function renewSecurityHash($value) { $value = preg_replace('~<!-- KFC TEXT -->~u', '', $value); $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u', '', $value); $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; $value = $fck_text . $value . $fck_text; return $value; }
private function _htmlTextareaSecurity($value) { if (strlen($value) != strlen(strip_tags($value))) { $value = preg_replace('~<!-- KFC TEXT -->~u', '', $value); $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u', '', $value); if (strlen($value) != strlen(strip_tags($value))) { $text_converter = $this->_environment->getTextConverter(); if (isset($text_converter)) { $value = $text_converter->cleanBadCode($value); } } include_once 'functions/security_functions.php'; $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; $value = $fck_text . $value . $fck_text; } return $value; }
/** get textarea as HTML - internal, do not use * this method returns a string contains an textarea in HMTL-Code * * @param array value form element: textarea, see class cs_form * * @return string textarea as HMTL */ function _getTextAreaAsHTML($form_element) { $html = ''; $form_element['value_for_output'] = ''; $form_element['value_for_output_html'] = ''; $form_element['value_for_output_html_security'] = ''; $form_element['value_for_output_html_security_hidden'] = ''; if (!empty($form_element['value'])) { $form_element['value_for_output'] = $this->_text_as_form($form_element['value']); $form_element['value_for_output_html'] = $this->_text_as_form_for_html_editor($form_element['value']); // value translations $value = str_replace('<!-- KFC TEXT -->', '', $form_element['value_for_output_html']); // security KFC (hidden) $hidden_value = str_replace('"', 'COMMSY_QUOT', $value); $hidden_value = str_replace('&', 'COMMSY_AMPERSEND', $hidden_value); $form_element['value_for_output_html_security_hidden'] = $hidden_value; unset($hidden_value); // security KFC $values = array(); preg_match('~<!-- KFC TEXT ([a-z0-9]*) -->~u', $value, $values); if (!empty($values[1])) { $hash = $values[1]; $temp_text = str_replace('<!-- KFC TEXT ' . $hash . ' -->', '', $value); global $c_enable_htmltextarea_security; if (isset($c_enable_htmltextarea_security) and !empty($c_enable_htmltextarea_security) and $c_enable_htmltextarea_security) { include_once 'functions/security_functions.php'; if (getSecurityHash($temp_text) != $hash) { $value = $this->_environment->getTextConverter()->text_as_html_long($temp_text); $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; } } } elseif (!strstr($value, '<!-- KFC TEXT')) { include_once 'functions/security_functions.php'; $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; } // this is for migration of texts not insert with an HTML editor $value = str_replace("\n\n", '<br/><br/>', $value); $form_element['value_for_output_html_security'] = $value; unset($value); } $form_element['tabindex'] = $this->_count_form_elements; $this->_count_form_elements++; if ($form_element['with_html_area']) { include_once 'functions/misc_functions.php'; $html = plugin_hook_output_all('getTextAreaAsHTML', $form_element); } if (empty($html)) { $vsize = ''; $normal = '<textarea style="width:98%" name="' . $form_element['name'] . '"'; # $normal .= ' cols="'.$form_element['vsize'].'"'; $normal .= ' rows="' . $form_element['hsize'] . '"'; # $normal .= ' wrap="'.$form_element['wrap'].'"'; $normal .= ' tabindex="' . $form_element['tabindex'] . '"'; if (isset($form_element['is_disabled']) and $form_element['is_disabled']) { $normal .= ' disabled="disabled"'; } $normal .= '>'; $specialTextArea = false; global $c_html_textarea; if (isset($c_html_textarea) and $c_html_textarea) { $specialTextArea = true; } $normal .= $form_element['value_for_output']; $normal .= '</textarea>' . LF; $normal .= LF; $current_module = $this->_environment->getCurrentModule(); $current_function = $this->_environment->getCurrentFunction(); if ($current_module == 'configuration' and $current_function == 'common' or $current_module == 'configuration' and $current_function == 'preferences' or $current_module == 'project' and $current_function == 'edit' or $current_module == 'community' and $current_function == 'edit') { if (isset($form_element['vsize']) and !empty($form_element['vsize'])) { $vsize = $form_element['vsize']; } $html_status = $form_element['with_html_area_status']; if (!empty($html_status) and $html_status != '3') { $with_htmltextarea = true; // control over $form_element['with_html_area'] } else { $with_htmltextarea = false; // control over $form_element['with_html_area'] } } else { $current_context = $this->_environment->getCurrentContextItem(); $with_htmltextarea = $current_context->withHtmlTextArea(); $html_status = $current_context->getHtmlTextAreaStatus(); } $current_browser = mb_strtolower($this->_environment->getCurrentBrowser(), 'UTF-8'); $current_browser_version = $this->_environment->getCurrentBrowserVersion(); if (!isset($c_html_textarea) or !$c_html_textarea or !$form_element['with_html_area'] or !$with_htmltextarea) { $html .= $normal; } elseif ($current_browser != 'msie' and $current_browser != 'firefox' and $current_browser != 'netscape' and $current_browser != 'mozilla' and $current_browser != 'camino' and $current_browser != 'opera' and $current_browser != 'safari') { $html .= $normal; } else { $session = $this->_environment->getSessionItem(); if ($session->issetValue('javascript')) { $javascript = $session->getValue('javascript'); if ($javascript == 1) { include_once 'classes/cs_html_textarea.php'; $html_area = new cs_html_textarea(); $html .= $html_area->getAsHTML($form_element['name'], $form_element['value_for_output_html'], $form_element['hsize'] + 10, $html_status, $this->_count_form_elements, $vsize); // hidden field for HTML editor corrections // to check if a post field is a textarea $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_is_textarea', 'value' => '1')); } else { $html .= $normal; } } else { $html .= $normal; } } } else { $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_is_textarea', 'value' => '1')); if (!empty($form_element['value_for_output_html_security_hidden'])) { $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_fck_hidden', 'value' => $form_element['value_for_output_html_security_hidden'])); } } return $html; }
foreach ( $extra_array[$field] as $key => $value ) { if ( strstr($value,'<!-- KFC TEXT') ) { $value = preg_replace('~<!-- KFC TEXT -->~u','',$value); $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u','',$value); $fck_text = '<!-- KFC TEXT '.getSecurityHash($value).' -->'; $value = $fck_text.$value.$fck_text; $extra_array[$field][$key] = $value; $changed = true; } } } elseif ( !empty($extra_array[$field]) ) { $value = $extra_array[$field]; if ( strstr($value,'<!-- KFC TEXT') ) { $value = preg_replace('~<!-- KFC TEXT -->~u','',$value); $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u','',$value); $fck_text = '<!-- KFC TEXT '.getSecurityHash($value).' -->'; $value = $fck_text.$value.$fck_text; $extra_array[$field] = $value; $changed = true; } } } if ($changed) { $extras = serialize($extra_array); $sql = 'UPDATE '.$table.' SET extras = "'.addslashes($extras).'" WHERE item_id = "'.$row['item_id'].'"'; if ( isset($row['version_id']) ) { $version_id = $row['version_id']; if ( empty($version_id) ) { $version_id = '0'; } $sql .= ' AND version_id="'.$version_id.'"';
function getAsHTML($name, $value = '', $hsize = '', $html_status = 1, $tabindex = '', $vsize = '', $no_discussion = true) { // some configurations global $c_commsy_url_path; if (mb_strlen($c_commsy_url_path) > 1 and mb_substr($c_commsy_url_path, mb_strlen($c_commsy_url_path) - 1) == '/') { $c_commsy_url_path = mb_substr($c_commsy_url_path, 0, mb_strlen($c_commsy_url_path) - 1); } global $c_fckeditor_url_path; if (mb_strlen($c_fckeditor_url_path) > 1 and mb_substr($c_fckeditor_url_path, mb_strlen($c_fckeditor_url_path) - 1) == '/') { $c_fckeditor_url_path = mb_substr($c_fckeditor_url_path, 0, mb_strlen($c_fckeditor_url_path) - 1); } global $c_fckeditor_file_path; if (mb_strlen($c_fckeditor_file_path) > 1 and mb_substr($c_fckeditor_file_path, mb_strlen($c_fckeditor_file_path) - 1) == '/') { $c_fckeditor_file_path = mb_substr($c_fckeditor_file_path, 0, mb_strlen($c_fckeditor_file_path) - 1); } // value translations $value = str_replace('<!-- KFC TEXT -->', '', $value); $temp_text = $value; // security KFC $values = array(); preg_match('~<!-- KFC TEXT ([a-z0-9]*) -->~u', $value, $values); if (!empty($values[1])) { $hash = $values[1]; $temp_text = str_replace('<!-- KFC TEXT ' . $hash . ' -->', '', $value); global $c_enable_htmltextarea_security; if (isset($c_enable_htmltextarea_security) and !empty($c_enable_htmltextarea_security) and $c_enable_htmltextarea_security) { include_once 'functions/security_functions.php'; if (getSecurityHash($temp_text) != $hash) { global $environment; $value = $environment->getTextConverter()->text_as_html_long($temp_text); $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; } } } elseif (!strstr($value, '<!-- KFC TEXT')) { include_once 'functions/security_functions.php'; $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; } // this is for migration of texts not insert with FCKeditor $value = str_replace("\n\n", '<br/><br/>', $value); // now the fckeditor object include_once $c_fckeditor_file_path . '/fckeditor.php'; $oFCKeditor = new FCKeditor($name); $oFCKeditor->BasePath = $c_fckeditor_url_path . '/'; $oFCKeditor->Config["CustomConfigurationsPath"] = $c_commsy_url_path . '/javascript/CommSyFCKEditorConfig.js'; $oFCKeditor->Value = $value; global $environment; $current_browser = strtolower($environment->getCurrentBrowser()); $current_browser_version = $environment->getCurrentBrowserVersion(); $context_item = $environment->getCurrentContextItem(); $oFCKeditor->Width = '98%'; $oFCKeditor->Height = round($hsize * 13.5, 0); $oFCKeditor->TabIndex = $tabindex; if ($html_status == '2') { $oFCKeditor->ToolbarSet = 'MinCommSy'; } elseif ($html_status == 'homepage') { $oFCKeditor->ToolbarSet = 'homepage'; } else { $oFCKeditor->ToolbarSet = 'CommSy'; } $retour = $oFCKeditor->CreateHtml() . LF; // security KFC $hidden_value = str_replace('"', 'COMMSY_QUOT', $temp_text); $hidden_value = str_replace('&', 'COMMSY_AMPERSEND', $hidden_value); $retour .= '<input type="hidden" name="' . $name . '_fck_hidden" value="' . $hidden_value . '" />'; return LF . $retour . LF; }
<?php require_once 'config.php'; require_once 'core.php'; //TODO: добавить возможность отправки нескольким адресатам //TODO: добавить возможность изменения шаблона сообщения //TODO: не отправлять hidden поля //TODO: забирать текст label'ов //TODO: филтровать данные, приходящие из формы //TODO: реализовать добавление формы с помощью создания JS объекта if ($_POST['security'] !== getSecurityHash()) { die('Access denied!'); } unset($_POST['security']); $messageBody = ''; foreach ($_POST as $key => $value) { $messageBody .= '<p>' . $key . ': ' . $value . '</p>'; } $message = '<html>' . '<head><title>' . SUBJECT . '</title></head>' . '<body>' . $messageBody . '</body>' . '</html>'; $headers = array(); $headers[] = 'MIME-Version: 1.0'; $headers[] = 'Content-type: text/html; charset=utf-8'; $headers[] = 'From: ' . FROM . ' <' . FROM . '>'; $headers[] = 'Reply-To: ' . COMPANY_NAME . ' <' . FROM . '>'; $headers[] = 'Subject: ' . SUBJECT; $headers[] = 'X-Mailer: PHP/' . phpversion(); if (mail(TO, SUBJECT, $message, implode("\r\n", $headers))) { $result = array('status' => true, 'message' => SEND_STATUS_TRUE); echo json_encode($result); exit; } else {
private function _addFCKHash($value) { global $c_html_textarea; if (isset($c_html_textarea) and $c_html_textarea) { $current_context_item = $this->_environment->getCurrentContextItem(); if (isset($current_context_item) and $current_context_item->withHtmlTextArea() or plugin_hook_method_active('getTextAreaAsHTML')) { $hack = false; if (!empty($_SERVER['HTTP_REFERER'])) { $http_referer = $_SERVER['HTTP_REFERER']; if (strstr($_SERVER['HTTP_REFERER'], '?')) { $http_referer = substr($_SERVER['HTTP_REFERER'], 0, strpos($_SERVER['HTTP_REFERER'], '?')); } global $c_commsy_domain; global $c_commsy_url_path; global $c_single_entry_point; if ($http_referer != $c_commsy_domain . $c_commsy_url_path . '/' . $c_single_entry_point) { $hack = true; // non hack, if only https is the difference if (mb_stristr($http_referer, 'https://') and !mb_stristr($c_commsy_domain, 'https://') and $http_referer == str_replace('http://', 'https://', $c_commsy_domain) . $c_commsy_url_path . '/' . $c_single_entry_point) { $hack = false; } } } if (!$hack) { // security KFC include_once 'functions/security_functions.php'; $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->'; $value = $fck_text . $value . $fck_text; } } } return $value; }