Exemplos de código com sanitize_variables em PHP

Exemplo n.º 1

0

Exibir arquivo

Arquivo: class.articles.php Projeto: BackupTheBerlios/allegory-svn

 function edit($timestamp, $user)
 {
     # Remove unwanted stuff!
     $_POST[article][content] = html2specialchars(sanitize_variables($_POST[article][content]));
     $_POST[article][title] = sanitize_variables($_POST[article][title]);
     $_POST[article][category] = sanitize_variables($_POST[article][category]);
     $_POST[article][views] = sanitize_variables($_POST[article][views]);
     $savecats = implode(", ", $_POST[article][category]);
     # Put the posted and santitized stuff into an array for saving
     $data = array("date" => stripslashes($_POST[article][date]), "content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => "", "lastedit" => stripslashes($user), "category" => stripslashes($savecats), "views" => stripslashes($_POST[article][views]));
     if (defined("KNIFESQL")) {
         $db = KArticles::connect();
         $oldarticle = KArticles::getarticle($timestamp);
         $data[author] = $oldarticle[author];
         foreach ($data as $key => $value) {
             $value = addslashes($value);
             $data[$key] = $value;
         }
         $sql = "UPDATE articles SET category='{$data['category']}', author='{$data['author']}', lastedit='{$data['lastedit']}', title='{$data['title']}', content='{$data['content']}', views='{$data['views']}' WHERE articleid = '{$timestamp}'";
         $result = mysql_query($sql) or die('Edit Query failed: ' . mysql_error());
         return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>";
     } else {
         $dataclass = KArticles::connect();
         if ($article = KArticles::getarticle($timestamp)) {
             $data[author] = $article[author];
             $dataclass->settings['articles'][$timestamp] = $data;
             $dataclass->save();
             return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>";
         } else {
             return "Invalid article.";
         }
     }
 }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: class.users.php Projeto: BackupTheBerlios/allegory-svn

 function add()
 {
     global $Settings;
     $now = time();
     $db = KUsers::connect();
     $currentusers = KUsers::getusers();
     # Remove unwanted stuff!
     $_POST[adduser][name] = sanitize_variables($_POST[adduser][name]);
     $_POST[adduser][password] = sanitize_variables($_POST[adduser][password]);
     $_POST[adduser][password] = md5($_POST[adduser][password]);
     $_POST[adduser][password] = sha1($_POST[adduser][password] . $Settings->unique);
     $savecats = implode(", ", $_POST[adduser][category]);
     $_POST[adduser][email] = sanitize_variables($_POST[adduser][email]);
     $_POST[adduser][url] = sanitize_variables($_POST[adduser][url]);
     $_POST[adduser][profile] = sanitize_variables($_POST[adduser][profile]);
     $adduserkey = urlTitle($_POST[adduser][name]);
     if (array_key_exists($adduserkey, $currentusers)) {
         $statusmessage = "User &quot;{$adduserkey}&quot; already exists in the database!<br /><a href=\"javascript:history.go(-1);\">How about choosing another name?</a>";
     } else {
         $data = array("registered" => stripslashes($now), "lastlogin" => "", "nickname" => stripslashes($_POST[adduser][nickname]), "password" => stripslashes($_POST[adduser][password]), "email" => stripslashes($_POST[adduser][email]), "url" => stripslashes($_POST[adduser][url]), "profile" => stripslashes($_POST[adduser][profile]), "level" => stripslashes($_POST[adduser][level]), "cats" => stripslashes($savecats));
         $db->settings['users'][$adduserkey] = $data;
         $db->save();
         # Give the user a status message
         $statusmessage = "User &quot;{$adduserkey}&quot; successfully added";
     }
     return $statusmessage;
 }

Exemplo n.º 3

0

Exibir arquivo

Arquivo: class.articles.php Projeto: BackupTheBerlios/ajfork-svn

 function add($author)
 {
     # Get current time
     $now = time();
     # Remove dangerous stuff
     $_POST[article][content] = sanitize_variables($_POST[article][content]);
     $_POST[article][title] = sanitize_variables($_POST[article][title]);
     $_POST[article][category] = sanitize_variables($_POST[article][category]);
     # Implode the category array
     $savecats = implode(", ", $_POST[article][category]);
     # Enter it all into an array for use later
     $data = array("timestamp" => $now, "content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => stripslashes($author), "category" => stripslashes($savecats), "views" => "0");
     # hook to add custom fields here.
     #	$data = run_filters('admin-new-savedata', $data);
     if (defined("KNIFESQL")) {
         $dataclass = KArticles::connect();
         $write_sql = "INSERT INTO articles VALUES ('{$data['timestamp']}', '{$data['category']}', '{$data['author']}', '{$data['title']}', '{$data['content']}', '{$data['views']}')";
         $result = mysql_query($write_sql) or die('Query failed: ' . mysql_error());
         $statusmessage = i18n("generic_article") . " &quot;{$data['title']}&quot; " . i18n("write_published");
         return $statusmessage;
     } else {
         $dataclass = KArticles::connect();
         $dataclass->settings['articles'][$now] = $data;
         $dataclass->save();
         # Give the user a status message
         $statusmessage = i18n("generic_article") . " &quot;{$data['title']}&quot; " . i18n("write_published");
         return $statusmessage;
     }
 }

Exemplo n.º 4

0

Exibir arquivo

Arquivo: users.php Projeto: BackupTheBerlios/ajfork-svn

        $statusmessage = "User &quot;{$adduserkey}&quot; successfully added";
    }
}
if ($_POST[edituser]) {
    #
    #	Edit user (Routine)
    #
    $now = time();
    $dataclass = new SettingsStorage('settings');
    $currentusers = $dataclass->settings['users'];
    # Remove unwanted stuff!
    $_POST[edituser][name] = sanitize_variables($_POST[edituser][name]);
    $_POST[edituser][password] = sanitize_variables($_POST[edituser][password]);
    $_POST[edituser][email] = sanitize_variables($_POST[edituser][email]);
    $_POST[edituser][url] = sanitize_variables($_POST[edituser][url]);
    $_POST[edituser][profile] = sanitize_variables($_POST[edituser][profile]);
    $adduserkey = urlTitle($_POST[edituser][name]);
    if (!array_key_exists($adduserkey, $currentusers)) {
        $statusmessage = "User &quot;{$adduserkey}&quot; does not exist.<br /><a href=\"javascript:history.go(-1);\">How about choosing another name?</a>";
    } else {
        $olduser = $currentusers[$adduserkey];
        # has the password changed?
        if ($_POST[edituser][password] != "") {
            $_POST[edituser][password] = md5($_POST[edituser][password]);
            $_POST[edituser][password] = sha1($_POST[edituser][password] . UNIQUE);
            $passchange = "y";
        } else {
            $_POST[edituser][password] = $olduser[password];
        }
        $data = array("registered" => stripslashes($olduser[registered]), "nickname" => stripslashes($_POST[edituser][nickname]), "password" => stripslashes($_POST[edituser][password]), "email" => stripslashes($_POST[edituser][email]), "url" => stripslashes($_POST[edituser][url]), "profile" => stripslashes($_POST[edituser][profile]), "level" => stripslashes($_POST[edituser][level]));
        $dataclass->settings['users'][$adduserkey] = $data;

Exemplo n.º 5

0

Exibir arquivo

Arquivo: class.comments.php Projeto: BackupTheBerlios/allegory-svn

 function add($articleid)
 {
     $newcommentid = time();
     $ip = $_SERVER["REMOTE_ADDR"];
     if (!validate_ip($ip)) {
         $ip = "127.0.0.2";
     }
     $data = array('date' => $newcommentid, 'parentcid' => stripslashes(sanitize_variables($_GET[replyto])), 'name' => stripslashes(sanitize_variables($_POST[comment][name])), 'email' => stripslashes(sanitize_variables($_POST[comment][email])), 'url' => stripslashes(sanitize_variables($_POST[comment][url])), 'ip' => $ip, 'browser' => sanitize_variables($_SERVER["HTTP_USER_AGENT"]), 'content' => stripslashes(sanitize_variables($_POST[comment][content])));
     print_r($data);
     $newcommentid = 'c' . $newcommentid;
     if (defined("KNIFESQL")) {
         $class = KComments::connect();
         $write_sql = "INSERT INTO comments VALUES ('{$articleid}', '{$newcommentid}', '{$data['parentcid']}', '{$data['name']}', '{$data['email']}', '{$data['url']}', '{$data['ip']}', '{$data['browser']}', '{$data['content']}')";
         $result = mysql_query($write_sql) or die('Query failed: ' . mysql_error());
         return true;
     } else {
         $class = KComments::connect();
         $class->settings[$articleid][$newcommentid] = $data;
         $class->save();
         return true;
     }
 }

Exemplo n.º 6

0

Exibir arquivo

Arquivo: options.php Projeto: BackupTheBerlios/allegory-svn

					<p>';
    $main_content .= makeDropDown($alltemplates, "addcat[template]", "");
    $main_content .= ' <label>' . i18n("categories_defaulttpl") . '</label>
					</p>
					<p>
						<input class="add" type="submit" value="' . i18n("categories_add") . '" />
					</p>
			</fieldset>
		</form>	
	</div>
	</div>';
}
if ($_POST[addcat]) {
    #
    #	Add a new category (Routine)
    #
    $now = time();
    # Remove unwanted stuff!
    $_POST[addcat][name] = sanitize_variables($_POST[addcat][name]);
    $_POST[addcat][template] = sanitize_variables($_POST[addcat][template]);
    $data = array("name" => stripslashes($_POST[addcat][name]), "template" => stripslashes($_POST[addcat][template]));
    $settingclass->settings['categories'][] = $data;
    $settingclass->save();
    # Give the user a status message
    $statusmessage = "Category &quot;{$data['name']}&quot; added";
}
#
#	Delete a category (Routine)
#
if ($_GET[action] && $_GET[catid]) {
}

Exemplo n.º 7

0

Exibir arquivo

Arquivo: edit.php Projeto: BackupTheBerlios/ajfork-svn

    }
    $main_content .= '</div>';
}
#
#	Edit article routine
#
if ($_POST[id] && !$_POST[editlist][submit] && !$_POST[preview]) {
    $id = $_POST[id];
    $dataclass = new ArticleStorage('storage');
    $articles = $dataclass->settings['articles'];
    $oldart = $articles[$id];
    # Remove unwanted stuff!
    $_POST[article][content] = sanitize_variables($_POST[article][content]);
    $_POST[article][title] = sanitize_variables($_POST[article][title]);
    $_POST[article][category] = sanitize_variables($_POST[article][category]);
    $_POST[article][views] = sanitize_variables($_POST[article][views]);
    $savecats = implode(", ", $_POST[article][category]);
    # Put the posted and santitized stuff into an array for saving
    $data = array("content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => stripslashes($oldart[author]), "lastedit" => stripslashes($User->username), "category" => stripslashes($savecats), "views" => stripslashes($_POST[article][views]));
    # hook to add custom fields here.
    #	$data = run_filters('admin-new-savedata', $data);
    $dataclass->settings['articles'][$id] = $data;
    $dataclass->save();
    $moduletitle = "Edit &quot;{$data['title']}&quot;";
    # Give the user a status message
    $statusmessage = "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>";
}
#
#	If preview
#
if ($_POST[preview]) {

Exemplo n.º 8

0

Exibir arquivo

Arquivo: template.php Projeto: BackupTheBerlios/ajfork-svn

if ($User->level < 4) {
    die(i18n("login_noaccess"));
}
include "options.php";
$moduletitle = i18n("templates_moduletitle");
function html2specialchars($str)
{
    $trans_table = array_flip(get_html_translation_table(HTML_SPECIALCHARS));
    return strtr($str, $trans_table);
}
#	Fetch and set up needed data
$settingclass = new SettingsStorage('settings');
$templates = $settingclass->settings['templates'];
if ($_POST[template] && !$_POST["switch"]) {
    $id = sanitize_variables(stripslashes($_POST[template][id]));
    $templateid = sanitize_variables(stripslashes($_POST[template][id]));
    $data = array("name" => html2specialchars(stripslashes($_POST[template][name])), "listing" => html2specialchars(stripslashes($_POST[template][listing])), "view" => html2specialchars(stripslashes($_POST[template][view])), "comment" => html2specialchars(stripslashes($_POST[template][comment])), "quote" => html2specialchars(stripslashes($_POST[template][quote])), "commentform" => html2specialchars(stripslashes($_POST[template][commentform])));
    $settingclass->settings['templates'][$id] = $data;
    $settingclass->save();
    $statusmessage = "Template &quot;{$data['name']}&quot; updated <br /><a href=\"javascript:history.go(-1);\">Go back</a>";
}
if ($_POST[changet]) {
    $chtdo = $_POST[changet];
    #
    #	Delete template
    #
    if ($chtdo["delete"]) {
        $id = $_POST[id];
        $moduletitle = "Delete Template";
        $deletedtplname = $templates[$id][name];
        if ($deletedtplname != "Default") {

Exemplos de sanitize_variables em PHP