public function save() { $objForm = register('form', array('lit_settings')); $objForm->langPrefix = 'lit_'; $objForm->validate = true; $objForm->add_fieldsets($this->fields()); $arrValues = $objForm->return_values(); include_once $this->root_path . "libraries/inputfilter/input.class.php"; $filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1); $strGameID = $arrValues['item_gameid']; $strQuality = $arrValues['quality']; if ($arrValues['icon'] != "") { $strIcon = str_replace($this->pfh->FolderPath('icons', 'localitembase', 'relative'), "", $this->root_path . $arrValues['icon']); } elseif ($this->in->get('i', 0) > 0) { $strIcon = $this->pdh->get('localitembase', 'icon', array($this->in->get('i', 0))); } else { $strIcon = ""; } $arrName = array(); $arrImage = array(); $arrText = array(); $arrUsedLanguages = array(); $arrLanguages = $this->user->getAvailableLanguages(false, false, true); foreach ($arrLanguages as $key => $val) { if ($arrValues['name__' . $key] != "" || $arrValues['image__' . $key] != "" || $arrValues['text__' . $key] != "") { $arrUsedLanguages[] = $key; $arrName[$key] = $arrValues['name__' . $key]; if ($arrValues['image__' . $key] != "") { $arrImage[$key] = str_replace($this->pfh->FolderPath('images', 'localitembase', 'relative'), "", $this->root_path . $arrValues['image__' . $key]); } elseif ($this->in->get('i', 0) > 0) { $arrImages = unserialize($this->pdh->get('localitembase', 'image', array($this->in->get('i', 0)))); if (isset($arrImages[$key])) { $arrImage[$key] = $arrImages[$key]; } } $arrText[$key] = $filter->clean($arrValues['text__' . $key]); } } if ($this->in->get('i', 0) > 0) { $this->pdh->put('localitembase', 'update', array($this->in->get('i', 0), $strGameID, $strIcon, $strQuality, $arrName, $arrText, $arrImage, $arrUsedLanguages)); } else { //$strGameID, $strIcon, $strQuality, $arrNames, $arrText, $arrImages, $arrLanguages $this->pdh->put('localitembase', 'insert', array($strGameID, $strIcon, $strQuality, $arrName, $arrText, $arrImage, $arrUsedLanguages)); } $this->pdh->process_hook_queue(); $this->display(); }
public static function sendMailFromAgentThird($correo, $mensaje, $archivo = false) { $emails = explode(',', $correo); $to = array(); foreach ($emails as $email) { $mail = $email; $destinatario = array('name' => $email, 'mail' => $email); if (($email = FilterInput::FilterValue($email, 'email', true)) === false) { throw new Exception('El correo ' . $mail . ' no es válido.'); } $to[] = $destinatario; } $data = array('one' => $mensaje['one'], 'two' => $mensaje['two'], 'three' => $mensaje['three'], 'four' => $mensaje['four'], 'five' => $mensaje['five'], 'six' => $mensaje['six'], 'seven' => $mensaje['seven'], 'eight' => $mensaje['eight'], 'nine' => $mensaje['nine'], 'ten' => $mensaje['ten']); $tpl = ParserTemplate::parseTemplate('envio_inventario_third.html', $data); $correos = array(array('mail' => '*****@*****.**', 'name' => 'Jesús'), array('mail' => '*****@*****.**', 'name' => 'Vico')); if (Mailer::sendMail('Encuesta ONE / Tercer Review', $tpl, $to, '', $correos)) { return array('success' => true, 'message' => 'Correo enviado.'); } }
/** * @covers Xoops\Core\FilterInput::gather */ public function testGather() { $specs = array(array('op', 'string'), array('ok', 'boolean', false, false), array('str', 'word', 'something', true, 5)); unset($_POST['op']); $clean_input = FilterInput::gather('post', $specs, 'op'); $this->assertFalse($clean_input); $_POST['op'] = 'test'; $clean_input = FilterInput::gather('post', $specs, 'op'); $this->assertEquals('test', $clean_input['op']); $this->assertFalse($clean_input['ok']); $this->assertEquals('somet', $clean_input['str']); unset($_POST['op']); $_POST['ok'] = '1'; $_POST['str'] = ' fred! '; $clean_input = FilterInput::gather('post', $specs); $this->assertEquals('', $clean_input['op']); $this->assertTrue($clean_input['ok']); $this->assertEquals('fred', $clean_input['str'], $clean_input['str']); }
/** * Clean up an input variable. * * @param mixed $var The input variable. * @param int $mask Filter bit mask. * - 1=no trim: If this flag is cleared and the input is a string, * the string will have leading and trailing whitespace trimmed. * - 2=allow_raw: If set, no more filtering is performed, higher bits are ignored. * - 4=allow_html: HTML is allowed, but passed through a safe HTML filter first. * If set, no more filtering is performed. * - If no bits other than the 1 bit is set, a strict filter is applied. * @param string $type The variable type. See {@link FilterInput::clean()}. * * @return string */ protected static function cleanVar($var, $mask = 0, $type = null) { // Static input filters for specific settings static $noHtmlFilter = null; static $safeHtmlFilter = null; // convert $var in array if $type is ARRAY if (strtolower($type) === 'array' && !is_array($var)) { $var = array($var); } // If the no trim flag is not set, trim the variable if (!($mask & static::MASK_NO_TRIM) && is_string($var)) { $var = trim($var); } // Now we handle input filtering // If the allow raw flag is set, do not modify the variable if (!($mask & static::MASK_ALLOW_RAW)) { if ($mask & static::MASK_ALLOW_HTML) { // If the allow html flag is set, apply a safe html filter to the variable if (null === $safeHtmlFilter) { $safeHtmlFilter = FilterInput::getInstance(array(), array(), 1, 1); } $var = $safeHtmlFilter->clean($var, $type); } else { // Since no allow flags were set, we will apply the most strict filter to the variable if (null === $noHtmlFilter) { $noHtmlFilter = FilterInput::getInstance(); } $var = $noHtmlFilter->clean($var, $type); } } return $var; }
public function update($id, $strName, $strDescription, $strAlias, $intPublished, $intPortalLayout, $intArticlePerPage, $intParentCategory, $intListType, $intShowChilds, $arrAggregation, $intFeaturedOnly, $intSocialButtons, $intArticlePublishedState, $arrPermissions, $intNotifyUnpublishedArticles, $intHideHeader, $intSortationType, $intFeaturedOntop, $intHideOnRSS) { if ($strAlias == "") { $arrName = unserialize($strName); $strDefaultLanguage = $this->config->get('default_lang'); $strAlias = $this->create_alias($arrName[$strDefaultLanguage]); } elseif ($strAlias != $this->pdh->get('article_categories', 'alias', array($id))) { $strAlias = $this->create_alias($strAlias); } //Check Alias $blnAliasResult = $this->check_alias($id, $strAlias); if (!$blnAliasResult) { return false; } $strDescription = $this->bbcode->replace_shorttags($strDescription); if ($this->config->get('enable_embedly')) { $strDescription = $this->embedly->parseString($strDescription); } if (!$this->user->check_auth('u_articles_script', false)) { include_once $this->root_path . "libraries/inputfilter/input.class.php"; $filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1); $strDescription = htmlspecialchars($filter->clean($strDescription)); } $arrQuery = array('name' => $strName, 'alias' => $strAlias, 'portal_layout' => $intPortalLayout, 'description' => $strDescription, 'per_page' => $intArticlePerPage, 'permissions' => serialize($arrPermissions), 'published' => $intPublished, 'parent' => $intParentCategory, 'list_type' => $intListType, 'aggregation' => serialize($arrAggregation), 'featured_only' => $intFeaturedOnly, 'social_share_buttons' => $intSocialButtons, 'show_childs' => $intShowChilds, 'article_published_state' => $intArticlePublishedState, 'notify_on_onpublished_articles' => $intNotifyUnpublishedArticles, 'hide_header' => $intHideHeader, 'sortation_type' => $intSortationType, 'featured_ontop' => $intFeaturedOntop, 'hide_on_rss' => $intHideOnRSS); $arrOldData = $this->pdh->get('article_categories', 'data', array($id)); $objQuery = $this->db->prepare("UPDATE __article_categories :p WHERE id=?")->set($arrQuery)->execute($id); if ($objQuery) { $this->pdh->enqueue_hook('article_categories_update'); $log_action = $this->logs->diff($arrOldData, $arrQuery, $this->arrLogLang, array('description' => 1), true); $this->log_insert("action_articlecategory_updated", $log_action, $id, $this->user->multilangValue($arrOldData["name"]), 1, 'article'); return $id; } return false; }
public function update($id, $strTitle, $strText, $arrTags, $strPreviewimage, $strAlias, $intPublished, $intFeatured, $intCategory, $intUserID, $intComments, $intVotes, $intDate, $strShowFrom, $strShowTo, $intHideHeader) { if ($strAlias == "") { $arrName = unserialize($strTitle); $strDefaultLanguage = $this->config->get('default_lang'); $strAlias = $this->create_alias($arrName[$strDefaultLanguage]); } elseif ($strAlias != $this->pdh->get('articles', 'alias', array($id))) { $strAlias = $this->create_alias($strAlias); } //Check Alias $blnAliasResult = $this->check_alias($id, $strAlias); if (!$blnAliasResult) { return false; } $strText = str_replace('<p></p>', '<br />', $strText); $strText = $this->bbcode->replace_shorttags($strText); if ($this->config->get('enable_embedly')) { $strText = $this->embedly->parseString($strText, false, false); } $arrPageObjects = array(); preg_match_all('#<p(.*)class="system-article"(.*) title="(.*)">(.*)</p>#iU', $strText, $arrTmpPageObjects, PREG_PATTERN_ORDER); if (count($arrTmpPageObjects[0])) { foreach ($arrTmpPageObjects[3] as $key => $val) { $arrPageObjects[] = $val; } } if (!$this->user->check_auth('u_articles_script', false)) { include_once $this->root_path . "libraries/inputfilter/input.class.php"; $filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1); $strText = $filter->clean($strText); } $strText = htmlspecialchars($strText); $arrOldData = $this->pdh->get('articles', 'data', array($id)); $arrData = array('title' => $strTitle, 'text' => $strText, 'category' => $intCategory, 'featured' => $intFeatured, 'comments' => $intComments, 'votes' => $intVotes, 'published' => $intPublished, 'show_from' => $strShowFrom, 'show_to' => $strShowTo, 'user_id' => $intUserID, 'date' => $intDate, 'previewimage' => $strPreviewimage, 'alias' => $strAlias, 'tags' => serialize($arrTags), 'last_edited' => $this->time->time, 'last_edited_user' => $this->user->id, 'page_objects' => serialize($arrPageObjects), 'hide_header' => $intHideHeader); //if category changed, make sure that there is only one index article if ($intCategory != $arrOldData["category"]) { $intIndexArticle = $this->pdh->get('article_categories', 'index_article', array($intCategoryID)); if ($intIndexArticle > 0) { $arrData['`index`'] = 0; } } $objQuery = $this->db->prepare("UPDATE __articles :p WHERE id=?")->set($arrData)->execute($id); if ($objQuery) { $this->pdh->enqueue_hook('articles_update'); $this->pdh->enqueue_hook('article_categories_update'); //Log changes $arrNew = array('title' => $strTitle, 'text' => $strText, 'category' => $intCategory, 'featured' => $intFeatured, 'comments' => $intComments, 'votes' => $intVotes, 'published' => $intPublished, 'show_from' => $strShowFrom, 'show_to' => $strShowTo, 'user_id' => $intUserID, 'date' => $intDate, 'previewimage' => $strPreviewimage, 'alias' => $strAlias, 'tags' => implode(", ", $arrTags), 'page_objects' => implode(", ", $arrPageObjects), 'hide_header' => $intHideHeader); $arrOld = array('title' => $arrOldData["title"], 'text' => $arrOldData["text"], 'category' => $arrOldData["category"], 'featured' => $arrOldData["featured"], 'comments' => $arrOldData["comments"], 'votes' => $arrOldData["votes"], 'published' => $arrOldData["published"], 'show_from' => $arrOldData["show_from"], 'show_to' => $arrOldData["show_to"], 'user_id' => $arrOldData["user_id"], 'date' => $arrOldData["date"], 'previewimage' => $arrOldData["previewimage"], 'alias' => $arrOldData["alias"], 'tags' => implode(", ", unserialize($arrOldData["tags"])), 'page_objects' => implode(", ", unserialize($arrOldData["page_objects"])), 'hide_header' => $arrOldData["hide_header"]); $arrFlags = array('text' => 1); $arrChanges = $this->logs->diff($arrOld, $arrNew, $this->arrLang, $arrFlags); if ($arrChanges) { $this->log_insert('action_article_updated', $arrChanges, $id, $this->user->multilangValue($arrOldData["title"]), 1, 'article'); } return $id; } return false; }
public function import() { $this->user->check_auth('u_localitembase_import'); $strCachePath = $this->pfh->FolderPath('cache', 'localitembase'); $strIconPath = $this->pfh->FolderPath('icons', 'localitembase'); $strImagePath = $this->pfh->FolderPath('images', 'localitembase'); $uploader = register('uploader'); $strZipName = $uploader->upload_mime('file', '', array('application/zip'), array('zip'), 'localitembase_dump', $strCachePath); if (!$strZipName || !file_exists($strCachePath . $strZipName)) { header("HTTP/1.1 500 Internal Error"); exit; } $objZIP = registry::register('zip', array($strCachePath . $strZipName)); $objZIP->extract($strCachePath . 'import/'); $objZIP->close(); $arrItemIDs = array(); $arrJSON = file_get_contents($strCachePath . 'import/localitembase_dump.json'); $arrJSON = json_decode($arrJSON, true); foreach ($this->pdh->get('localitembase', 'id_list', array()) as $itemID) { $arrItemIDs[$itemID] = $this->pdh->get('localitembase', 'item_gameid', array($itemID)); } include_once $this->root_path . "libraries/inputfilter/input.class.php"; $filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1); foreach ($arrJSON as $arrItemDump) { if (!in_array($arrItemDump['item_gameid'], $arrItemIDs)) { $oldText = unserialize($arrItemDump['text']); foreach ($oldText as $key => $val) { $oldText[$key] = $filter->clean($val); } $arrLanguages = unserialize($arrItemDump['languages']); $arrNewLanguage = sanitize($arrLanguages); $this->pdh->put('localitembase', 'insert', array(sanitize($arrItemDump['item_gameid']), sanitize($arrItemDump['icon']), sanitize($arrItemDump['quality']), sanitize(unserialize($arrItemDump['item_name'])), $oldText, sanitize(unserialize($arrItemDump['image'])), serialize($arrNewLanguage))); if (!empty($arrItemDump['icon'])) { $strIcon = preg_replace("/[^a-zA-Z0-9_.-]/iU", "", $arrItemDump['icon']); $strExtension = strtolower(pathinfo($strIcon, PATHINFO_EXTENSION)); if (in_array($strExtension, array('jpg', 'png'))) { $this->pfh->FileMove($strCachePath . 'import/icons/' . $strIcon, $strIconPath . $strIcon); } } $arrImages = unserialize($arrItemDump['image']); foreach ($arrImages as $strImage) { $strImage = preg_replace("/[^a-zA-Z0-9_.-]/iU", "", $strImage); $strExtension = strtolower(pathinfo($strImage, PATHINFO_EXTENSION)); if (in_array($strExtension, array('jpg', 'png'))) { $this->pfh->FileMove($strCachePath . 'import/images/' . $strImage, $strImagePath . $strImage); } } } } $this->pdh->process_hook_queue(); $this->pfh->Delete($strCachePath . 'import/'); exit; }
public function filterParams(&$params) { $filter_input = new FilterInput(); $filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier'); $params = $filter_input->clean($params); }
/** * Sets up the fixture, for example, opens a network connection. * This method is called before a test is executed. */ protected function setUp() { $this->object = FilterInput::getInstance(); }
private static function filteringInput() { $step_report = array(); // todo: check if we can do in other way the same thing // save login password from modification $ldap_used = Get::sett('ldap_used'); if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) { $password_login = $_POST['passIns']; } // Convert to Utf-8. self::log("Convert to Utf-8."); $_GET = utf8::clean($_GET); $_POST = utf8::clean($_POST); $_COOKIE = utf8::clean($_COOKIE); $_SERVER = utf8::clean($_SERVER); if (isset($_FILES)) { $_FILES = utf8::clean($_FILES); } // Convert ' and " (quote or unquote) self::log("Sanitize the input."); if (Docebo::user()->getUserLevelId() == ADMIN_GROUP_GODADMIN) { $filter_input = new FilterInput(); $filter_input->tool = 'none'; $filter_input->sanitize(); } else { $filter_input = new FilterInput(); $filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier'); // Whitelist some tags if we're a teacher in a course: if (isset($_SESSION['idCourse']) && $_SESSION['levelCourse'] >= 6) { $filter_input->appendToWhitelist(array('tag' => array('object', 'param'), 'attrib' => array('object.data', 'object.type', 'object.width', 'object.height', 'param.name', 'param.value'))); } $filter_input->sanitize(); } if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) { $_POST['passIns'] = utf8::clean(stripslashes($password_login)); } if (!defined("IS_API") && !defined("IS_PAYPAL") && (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' || defined("IS_AJAX"))) { // If this is a post or a ajax request then we must have a signature attached Util::checkSignature(); } }
public function addAttach($atach = array()) { if (empty($atach)) { self::throwMailerException('Attach: Es necesario que agregues cuando menos un archivo.'); } foreach ($atach as $file) { if (empty($file['file']) || empty($file['name'])) { self::throwMailerException('Attach: La lista de archivos no está en el formato correcto.'); } $att = $file['file']; if (($nombre = FilterInput::FilterValue($file['name'], 'string', true)) === false) { self::throwMailerException('Attach: El nombre del destinatario no es correcto.'); } $this->_mailer->AddAttachment($att, $nombre); } }