/** * @return mixed */ public function current() { if ($this->valid()) { // sanitize the data if needed if (!$this->_sanitization_enabled) { $result = $this->_result[$this->_current_row]; } else { $result = \Security::clean($this->_result[$this->_current_row], null, 'security.output_filter'); } return $result; } }
public function action_search($term = null) { if ($term == null) { $term = Input::get("term"); } //only ajax requests served here //(! Input::is_ajax()) and Response::redirect("location"); $clean_query = Security::clean($term); $data["locations"] = array(); if ($clean_query != "") { $data["locations"] = Model_Orm_Location::query()->where("title", "like", $clean_query . "%")->get(); } $response = Response::forge(View::forge("location/search", $data)); $response->set_header("Content-Type", "application/json"); return $response; }
/** * Detects and returns the current URI based on a number of different server * variables. * * @return string */ public static function uri() { if (static::$detected_uri !== null) { return static::$detected_uri; } if (\Fuel::$is_cli) { if ($uri = \Cli::option('uri') !== null) { static::$detected_uri = $uri; } else { static::$detected_uri = \Cli::option(1); } return static::$detected_uri; } // We want to use PATH_INFO if we can. if (!empty($_SERVER['PATH_INFO'])) { $uri = $_SERVER['PATH_INFO']; } elseif (!empty($_SERVER['ORIG_PATH_INFO']) and ($path = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['ORIG_PATH_INFO'])) != '') { $uri = $path; } else { // Fall back to parsing the REQUEST URI if (isset($_SERVER['REQUEST_URI'])) { $uri = strpos($_SERVER['SCRIPT_NAME'], $_SERVER['REQUEST_URI']) !== 0 ? $_SERVER['REQUEST_URI'] : ''; } else { throw new \FuelException('Unable to detect the URI.'); } // Remove the base URL from the URI $base_url = parse_url(\Config::get('base_url'), PHP_URL_PATH); if ($uri != '' and strncmp($uri, $base_url, strlen($base_url)) === 0) { $uri = substr($uri, strlen($base_url) - 1); } // If we are using an index file (not mod_rewrite) then remove it $index_file = \Config::get('index_file'); if ($index_file and strncmp($uri, $index_file, strlen($index_file)) === 0) { $uri = substr($uri, strlen($index_file)); } // When index.php? is used and the config is set wrong, lets just // be nice and help them out. if ($index_file and strncmp($uri, '?/', 2) === 0) { $uri = substr($uri, 1); } // decode the uri, and put any + back (does not mean a space in the url path) $uri = str_replace("\r", '+', urldecode(str_replace('+', "\r", $uri))); // Lets split the URI up in case it contains a ?. This would // indicate the server requires 'index.php?' and that mod_rewrite // is not being used. preg_match('#(.*?)\\?(.*)#i', $uri, $matches); // If there are matches then lets set set everything correctly if (!empty($matches)) { $uri = $matches[1]; // only reconstruct $_GET if we didn't have a query string if (empty($_SERVER['QUERY_STRING'])) { $_SERVER['QUERY_STRING'] = $matches[2]; parse_str($matches[2], $_GET); $_GET = \Security::clean($_GET); } } } // Deal with any trailing dots $uri = rtrim($uri, '.'); // Do we have a URI and does it not end on a slash? if ($uri and substr($uri, -1) !== '/') { // Strip the defined url suffix from the uri if needed $ext = strrchr($uri, '.'); $path = $ext === false ? $uri : substr($uri, 0, -strlen($ext)); // Did we detect something that looks like an extension? if (!empty($ext)) { // if it has a slash in it, it's a URI segment with a dot in it if (strpos($ext, '/') === false) { static::$detected_ext = ltrim($ext, '.'); if (\Config::get('routing.strip_extension', true)) { $uri = $path; } } } } // Do some final clean up of the uri static::$detected_uri = \Security::clean_uri($uri, true); return static::$detected_uri; }
/** * Retrieves all the data, both local and global. It filters the data if * necessary. * * $data = $this->get_data(); * * @return array */ protected function get_data() { $clean_it = function ($data, $rules, $auto_filter) { foreach ($data as $key => $value) { $filter = array_key_exists($key, $rules) ? $rules[$key] : null; $filter = is_null($filter) ? $auto_filter : $filter; $data[$key] = $filter ? \Security::clean($value, null, 'security.output_filter') : $value; } return $data; }; $data = array(); if (!empty($this->data)) { $data += $clean_it($this->data, $this->local_filter, $this->auto_filter); } if (!empty(static::$global_data)) { $data += $clean_it(static::$global_data, static::$global_filter, $this->auto_filter); } return $data; }
/** * Hydration from raw request (xml/json requests) * * @param string $type input type */ protected static function hydrate_raw_input($type) { static::$php_input === null and static::$php_input = file_get_contents('php://input'); static::${$type} = \Security::clean(\Format::forge(static::$php_input, $type)->to_array()); }
/** * Retrieves all the data, both local and global. It filters the data if * necessary. * * $data = $this->get_data(); * * @param string $scope local/glocal/all * @return array view data */ protected function get_data($scope = 'all') { $clean_it = function ($data, $rules, $auto_filter) { foreach ($data as $key => &$value) { $filter = array_key_exists($key, $rules) ? $rules[$key] : null; $filter = is_null($filter) ? $auto_filter : $filter; if ($value instanceof \Closure) { $value = $value(); } $value = $filter ? \Security::clean($value, null, 'security.output_filter') : $value; } return $data; }; $data = array(); if (!empty($this->data) and ($scope === 'all' or $scope === 'local')) { $data += $clean_it($this->data, $this->local_filter, $this->auto_filter); } if (!empty(static::$global_data) and ($scope === 'all' or $scope === 'global')) { $data += $clean_it(static::$global_data, static::$global_filter, $this->auto_filter); } return $data; }
/** * Hydration from raw request (xml/json requests) * * @param string $type input type */ protected static function hydrate_raw_input($type) { $content = \Format::forge(file_get_contents('php://input'), $type)->to_array(); is_array($content) and static::$content = \Security::clean($content); }
/** * Sanitizatize a data value * * @param string $field Name of the property that is being sanitized * @param mixed $value Value to sanitize * * @return mixed */ protected function _sanitize($field, $value) { return \Security::clean($value, null, 'security.output_filter'); }
/** * Get * * Gets a property or * relation from the * object * * @access public * @param string $property * @param array $conditions * @return mixed */ public function &get($property, array $conditions = array()) { // database columns if (array_key_exists($property, static::properties())) { if (!array_key_exists($property, $this->_data)) { $result = null; } elseif ($this->_sanitization_enabled) { // use a copy $result = $this->_data[$property]; } else { // use a reference $result =& $this->_data[$property]; } } elseif ($rel = static::relations($property)) { if (!array_key_exists($property, $this->_data_relations)) { $this->_data_relations[$property] = $rel->get($this, $conditions); $this->_update_original_relations(array($property)); } $result =& $this->_data_relations[$property]; } elseif (($result = $this->_get_eav($property)) !== false) { // nothing else to do here } elseif ($this->_view and in_array($property, static::$_views_cached[get_class($this)][$this->_view]['columns'])) { if ($this->_sanitization_enabled) { // use a copy $result = $this->_data[$property]; } else { // use a reference $result =& $this->_data[$property]; } } elseif (array_key_exists($property, $this->_custom_data)) { if ($this->_sanitization_enabled) { // use a copy $result = $this->_custom_data[$property]; } else { // use a reference $result =& $this->_custom_data[$property]; } } else { throw new \OutOfBoundsException('Property "' . $property . '" not found for ' . get_class($this) . '.'); } // do we need to clean before returning the result? if ($this->_sanitization_enabled) { $cleaned = \Security::clean($result, null, 'security.output_filter'); return $cleaned; } return $result; }
/** * Magic getter to fetch data from the data container * * @param string $property The property name * @return mixed */ public function __get($property) { if (array_key_exists($property, $this->_data)) { return $this->_sanitization_enabled ? \Security::clean($this->_data[$property], null, 'security.output_filter') : $this->_data[$property]; } throw new \OutOfBoundsException('Property "' . $property . '" not found for ' . get_called_class() . '.'); }
public function action_edit_task() { if (Input::is_ajax()) { $task = Model_Task::find(intval(Input::post('task_id'))); $task->name = trim(Security::clean(Input::post('task_content'))); $task->save(); } return false; // we return no content at all }
/** * Fetch an item from the POST array * * @param string The index key * @param mixed The default value * @param array Array of filters - if empty then all filter will be used * * @return string|array */ public static function secured_get_post($index = null, $default = null, $filters = array('strip_tags', 'htmlentities', 'xss_clean')) { return \Security::clean(\Input::get_post($index, $default), $filters); }
/** * Implements [ArrayAccess::offsetGet], gets a given row. * * $row = $result[10]; * * @param integer $offset * * @return mixed */ public function offsetGet($offset) { if (!$this->seek($offset)) { return null; } $result = $this->current(); // sanitize the data if needed if ($this->_sanitization_enabled) { $result = \Security::clean($result, null, 'security.output_filter'); } return $result; }
/** * Sets a variable on the template without sanitizing * Note: Objects are auto-converted to strings unless they're ViewModel, View or Closure instances, if you want * objects not to be converted add them through set_raw(). * * @param string * @param mixed */ public function set_safe($name, $val) { if (!is_object($val) or !($val instanceof ViewModel or $val instanceof View or $val instanceof \Closure)) { $val = \Security::clean(is_object($val) ? (string) $val : $val); } $this->_template->{$name} = $val; }
/** * Check if cat. CANNOT be deleted * * @param int $id cat. id * @return array $relatedcat names of related cat.s if the cat. CANNOT be deleted, * boolean FALSE if the cat. CAN be deleted * * @access protected * @author Nguyen Van Hiep */ protected function unable_del($id) { $relatedcats = array(); $relatedarts = array(); $cats = Model_Categories::get_child_cats($id); $cat_arts = Model_ArtCat::get_related_articles($id); foreach ($cats as $item) { $text = Security::clean($item->name, array('htmlentities', 'xss_clean')); $relatedcats[] = Html::anchor('/admin/categories/edit/' . $item->id, $text); } if (count($relatedcats) > 0) { array_unshift($relatedcats, '- ' . __('cat.categories') . ':'); } foreach ($cat_arts as $art) { $text = Security::strip_tags($art->ac2a->title); $relatedarts[] = Html::anchor('/admin/article/edit/' . $art->art_id, $text); } if (count($relatedarts) > 0) { array_unshift($relatedarts, '- ' . __('art.arts') . ':'); } $ret = array_merge($relatedcats, $relatedarts); if (count($ret) > 0) { return $ret; } else { return false; } }