Exemplo n.º 1
0
 /**
  * Cleans the input in the $data array, directly updating $data.
  *
  * Note: This is called from the cleanInput method in the text API for
  * all the attachments to the text node.
  *
  * @param mixed      Array of fieldname => data pairs, passed by reference.
  * @param (int|bool) Nodeid of the node being edited, false if creating new
  */
 public function cleanInput(&$data, $nodeid = false)
 {
     parent::cleanInput($data, $nodeid);
     $data['filedataid'] = intval(isset($data['filedataid']) ? $data['filedataid'] : 0);
     $cleaner = vB::getCleaner();
     $data['filename'] = $cleaner->clean($data['filename'], vB_Cleaner::TYPE_NOHTML);
     // clean and serialize settings
     $data['settings'] = isset($data['settings']) ? $data['settings'] : '';
     if (!empty($data['parentid'])) {
         $nodeid = $data['parentid'];
     }
     $data['settings'] = $this->cleanSettings($data['settings'], $nodeid);
 }
Exemplo n.º 2
0
 /**
  * Cleans the input in the $data array, directly updating $data.
  *
  * @param mixed     Array of fieldname => data pairs, passed by reference.
  * @param int|false Nodeid of the node being edited, false if creating new
  */
 public function cleanInput(&$data, $nodeid = false)
 {
     $parentid = empty($data['parentid']) ? $nodeid : $data['parentid'];
     $userCanUseHtml = false;
     if (!empty($parentid)) {
         $userCanUseHtml = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canusehtml', $parentid);
     }
     // We're only allowing html in titles and descriptions for channels.
     // htmltitle not included because if it was provided, it should still not have html in it anyway.
     $htmlFields = array('title', 'description');
     $htmlData = array();
     $cleaner = vB::getCleaner();
     if ($userCanUseHtml) {
         foreach ($htmlFields as $fieldname) {
             if (isset($data[$fieldname])) {
                 $htmlData[$fieldname] = $cleaner->clean($data[$fieldname], vB_Cleaner::TYPE_STR);
             }
         }
     }
     parent::cleanInput($data, $nodeid);
     // Let vB_Api_Content cleanInput do it's thing, then just replace the html fields if they were set.
     foreach ($htmlData as $fieldname => $value) {
         $data[$fieldname] = $value;
     }
 }
Exemplo n.º 3
0
 /**
  * Cleans the input in the $data array, directly updating $data.
  *
  * @param mixed     Array of fieldname => data pairs, passed by reference.
  * @param int|false Nodeid of the node being edited, false if creating new
  */
 public function cleanInput(&$data, $nodeid = false)
 {
     parent::cleanInput($data, $nodeid);
     $canUseHtml = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canusehtml', (empty($nodeid) and isset($data['parentid'])) ? $data['parentid'] : $nodeid);
     if (isset($data['htmlstate'])) {
         if ($canUseHtml) {
             switch ($data['htmlstate']) {
                 case 'on':
                 case 'on_nl2br':
                 case 'off':
                     // We're ok, don't do anything.
                     break;
                 default:
                     $data['htmlstate'] = 'off';
                     break;
             }
         } else {
             // User can't use HTML.
             $data['htmlstate'] = 'off';
         }
     }
     // ** clean attachment related data **
     // this calls the attach api to clean attachment data for this
     // text (or other content type) node. Only text content (and
     // subclasses) can have attachments, so this is the appropriate
     // place for this (not in the parent class)
     if (!empty($data['attachments'])) {
         if (is_array($data['attachments'])) {
             // use instanceInternal so we can pass by reference
             $attachApi = vB_Api::instanceInternal('Content_Attach');
             foreach ($data['attachments'] as $k => $v) {
                 // passed by reference and cleaned
                 $data['attachments'][$k]['parentid'] = $data['parentid'];
                 $attachApi->cleanInput($data['attachments'][$k]);
             }
         } else {
             $data['attachments'] = array();
         }
     }
     // Similar to above, but for gallery photos
     if (!empty($data['photos'])) {
         if (is_array($data['photos'])) {
             // use instanceInternal so we can pass by reference
             // Note, photoAPI actually doesn't have its own cleaner, so it just goes through this cleaner. But just in case we add its own, keep using
             // the photo API reference below.
             $photoApi = vB_Api::instanceInternal('Content_Photo');
             foreach ($data['photos'] as $k => $v) {
                 // passed by reference and cleaned
                 $data['photos'][$k]['parentid'] = $data['parentid'];
                 $photoApi->cleanInput($data['photos'][$k], $nodeid);
             }
         } else {
             $data['photos'] = array();
         }
     }
     if (!empty($data['removeattachments'])) {
         if (is_array($data['removeattachments'])) {
             $removeattachments = array();
             foreach ($data['removeattachments'] as $k => $v) {
                 $removeattachments[intval($k)] = intval($v);
             }
             $data['removeattachments'] = $removeattachments;
         } else {
             $data['removeattachments'] = array();
         }
     }
 }