Exemplo n.º 1
0
function renewSecurityHash($value)
{
    $value = preg_replace('~<!-- KFC TEXT -->~u', '', $value);
    $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u', '', $value);
    $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
    $value = $fck_text . $value . $fck_text;
    return $value;
}
Exemplo n.º 2
0
 private function _htmlTextareaSecurity($value)
 {
     if (strlen($value) != strlen(strip_tags($value))) {
         $value = preg_replace('~<!-- KFC TEXT -->~u', '', $value);
         $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u', '', $value);
         if (strlen($value) != strlen(strip_tags($value))) {
             $text_converter = $this->_environment->getTextConverter();
             if (isset($text_converter)) {
                 $value = $text_converter->cleanBadCode($value);
             }
         }
         include_once 'functions/security_functions.php';
         $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
         $value = $fck_text . $value . $fck_text;
     }
     return $value;
 }
Exemplo n.º 3
0
 /** get textarea as HTML - internal, do not use
  * this method returns a string contains an textarea in HMTL-Code
  *
  * @param array value form element: textarea, see class cs_form
  *
  * @return string textarea as HMTL
  */
 function _getTextAreaAsHTML($form_element)
 {
     $html = '';
     $form_element['value_for_output'] = '';
     $form_element['value_for_output_html'] = '';
     $form_element['value_for_output_html_security'] = '';
     $form_element['value_for_output_html_security_hidden'] = '';
     if (!empty($form_element['value'])) {
         $form_element['value_for_output'] = $this->_text_as_form($form_element['value']);
         $form_element['value_for_output_html'] = $this->_text_as_form_for_html_editor($form_element['value']);
         // value translations
         $value = str_replace('<!-- KFC TEXT -->', '', $form_element['value_for_output_html']);
         // security KFC (hidden)
         $hidden_value = str_replace('"', 'COMMSY_QUOT', $value);
         $hidden_value = str_replace('&', 'COMMSY_AMPERSEND', $hidden_value);
         $form_element['value_for_output_html_security_hidden'] = $hidden_value;
         unset($hidden_value);
         // security KFC
         $values = array();
         preg_match('~<!-- KFC TEXT ([a-z0-9]*) -->~u', $value, $values);
         if (!empty($values[1])) {
             $hash = $values[1];
             $temp_text = str_replace('<!-- KFC TEXT ' . $hash . ' -->', '', $value);
             global $c_enable_htmltextarea_security;
             if (isset($c_enable_htmltextarea_security) and !empty($c_enable_htmltextarea_security) and $c_enable_htmltextarea_security) {
                 include_once 'functions/security_functions.php';
                 if (getSecurityHash($temp_text) != $hash) {
                     $value = $this->_environment->getTextConverter()->text_as_html_long($temp_text);
                     $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
                 }
             }
         } elseif (!strstr($value, '<!-- KFC TEXT')) {
             include_once 'functions/security_functions.php';
             $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
         }
         // this is for migration of texts not insert with an HTML editor
         $value = str_replace("\n\n", '<br/><br/>', $value);
         $form_element['value_for_output_html_security'] = $value;
         unset($value);
     }
     $form_element['tabindex'] = $this->_count_form_elements;
     $this->_count_form_elements++;
     if ($form_element['with_html_area']) {
         include_once 'functions/misc_functions.php';
         $html = plugin_hook_output_all('getTextAreaAsHTML', $form_element);
     }
     if (empty($html)) {
         $vsize = '';
         $normal = '<textarea style="width:98%" name="' . $form_element['name'] . '"';
         #      $normal .= ' cols="'.$form_element['vsize'].'"';
         $normal .= ' rows="' . $form_element['hsize'] . '"';
         #      $normal .= ' wrap="'.$form_element['wrap'].'"';
         $normal .= ' tabindex="' . $form_element['tabindex'] . '"';
         if (isset($form_element['is_disabled']) and $form_element['is_disabled']) {
             $normal .= ' disabled="disabled"';
         }
         $normal .= '>';
         $specialTextArea = false;
         global $c_html_textarea;
         if (isset($c_html_textarea) and $c_html_textarea) {
             $specialTextArea = true;
         }
         $normal .= $form_element['value_for_output'];
         $normal .= '</textarea>' . LF;
         $normal .= LF;
         $current_module = $this->_environment->getCurrentModule();
         $current_function = $this->_environment->getCurrentFunction();
         if ($current_module == 'configuration' and $current_function == 'common' or $current_module == 'configuration' and $current_function == 'preferences' or $current_module == 'project' and $current_function == 'edit' or $current_module == 'community' and $current_function == 'edit') {
             if (isset($form_element['vsize']) and !empty($form_element['vsize'])) {
                 $vsize = $form_element['vsize'];
             }
             $html_status = $form_element['with_html_area_status'];
             if (!empty($html_status) and $html_status != '3') {
                 $with_htmltextarea = true;
                 // control over $form_element['with_html_area']
             } else {
                 $with_htmltextarea = false;
                 // control over $form_element['with_html_area']
             }
         } else {
             $current_context = $this->_environment->getCurrentContextItem();
             $with_htmltextarea = $current_context->withHtmlTextArea();
             $html_status = $current_context->getHtmlTextAreaStatus();
         }
         $current_browser = mb_strtolower($this->_environment->getCurrentBrowser(), 'UTF-8');
         $current_browser_version = $this->_environment->getCurrentBrowserVersion();
         if (!isset($c_html_textarea) or !$c_html_textarea or !$form_element['with_html_area'] or !$with_htmltextarea) {
             $html .= $normal;
         } elseif ($current_browser != 'msie' and $current_browser != 'firefox' and $current_browser != 'netscape' and $current_browser != 'mozilla' and $current_browser != 'camino' and $current_browser != 'opera' and $current_browser != 'safari') {
             $html .= $normal;
         } else {
             $session = $this->_environment->getSessionItem();
             if ($session->issetValue('javascript')) {
                 $javascript = $session->getValue('javascript');
                 if ($javascript == 1) {
                     include_once 'classes/cs_html_textarea.php';
                     $html_area = new cs_html_textarea();
                     $html .= $html_area->getAsHTML($form_element['name'], $form_element['value_for_output_html'], $form_element['hsize'] + 10, $html_status, $this->_count_form_elements, $vsize);
                     // hidden field for HTML editor corrections
                     // to check if a post field is a textarea
                     $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_is_textarea', 'value' => '1'));
                 } else {
                     $html .= $normal;
                 }
             } else {
                 $html .= $normal;
             }
         }
     } else {
         $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_is_textarea', 'value' => '1'));
         if (!empty($form_element['value_for_output_html_security_hidden'])) {
             $html .= LF . $this->_getHiddenFieldasHTML(array('name' => $form_element['name'] . '_fck_hidden', 'value' => $form_element['value_for_output_html_security_hidden']));
         }
     }
     return $html;
 }
Exemplo n.º 4
0
       foreach ( $extra_array[$field] as $key => $value ) {
          if ( strstr($value,'<!-- KFC TEXT') ) {
             $value = preg_replace('~<!-- KFC TEXT -->~u','',$value);
             $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u','',$value);
             $fck_text = '<!-- KFC TEXT '.getSecurityHash($value).' -->';
             $value = $fck_text.$value.$fck_text;
             $extra_array[$field][$key] = $value;
             $changed = true;
          }
       }
    } elseif ( !empty($extra_array[$field]) ) {
       $value = $extra_array[$field];
       if ( strstr($value,'<!-- KFC TEXT') ) {
          $value = preg_replace('~<!-- KFC TEXT -->~u','',$value);
          $value = preg_replace('~<!-- KFC TEXT [a-z0-9]* -->~u','',$value);
          $fck_text = '<!-- KFC TEXT '.getSecurityHash($value).' -->';
          $value = $fck_text.$value.$fck_text;
          $extra_array[$field] = $value;
          $changed = true;
       }
    }
 }
 if ($changed) {
    $extras = serialize($extra_array);
    $sql = 'UPDATE '.$table.' SET extras = "'.addslashes($extras).'" WHERE item_id = "'.$row['item_id'].'"';
    if ( isset($row['version_id']) ) {
       $version_id = $row['version_id'];
       if ( empty($version_id) ) {
          $version_id = '0';
       }
       $sql .= ' AND version_id="'.$version_id.'"';
Exemplo n.º 5
0
 function getAsHTML($name, $value = '', $hsize = '', $html_status = 1, $tabindex = '', $vsize = '', $no_discussion = true)
 {
     // some configurations
     global $c_commsy_url_path;
     if (mb_strlen($c_commsy_url_path) > 1 and mb_substr($c_commsy_url_path, mb_strlen($c_commsy_url_path) - 1) == '/') {
         $c_commsy_url_path = mb_substr($c_commsy_url_path, 0, mb_strlen($c_commsy_url_path) - 1);
     }
     global $c_fckeditor_url_path;
     if (mb_strlen($c_fckeditor_url_path) > 1 and mb_substr($c_fckeditor_url_path, mb_strlen($c_fckeditor_url_path) - 1) == '/') {
         $c_fckeditor_url_path = mb_substr($c_fckeditor_url_path, 0, mb_strlen($c_fckeditor_url_path) - 1);
     }
     global $c_fckeditor_file_path;
     if (mb_strlen($c_fckeditor_file_path) > 1 and mb_substr($c_fckeditor_file_path, mb_strlen($c_fckeditor_file_path) - 1) == '/') {
         $c_fckeditor_file_path = mb_substr($c_fckeditor_file_path, 0, mb_strlen($c_fckeditor_file_path) - 1);
     }
     // value translations
     $value = str_replace('<!-- KFC TEXT -->', '', $value);
     $temp_text = $value;
     // security KFC
     $values = array();
     preg_match('~<!-- KFC TEXT ([a-z0-9]*) -->~u', $value, $values);
     if (!empty($values[1])) {
         $hash = $values[1];
         $temp_text = str_replace('<!-- KFC TEXT ' . $hash . ' -->', '', $value);
         global $c_enable_htmltextarea_security;
         if (isset($c_enable_htmltextarea_security) and !empty($c_enable_htmltextarea_security) and $c_enable_htmltextarea_security) {
             include_once 'functions/security_functions.php';
             if (getSecurityHash($temp_text) != $hash) {
                 global $environment;
                 $value = $environment->getTextConverter()->text_as_html_long($temp_text);
                 $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
             }
         }
     } elseif (!strstr($value, '<!-- KFC TEXT')) {
         include_once 'functions/security_functions.php';
         $value = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->' . $value . '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
     }
     // this is for migration of texts not insert with FCKeditor
     $value = str_replace("\n\n", '<br/><br/>', $value);
     // now the fckeditor object
     include_once $c_fckeditor_file_path . '/fckeditor.php';
     $oFCKeditor = new FCKeditor($name);
     $oFCKeditor->BasePath = $c_fckeditor_url_path . '/';
     $oFCKeditor->Config["CustomConfigurationsPath"] = $c_commsy_url_path . '/javascript/CommSyFCKEditorConfig.js';
     $oFCKeditor->Value = $value;
     global $environment;
     $current_browser = strtolower($environment->getCurrentBrowser());
     $current_browser_version = $environment->getCurrentBrowserVersion();
     $context_item = $environment->getCurrentContextItem();
     $oFCKeditor->Width = '98%';
     $oFCKeditor->Height = round($hsize * 13.5, 0);
     $oFCKeditor->TabIndex = $tabindex;
     if ($html_status == '2') {
         $oFCKeditor->ToolbarSet = 'MinCommSy';
     } elseif ($html_status == 'homepage') {
         $oFCKeditor->ToolbarSet = 'homepage';
     } else {
         $oFCKeditor->ToolbarSet = 'CommSy';
     }
     $retour = $oFCKeditor->CreateHtml() . LF;
     // security KFC
     $hidden_value = str_replace('"', 'COMMSY_QUOT', $temp_text);
     $hidden_value = str_replace('&', 'COMMSY_AMPERSEND', $hidden_value);
     $retour .= '<input type="hidden" name="' . $name . '_fck_hidden" value="' . $hidden_value . '" />';
     return LF . $retour . LF;
 }
Exemplo n.º 6
0
<?php

require_once 'config.php';
require_once 'core.php';
//TODO: добавить возможность отправки нескольким адресатам
//TODO: добавить возможность изменения шаблона сообщения
//TODO: не отправлять hidden поля
//TODO: забирать текст label'ов
//TODO: филтровать данные, приходящие из формы
//TODO: реализовать добавление формы с помощью создания JS объекта
if ($_POST['security'] !== getSecurityHash()) {
    die('Access denied!');
}
unset($_POST['security']);
$messageBody = '';
foreach ($_POST as $key => $value) {
    $messageBody .= '<p>' . $key . ': ' . $value . '</p>';
}
$message = '<html>' . '<head><title>' . SUBJECT . '</title></head>' . '<body>' . $messageBody . '</body>' . '</html>';
$headers = array();
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-type: text/html; charset=utf-8';
$headers[] = 'From: ' . FROM . ' <' . FROM . '>';
$headers[] = 'Reply-To: ' . COMPANY_NAME . ' <' . FROM . '>';
$headers[] = 'Subject: ' . SUBJECT;
$headers[] = 'X-Mailer: PHP/' . phpversion();
if (mail(TO, SUBJECT, $message, implode("\r\n", $headers))) {
    $result = array('status' => true, 'message' => SEND_STATUS_TRUE);
    echo json_encode($result);
    exit;
} else {
Exemplo n.º 7
0
 private function _addFCKHash($value)
 {
     global $c_html_textarea;
     if (isset($c_html_textarea) and $c_html_textarea) {
         $current_context_item = $this->_environment->getCurrentContextItem();
         if (isset($current_context_item) and $current_context_item->withHtmlTextArea() or plugin_hook_method_active('getTextAreaAsHTML')) {
             $hack = false;
             if (!empty($_SERVER['HTTP_REFERER'])) {
                 $http_referer = $_SERVER['HTTP_REFERER'];
                 if (strstr($_SERVER['HTTP_REFERER'], '?')) {
                     $http_referer = substr($_SERVER['HTTP_REFERER'], 0, strpos($_SERVER['HTTP_REFERER'], '?'));
                 }
                 global $c_commsy_domain;
                 global $c_commsy_url_path;
                 global $c_single_entry_point;
                 if ($http_referer != $c_commsy_domain . $c_commsy_url_path . '/' . $c_single_entry_point) {
                     $hack = true;
                     // non hack, if only https is the difference
                     if (mb_stristr($http_referer, 'https://') and !mb_stristr($c_commsy_domain, 'https://') and $http_referer == str_replace('http://', 'https://', $c_commsy_domain) . $c_commsy_url_path . '/' . $c_single_entry_point) {
                         $hack = false;
                     }
                 }
             }
             if (!$hack) {
                 // security KFC
                 include_once 'functions/security_functions.php';
                 $fck_text = '<!-- KFC TEXT ' . getSecurityHash($value) . ' -->';
                 $value = $fck_text . $value . $fck_text;
             }
         }
     }
     return $value;
 }