public function save()
{
$objForm = register('form', array('lit_settings'));
$objForm->langPrefix = 'lit_';
$objForm->validate = true;
$objForm->add_fieldsets($this->fields());
$arrValues = $objForm->return_values();
include_once $this->root_path . "libraries/inputfilter/input.class.php";
$filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1);
$strGameID = $arrValues['item_gameid'];
$strQuality = $arrValues['quality'];
if ($arrValues['icon'] != "") {
$strIcon = str_replace($this->pfh->FolderPath('icons', 'localitembase', 'relative'), "", $this->root_path . $arrValues['icon']);
} elseif ($this->in->get('i', 0) > 0) {
$strIcon = $this->pdh->get('localitembase', 'icon', array($this->in->get('i', 0)));
} else {
$strIcon = "";
}
$arrName = array();
$arrImage = array();
$arrText = array();
$arrUsedLanguages = array();
$arrLanguages = $this->user->getAvailableLanguages(false, false, true);
foreach ($arrLanguages as $key => $val) {
if ($arrValues['name__' . $key] != "" || $arrValues['image__' . $key] != "" || $arrValues['text__' . $key] != "") {
$arrUsedLanguages[] = $key;
$arrName[$key] = $arrValues['name__' . $key];
if ($arrValues['image__' . $key] != "") {
$arrImage[$key] = str_replace($this->pfh->FolderPath('images', 'localitembase', 'relative'), "", $this->root_path . $arrValues['image__' . $key]);
} elseif ($this->in->get('i', 0) > 0) {
$arrImages = unserialize($this->pdh->get('localitembase', 'image', array($this->in->get('i', 0))));
if (isset($arrImages[$key])) {
$arrImage[$key] = $arrImages[$key];
}
}
$arrText[$key] = $filter->clean($arrValues['text__' . $key]);
}
}
if ($this->in->get('i', 0) > 0) {
$this->pdh->put('localitembase', 'update', array($this->in->get('i', 0), $strGameID, $strIcon, $strQuality, $arrName, $arrText, $arrImage, $arrUsedLanguages));
} else {
//$strGameID, $strIcon, $strQuality, $arrNames, $arrText, $arrImages, $arrLanguages
$this->pdh->put('localitembase', 'insert', array($strGameID, $strIcon, $strQuality, $arrName, $arrText, $arrImage, $arrUsedLanguages));
}
$this->pdh->process_hook_queue();
$this->display();
}
public static function sendMailFromAgentThird($correo, $mensaje, $archivo = false)
{
$emails = explode(',', $correo);
$to = array();
foreach ($emails as $email) {
$mail = $email;
$destinatario = array('name' => $email, 'mail' => $email);
if (($email = FilterInput::FilterValue($email, 'email', true)) === false) {
throw new Exception('El correo ' . $mail . ' no es válido.');
}
$to[] = $destinatario;
}
$data = array('one' => $mensaje['one'], 'two' => $mensaje['two'], 'three' => $mensaje['three'], 'four' => $mensaje['four'], 'five' => $mensaje['five'], 'six' => $mensaje['six'], 'seven' => $mensaje['seven'], 'eight' => $mensaje['eight'], 'nine' => $mensaje['nine'], 'ten' => $mensaje['ten']);
$tpl = ParserTemplate::parseTemplate('envio_inventario_third.html', $data);
$correos = array(array('mail' => '*****@*****.**', 'name' => 'Jesús'), array('mail' => '*****@*****.**', 'name' => 'Vico'));
if (Mailer::sendMail('Encuesta ONE / Tercer Review', $tpl, $to, '', $correos)) {
return array('success' => true, 'message' => 'Correo enviado.');
}
}
/**
* @covers Xoops\Core\FilterInput::gather
*/
public function testGather()
{
$specs = array(array('op', 'string'), array('ok', 'boolean', false, false), array('str', 'word', 'something', true, 5));
unset($_POST['op']);
$clean_input = FilterInput::gather('post', $specs, 'op');
$this->assertFalse($clean_input);
$_POST['op'] = 'test';
$clean_input = FilterInput::gather('post', $specs, 'op');
$this->assertEquals('test', $clean_input['op']);
$this->assertFalse($clean_input['ok']);
$this->assertEquals('somet', $clean_input['str']);
unset($_POST['op']);
$_POST['ok'] = '1';
$_POST['str'] = ' fred! ';
$clean_input = FilterInput::gather('post', $specs);
$this->assertEquals('', $clean_input['op']);
$this->assertTrue($clean_input['ok']);
$this->assertEquals('fred', $clean_input['str'], $clean_input['str']);
}
/**
* Clean up an input variable.
*
* @param mixed $var The input variable.
* @param int $mask Filter bit mask.
* - 1=no trim: If this flag is cleared and the input is a string,
* the string will have leading and trailing whitespace trimmed.
* - 2=allow_raw: If set, no more filtering is performed, higher bits are ignored.
* - 4=allow_html: HTML is allowed, but passed through a safe HTML filter first.
* If set, no more filtering is performed.
* - If no bits other than the 1 bit is set, a strict filter is applied.
* @param string $type The variable type. See {@link FilterInput::clean()}.
*
* @return string
*/
protected static function cleanVar($var, $mask = 0, $type = null)
{
// Static input filters for specific settings
static $noHtmlFilter = null;
static $safeHtmlFilter = null;
// convert $var in array if $type is ARRAY
if (strtolower($type) === 'array' && !is_array($var)) {
$var = array($var);
}
// If the no trim flag is not set, trim the variable
if (!($mask & static::MASK_NO_TRIM) && is_string($var)) {
$var = trim($var);
}
// Now we handle input filtering
// If the allow raw flag is set, do not modify the variable
if (!($mask & static::MASK_ALLOW_RAW)) {
if ($mask & static::MASK_ALLOW_HTML) {
// If the allow html flag is set, apply a safe html filter to the variable
if (null === $safeHtmlFilter) {
$safeHtmlFilter = FilterInput::getInstance(array(), array(), 1, 1);
}
$var = $safeHtmlFilter->clean($var, $type);
} else {
// Since no allow flags were set, we will apply the most strict filter to the variable
if (null === $noHtmlFilter) {
$noHtmlFilter = FilterInput::getInstance();
}
$var = $noHtmlFilter->clean($var, $type);
}
}
return $var;
}
public function update($id, $strName, $strDescription, $strAlias, $intPublished, $intPortalLayout, $intArticlePerPage, $intParentCategory, $intListType, $intShowChilds, $arrAggregation, $intFeaturedOnly, $intSocialButtons, $intArticlePublishedState, $arrPermissions, $intNotifyUnpublishedArticles, $intHideHeader, $intSortationType, $intFeaturedOntop, $intHideOnRSS)
{
if ($strAlias == "") {
$arrName = unserialize($strName);
$strDefaultLanguage = $this->config->get('default_lang');
$strAlias = $this->create_alias($arrName[$strDefaultLanguage]);
} elseif ($strAlias != $this->pdh->get('article_categories', 'alias', array($id))) {
$strAlias = $this->create_alias($strAlias);
}
//Check Alias
$blnAliasResult = $this->check_alias($id, $strAlias);
if (!$blnAliasResult) {
return false;
}
$strDescription = $this->bbcode->replace_shorttags($strDescription);
if ($this->config->get('enable_embedly')) {
$strDescription = $this->embedly->parseString($strDescription);
}
if (!$this->user->check_auth('u_articles_script', false)) {
include_once $this->root_path . "libraries/inputfilter/input.class.php";
$filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1);
$strDescription = htmlspecialchars($filter->clean($strDescription));
}
$arrQuery = array('name' => $strName, 'alias' => $strAlias, 'portal_layout' => $intPortalLayout, 'description' => $strDescription, 'per_page' => $intArticlePerPage, 'permissions' => serialize($arrPermissions), 'published' => $intPublished, 'parent' => $intParentCategory, 'list_type' => $intListType, 'aggregation' => serialize($arrAggregation), 'featured_only' => $intFeaturedOnly, 'social_share_buttons' => $intSocialButtons, 'show_childs' => $intShowChilds, 'article_published_state' => $intArticlePublishedState, 'notify_on_onpublished_articles' => $intNotifyUnpublishedArticles, 'hide_header' => $intHideHeader, 'sortation_type' => $intSortationType, 'featured_ontop' => $intFeaturedOntop, 'hide_on_rss' => $intHideOnRSS);
$arrOldData = $this->pdh->get('article_categories', 'data', array($id));
$objQuery = $this->db->prepare("UPDATE __article_categories :p WHERE id=?")->set($arrQuery)->execute($id);
if ($objQuery) {
$this->pdh->enqueue_hook('article_categories_update');
$log_action = $this->logs->diff($arrOldData, $arrQuery, $this->arrLogLang, array('description' => 1), true);
$this->log_insert("action_articlecategory_updated", $log_action, $id, $this->user->multilangValue($arrOldData["name"]), 1, 'article');
return $id;
}
return false;
}
public function update($id, $strTitle, $strText, $arrTags, $strPreviewimage, $strAlias, $intPublished, $intFeatured, $intCategory, $intUserID, $intComments, $intVotes, $intDate, $strShowFrom, $strShowTo, $intHideHeader)
{
if ($strAlias == "") {
$arrName = unserialize($strTitle);
$strDefaultLanguage = $this->config->get('default_lang');
$strAlias = $this->create_alias($arrName[$strDefaultLanguage]);
} elseif ($strAlias != $this->pdh->get('articles', 'alias', array($id))) {
$strAlias = $this->create_alias($strAlias);
}
//Check Alias
$blnAliasResult = $this->check_alias($id, $strAlias);
if (!$blnAliasResult) {
return false;
}
$strText = str_replace('<p></p>', '<br />', $strText);
$strText = $this->bbcode->replace_shorttags($strText);
if ($this->config->get('enable_embedly')) {
$strText = $this->embedly->parseString($strText, false, false);
}
$arrPageObjects = array();
preg_match_all('#<p(.*)class="system-article"(.*) title="(.*)">(.*)</p>#iU', $strText, $arrTmpPageObjects, PREG_PATTERN_ORDER);
if (count($arrTmpPageObjects[0])) {
foreach ($arrTmpPageObjects[3] as $key => $val) {
$arrPageObjects[] = $val;
}
}
if (!$this->user->check_auth('u_articles_script', false)) {
include_once $this->root_path . "libraries/inputfilter/input.class.php";
$filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1);
$strText = $filter->clean($strText);
}
$strText = htmlspecialchars($strText);
$arrOldData = $this->pdh->get('articles', 'data', array($id));
$arrData = array('title' => $strTitle, 'text' => $strText, 'category' => $intCategory, 'featured' => $intFeatured, 'comments' => $intComments, 'votes' => $intVotes, 'published' => $intPublished, 'show_from' => $strShowFrom, 'show_to' => $strShowTo, 'user_id' => $intUserID, 'date' => $intDate, 'previewimage' => $strPreviewimage, 'alias' => $strAlias, 'tags' => serialize($arrTags), 'last_edited' => $this->time->time, 'last_edited_user' => $this->user->id, 'page_objects' => serialize($arrPageObjects), 'hide_header' => $intHideHeader);
//if category changed, make sure that there is only one index article
if ($intCategory != $arrOldData["category"]) {
$intIndexArticle = $this->pdh->get('article_categories', 'index_article', array($intCategoryID));
if ($intIndexArticle > 0) {
$arrData['`index`'] = 0;
}
}
$objQuery = $this->db->prepare("UPDATE __articles :p WHERE id=?")->set($arrData)->execute($id);
if ($objQuery) {
$this->pdh->enqueue_hook('articles_update');
$this->pdh->enqueue_hook('article_categories_update');
//Log changes
$arrNew = array('title' => $strTitle, 'text' => $strText, 'category' => $intCategory, 'featured' => $intFeatured, 'comments' => $intComments, 'votes' => $intVotes, 'published' => $intPublished, 'show_from' => $strShowFrom, 'show_to' => $strShowTo, 'user_id' => $intUserID, 'date' => $intDate, 'previewimage' => $strPreviewimage, 'alias' => $strAlias, 'tags' => implode(", ", $arrTags), 'page_objects' => implode(", ", $arrPageObjects), 'hide_header' => $intHideHeader);
$arrOld = array('title' => $arrOldData["title"], 'text' => $arrOldData["text"], 'category' => $arrOldData["category"], 'featured' => $arrOldData["featured"], 'comments' => $arrOldData["comments"], 'votes' => $arrOldData["votes"], 'published' => $arrOldData["published"], 'show_from' => $arrOldData["show_from"], 'show_to' => $arrOldData["show_to"], 'user_id' => $arrOldData["user_id"], 'date' => $arrOldData["date"], 'previewimage' => $arrOldData["previewimage"], 'alias' => $arrOldData["alias"], 'tags' => implode(", ", unserialize($arrOldData["tags"])), 'page_objects' => implode(", ", unserialize($arrOldData["page_objects"])), 'hide_header' => $arrOldData["hide_header"]);
$arrFlags = array('text' => 1);
$arrChanges = $this->logs->diff($arrOld, $arrNew, $this->arrLang, $arrFlags);
if ($arrChanges) {
$this->log_insert('action_article_updated', $arrChanges, $id, $this->user->multilangValue($arrOldData["title"]), 1, 'article');
}
return $id;
}
return false;
}
public function import()
{
$this->user->check_auth('u_localitembase_import');
$strCachePath = $this->pfh->FolderPath('cache', 'localitembase');
$strIconPath = $this->pfh->FolderPath('icons', 'localitembase');
$strImagePath = $this->pfh->FolderPath('images', 'localitembase');
$uploader = register('uploader');
$strZipName = $uploader->upload_mime('file', '', array('application/zip'), array('zip'), 'localitembase_dump', $strCachePath);
if (!$strZipName || !file_exists($strCachePath . $strZipName)) {
header("HTTP/1.1 500 Internal Error");
exit;
}
$objZIP = registry::register('zip', array($strCachePath . $strZipName));
$objZIP->extract($strCachePath . 'import/');
$objZIP->close();
$arrItemIDs = array();
$arrJSON = file_get_contents($strCachePath . 'import/localitembase_dump.json');
$arrJSON = json_decode($arrJSON, true);
foreach ($this->pdh->get('localitembase', 'id_list', array()) as $itemID) {
$arrItemIDs[$itemID] = $this->pdh->get('localitembase', 'item_gameid', array($itemID));
}
include_once $this->root_path . "libraries/inputfilter/input.class.php";
$filter = new FilterInput(get_tag_blacklist(), get_attr_blacklist(), 1, 1);
foreach ($arrJSON as $arrItemDump) {
if (!in_array($arrItemDump['item_gameid'], $arrItemIDs)) {
$oldText = unserialize($arrItemDump['text']);
foreach ($oldText as $key => $val) {
$oldText[$key] = $filter->clean($val);
}
$arrLanguages = unserialize($arrItemDump['languages']);
$arrNewLanguage = sanitize($arrLanguages);
$this->pdh->put('localitembase', 'insert', array(sanitize($arrItemDump['item_gameid']), sanitize($arrItemDump['icon']), sanitize($arrItemDump['quality']), sanitize(unserialize($arrItemDump['item_name'])), $oldText, sanitize(unserialize($arrItemDump['image'])), serialize($arrNewLanguage)));
if (!empty($arrItemDump['icon'])) {
$strIcon = preg_replace("/[^a-zA-Z0-9_.-]/iU", "", $arrItemDump['icon']);
$strExtension = strtolower(pathinfo($strIcon, PATHINFO_EXTENSION));
if (in_array($strExtension, array('jpg', 'png'))) {
$this->pfh->FileMove($strCachePath . 'import/icons/' . $strIcon, $strIconPath . $strIcon);
}
}
$arrImages = unserialize($arrItemDump['image']);
foreach ($arrImages as $strImage) {
$strImage = preg_replace("/[^a-zA-Z0-9_.-]/iU", "", $strImage);
$strExtension = strtolower(pathinfo($strImage, PATHINFO_EXTENSION));
if (in_array($strExtension, array('jpg', 'png'))) {
$this->pfh->FileMove($strCachePath . 'import/images/' . $strImage, $strImagePath . $strImage);
}
}
}
}
$this->pdh->process_hook_queue();
$this->pfh->Delete($strCachePath . 'import/');
exit;
}
public function filterParams(&$params)
{
$filter_input = new FilterInput();
$filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier');
$params = $filter_input->clean($params);
}
/**
* Sets up the fixture, for example, opens a network connection.
* This method is called before a test is executed.
*/
protected function setUp()
{
$this->object = FilterInput::getInstance();
}
private static function filteringInput()
{
$step_report = array();
// todo: check if we can do in other way the same thing
// save login password from modification
$ldap_used = Get::sett('ldap_used');
if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
$password_login = $_POST['passIns'];
}
// Convert to Utf-8.
self::log("Convert to Utf-8.");
$_GET = utf8::clean($_GET);
$_POST = utf8::clean($_POST);
$_COOKIE = utf8::clean($_COOKIE);
$_SERVER = utf8::clean($_SERVER);
if (isset($_FILES)) {
$_FILES = utf8::clean($_FILES);
}
// Convert ' and " (quote or unquote)
self::log("Sanitize the input.");
if (Docebo::user()->getUserLevelId() == ADMIN_GROUP_GODADMIN) {
$filter_input = new FilterInput();
$filter_input->tool = 'none';
$filter_input->sanitize();
} else {
$filter_input = new FilterInput();
$filter_input->tool = Get::cfg('filter_tool', 'htmlpurifier');
// Whitelist some tags if we're a teacher in a course:
if (isset($_SESSION['idCourse']) && $_SESSION['levelCourse'] >= 6) {
$filter_input->appendToWhitelist(array('tag' => array('object', 'param'), 'attrib' => array('object.data', 'object.type', 'object.width', 'object.height', 'param.name', 'param.value')));
}
$filter_input->sanitize();
}
if ($ldap_used == 'on' && isset($_POST['modname']) && $_POST['modname'] == 'login' && isset($_POST['passIns'])) {
$_POST['passIns'] = utf8::clean(stripslashes($password_login));
}
if (!defined("IS_API") && !defined("IS_PAYPAL") && (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' || defined("IS_AJAX"))) {
// If this is a post or a ajax request then we must have a signature attached
Util::checkSignature();
}
}
public function addAttach($atach = array())
{
if (empty($atach)) {
self::throwMailerException('Attach: Es necesario que agregues cuando menos un archivo.');
}
foreach ($atach as $file) {
if (empty($file['file']) || empty($file['name'])) {
self::throwMailerException('Attach: La lista de archivos no está en el formato correcto.');
}
$att = $file['file'];
if (($nombre = FilterInput::FilterValue($file['name'], 'string', true)) === false) {
self::throwMailerException('Attach: El nombre del destinatario no es correcto.');
}
$this->_mailer->AddAttachment($att, $nombre);
}
}
