public function action_point() { $xy = Security::xss_clean($this->request->param('id', 0)); $e = explode('-', $xy); $x = round($e[0]); $y = round($e[1]); }
public function action_questions() { $list = ORM::factory('Expert_Question')->where('is_answered', '=', 1); $search = Security::xss_clean(Arr::get($_POST, 'search', '')); if (!empty($search)) { $list->and_where('question', 'LIKE', '%' . $search . '%'); } $list = $list->order_by('date', 'DESC'); $paginate = Paginate::factory($list)->paginate(NULL, NULL, 10)->render(); $list = $list->find_all(); $this->set('search', $search); $this->set('list', $list); $this->set('paginate', $paginate); if ($this->request->method() == Request::POST) { if (Auth::instance()->logged_in()) { try { $user_id = Auth::instance()->get_user()->id; $question = ORM::factory('Expert_Question'); $question->user_id = $user_id; $question->question = Arr::get($_POST, 'question', ''); $question->date = date('Y-m-d H:i:s'); $question->save(); } catch (ORM_Validation_Exception $e) { } } else { Message::success(i18n::get('You have to login')); } } $this->add_cumb('Question-answer', '/'); }
public function action_spam() { $id = (int) $this->request->param('id', 0); $question = ORM::factory('Feedback_Question', $id); $user_id = $this->user->id; if (!$question->loaded()) { $this->redirect('manage/feedback'); } $token = Arr::get($_POST, 'token', false); $return = Security::xss_clean(Arr::get($_GET, 'r', 'manage/expert')); $this->set('return', Url::media($return)); if ($this->request->method() == Request::POST && Security::token() === $token) { $question->is_spam = ($question->is_spam + 1) % 2; $question->spam_mod_id = $user_id; $question->save(); if ($question->is_spam == 1) { Message::success(i18n::get('The question is marked as spam')); } else { Message::success(i18n::get('Marked "Spam" is removed from the question')); } $this->redirect($return); } else { if ($question->loaded()) { $this->set('question', $question)->set('token', Security::token(true)); } else { $this->redirect('manage/expert'); } } }
public function before() { parent::before(); $this->detect_language(); /* Вспомогательный класс */ $this->api = new Api(); $this->auth_token = $this->request->headers('tokenAuth'); /* Обрабатываем POST со строкой json */ $this->post = json_decode($HTTP_RAW_POST_DATA = file_get_contents('php://input'), true); /* Инициализация параметров limit и offset для запроса, по умолчанию limit = 10, offset = 0 */ $this->offset = Security::xss_clean(Arr::get($this->post, 'offset', 0)); $this->limit = Security::xss_clean(Arr::get($this->post, 'limit', 10)); //Инициализация типа для запроса и id Для запроса $option = Security::xss_clean(Arr::get($this->post, 'option', array())); $this->entryType = strtolower(Security::xss_clean(Arr::get($option, 'entryType', ''))); $this->entryId = Security::xss_clean(Arr::get($option, 'entryId', '')); /* строка поиска */ $this->searchText = Security::xss_clean(Arr::get($option, 'searchText', '')); /* текст коммента */ $this->text = Security::xss_clean(Arr::get($this->post, 'text', '')); $this->id = (int) $this->request->param('id', 0); /* обновление времени жизни токена если он существует и если его ещё надо обновлять (живой ли?) */ if (!empty($this->auth_token)) { if ($this->api->token_expires($this->auth_token)) { $token_auth = Security::xss_clean(Arr::get($this->post, 'tokenAuth', '')); $this->api->update_token($token_auth); } } }
public function action_edit() { $id = $this->request->param('id', 0); $thank = ORM::factory('Thank', $id); $errors = NULL; $uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render(); if ($post = $this->request->post()) { try { if ($id == 0) { $last = ORM::factory('Thank')->order_by('order', 'Desc')->find(); $thank->order = $last->order + 1; } $post['date'] = date('Y-m-d H:i:s'); $thank->name = Security::xss_clean(Arr::get($post, 'name', '')); $thank->text = Security::xss_clean(Arr::get($post, 'text', '')); $thank->values($post, array('image', 'published', 'date'))->save(); $this->redirect('manage/thanks/view/' . $thank->id); } catch (ORM_Validation_Exception $e) { $errors = $e->errors($e->alias()); $this->set('errors', $errors); } } $this->set('uploader', $uploader); $this->set('item', $thank); }
public function action_index() { header('Access-Control-Allow-Origin: *'); $search = Security::xss_clean(isset($_GET['search']) ? $_GET['search'] : ''); if (!empty($search)) { $query_b = '%' . $search . '%'; $this->searchText = Database::instance()->escape($search); $query_a = DB::expr(' AGAINST(' . $this->searchText . ') '); $list = ORM::factory('Publication')->distinct('true')->where(DB::expr('MATCH(title_' . $this->language . ')'), '', $query_a)->or_where(DB::expr('MATCH(desc_' . $this->language . ')'), '', $query_a)->or_where(DB::expr('MATCH(text_' . $this->language . ')'), '', $query_a)->or_where('title_' . $this->language, 'like', $query_b)->and_where('published', '=', 1)->limit($this->limit)->offset($this->offset)->find_all(); } else { $list = ORM::factory('Publication')->where('title_' . $this->language, '<>', '')->where('published', '=', 1)->order_by('order', 'DESC'); $this->data['page_count'] = Paginate::factory($list)->paginate(NULL, NULL, 10)->page_count(); $list = $list->find_all(); } $pub = array(); $this->data['search'] = $search; foreach ($list as $k => $v) { $pub['id'] = $v->id; $pub['url'] = 'http://' . $_SERVER['HTTP_HOST'] . '/' . $this->language . URL::site('api/smartpublications/view/' . $v->id); $pub['title'] = $v->title; $pub['desc'] = strip_tags($v->desc); $pub['image'] = 'http://' . $_SERVER['HTTP_HOST'] . URL::media('/images/w205-h160/' . $v->picture->file_path); $this->data['publications'][] = $pub; } $this->response->body(json_encode($this->data)); }
public function action_edit() { $id = $this->request->param('id', 0); $leader = ORM::factory('Leader', $id); $errors = NULL; $uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render(); if ($post = $this->request->post()) { try { $leader->name = Security::xss_clean(Arr::get($post, 'name', '')); $leader->post = Security::xss_clean(Arr::get($post, 'post', '')); $leader->contact = Security::xss_clean(Arr::get($post, 'contact', '')); $leader->phone = Security::xss_clean(Arr::get($post, 'phone', '')); $leader->fax = Security::xss_clean(Arr::get($post, 'fax', '')); $leader->contact_name = Security::xss_clean(Arr::get($post, 'contact_name', '')); $leader->text = Security::xss_clean(Arr::get($post, 'text', '')); $leader->values($post, array('image', 'published'))->save(); $this->redirect('manage/leaders/view/' . $leader->id); } catch (ORM_Validation_Exception $e) { $errors = $e->errors($e->alias()); $this->set('errors', $errors); } } $this->set('uploader', $uploader); $this->set('item', $leader); }
public function action_index() { $qv = ORM::factory('qv')->order_by('id')->find_all(); $this->set('qv', $qv); if ($this->request->method() == Request::POST) { $input1 = Security::xss_clean(Arr::get($_POST, '1', 0)); $input2 = Security::xss_clean(Arr::get($_POST, '2', 0)); $input3 = Security::xss_clean(Arr::get($_POST, '3', 0)); $input4 = Security::xss_clean(Arr::get($_POST, '4', 0)); $input5 = Security::xss_clean(Arr::get($_POST, '5', 0)); $input6 = Security::xss_clean(Arr::get($_POST, '6', 0)); $input7 = Security::xss_clean(Arr::get($_POST, '7', 0)); $input8 = Security::xss_clean(Arr::get($_POST, '8', 0)); $input9 = Security::xss_clean(Arr::get($_POST, '9', 0)); $input10 = Security::xss_clean(Arr::get($_POST, '10', 0)); $input11 = Security::xss_clean(Arr::get($_POST, '11', 0)); $input12 = Security::xss_clean(Arr::get($_POST, '12', 0)); $input13 = Security::xss_clean(Arr::get($_POST, '13', 0)); $input14 = Security::xss_clean(Arr::get($_POST, '14', 0)); $input15 = Security::xss_clean(Arr::get($_POST, '15', 0)); $input16 = Security::xss_clean(Arr::get($_POST, '16', 0)); $input17 = Security::xss_clean(Arr::get($_POST, '17', 0)); $input18 = Security::xss_clean(Arr::get($_POST, '18', 0)); $input19 = Security::xss_clean(Arr::get($_POST, '19', 0)); $input20 = Security::xss_clean(Arr::get($_POST, '20', 0)); } }
public function action_edit() { $id = $this->request->param('id', 0); $slider = ORM::factory('Slider', $id); $type = Arr::get($_GET, 'type', 'slider'); $uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render(); $this->set('uploader', $uploader); $this->set('slider', $slider)->set('r', Url::media('manage/sliders?type=' . $type))->set('type', $type); if ($post = $this->request->post()) { if ($id == 0) { $slider_last = ORM::factory('Slider')->order_by('order', 'desc')->find(); if (!empty($slider_last->id)) { $slider->order = $slider_last->order + 1; } else { $slider->order = 1; } $slider->link_ru = Security::xss_clean(Arr::get($post, 'link', '')); $slider->link_kz = Security::xss_clean(Arr::get($post, 'link', '')); $slider->link_en = Security::xss_clean(Arr::get($post, 'link', '')); } else { $slider->link = Security::xss_clean(Arr::get($post, 'link', '')); } $slider->type = $type; $slider->title = Security::xss_clean(Arr::get($post, 'title', '')); $slider->values($post, array('image', 'is_active'))->save(); $event = $id ? 'edit' : 'create'; $loger = new Loger($event, $slider->link); $loger->log($slider); $this->redirect('manage/sliders?type=' . $type); } }
public function action_edit() { $id = $this->request->param('id', 0); $infograph = ORM::factory('Infograph', $id); $language = $infograph->loaded() ? $infograph->language : $this->language; $this->set('language', $language); $errors = NULL; $uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render(); if ($post = $this->request->post()) { try { $post['date'] = date('Y-m-d H:i:s', strtotime($post['date'])); $infograph->title = Security::xss_clean(Arr::get($post, 'title', '')); if ($infograph->id == 0) { $new_order = ORM::factory('Infograph')->find_all(); foreach ($new_order as $val) { $val->order = $val->order + 1; $val->save(); } } $infograph->values($post, array('image', 'published', 'language', 'date'))->save(); $event = $id ? 'edit' : 'create'; $loger = new Loger($event, $infograph->title); $loger->log($infograph); $this->redirect('manage/infographs/view/' . $infograph->id); } catch (ORM_Validation_Exception $e) { $errors = $e->errors($e->alias()); $this->set('errors', $errors); } } $this->set('uploader', $uploader); $this->set('item', $infograph); }
/** * Load pages from database, static view files, * or display 404 error page. */ public function action_load() { Kohana::$log->add(Kohana::DEBUG, 'Executing Controller_Cms_Page::action_load'); $page = Request::instance()->param('page'); $page = Security::xss_clean($page); // Check if page is in cache if (Kohana::$caching === TRUE and $file = Kohana::cache('page_' . $page)) { $this->template->content = $file; return; } // Default values $contents = NULL; $found = FALSE; // Check if page is in database $db = DB::select('title', 'text')->from('pages')->where('slug', '=', $page)->execute(); if ($db->count() == 1) { $contents = $db->current(); $contents = $contents['text']; $found = TRUE; } else { if (Kohana::find_file('views', 'static/' . $page)) { $contents = new View('static/' . $page); $found = TRUE; } else { Kohana::$log->add(Kohana::ERROR, 'Page controller error loading non-existent page, ' . $page); $contents = new View('errors/404'); } } if (Kohana::$caching === TRUE and $found) { Kohana::cache('page_' . $page, $contents); } $this->template->content = $contents; }
public function paginate($page = null, $link = null, $count = null) { if ($page == null) { $page = Arr::get($_GET, 'page', 1); } if (!empty($_GET['item_count'])) { $this->count = (int) Arr::get($_GET, 'item_count'); $count = $this->count; } else { if ($count == null) { $count = $this->count; } else { $this->count = (int) $count; } } if ($link == null) { $link = Request::initial()->uri(); } $count = (int) $count; $page = (int) $page; $start = $page * $count - $count; $max_page = $this->page_count(); if ($page < 1) { $page = 1; } else { $page = min($page, $max_page); } $prev = $page == 1 ? false : true; $next = $page == $max_page ? false : true; $this->orm->limit($count)->offset($start); $this->view_vars = array('page' => $page, 'max_page' => $max_page, 'key' => $this->config->get('key', 'page'), 'count' => $count, 'link' => Security::xss_clean(HTML::chars($link)), 'next' => $next, 'prev' => $prev); return Security::xss_clean(HTML::chars($this)); }
public function action_index() { $opinionId = Security::xss_clean(Arr::get($this->post, 'opinionId', '')); $voteValue = strtolower(Security::xss_clean(Arr::get($this->post, 'voteValue', ''))); if (!empty($opinionId) and !empty($voteValue)) { $user = ORM::factory('User', $this->user_id); $opinion = ORM::factory('Debate_Opinion', $opinionId); $poll_user = ORM::factory('Debate_Poll')->where('user_id', '=', $this->user_id)->and_where('branch_id', '=', $opinionId)->find(); if ($poll_user->loaded()) { $this->data['error'] = 'You have already voted'; $this->response->body(json_encode($this->data)); } elseif ($opinion->debate->author_id == $this->user_id or $opinion->debate->opponent_email == $user->email) { $this->data['error'] = 'Member can not vote'; $this->response->body(json_encode($this->data)); } else { $poll = ORM::factory('Debate_Poll'); $poll->branch_id = $opinionId; $poll->variant = 1; $poll->user_id = $this->user_id; $poll->save(); switch ($voteValue) { case 'like': $opinion->plus += 1; break; case 'dislike': $opinion->minus += 1; break; } $opinion->save(); $this->response->body(json_encode(true)); } } }
public function action_index() { $list = ORM::factory('Material')->where('is_moderator', '=', 1)->and_where('is_journal', '=', 0); $sort = Security::xss_clean(Arr::get($_GET, 'sort', 'work')); switch ($sort) { case "work": $list->and_where('status', '=', 2); $this->set('sort', 'work'); break; case "accept": $list->and_where('status', '=', 1); $this->set('sort', 'accept'); break; case "reject": $list->and_where('status', '=', 0); $this->set('sort', 'reject'); break; default: $this->set('sort', 'all'); } $list->order_by('date', 'DESC'); $paginate = Paginate::factory($list)->paginate(NULL, NULL, 10)->render(); $list = $list->find_all(); $this->set('materials', $list); $this->set('paginate', $paginate); }
/** * Verify the Facebook credentials. * * @throws Kohana_Exception * @param string the service name * @return boolean */ public function verify($service = MMI_API::SERVICE_FACEBOOK) { $access_token = NULL; if (!array_key_exists('fragment', $_GET)) { $this->_convert_fragment_to_parameter(); } else { $fragment = urldecode(Security::xss_clean($_GET['fragment'])); parse_str($fragment, $parms); $access_token = Arr::get($parms, 'access_token'); unset($parms); } // Ensure the access token is set if (empty($access_token)) { MMI_Log::log_error(__METHOD__, __LINE__, 'Access token parameter missing'); throw new Kohana_Exception('Access token parameter missing in :method.', array(':method' => __METHOD__)); } // Load existing data from the database $auth_config = $this->_auth_config; $username = Arr::get($auth_config, 'username'); $model; if (!empty($username)) { $model = Model_MMI_API_Tokens::select_by_service_and_username($service, $username, FALSE); } else { $consumer_key = Arr::get($auth_config, 'api_key'); $model = Model_MMI_API_Tokens::select_by_service_and_consumer_key($service, $consumer_key, FALSE); } $success = FALSE; $previously_verified = FALSE; if ($model->loaded()) { // Check if the credentials were previously verified $previously_verified = $model->verified; $success = $previously_verified; } if (!$previously_verified) { // Create an access token $token = new OAuthToken($access_token, $service . '-' . time()); // Update the token credentials in the database $svc = MMI_API::factory($service); if (isset($token) and $svc->is_valid_token($token)) { $encrypt = Encrypt::instance(); $model->service = $service; $model->consumer_key = 'consumer-' . $service; $model->consumer_secret = $encrypt->encode($service . '-' . time()); $model->token_key = $token->key; $model->token_secret = $encrypt->encode($token->secret); unset($encrypt); $model->verified = 1; $model->verification_code = $service . '-' . time(); $model->username = $username; if (array_key_exists('expires_in', $_GET)) { $model->attributes = array('expires_in' => urldecode(Security::xss_clean($_GET['expires_in']))); } $success = MMI_Jelly::save($model, $errors); if (!$success and $this->_debug) { MMI_Debug::dead($errors); } } } return $success; }
public function action_reply() { $id = $this->request->param('id', 0); $questions = ORM::factory('Expert_Question', $id); $cancel_url = Security::xss_clean(Arr::get($_GET, 'r', 'manage/expertquestions')); if (!$questions->loaded()) { $this->redirect($cancel_url); } $user_id = $this->user->id; $this->set('cancel_url', Url::media('manage/expertquestions/page-' . $this->page . '?sort=' . $this->sort))->set('page', $this->page)->set('sort', $this->sort); $this->set('questions', $questions); if ($this->request->method() == 'POST') { $answer = Arr::get($_POST, 'answer', ''); try { $answers = ORM::factory('Expert_Answer'); $answers->answer = $answer; $answers->date = date('Y-m-d G:i:s'); $answers->question_id = $id; $answers->respondent_id = $user_id; $answers->save(); $questions->is_answered = 1; $questions->save(); Message::success(i18n::get('The answer to the question is saved')); $this->redirect(Url::media('manage/expertquestions/page-' . $this->page . '?sort=' . $this->sort)); exit; } catch (ORM_Validation_Exception $e) { $errors = $e->errors($e->alias()); $this->set('answer', $answer); $this->set('errors', $errors); } } }
/** * Verify the Flickr credentials. * * @throws Kohana_Exception * @return boolean */ public function verify() { // Set the service $service = $this->_service; if (empty($service)) { MMI_Log::log_error(__METHOD__, __LINE__, 'Service not set'); throw new Kohana_Exception('Service not set in :method.', array(':method' => __METHOD__)); } // Ensure the frob is set $frob = NULL; if (array_key_exists('frob', $_GET)) { $frob = urldecode(Security::xss_clean($_GET['frob'])); } if (empty($frob)) { MMI_Log::log_error(__METHOD__, __LINE__, 'Frob parameter missing'); throw new Kohana_Exception('Frob parameter missing in :method.', array(':method' => __METHOD__)); } // Load existing data from the database $auth_config = $this->_auth_config; $username = Arr::get($auth_config, 'username'); $model; if (!empty($username)) { $model = Model_MMI_API_Tokens::select_by_service_and_username($service, $username, FALSE); } else { $model = Jelly::factory('MMI_API_Tokens'); } $success = FALSE; if ($model->loaded()) { // Check if the credentials were previously verified $previously_verified = $model->verified; if ($previously_verified) { $success = TRUE; } else { // Create a dummy verification code $verification_code = $service . '-' . time(); } // Do database update if (!$previously_verified) { // Get an access token $svc = MMI_API::factory($service); $token = $svc->get_access_token($verification_code, array('token_key' => $frob, 'token_secret' => $service . '-' . time())); // Update the token credentials in the database if (isset($token) and $svc->is_valid_token($token)) { $model->token_key = $token->key; $model->token_secret = Encrypt::instance()->encode($token->secret); $model->verified = 1; $model->verification_code = $verification_code; if (!empty($token->attributes)) { $model->attributes = $token->attributes; } $success = MMI_Jelly::save($model, $errors); if (!$success and $this->_debug) { MMI_Debug::dead($errors); } } } } return $success; }
public function before() { parent::before(); $this->page = Security::xss_clean((int) $this->request->param('page', 0)); if (empty($this->page)) { $this->page = 1; } }
public function addMaterial($categoryId, $content, $name, $material_image) { $this->category_id = $categoryId; $this->content = Security::xss_clean($content); $this->name = $name; $this->material_image = $material_image; $this->save(); }
/** * Save the user information. * * @param array $post */ public function save(array $post) { $avatar = Avatar::factory($this->user, array('driver' => $post['avatar-type'])); $this->user->set_property('avatar', $avatar->data($post)); $this->user->set_property('about', Security::xss_clean(Arr::get($post, 'about'))); $this->user->set_property('signature', Security::xss_clean(Arr::get($post, 'signature'))); $this->user->update(); // Save cached_properties. }
public function demo_clean() { $this->content = View::factory('demo/purifier/clean')->bind('dirty', $dirty)->bind('clean', $clean); // Get dirty input from GET or POST $dirty = Arr::get($_REQUEST, 'dirty'); if (isset($dirty)) { // Clean dirty input $clean = Security::xss_clean($dirty); } }
/** * Get all of the input and files for the request. * * @param bool $cleanse * * @return array */ public static function all($cleanse = null) { $all = static::$app['request']->all(); $global_cleanse = static::$app['config']->get('xssinput::xssinput.xss_filter_all_inputs'); if ($cleanse === true || $cleanse === NULL && $global_cleanse) { foreach ($all as &$value) { $value = Security::xss_clean($value); } } return $all; }
public function action_index() { $contents = ORM::factory('Pages_Content')->find_all(); foreach ($contents as $item) { $content = ORM::factory('Pages_Content', $item->id); $content->text_ru = Security::xss_clean($item->text_ru); $content->text_kz = Security::xss_clean($item->text_kz); $content->text_en = Security::xss_clean($item->text_en); $content->save(); set_time_limit(2500); } }
public function action_edit() { $id = (int) $this->request->param('id', 0); $minister = ORM::factory('Page', $id); $errors = 0; $minister_content = ORM::factory('Pages_Content')->where('page_id', '=', $id)->find(); $uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render(); $this->set('uploader', $uploader); if ($this->request->method() == 'POST') { try { $minister->name = Security::xss_clean($_POST['title']); //$minister->description = Security::xss_clean($_POST['desc']); $minister->key = 'minister'; $minister->static = 1; $minister->save(); $minister_content->page_id = $minister->id; $minister_content->type = 'static'; $minister_content->title = Security::xss_clean($_POST['title']); $minister_content->description = Security::xss_clean($_POST['desc']); $minister_content->date = date('Y-m-d H:i:s'); $minister_content->published = 1; $minister_content->text = Security::xss_clean($_POST['text']); $minister_content->image = (int) $_POST['image']; $minister_content->save(); //заполнение publication_type, publication_id в storage $storage = ORM::factory('Storage', $minister_content->image); $storage->publication_type = 'page'; $storage->publication_id = $minister->id; $storage->save(); $pattern = '/<img.+?src="\\/?(.+?)".*?>/'; if (preg_match_all($pattern, $_POST['text'], $matches)) { foreach ($matches[1] as $match) { $storage_path = ORM::factory('Storage')->where('file_path', 'like', $match)->find(); if ($storage_path) { $st = ORM::factory('Storage', $storage_path->id); } if ($st->loaded()) { $st->publication_type = 'page'; $st->publication_id = $minister->id; $st->save(); } } } /////////////////////////////////// $this->redirect('manage/minister/index'); } catch (ORM_Validation_Exception $e) { $errors = 1; } $this->set('errors', $errors); } $this->set('item', $minister)->set('item_cont', $minister_content); }
/** * Removes broken HTML and XSS from text using [HTMLPurifier](http://htmlpurifier.org/). * * $text = Security::xss_clean(Arr::get($_POST, 'message')); * * The original content is returned with all broken HTML and XSS removed. * * @param mixed text to clean, or an array to clean recursively * @return mixed */ public static function xss_clean($str) { if (is_array($str)) { foreach ($str as $i => $s) { // Recursively clean arrays $str[$i] = Security::xss_clean($s); } return $str; } // Load HTML Purifier $purifier = Security::htmlpurifier(); // Clean the HTML and return it return $purifier->purify($str); }
public function action_index() { $expires_time = ORM::factory('Api_Token')->where('token', '=', Security::xss_clean(Arr::get($this->post, 'tokenAuth', 0)))->find(); if ($expires_time->loaded()) { if ($this->api->token_expires($this->post['tokenAuth'], $interval = 172800)) { $this->data[] = true; } else { $this->data[] = false; } } else { $this->data[] = false; } $this->response->body(json_encode($this->data)); }
public function save($message, $table, $object_id) { $user_id = Auth::instance()->get_user()->id; $comment = ORM::factory('Comment'); try { $comment->user_id = $user_id; $comment->object_id = $object_id; $comment->table = Security::xss_clean($table); $comment->text = $message; $comment->date = date("Y:m:d H:i:s"); $comment->save(); return $comment; } catch (ORM_Validation_Exception $e) { } }
public function action_index() { $alphabet = array('ru' => array('А', 'Б', 'В', 'Г', 'Д', 'Е', 'Ё', 'Ж', 'З', 'И', 'Й', 'К', 'Л', 'М', 'Н', 'О', 'П', 'Р', 'С', 'Т', 'У', 'Ф', 'Х', 'Ц', 'Ч', 'Ш', 'Щ', 'Ъ', 'Ы', 'Ь', 'Э', 'Ю', 'Я'), 'kz' => array('А', 'Ә', 'Б', 'В', 'Г', 'Ғ', 'Д', 'Е', 'Ё', 'Ж', 'З', 'И', 'Й', 'К', 'Қ', 'Л', 'М', 'Н', 'Ң', 'О', 'Ө', 'П', 'Р', 'С', 'Т', 'У', 'Ү', 'Ұ', 'Ф', 'Х', 'Һ', 'Ц', 'Ч', 'Ш', 'Щ', 'Ъ', 'Ы', 'I', 'Ь', 'Э', 'Ю', 'Я'), 'en' => array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z')); $lang = Security::xss_clean($this->request->param('language')); foreach ($alphabet[$lang] as $alpha) { $biog = ORM::factory('Biography')->where('published', '=', 1)->where_open()->where('name_' . $lang, 'like', $alpha . '%')->or_where('name_' . $lang, 'like', '% ' . $alpha . '%')->where_close()->find(); if ($biog->loaded()) { $alphabet_new[] = $alpha; } } $this->set('alphabet', $alphabet_new); $categories1 = ORM::factory('Biography_Category')->where('era', '=', '1')->find_all(); $halyk_kaharmany = ORM::factory('Biography_Category', 9); $this->set('halyk_kaharmany', $halyk_kaharmany); $categories2 = ORM::factory('Biography_Category')->where('era', '=', '2')->find_all(); $this->set('categories1', $categories1)->set('categories2', $categories2); $category = (int) $this->request->param('category', 0); $alpha = Security::xss_clean($this->request->param('alpha', "")); //SEO. закрываем сортировку if ($alpha != '') { $sort = 1; Kotwig_View::set_global('sort', $sort); } //end_SEO $biography = ORM::factory('Biography')->where('published', '=', 1)->where('name_' . $this->language, '<>', ''); if ($category != 0) { $biography = $biography->where('category_id', '=', $category); $this->add_cumb('Personalia', 'biography'); $cat = ORM::factory('Biography_Category', $category); $this->add_cumb($cat->title, '/'); } else { $biography = $biography->where('category_id', 'NOT IN', array(3, 4, 6, 7, 8, 15)); $this->add_cumb('Personalia', '/'); } if (!empty($alpha)) { $biography = $biography->where_open()->where('name_' . $lang, 'like', $alpha . '%')->or_where('name_' . $lang, 'like', '% ' . $alpha . '%')->where_close(); } $biography = $biography->order_by('order'); $paginate = Paginate::factory($biography)->paginate(NUll, NULL, 10)->render(); $biography = $biography->find_all(); if (count($biography) == 0) { $this->set('error', I18n::get('Sorry.')); } /* метатэг description */ $biography_meta = ORM::factory('Page')->where('key', '=', 'biography_' . $category . '_1')->find(); $this->metadata->description($biography_meta->description); $this->set('list', $biography)->set('paginate', $paginate)->set('category', $category)->set('alpha', $alpha); }
public function action_coor() { $xy = Security::xss_clean($this->request->param('id', 0)); $e = explode('-', $xy); if (count($e) != 3) { throw new HTTP_Exception_404(); } $point_id = (int) $e[0]; $x = round($e[1]); $y = round($e[2]); $point = ORM::factory('Point', $point_id); $point->x = $x; $point->y = $y; $point->save(); $this->redirect('manage/maps/view/' . $point->district_id); }
public function action_edit() { $id = (int) $this->request->param('id', 0); $document = ORM::factory('Document', $id); $errors = 0; if ($this->request->method() == 'POST') { try { $document->name = Security::xss_clean($_POST['name']); $document->save(); $this->redirect('manage/documents'); } catch (ORM_Validation_Exception $e) { $errors = 1; } $this->set('errors', $errors); } $this->set('item', $document); }