Exemplo n.º 1
0
 /**
  * getRequestVars
  *
  * build an array of request variables
  * @param string $action Adds ID to returned array if set to 'remove'
  * return array Merged get and post
  *
  **/
 public function getRequestVars($action = '', $checkExpectedPostFields = true, $checkExpectedGetParams = true)
 {
     // Expected vars
     $expectedPostFields = array_flip($this->explodeAndClean($this->options['expectedPostFields']));
     $potentialGetParams = array_flip($this->explodeAndClean($this->options['potentialGetParams']));
     $get = modX::sanitize($_GET, $this->modx->sanitizePatterns);
     if ($checkExpectedGetParams) {
         $get = array_intersect_key($get, $potentialGetParams);
     }
     if (empty($_POST) || $_SERVER['CONTENT_TYPE'] === 'application/json') {
         // we may have raw post data as JSON string
         $post = file_get_contents('php://input');
         if (empty($post)) {
             return false;
         }
         $post = $this->modx->fromJSON($post);
     } else {
         $post = $_POST;
     }
     $post = modX::sanitize($post, $this->modx->sanitizePatterns);
     if ($checkExpectedPostFields) {
         $post = array_intersect_key($post, $expectedPostFields);
     }
     if ($action === 'remove') {
         $post['id'] = '';
     }
     return array_merge($get, $post);
 }
Exemplo n.º 2
0
 /**
  * Parses search string and removes any potential security risks in the search string
  *
  * @param string $str The string to parse.
  * @return string The parsed and cleansed string.
  */
 public function parseSearchString($str = '')
 {
     $minChars = $this->modx->getOption('minChars', $this->config, 4);
     $this->searchArray = explode(' ', $str);
     $this->searchArray = $this->modx->sanitize($this->searchArray, $this->modx->sanitizePatterns);
     $reserved = array('AND', 'OR', 'IN', 'NOT');
     foreach ($this->searchArray as $key => $term) {
         $this->searchArray[$key] = strip_tags($term);
         if (strlen($term) < $minChars && !in_array($term, $reserved)) {
             unset($this->searchArray[$key]);
         }
     }
     $this->searchString = implode(' ', $this->searchArray);
     // one last pass to filter for modx tags
     $this->searchString = str_replace(array('[[', ']]'), array('&#91;&#91;', '&#93;&#93;'), $this->searchString);
     return $this->searchString;
 }
Exemplo n.º 3
0
 /**
  * Harden GPC variables by removing any MODX tags, Javascript, or entities.
  */
 public function sanitizeRequest()
 {
     $modxtags = array_values($this->modx->sanitizePatterns);
     modX::sanitize($_GET, $modxtags);
     if ($this->modx->getOption('allow_tags_in_post', null, true)) {
         modX::sanitize($_POST);
     } else {
         modX::sanitize($_POST, $modxtags);
     }
     modX::sanitize($_COOKIE, $modxtags);
     modX::sanitize($_REQUEST, $modxtags);
     $rAlias = $this->modx->getOption('request_param_alias', null, 'q');
     if (isset($_GET[$rAlias])) {
         $_GET[$rAlias] = preg_replace("/[^A-Za-z0-9_\\-\\.\\/]/", "", $_GET[$rAlias]);
     }
 }
/**
 * fdspaApi
 *
 * DESCRIPTION
 *
 * This Snippet gets more content from the supplied resource
 * given in the "data-id" on click.
 * 
 *
 *
 * USAGE:
 *
 * [[!fdspaApi]]
 *
 */
$get = modX::sanitize($_GET, $modx->sanitizePatterns);
$res_id = urldecode($get['fdspaid']);
if (!empty($res_id) && is_numeric($res_id)) {
    //$output = "id given";
    $output = array();
    $page = $modx->getObject('modResource', $res_id);
    $title = array("pagetitle" => $page->get('pagetitle'));
    $thumb = $page->getTVValue('fdspa-thumb');
    $tArray = array("image" => $thumb);
    $content = array("content" => $page->get('content'));
    $output["result"] = array_merge($title, $content, $tArray);
    return $modx->toJSON($output);
} else {
    $output = "There is was no ID given.";
    return $output;
}
Exemplo n.º 5
0
 /**
  * Sanitize values of an array using regular expression patterns.
  *
  * @static
  * @param array $target The target array to sanitize.
  * @param array|string $patterns A regular expression pattern, or array of
  * regular expression patterns to apply to all values of the target.
  * @param integer $depth The maximum recursive depth to sanitize if the
  * target contains values that are arrays.
  * @return array The sanitized array.
  */
 public static function sanitize(array &$target, array $patterns = array(), $depth = 3, $nesting = 10)
 {
     while (list($key, $value) = each($target)) {
         if (is_array($value) && $depth > 0) {
             modX::sanitize($value, $patterns, $depth - 1);
         } elseif (is_string($value)) {
             if (!empty($patterns)) {
                 foreach ($patterns as $pattern) {
                     $nesting = (int) $nesting ? (int) $nesting : 10;
                     $iteration = 1;
                     while ($iteration <= $nesting && preg_match($pattern, $value)) {
                         $value = preg_replace($pattern, '', $value);
                         $iteration++;
                     }
                 }
             }
             if (get_magic_quotes_gpc()) {
                 $target[$key] = stripslashes($value);
             } else {
                 $target[$key] = $value;
             }
         }
     }
     return $target;
 }
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA 02111-1307 USA
 **/
// Paths
$oauth2Path = $modx->getOption('oauth2server.core_path', null, $modx->getOption('core_path') . 'components/oauth2server/');
$oauth2Path .= 'model/oauth2server/';
// Get Class
if (file_exists($oauth2Path . 'oauth2server.class.php')) {
    $oauth2 = $modx->getService('oauth2server', 'OAuth2Server', $oauth2Path, $scriptProperties);
}
if (!$oauth2 instanceof OAuth2Server) {
    $modx->log(modX::LOG_LEVEL_ERROR, '[grantOAuth2Tokens] could not load the required class!');
    return;
}
// We need these
$server = $oauth2->createServer();
$request = $oauth2->createRequest();
$response = $oauth2->createResponse();
if (!$server || !$request || !$response) {
    $modx->log(modX::LOG_LEVEL_WARN, '[verifyOAuth2]: could not create the required OAuth2 Server objects.');
    return;
}
// Handle Token Requests
$post = modX::sanitize($_POST, $modx->sanitizePatterns);
$server->handleTokenRequest($request)->send();
Exemplo n.º 7
0
 /**
  * Sanitize values of an array using regular expression patterns.
  *
  * @static
  * @param array $target The target array to sanitize.
  * @param array|string $patterns A regular expression pattern, or array of
  * regular expression patterns to apply to all values of the target.
  * @param integer $depth The maximum recursive depth to sanitize if the
  * target contains values that are arrays.
  * @param integer $nesting The maximum nesting level in which to dive
  * @return array The sanitized array.
  */
 public static function sanitize(array &$target, array $patterns = array(), $depth = 99, $nesting = 10)
 {
     foreach ($target as $key => &$value) {
         if (is_array($value) && $depth > 0) {
             modX::sanitize($value, $patterns, $depth - 1);
         } elseif (is_string($value)) {
             if (!empty($patterns)) {
                 $iteration = 1;
                 $nesting = (int) $nesting ? (int) $nesting : 10;
                 while ($iteration <= $nesting) {
                     $matched = false;
                     foreach ($patterns as $pattern) {
                         $patternIterator = 1;
                         $patternMatches = preg_match($pattern, $value);
                         if ($patternMatches > 0) {
                             $matched = true;
                             while ($patternMatches > 0 && $patternIterator <= $nesting) {
                                 $value = preg_replace($pattern, '', $value);
                                 $patternMatches = preg_match($pattern, $value);
                             }
                         }
                     }
                     if (!$matched) {
                         break;
                     }
                     $iteration++;
                 }
             }
             if (get_magic_quotes_gpc()) {
                 $target[$key] = stripslashes($value);
             } else {
                 $target[$key] = $value;
             }
         }
     }
     return $target;
 }
Exemplo n.º 8
0
 /**
  * Sanitizes MODX tags from $string.
  * 
  * @param $string
  * @return string
  */
 public function stripMODXTags($string)
 {
     $targets = array($string);
     $targets = modX::sanitize($targets, array('@\\[\\[(.[^\\[\\[]*?)\\]\\]@si'));
     return $targets[0];
 }