_PATH:
$dir = realpath(dirname(__FILE__) . DS . "..");
if (!ExtraWatchHelper::startsWith($input, $dir)) {
throw new ExtraWatchInputException(_EW_INPUT_FILE_PATH, $input);
}
return $input;
case _EW_INPUT_FILE_PATH_TMP:
$dir = self::getUploadTmpDir();
if (!ExtraWatchHelper::startsWith($input, $dir)) {
throw new ExtraWatchInputException(_EW_INPUT_FILE_PATH_TMP, $input);
}
return $input;
case _EW_INPUT_FILE_ROOT_PATH_HTACCESS:
$env = ExtraWatchEnvFactory::getEnvironment();
$rootPath = $env->getRootPath();
$dir = $rootPath . DS . ".htaccess";
if (!ExtraWatchHelper::startsWith($input, $dir)) {
throw new ExtraWatchInputException(_EW_INPUT_FILE_ROOT_PATH_HTACCESS, $input);
}
return $input;
case _EW_INPUT_EXTRACT:
if (@$input && $input != "getParams=") {
$object = @$input['params'];
if ($object) {
if ($object && $object != "getParams=") {
$getParams = ExtraWatchHelper::convertUrlQuery($object);
if ($getParams) {
foreach ($getParams as $getParam => $getParamValue) {
if ($getParam && !array_search($getParam, unserialize(_EW_ALLOWED_PARAMS_TO_EXTRACT))) {
throw new ExtraWatchInputException(_EW_INPUT_EXTRACT, $getParam);
}
}
} else {
$reflector = new ReflectionClass(get_class($object));
$classFileName = dirname($reflector->getFileName());
if (!self::validate(_EW_INPUT_FILE_PATH, $classFileName)) {
throw new ExtraWatchInputException(_EW_INPUT_EXTRACT, $classFileName);
}
}
}
}
}
return $input;
break;
case _EW_INPUT_EMAIL:
if (filter_var($input, FILTER_VALIDATE_EMAIL) === false) {
throw new ExtraWatchInputException(_EW_INPUT_EMAIL, $input);
}
return $input;
break;
case _EW_INPUT_FILE_NAME:
$tmpUploadDir = self::getUploadTmpDir();
$tmpUploadDir = str_replace("/", DS, $tmpUploadDir);
if (!ExtraWatchHelper::startsWith($input['file']['tmp_name'], $tmpUploadDir)) {
throw new ExtraWatchInputException(_EW_INPUT_FILE_NAME, $input);
}
return $input;
case _EW_INPUT_FILE_EXTERNAL_PATH:
case _EW_INPUT_DIR:
$env = ExtraWatchEnvFactory::getEnvironment();
if (!ExtraWatchHelper::startsWith(realpath($input), realpath($env->getCMSFileSystemRootPath()))) {
throw new ExtraWatchInputException(_EW_INPUT_FILE_EXTERNAL_PATH, $input);
}
return $input;
case _EW_INPUT_HOST:
$isIpValid = filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
$isHostValid = preg_match("/^([a-z\\d](-*[a-z\\d])*)(\\.([a-z\\d](-*[a-z\\d])*))*\$/i", $input) && preg_match("/^.{1,253}\$/", $input) && preg_match("/^[^\\.]{1,63}(\\.[^\\.]{1,63})*\$/", $input);
//length of each label
if (!($isIpValid || $isHostValid)) {
throw new ExtraWatchInputException(_EW_INPUT_HOST, $input);
}
return $input;
case _EW_INPUT_REFERRER_SAME_SITE:
$env = ExtraWatchEnvFactory::getEnvironment();
if (!ExtraWatchHelper::startsWith($_SERVER["HTTP_REFERER"], $env->getCMSBaseURL())) {
throw new ExtraWatchInputException(_EW_INPUT_REFERRER_SAME_SITE, $_SERVER["HTTP_REFERER"]);
}
return $input;
case _EW_INPUT_LANGUAGE:
$input = ExtraWatchInput::validate(_EW_INPUT_ONE_STRING, $input);
//prevent from using anything else than single string !
$langDir = realpath(dirname(__FILE__) . DS . ".." . DS . "lang" . DS . $input . ".php");
if (!file_exists($langDir)) {
throw new ExtraWatchInputException(_EW_INPUT_LANGUAGE, $langDir);
}
return $input;
default:
return $input;
}
}
$jBasePath = realpath(dirname(__FILE__) . DS . ".." . DS . ".." . DS . "..". DS);
define('JPATH_BASE2', $jBasePath);*/
include_once JPATH_BASE2 . DS . "components" . DS . "com_extrawatch" . DS . "includes.php";
$extraWatch = new ExtraWatchMain();
$extraWatch->helper->setNoindexHttpHeaders();
//setting explicitly for ajax requests
$extraWatch->block->checkFrontendTokenFromUrl();
$params = ExtraWatchHelper::requestGet("params");
///
$params = str_replace("?", "", $params);
//remove trailing ?
$queryParams = ExtraWatchHelper::getUrlQueryParams();
///
$getParamsFromQuery = ExtraWatchHelper::convertUrlQuery($queryParams['params']);
///
$getParams = ExtraWatchHelper::convertUrlQuery(urldecode(@$getParamsFromQuery['getParams']));
///
if (@$getParams["ip"]) {
$ip = ExtraWatchInput::validate(_EW_INPUT_IP, @$getParams["ip"]);
///
}
//$queryParams = ExtraWatchHelper::convertUrlQuery($params);
//print_r($queryParams);
$title = @$queryParams['title'];
///
$uri = ExtraWatchInput::validate(_EW_INPUT_URI, ExtraWatchHelper::unescapeSlash(@$queryParams['uri']));
///
//echo("url: $uri title: $title");
$extraWatch->visit->addUri2Title($uri, $title);
$uri2titleId = $extraWatch->visit->getUri2TitleId($uri, $title);
ExtraWatchLog::debug("heatmap.include.js.php - title: " . $title . " uri: " . $uri . " uri2titleId: " . $uri2titleId . " ip: {$ip} queryParams: " . print_r($queryParams, true));
