Exemplo n.º 1
0
 /**
  * Validate the user input and set the value
  */
 public static function validateGetAndPost($objWidget, $strMethod, $strFormId, $arrData)
 {
     if ($strMethod == FORMHYBRID_METHOD_GET) {
         $varValue = $objWidget->validator(static::getGet($objWidget, $objWidget->strName));
         $varValue = FormHelper::xssClean($varValue, $objWidget->allowHtml);
     } else {
         // \Widget->validate retrieves submission data form post -> xss related stuff needs to be removed beforehands
         $_POST[$objWidget->name] = FormHelper::xssClean($_POST[$objWidget->name], $objWidget->allowHtml);
         // Captcha needs no value, just simple validation
         if ($objWidget instanceof \FormCaptcha) {
             $varValue = '';
             $objWidget->validate();
         } else {
             $objWidget->validate();
             $varValue = $objWidget->value;
         }
     }
     $objWidget->varValue = $varValue;
     // HOOK: validate form field callback
     if (isset($GLOBALS['TL_HOOKS']['formHybridValidateFormField']) && is_array($GLOBALS['TL_HOOKS']['formHybridValidateFormField'])) {
         foreach ($GLOBALS['TL_HOOKS']['formHybridValidateFormField'] as $callback) {
             $objClass = \Controller::importStatic($callback[0]);
             $objClass->{$callback[1]}($objWidget, $strFormId, $arrData);
         }
     }
     if ($objWidget->hasErrors()) {
         $objWidget->class = 'error';
     }
 }
Exemplo n.º 2
0
 public static function escapeAllEntities($strDca, $strField, $varValue)
 {
     \Controller::loadDataContainer($strDca);
     if (!is_array($varValue) && \Validator::isUuid($varValue)) {
         return $varValue;
     }
     if (is_array($varValue)) {
         $arrValues = array();
         foreach ($varValue as $i => $strValue) {
             $arrValues[$i] = static::escapeAllEntities($strDca, $strField, $strValue);
         }
         return $arrValues;
     }
     $arrData = $GLOBALS['TL_DCA'][$strDca]['fields'][$strField];
     $strPreservedTags = isset($arrData['eval']['allowedTags']) ? $arrData['eval']['allowedTags'] : \Config::get('allowedTags');
     // transform to array
     $strPreservedTags = str_replace(array('<', '>'), array('', ','), rtrim($strPreservedTags, '>'));
     // prepare for replacing
     $varValue = html_entity_decode($varValue);
     foreach (explode(',', $strPreservedTags) as $strTag) {
         $varValue = preg_replace('/<(\\/?' . $strTag . '[^>]*)>/i', '|%lt%$1%gt%|', $varValue);
     }
     $varValue = htmlentities($varValue, ENT_COMPAT, 'UTF-8');
     $varValue = FormHelper::xssClean($varValue, $arrData['eval']['allowHtml']);
     $varValue = str_replace(array('|%lt%', '%gt%|', '&amp;', '&quot;'), array('<', '>', '&', '"'), $varValue);
     return $varValue;
 }