function request() { if (isset($this->__request)) { $request = $this->__request; } else { $request = parent::request(); $request->filter = array(array('pattern' => '/(&#*\\w+)[\\x00-\\x20]+;/u', 'replace' => '$1;'), array('pattern' => '/(&#x*[0-9A-F]+);*/iu', 'replace' => '$1;'), array('pattern' => '#(<[^>]+?[\\x00-\\x20"\'])(?:on|xmlns)[^>]*+>#iu', 'replace' => '$1>'), array('pattern' => '#([a-z]*)[\\x00-\\x20]*=[\\x00-\\x20]*([`\'"]*)[\\x00-\\x20]*j[\\x00-\\x20]*a[\\x00-\\x20]*v[\\x00-\\x20]*a[\\x00-\\x20]*s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:#iu', 'replace' => '$1=$2nojavascript...'), array('pattern' => '#([a-z]*)[\\x00-\\x20]*=([\'"]*)[\\x00-\\x20]*v[\\x00-\\x20]*b[\\x00-\\x20]*s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:#iu', 'replace' => '$1=$2novbscript...'), array('pattern' => '#([a-z]*)[\\x00-\\x20]*=([\'"]*)[\\x00-\\x20]*-moz-binding[\\x00-\\x20]*:#u', 'replace' => '$1=$2nomozbinding...'), array('pattern' => '#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?expression[\\x00-\\x20]*\\([^>]*+>#i', 'replace' => '$1>'), array('pattern' => '#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?behaviour[\\x00-\\x20]*\\([^>]*+>#i', 'replace' => '$1>'), array('pattern' => '#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:*[^>]*+>#iu', 'replace' => '$1>'), array('pattern' => '#</*\\w+:\\w[^>]*+>#i', 'replace' => ''), array('pattern' => '#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml|a)[^>]*+>#i', 'replace' => '')); $this->__request = $request; } return $request; }
require_once "{$RootDir}/include/user.inc.php"; require_once "{$RootDir}/include/openqrm-server-config.php"; require_once "{$RootDir}/class/storage.class.php"; require_once "{$RootDir}/class/image.class.php"; require_once "{$RootDir}/class/kernel.class.php"; require_once "{$RootDir}/class/resource.class.php"; require_once "{$RootDir}/class/appliance.class.php"; require_once "{$RootDir}/class/deployment.class.php"; require_once "{$RootDir}/class/plugin.class.php"; require_once "{$RootDir}/class/event.class.php"; require_once "{$RootDir}/class/openqrm_server.class.php"; // filter inputs require_once $RootDir . '/class/htmlobjects/htmlobject.class.php'; require_once $RootDir . '/include/requestfilter.inc.php'; $html = new htmlobject($RootDir . '/class/htmlobjects/'); $request = $html->request(); $request->filter = $requestfilter; global $IMAGE_INFO_TABLE; global $DEPLOYMENT_INFO_TABLE; global $KERNEL_INFO_TABLE; global $STORAGETYPE_INFO_TABLE; global $OPENQRM_SERVER_BASE_DIR; // user/role authentication if ($OPENQRM_USER->role != "administrator") { $event->log("authorization", $_SERVER['REQUEST_TIME'], 1, "local-server-action", "Un-Authorized access to lvm-actions from {$OPENQRM_USER->name}", "", "", 0, 0, 0); exit; } $local_server_command = $request->get('local_server_command'); $local_server_id = $request->get('local_server_id'); $local_server_root_device = $request->get('local_server_root_device'); $local_server_root_device_type = $request->get('local_server_root_device_type');