public static function getSafeHTML($html, $allowedTags = "basic")
{
$aSafe = self::getSafeTagsAttributes($allowedTags);
$sTag = implode(",", $aSafe["tag"]);
$aAttribute = $aSafe["attribute"];
$sHTML = FlexiStringUtil::stripTagsAttributes($html, $sTag, $aAttribute);
return $sHTML;
}
public function checkValid()
{
if (empty($this->sName)) {
throw new Exception("Name is required");
}
if (empty($this->iVersion)) {
throw new Exception("Version is required");
}
if (!FlexiStringUtil::isCleanName($this->sName)) {
throw new Exception("Invalid value for name");
}
}
/**
* upload a field
* @param FlexiTableFieldObject $oField
* @param array $oStore
* @param array $oRow (new form row)
* @param array $oCurrentRow (old row)
*/
public function doUploadField(FlexiTableFieldObject $oField, &$oStore, &$oForm, $oCurrentRow)
{
$sName = $oField->getName();
$sSavePath = is_null($oField->savepath) ? FlexiFileUtil::getFullUploadPath("media/libraries") : $oField->savepath;
//relative path is to cut out prefix of path before saving to field
$sFullRelativeBasePath = empty($oField->savepath) ? "" : realpath($oField->savepath);
//if multiple file
//var_dump($oField->type);
if ($oField->type == "multiimage-text") {
$aCurrentFile = array();
if (!empty($oCurrentRow[$sName])) {
$aCurrentFile = explode($oField->uploadseparator, $oCurrentRow[$sName]);
}
$aResultFile = array();
//var_dump($oForm);
for ($c = 1; $c <= $oField->uploadcount; $c++) {
if (isset($oForm[$sName . "_" . $c])) {
$sNewFile = "media." . FlexiStringUtil::createRandomAlphaNumeric() . "_" . time();
$aStatus = FlexiFileUtil::storeUploadFile($oForm[$sName . "_" . $c], $sSavePath, $sNewFile . ".");
$this->onGetUploadFileName($sSaveDir, $sNewFile);
if ($aStatus["status"]) {
//replace photo if already exists
if (!empty($aCurrentFile[$c - 1])) {
unlink(FlexiFileUtil::getFullPathFrom($aCurrentFile[$c - 1], $sFullRelativeBasePath));
}
if ($oField->isUploadImage() && !empty($oField->maxwidth) || !empty($oField->maxheight)) {
FlexiImageUtil::imageResize($oField->maxwidth, $oField->maxheight, $aStatus["path"]);
}
//if savepath not declared, full path from root is saved
// if declared, only save filename
// "" => use base root path
//resize image based on max width, height
//FlexiImageUtil::imageResize(345, 287, $aStatus["path"]);
$aResultFile[$c - 1] = FlexiFileUtil::getRelativePathFrom($aStatus["path"], $sFullRelativeBasePath);
} else {
//No file
$aResultFile[$c - 1] = $aCurrentFile[$c - 1];
}
}
}
//for each file
$oStore[$sName] = implode($oField->uploadseparator, $aResultFile);
} else {
//single file upload
if (!isset($oForm[$sName])) {
return;
}
//isupload form, presume
if (is_array($oForm[$sName])) {
$sNewFile = "media." . FlexiStringUtil::createRandomAlphaNumeric() . "_" . time();
//var_dump($oRow[$sName]);
$aStatus = FlexiFileUtil::storeUploadFile($oForm[$sName], $sSavePath, $sNewFile . ".");
$this->onGetUploadFileName($sSaveDir, $sNewFile);
if ($aStatus["status"]) {
//replace photo if already exists
if (!empty($oCurrentRow[$sName])) {
$sOldPath = FlexiFileUtil::getRelativePathFrom($oCurrentRow[$sName], $sFullRelativeBasePath);
unlink($sOldPath);
}
if ($oField->isUploadImage() && !empty($oField->maxwidth) || !empty($oField->maxheight)) {
FlexiImageUtil::imageResize($oField->maxwidth, $oField->maxheight, $aStatus["path"]);
}
//if savepath not declared, full path from root is saved
// if declared, only save filename
// "" => use base root path
//resize image based on max width, height
//FlexiImageUtil::imageResize(345, 287, $aStatus["path"]);
$oStore[$sName] = FlexiFileUtil::getRelativePathFrom($aStatus["path"], $sFullRelativeBasePath);
} else {
//No file
}
} else {
if (is_string($oForm[$sName])) {
//could be manually saved or from old path
$sNewFile = $oForm[$sName];
//delete old file if different from new file
if (!empty($oCurrentRow[$sName]) && !empty($sNewFile)) {
$sOldPath = FlexiFileUtil::getFullPathFrom($oCurrentRow[$sName], $sFullRelativeBasePath);
$sNewPath = FlexiFileUtil::getFullPathFrom($sNewFile, $sFullRelativeBasePath);
$sOldPathReal = realpath($sOldPath);
if (!empty($sOldPathReal) && $sOldPathReal != realpath($sNewPath)) {
unlink($sOldPathReal);
}
}
$oStore[$sName] = FlexiFileUtil::getRelativePathFrom($sNewFile, $sFullRelativeBasePath);
} else {
throw new Exception("Invalid upload value: " . $oForm[$sName]);
}
}
//else error
}
//if single file
}
<?php
$sTitle = empty($vars["#title"]) ? "" : $vars["#title"];
?>
<div id="div-<?php
echo $vars["#id"];
?>
" <? if (isset($vars["#attributes"])) { echo FlexiStringUtil::attributesToString($vars["#attributes"]); } ?>>
<?php
echo isset($vars["#prefix"]) ? $vars["#prefix"] : "";
?>
<fieldset id="<?php
echo $vars["#id"];
?>
">
<legend><?php
echo $sTitle;
?>
</legend>
<?php
echo $vars["#childs"];
?>
</fieldset>
<?php
echo isset($vars["#suffix"]) ? $vars["#suffix"] : "";
?>
</div>
/**
* Filtering hook to update markups setting
* @param array $aValue
* @return void
*/
protected function renderFilterMarkup(&$aValue)
{
if (isset($aValue["#filterrendered"])) {
if ($aValue["#filterrendered"]) {
return;
}
}
if (!isset($aValue["#id"])) {
$aValue["#id"] = "id_" . FlexiStringUtil::createRandomPassword(15);
}
//TODO general markup filter for security
$aValue["#filterrendered"] = true;
}
/**
* validate a form value populated by $_REQUEST
* @param array $aForm merged with request value
* @return boolean
*/
public function validateForm(&$aForm)
{
$bOK = true;
foreach ($aForm as $sKey => &$mValue) {
FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ",val: " . @$mValue["#value"]);
//is a form field, and is not already set value
if ($sKey[0] != "#") {
$bRequired = isset($mValue["#required"]) ? $mValue["#required"] : false;
//echo $sKey. "\r\n<br>";
if ($bRequired && (!isset($mValue["#value"]) || isset($mValue["#value"]) && strlen($mValue["#value"]) == 0)) {
//echo "is empty!";
//var_dump($mValue["#value"]);
FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ", is empty");
if (!isset($mValue["#notice"])) {
$mValue["#notice"] = array("msg" => "");
}
$mValue["#notice"]["msg"] .= flexiT("field is required") . "\r\n<br/>";
$bOK = false;
}
if ($mValue["#type"] == "email" && !empty($mValue["#value"])) {
$bValid = FlexiStringUtil::isValidEmail($mValue["#value"]);
if (!$bValid) {
$bOK = false;
if (!isset($mValue["#notice"])) {
$mValue["#notice"] = array("msg" => "");
}
//echo "invalid email";
FlexiLogger::debug(__METHOD__, "validating: " . $sKey . ", invalid email");
$mValue["#notice"]["msg"] .= flexiT("field must be an email") . "\r\n<br/>";
}
}
}
}
return $bOK;
}
public static function parseSQLKey($sKey, $sValue, $bStatementValue = false)
{
$bDebug = false;
$result = "";
$aParam = array();
$aCond = explode(":", $sKey);
//default
$sType = "and";
$sOperator = "";
$bHasParam = true;
if (is_numeric($sKey)) {
//is condition without field name
return array("type" => $sType, "sql" => "(" . $sValue . ")", "param" => array());
} else {
if (count($aCond) == 1) {
$sField = $sKey;
$sOperator = "=";
$sType = "and";
//not :s
} else {
if (count($aCond) == 2) {
if ($bDebug) {
echo __METHOD__ . ":Is 2 condition<br/>\n";
}
if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") {
$sType = $aCond[0];
$sField = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":with type cond<br/>\n";
}
$sOperator = "=";
} else {
$sField = $aCond[0];
$sOperator = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":without type condition<br/>\n";
}
}
//2condition
} else {
if (count($aCond) >= 3) {
if ($bDebug) {
echo __METHOD__ . ":Is 3 condition<br/>\n";
}
if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") {
$sType = $aCond[0];
$sField = $aCond[1];
$sOperator = $aCond[2];
if ($bDebug) {
echo __METHOD__ . ":with type<br/>\n";
}
} else {
$sField = $aCond[0];
$sOperator = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":without type<br/>\n";
}
//wats up with aCond[2]? todo...
}
}
}
}
}
//3condition or more
if ($bDebug) {
echo __METHOD__ . ":result type: " . $sType . "<br/>\n";
}
//$sParamName = ":" . $sField . FlexiStringUtil::createRandomPassword(4);
$sParamName = ":" . preg_replace("/[^a-zA-Z0-9_]/", "_", $sField) . FlexiStringUtil::createRandomPassword(4);
switch (strtolower(trim($sOperator))) {
case "in":
//we are hardcoding value into it,
// direct sql injection
$bHasParam = false;
if (is_array($sValue)) {
$sSQLValue = self::getSQLValue($sValue);
} else {
$sSQLValue = $sValue;
//expect statement in there
}
$sSQL = $sField . " " . $sOperator . " (" . $sSQLValue . ")";
break;
case "isnull":
case "is null":
$sSQL = $sField . " IS NULL";
break;
case "isnotnull":
case "is not null":
$sSQL = $sField . " IS NOT NULL";
break;
default:
$sSQL = $sField . " " . $sOperator . " " . $sParamName;
}
if ($bHasParam) {
$aParam[$sParamName] = $sValue;
}
return array("type" => $sType, "sql" => $sSQL, "param" => $aParam);
}
public function checkValidData($oRow, $sType)
{
foreach ($this->aChild["field"] as $sName => $oField) {
//only check active, none deleted only
if ($oField->iStatus == 1) {
//check nulls
$sFieldType = $oField->type;
$sDBType = $oField->dbtype;
$sField = $oField->getName();
$sValue = isset($oRow[$sField]) ? $oRow[$sField] : null;
$sLabel = $oField->label;
if ($sType == "update" && $oField->primary && (!isset($oRow[$sField]) || strlen($oRow[$sField] . "") < 1)) {
throw new Exception($this->getTableName() . ", Field " . $oField->label . " is primary therefore, required for update" . print_r($oRow, true));
}
if (!$oField->cannull) {
if ($sType == "insert" && $oField->primary) {
//is ok, since is primary
} else {
if (!isset($oRow[$sField])) {
$sCanName = "input" . $sType;
switch ($oField->{$sCanName}) {
case "readonly":
case "none":
//is okay, we dont need it
break;
default:
//we need it!
throw new Exception("Field " . $oField->label . "(" . $this->getTableName() . ":" . $oField->getName() . ") is required");
}
} else {
if (strlen($oRow[$sField] . "") < 1) {
throw new Exception("Field " . $oField->label . "(" . $this->getTableName() . ":" . $oField->getName() . ") is required");
}
}
}
}
if (strlen($sValue . "") > 0) {
switch ($sDBType) {
case "tinyint":
case "int":
if (!is_numeric($sValue)) {
throw new Exception("Field " . $sLabel . " is not a number: " . $sValue . "(" . gettype($sValue) . ")");
}
break;
case "tinyint":
if ($sValue < -127 || $sValue > 127) {
throw new Exception("Field " . $sLabel . " is invalid: " . $sValue);
}
break;
case "double":
case "decimal":
if (!is_numeric($sValue)) {
throw new Exception("Field " . $sLabel . " is not a number");
}
break;
}
switch ($sFieldType) {
case "email":
if (!FlexiStringUtil::isValidEmail($sValue)) {
throw new Exception("Field " . $sLabel . " is not a valid email");
}
break;
}
}
//end if
}
//status
}
//foreach fields
}
public function preSave()
{
$this->Extend->verifycode = FlexiStringUtil::createRandomPassword(10);
$this->Extend->verified = 0;
}
public function getFieldInput(FlexiTableFieldObject $oField, $oRow)
{
$sName = $oField->getName();
$aResult = array("#name" => $this->getFieldInputName($sName), "#id" => $this->getFieldInputName($sName) . "_" . FlexiStringUtil::createRandomPassword(8), "#title" => $oField->label, "#required" => $oField->cannull == 1 ? false : true, "#default_value" => $oField->getPHPDefaultValue(), "#dbfield" => $sName, "#insert" => $oField->caninsert, "#update" => $oField->canupdate);
switch ($oField->type) {
case "string":
case "int":
case "tinyint":
case "smallint":
case "mediumint":
case "bigint":
case "money":
case "decimal":
case "double":
case "email":
$aResult["#type"] = "textfield.raw";
break;
case "html":
$aResult["#type"] = "html.raw";
break;
case "text":
$aResult["#type"] = "textarea.raw";
break;
case "select-text":
case "select-tinyint":
case "select-smallint":
case "select-bigint":
case "select-mediumint":
case "select-enum":
case "select-int":
case "select-char":
$aResult["#type"] = "select.raw";
$aResult["#options"] = $oField->getOptions();
break;
case "check-char":
case "check-varchar":
case "check-text":
$aResult["#type"] = "checkboxes.raw";
$aResult["#options"] = $oField->getOptions();
$aResult["#multiple"] = true;
break;
case "json":
$aResult["#type"] = "textarea.raw";
break;
case "date":
$aResult["#type"] = "date.raw";
break;
case "datetime":
$aResult["#type"] = "datetime.raw";
break;
case "timestamp":
case "timestamp-int":
$aResult["#type"] = "datetime.raw";
break;
case "monthyear":
$aResult["#type"] = "datemonthyear.raw";
break;
case "file-varchar":
case "file-text":
$aResult["#type"] = "file.raw";
$aResult["#savepath"] = $oField->savepath;
break;
case "image-varchar":
case "image-text":
$aResult["#type"] = "image.raw";
$aResult["#maximagewidth"] = $this->iMaxImageWidth;
$aResult["#savepath"] = $oField->savepath;
break;
case "multiimage-text":
$aResult["#type"] = "multiimage.raw";
$aResult["#maximagewidth"] = $this->iMaxImageWidth;
$aResult["#savepath"] = $oField->savepath;
$aResult["#uploadcount"] = $oField->uploadcount;
$aResult["#uploadseparator"] = $oField->uploadseparator;
break;
case "hidden":
$aResult["#type"] = "hidden.raw";
break;
case "html-tiny":
$aResult["#type"] = "html.raw";
break;
default:
throw new Exception("Unsupported type: " . $oField->type);
}
if (!empty($oField->formsize)) {
if (substr($oField->type, 0, 4) == "html" || substr($oField->type, 0, 4) == "text" || substr($oField->type, 0, 4) == "json") {
$aSize = explode(",", $oField->formsize);
$aResult["#cols"] = $aSize[0];
if (count($aSize) >= 2) {
$aResult["#rows"] = $aSize[1];
}
} else {
//default
$aResult["#size"] = $oField->formsize;
}
} else {
}
if (isset($oRow[$sName])) {
$sValue = $oRow[$sName];
switch ($oField->type) {
case "date":
case "datetime":
//dont need this as actual value is already hidden
if ($sValue == "0000-00-00" || $sValue == "0000-00-00 00:00:00") {
$sValue = "";
}
break;
case "timestamp":
if (empty($sValue)) {
$sValue = "";
} else {
$sValue = date("Y-m-d H:i:s", $sValue);
}
breal;
case "check-char":
case "check-varchar":
case "check-text":
$sValue = empty($sValue) ? array() : explode($oField->uploadseparator, $sValue);
break;
}
//switch
$aResult["#value"] = $sValue;
}
return $aResult;
}
/**
* Save upload file
* @param String $sFormName
* @param String $sMovePath: path to move, null for not moving,
* @param String $sPrefix : prefix of name
* @param String $sSuffix: suffix of name
* @param int $iRandomNameSize: length of random name to generate, 0 for using only $sPrefix+sSuffix as file name
* @return false / array("status:bool", "path:String", "size:number", "type(extension):String")
*/
public static function doUploadFile($sFormName, $sMovePath = "", $sPrefix = "", $sSuffix = "", $iRandomNameSize = 10)
{
if (!self::getIsUploaded($sFormName)) {
return array("status" => false);
}
$sTempFile = $_FILES[$sFormName]['tmp_name'];
$aInfo = pathinfo($_FILES[$sFormName]["name"]);
$aReturn = array("status" => false, "path" => $sTempFile, "size" => filesize($sTempFile), "type" => $aInfo["extension"]);
$aReturn["path"] = $sMovePath . "/" . $sPrefix . ($iRandomNameSize > 0 ? FlexiStringUtil::createRandomPassword($iRandomNameSize) : "") . $sSuffix . "." . $aInfo["extension"];
return self::_doUploadFile($sFormName, $aReturn["path"]);
}
