/**
* @return mixed
*/
public function current()
{
if ($this->valid()) {
// sanitize the data if needed
if (!$this->_sanitization_enabled) {
$result = $this->_result[$this->_current_row];
} else {
$result = \Security::clean($this->_result[$this->_current_row], null, 'security.output_filter');
}
return $result;
}
}
public function action_search($term = null)
{
if ($term == null) {
$term = Input::get("term");
}
//only ajax requests served here
//(! Input::is_ajax()) and Response::redirect("location");
$clean_query = Security::clean($term);
$data["locations"] = array();
if ($clean_query != "") {
$data["locations"] = Model_Orm_Location::query()->where("title", "like", $clean_query . "%")->get();
}
$response = Response::forge(View::forge("location/search", $data));
$response->set_header("Content-Type", "application/json");
return $response;
}
/**
* Detects and returns the current URI based on a number of different server
* variables.
*
* @return string
*/
public static function uri()
{
if (static::$detected_uri !== null) {
return static::$detected_uri;
}
if (\Fuel::$is_cli) {
if ($uri = \Cli::option('uri') !== null) {
static::$detected_uri = $uri;
} else {
static::$detected_uri = \Cli::option(1);
}
return static::$detected_uri;
}
// We want to use PATH_INFO if we can.
if (!empty($_SERVER['PATH_INFO'])) {
$uri = $_SERVER['PATH_INFO'];
} elseif (!empty($_SERVER['ORIG_PATH_INFO']) and ($path = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['ORIG_PATH_INFO'])) != '') {
$uri = $path;
} else {
// Fall back to parsing the REQUEST URI
if (isset($_SERVER['REQUEST_URI'])) {
$uri = strpos($_SERVER['SCRIPT_NAME'], $_SERVER['REQUEST_URI']) !== 0 ? $_SERVER['REQUEST_URI'] : '';
} else {
throw new \FuelException('Unable to detect the URI.');
}
// Remove the base URL from the URI
$base_url = parse_url(\Config::get('base_url'), PHP_URL_PATH);
if ($uri != '' and strncmp($uri, $base_url, strlen($base_url)) === 0) {
$uri = substr($uri, strlen($base_url) - 1);
}
// If we are using an index file (not mod_rewrite) then remove it
$index_file = \Config::get('index_file');
if ($index_file and strncmp($uri, $index_file, strlen($index_file)) === 0) {
$uri = substr($uri, strlen($index_file));
}
// When index.php? is used and the config is set wrong, lets just
// be nice and help them out.
if ($index_file and strncmp($uri, '?/', 2) === 0) {
$uri = substr($uri, 1);
}
// decode the uri, and put any + back (does not mean a space in the url path)
$uri = str_replace("\r", '+', urldecode(str_replace('+', "\r", $uri)));
// Lets split the URI up in case it contains a ?. This would
// indicate the server requires 'index.php?' and that mod_rewrite
// is not being used.
preg_match('#(.*?)\\?(.*)#i', $uri, $matches);
// If there are matches then lets set set everything correctly
if (!empty($matches)) {
$uri = $matches[1];
// only reconstruct $_GET if we didn't have a query string
if (empty($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = $matches[2];
parse_str($matches[2], $_GET);
$_GET = \Security::clean($_GET);
}
}
}
// Deal with any trailing dots
$uri = rtrim($uri, '.');
// Do we have a URI and does it not end on a slash?
if ($uri and substr($uri, -1) !== '/') {
// Strip the defined url suffix from the uri if needed
$ext = strrchr($uri, '.');
$path = $ext === false ? $uri : substr($uri, 0, -strlen($ext));
// Did we detect something that looks like an extension?
if (!empty($ext)) {
// if it has a slash in it, it's a URI segment with a dot in it
if (strpos($ext, '/') === false) {
static::$detected_ext = ltrim($ext, '.');
if (\Config::get('routing.strip_extension', true)) {
$uri = $path;
}
}
}
}
// Do some final clean up of the uri
static::$detected_uri = \Security::clean_uri($uri, true);
return static::$detected_uri;
}
/**
* Retrieves all the data, both local and global. It filters the data if
* necessary.
*
* $data = $this->get_data();
*
* @return array
*/
protected function get_data()
{
$clean_it = function ($data, $rules, $auto_filter) {
foreach ($data as $key => $value) {
$filter = array_key_exists($key, $rules) ? $rules[$key] : null;
$filter = is_null($filter) ? $auto_filter : $filter;
$data[$key] = $filter ? \Security::clean($value, null, 'security.output_filter') : $value;
}
return $data;
};
$data = array();
if (!empty($this->data)) {
$data += $clean_it($this->data, $this->local_filter, $this->auto_filter);
}
if (!empty(static::$global_data)) {
$data += $clean_it(static::$global_data, static::$global_filter, $this->auto_filter);
}
return $data;
}
/**
* Hydration from raw request (xml/json requests)
*
* @param string $type input type
*/
protected static function hydrate_raw_input($type)
{
static::$php_input === null and static::$php_input = file_get_contents('php://input');
static::${$type} = \Security::clean(\Format::forge(static::$php_input, $type)->to_array());
}
/**
* Retrieves all the data, both local and global. It filters the data if
* necessary.
*
* $data = $this->get_data();
*
* @param string $scope local/glocal/all
* @return array view data
*/
protected function get_data($scope = 'all')
{
$clean_it = function ($data, $rules, $auto_filter) {
foreach ($data as $key => &$value) {
$filter = array_key_exists($key, $rules) ? $rules[$key] : null;
$filter = is_null($filter) ? $auto_filter : $filter;
if ($value instanceof \Closure) {
$value = $value();
}
$value = $filter ? \Security::clean($value, null, 'security.output_filter') : $value;
}
return $data;
};
$data = array();
if (!empty($this->data) and ($scope === 'all' or $scope === 'local')) {
$data += $clean_it($this->data, $this->local_filter, $this->auto_filter);
}
if (!empty(static::$global_data) and ($scope === 'all' or $scope === 'global')) {
$data += $clean_it(static::$global_data, static::$global_filter, $this->auto_filter);
}
return $data;
}
/**
* Hydration from raw request (xml/json requests)
*
* @param string $type input type
*/
protected static function hydrate_raw_input($type)
{
$content = \Format::forge(file_get_contents('php://input'), $type)->to_array();
is_array($content) and static::$content = \Security::clean($content);
}
/**
* Sanitizatize a data value
*
* @param string $field Name of the property that is being sanitized
* @param mixed $value Value to sanitize
*
* @return mixed
*/
protected function _sanitize($field, $value)
{
return \Security::clean($value, null, 'security.output_filter');
}
/**
* Get
*
* Gets a property or
* relation from the
* object
*
* @access public
* @param string $property
* @param array $conditions
* @return mixed
*/
public function &get($property, array $conditions = array())
{
// database columns
if (array_key_exists($property, static::properties())) {
if (!array_key_exists($property, $this->_data)) {
$result = null;
} elseif ($this->_sanitization_enabled) {
// use a copy
$result = $this->_data[$property];
} else {
// use a reference
$result =& $this->_data[$property];
}
} elseif ($rel = static::relations($property)) {
if (!array_key_exists($property, $this->_data_relations)) {
$this->_data_relations[$property] = $rel->get($this, $conditions);
$this->_update_original_relations(array($property));
}
$result =& $this->_data_relations[$property];
} elseif (($result = $this->_get_eav($property)) !== false) {
// nothing else to do here
} elseif ($this->_view and in_array($property, static::$_views_cached[get_class($this)][$this->_view]['columns'])) {
if ($this->_sanitization_enabled) {
// use a copy
$result = $this->_data[$property];
} else {
// use a reference
$result =& $this->_data[$property];
}
} elseif (array_key_exists($property, $this->_custom_data)) {
if ($this->_sanitization_enabled) {
// use a copy
$result = $this->_custom_data[$property];
} else {
// use a reference
$result =& $this->_custom_data[$property];
}
} else {
throw new \OutOfBoundsException('Property "' . $property . '" not found for ' . get_class($this) . '.');
}
// do we need to clean before returning the result?
if ($this->_sanitization_enabled) {
$cleaned = \Security::clean($result, null, 'security.output_filter');
return $cleaned;
}
return $result;
}
/**
* Magic getter to fetch data from the data container
*
* @param string $property The property name
* @return mixed
*/
public function __get($property)
{
if (array_key_exists($property, $this->_data)) {
return $this->_sanitization_enabled ? \Security::clean($this->_data[$property], null, 'security.output_filter') : $this->_data[$property];
}
throw new \OutOfBoundsException('Property "' . $property . '" not found for ' . get_called_class() . '.');
}
public function action_edit_task()
{
if (Input::is_ajax()) {
$task = Model_Task::find(intval(Input::post('task_id')));
$task->name = trim(Security::clean(Input::post('task_content')));
$task->save();
}
return false;
// we return no content at all
}
/**
* Fetch an item from the POST array
*
* @param string The index key
* @param mixed The default value
* @param array Array of filters - if empty then all filter will be used
*
* @return string|array
*/
public static function secured_get_post($index = null, $default = null, $filters = array('strip_tags', 'htmlentities', 'xss_clean'))
{
return \Security::clean(\Input::get_post($index, $default), $filters);
}
/**
* Implements [ArrayAccess::offsetGet], gets a given row.
*
* $row = $result[10];
*
* @param integer $offset
*
* @return mixed
*/
public function offsetGet($offset)
{
if (!$this->seek($offset)) {
return null;
}
$result = $this->current();
// sanitize the data if needed
if ($this->_sanitization_enabled) {
$result = \Security::clean($result, null, 'security.output_filter');
}
return $result;
}
/**
* Sets a variable on the template without sanitizing
* Note: Objects are auto-converted to strings unless they're ViewModel, View or Closure instances, if you want
* objects not to be converted add them through set_raw().
*
* @param string
* @param mixed
*/
public function set_safe($name, $val)
{
if (!is_object($val) or !($val instanceof ViewModel or $val instanceof View or $val instanceof \Closure)) {
$val = \Security::clean(is_object($val) ? (string) $val : $val);
}
$this->_template->{$name} = $val;
}
/**
* Check if cat. CANNOT be deleted
*
* @param int $id cat. id
* @return array $relatedcat names of related cat.s if the cat. CANNOT be deleted,
* boolean FALSE if the cat. CAN be deleted
*
* @access protected
* @author Nguyen Van Hiep
*/
protected function unable_del($id)
{
$relatedcats = array();
$relatedarts = array();
$cats = Model_Categories::get_child_cats($id);
$cat_arts = Model_ArtCat::get_related_articles($id);
foreach ($cats as $item) {
$text = Security::clean($item->name, array('htmlentities', 'xss_clean'));
$relatedcats[] = Html::anchor('/admin/categories/edit/' . $item->id, $text);
}
if (count($relatedcats) > 0) {
array_unshift($relatedcats, '- ' . __('cat.categories') . ':');
}
foreach ($cat_arts as $art) {
$text = Security::strip_tags($art->ac2a->title);
$relatedarts[] = Html::anchor('/admin/article/edit/' . $art->art_id, $text);
}
if (count($relatedarts) > 0) {
array_unshift($relatedarts, '- ' . __('art.arts') . ':');
}
$ret = array_merge($relatedcats, $relatedarts);
if (count($ret) > 0) {
return $ret;
} else {
return false;
}
}
