/**
* Sanitizes a username, stripping out unsafe characters.
*
* Removes tags, octets, entities, and if strict is enabled, will only keep
* alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
* raw username (the username in the parameter), and the value of $strict as
* parameters for the 'sanitize_user' filter.
*
* @param string $username The username to be sanitized.
* @param bool $strict If set limits $username to specific characters. Default false.
* @return string The sanitized username, after passing through filters.
*/
function sanitize_user($username, $strict = false)
{
$raw_username = $username;
$username = strip_all_tags($username);
// Kill octets
$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
$username = preg_replace('/&.+?;/', '', $username);
// Kill entities
// If strict, reduce to ASCII for max portability.
if ($strict) {
$username = preg_replace('|[^a-z0-9 _.\\-@]|i', '', $username);
}
$username = trim($username);
// Consolidate contiguous whitespace
$username = preg_replace('|\\s+|', ' ', $username);
return $raw_username;
}
switch ($action) {
case 'delete':
delete_lh($lh);
cm_redirect(admin_url("lecture-edit.php"));
break;
case 'edit':
$editing = true;
$lh = get_lh_to_edit($lh);
setup_lhdata($lh);
$title = __("Chỉnh sửa giảng đường - ") . get_lh_name();
require_once 'template-loader.php';
break;
case 'update':
$new_lh_data['name'] = strip_all_tags($_POST['lh_name']);
$new_lh_data['address'] = strip_all_tags($_POST['lh_address']);
$redirect = admin_url("lecture-hall.php?action=edit&lh={$lh}");
$cmdb->update($cmdb->lecture_hall, $new_lh_data, array("lh_id" => $lh));
cm_redirect($redirect);
break;
case 'new':
//$lh=0;
$new_lh_data['name'] = strip_all_tags($_POST['lh_name']);
$new_lh_data['address'] = strip_all_tags($_POST['lh_address']);
$cmdb->insert($cmdb->lecture_hall, $new_lh_data);
if ($redirect_to) {
$redirect = urldecode($redirect_to);
} else {
$redirect = admin_url("lecture-edit.php");
}
cm_redirect($redirect);
}
function trim_word($text, $limit = 45, $more = '...')
{
$text = strip_all_tags($text);
$array = preg_split("/[\n\r\t ]+/", $text, $limit + 1, PREG_SPLIT_NO_EMPTY);
array_pop($array);
$text = implode(' ', $array);
return $text . $more;
}
function html_excerpt($str, $count, $more = null)
{
//function taken from Wordpress
if (null === $more) {
$more = '';
}
$str = strip_all_tags($str, true);
$excerpt = mb_substr($str, 0, $count);
// remove part of an entity at the end
$excerpt = preg_replace('/&[^;\\s]{0,6}$/', '', $excerpt);
if ($str != $excerpt) {
$excerpt = trim($excerpt) . $more;
}
return $excerpt;
}
function processReport($rmoVers, $url, $problem_type, $description, $behind_login, $platform, $oscpu, $gecko, $product, $useragent, $buildconfig, $language, $email, $sysid, $screenshot = null, $screenshot_format = null, $charset = null)
{
global $config;
if ($config['service_active'] == false) {
return new serverReturn(false, 'SERVER', 'The service is currently unavailable. Please try again in a few minutes.');
}
/**********
* Sanitize and Validate
**********/
// Remove any HTML tags and whitespace
$rmoVers = trim(strip_all_tags($rmoVers));
$url = trim(strip_all_tags($url));
$problem_type = trim(strip_all_tags($problem_type));
$description = trim(strip_all_tags($description));
$behind_login = trim(strip_all_tags($behind_login));
$platform = trim(strip_all_tags($platform));
$oscpu = trim(strip_all_tags($oscpu));
$gecko = trim(strip_all_tags($gecko));
$product = trim(strip_all_tags($product));
$useragent = trim(strip_all_tags($useragent));
$buildconfig = trim(strip_all_tags($buildconfig));
$language = trim(strip_all_tags($language));
$email = trim(strip_all_tags($email));
$sysid = trim(strip_all_tags($sysid));
$screenshot_format = trim(strip_all_tags($screenshot_format));
$screenshot_width = trim(strip_all_tags($screenshot_width));
$screenshot_height = trim(strip_all_tags($screenshot_height));
$charset = trim(strip_all_tags($charset));
// check verison
if ($rmoVers < $config['min_vers']) {
return new serverReturn(false, 'CLIENT', 'Your product is out of date, please upgrade. Visit http://www.getfirefox.com for a newer version', $rmoVers);
}
$parsedUrl = parse_url($url);
if (!$url || !$parsedUrl['host']) {
return new serverReturn(false, 'CLIENT', 'url must use a valid URL syntax http://mozilla.com/page', $url);
}
if (!$problem_type || $problem_type == -1 || $problem_type == "0") {
}
if ($behind_login != 1 && $behind_login != 0) {
return new serverReturn(false, 'CLIENT', 'behind_login must be type bool int', $behind_login);
}
if (!$platform) {
return new serverReturn(false, 'CLIENT', 'Invalid Platform Type', $platform);
}
if (!$product) {
return new serverReturn(false, 'CLIENT', 'Invalid Product', $product);
}
if (!$language) {
return new serverReturn(false, 'CLIENT', 'Invalid Localization', $language);
}
/* We don't explicity require this since some older clients may not return this.
if (!$gecko) {
return new serverReturn(false, 'CLIENT', 'Invalid Gecko ID', $gecko);
}
*/
if (!$oscpu) {
return new serverReturn(false, 'CLIENT', 'Invalid OS CPU', $oscpu);
}
if (!$useragent) {
return new serverReturn(false, 'CLIENT', 'Invalid User Agent', $useragent);
}
if (!$buildconfig) {
return new serverReturn(false, 'CLIENT', 'Invalid Build Config', $buildconfig);
}
if (!$sysid) {
return new serverReturn(false, 'CLIENT', 'No SysID Entered', $sysid);
}
// Image Validation
if ($screenshot != null) {
// If no format specified, it's invalid
if ($screenshot_format == null) {
return new serverReturn(false, 'CLIENT', 'Invalid Screenshot', $screenshot_format);
}
// Must be in our list of approved formats.
if (!in_array($screenshot_format, $config['screenshot_imageTypes'])) {
return new serverReturn(false, 'CLIENT', 'Invalid Screenshot Format', $screenshot_format);
}
}
// create report_id. We just use a timestamp, because we don't need people counting reports, since it's inaccurate.
// we can have dup's, so it's not a good thing for people to be saying 'mozilla.org reports 500,000 incompatable sites'
$id = str_replace(".", "", array_sum(explode(' ', microtime())));
// Make sure it's always 14 chars long
$idlen = strlen($id);
if ($idlen < 14) {
for ($i = $idlen; $i < 14; $i++) {
$id = '0' . $id;
}
}
unset($idlen);
$report_id = 'RMO' . $id;
unset($id);
/**********
* Open DB
**********/
$db = openDB();
/**********
* Check for valid sysid
**********/
$sysIdQuery = $db->Execute("SELECT sysid.sysid_id\n FROM sysid\n WHERE sysid.sysid_id = " . $db->quote($sysid));
if (!$sysIdQuery) {
return new serverReturn(false, 'SERVER', 'Database Error SR1');
}
if ($sysIdQuery->RecordCount() != 1) {
return new serverReturn(false, 'CLIENT', 'Invalid SysID');
}
/**********
* Check Hostname
**********/
$hostnameQuery = $db->Execute("SELECT host.host_id\n FROM host\n WHERE host.host_hostname = " . $db->quote($parsedUrl['host']));
if (!$hostnameQuery) {
return new serverReturn(false, 'SERVER', 'Database Error SR2');
}
/**********
* Add Host
**********/
if ($hostnameQuery->RecordCount() <= 0) {
// generate hash
$host_id = md5($parsedUrl['host'] . microtime());
// We add the URL
$addUrlQuery = $db->Execute("INSERT INTO host (host.host_id, host.host_hostname, host.host_date_added)\n VALUES (\n " . $db->quote($host_id) . ",\n " . $db->quote($parsedUrl['host']) . ",\n now()\n )");
if (!$addUrlQuery) {
return new serverReturn(false, 'SERVER', 'Database Error SR3');
}
} else {
if ($hostnameQuery->RecordCount() == 1) {
// pull the hash from DB
$host_id = $hostnameQuery->fields['host_id'];
} else {
return new serverReturn(false, 'SERVER', 'Host Exception Error');
}
}
/**********
* Add Report
**********/
$addReportQuery = $db->Execute("INSERT INTO report (\n report.report_id,\n report.report_url,\n report.report_host_id,\n report.report_problem_type,\n report.report_description,\n report.report_behind_login,\n report.report_charset,\n report.report_useragent,\n report.report_platform,\n report.report_oscpu,\n report.report_language,\n report.report_gecko,\n report.report_buildconfig,\n report.report_product,\n report.report_email,\n report.report_ip,\n report.report_file_date,\n report.report_sysid\n )\n VALUES (\n " . $db->quote($report_id) . ",\n " . $db->quote($url) . ",\n " . $db->quote($host_id) . ",\n " . $db->quote($problem_type) . ",\n " . $db->quote($description) . ",\n " . $db->quote($behind_login) . ",\n " . $db->quote($charset) . ",\n " . $db->quote($useragent) . ",\n " . $db->quote($platform) . ",\n " . $db->quote($oscpu) . ",\n " . $db->quote($language) . ",\n " . $db->quote($gecko) . ",\n " . $db->quote($buildconfig) . ",\n " . $db->quote($product) . ",\n " . $db->quote($email) . ",\n " . $db->quote($_SERVER['REMOTE_ADDR']) . ",\n now(),\n " . $db->quote($sysid) . "\n );");
if (!$addReportQuery) {
return new serverReturn(false, 'SERVER', 'Database Error SR4');
}
/**********
* Process Screenshot
**********/
if ($screenshot != null) {
// Screenshots come in base64 encoded, so we need to decode.
$screenshot = base64_decode($screenshot);
// Note we addslashes() not quote() the image, because quote() is not
// binary compatible and has ugly consequences.
$insertSsQuery = $db->Execute("INSERT screenshot(\n screenshot.screenshot_report_id,\n screenshot.screenshot_data,\n screenshot.screenshot_format\n )\n VALUES (" . $db->quote($report_id) . ",\n '" . addslashes($screenshot) . "',\n " . $db->quote($screenshot_format) . "\n );\n ");
if (!$insertSsQuery) {
return new serverReturn(false, 'SERVER', 'Database Error SR5');
}
// If we got this far, the screenshot was successfully added!
}
/**********
* Disconnect (optional really)
**********/
$db->disconnect();
return new serverReturn(true, 'SERVER', array('reportId' => $report_id));
}
