Exemplos de TemplateParser::validate em PHP

Exemplo n.º 1

Arquivo: update.php Projeto: nuQuery/v1m0-api-all

*/
# Including our configuration and validate app
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Getting our template
$query = "\tSELECT\n\t\t\t\t`id`\n\t\t\tFROM\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tFORCE\n\t\t\t\tINDEX (`PRIMARY`)\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment` \tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\tLIMIT 1";
$email_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Invalid template
if (!isset($email_data['id'])) {
    exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE);
}
# Invalid template code
$invalid_tags = [];
if (!TemplateParser::validate($_JPOST->body, $invalid_tags)) {
    exit_fail(NQ_ERROR_INVALID_VALUE, 'Validation Error');
}
# If we have any invalid tags
if (count($invalid_tags) > 0) {
    $error = [];
    foreach ($invalid_tags as $tag => $count) {
        $error[] = $tag . ' (' . $count . ')';
    }
    exit_fail(NQ_ERROR_INVALID_VALUE, 'Your template contains the following restricted HTML tags: ' . implode(', ', $error));
}
# Updating our template
$query = "\tUPDATE\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tSET\n\t\t\t\t`subject`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->subject) . "',\n\t\t\t\t`body`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->body) . "',\n\t\t\t\t`bcc`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->bcc) . "',\n\t\t\t\t`locked`\t\t=b'" . (boolval_ext($_JPOST->locked) ? '1' : '0') . "',\n\t\t\t\t`requires_unsubscribe`\t=b'" . (boolval_ext($_JPOST->requires_unsubscribe) ? '1' : '0') . "'\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $email_data['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# We successfully updated
$content = new stdClass();