/** * Utility function redirect the browser location to another url * * Can optionally provide a message. * @param string The URL to redirect to * @param string A Message to display to the user */ function vmRedirect($url, $msg = '') { if (function_exists('mosRedirect')) { mosRedirect($url, $msg); } elseif (vmIsJoomla('1.5', '>=')) { global $mainframe; $mainframe->redirect($url, $msg); } else { global $mainframe; // specific filters $iFilter = vmInputFilter::getInstance(); $url = $iFilter->process($url); if (!empty($msg)) { $msg = $iFilter->process($msg); } // Strip out any line breaks and throw away the rest $url = preg_split("/[\r\n]/", $url); $url = $url[0]; if ($iFilter->badAttributeValue(array('href', $url))) { $url = $GLOBALS['mosConfig_live_site']; } if (trim($msg)) { if (strpos($url, '?')) { $url .= '&mosmsg=' . urlencode($msg); } else { $url .= '?mosmsg=' . urlencode($msg); } } if (headers_sent()) { echo '<script type="text/javascript">document.location.href=\'' . $url . '\';</script>'; } else { @ob_end_clean(); // clear output buffer header('HTTP/1.1 301 Moved Permanently'); header("Location: " . $url); } $GLOBALS['vm_mainframe']->close(true); } }
function _cleanVar($var, $mask = 0, $type = null) { // Static input filters for specific settings static $noHtmlFilter = null; static $safeHtmlFilter = null; // If the no trim flag is not set, trim the variable if (!($mask & 1) && is_string($var)) { $var = trim($var); } // Now we handle input filtering if ($mask & 2) { // If the allow raw flag is set, do not modify the variable $var = $var; } elseif ($mask & 4) { // If the allow html flag is set, apply a safe html filter to the variable if (is_null($safeHtmlFilter)) { $safeHtmlFilter =& vmInputFilter::getInstance(null, null, 1, 1); } $var = $safeHtmlFilter->clean($var, $type); } else { // Since no allow flags were set, we will apply the most strict filter to the variable if (is_null($noHtmlFilter)) { $noHtmlFilter =& vmInputFilter::getInstance(); } $var = $noHtmlFilter->clean($var, $type); } return $var; }
/** * Internal method to strip a tag of certain attributes * * @access protected * @param array $attrSet Array of attribute pairs to filter * @return array $newSet Filtered array of attribute pairs */ function filterAttr($attrSet) { /* * Initialize variables */ $newSet = array(); /* * Iterate through attribute pairs */ for ($i = 0; $i < count($attrSet); $i++) { /* * Skip blank spaces */ if (!$attrSet[$i]) { continue; } /* * Split into name/value pairs */ $attrSubSet = explode('=', trim($attrSet[$i]), 2); list($attrSubSet[0]) = explode(' ', $attrSubSet[0]); /* * Remove all "non-regular" attribute names * AND blacklisted attributes */ if (!preg_match("/^[a-z][a-z0-9]*\$/i", $attrSubSet[0]) || $this->xssAuto && (in_array(strtolower($attrSubSet[0]), $this->attrBlacklist) || substr($attrSubSet[0], 0, 2) == 'on')) { continue; } /* * XSS attribute value filtering */ if ($attrSubSet[1]) { // strips unicode, hex, etc $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]); // strip normal newline and multiple space chars within attr value $attrSubSet[1] = str_replace(array("\r\n", "\r", "\n"), array(' ', ' ', ' '), $attrSubSet[1]); $attrSubSet[1] = preg_replace('/\\s\\s+/', ' ', $attrSubSet[1]); // strip slashes $attrSubSet[1] = stripslashes($attrSubSet[1]); // strip double quotes $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]); // [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value) if (substr($attrSubSet[1], 0, 1) == "'" && substr($attrSubSet[1], strlen($attrSubSet[1]) - 1, 1) == "'") { $attrSubSet[1] = substr($attrSubSet[1], 1, strlen($attrSubSet[1]) - 2); } } /* * Autostrip script tags */ if (vmInputFilter::badAttributeValue($attrSubSet)) { continue; } /* * Is our attribute in the user input array? */ $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray); /* * If the tag is allowed lets keep it */ if (!$attrFound && $this->attrMethod || $attrFound && !$this->attrMethod) { /* * Does the attribute have a value? */ if ($attrSubSet[1]) { $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"'; } elseif ($attrSubSet[1] == "0") { /* * Special Case * Is the value 0? */ $newSet[] = $attrSubSet[0] . '="0"'; } else { $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"'; } } } return $newSet; }
} $product_id = vmRequest::getInt('product_id'); $vm_mainframe->setUserState('product_id', $product_id); if (vmIsAdminMode()) { $category_id = (int) $vm_mainframe->getUserStateFromRequest('category_id', 'category_id'); } else { $category_id = vmRequest::getInt('category_id'); } $manufacturer_id = vmRequest::getInt('manufacturer_id'); $user_info_id = vmRequest::getVar('user_info_id'); $myInsecureArray = array('user_info_id' => $user_info_id, 'page' => $page, 'func' => $func); /** * This InputFiler Object will help us filter malicious variable contents * @global vmInputFiler vmInputFiler */ $GLOBALS['vmInputFilter'] = $vmInputFilter = vmInputFilter::getInstance(); // prevent SQL injection if ($perm->check('admin,storeadmin')) { $myInsecureArray = $vmInputFilter->safeSQL($myInsecureArray); $myInsecureArray = $vmInputFilter->process($myInsecureArray); // Re-insert the escaped strings into $_REQUEST foreach ($myInsecureArray as $requestvar => $requestval) { $_REQUEST[$requestvar] = $requestval; } } else { // Strip all tags from all input values $_REQUEST = $vmInputFilter->process($_REQUEST); $_REQUEST = $vmInputFilter->safeSQL($_REQUEST); } // Limit the keyword (=search string) length to 50 $keyword = substr(urldecode(vmGet($_REQUEST, 'keyword')), 0, 50);
function freePDF($showpage, $flypage, $product_id, $category_id, $limitstart, $limit) { global $db, $sess, $auth, $my, $perm, $VM_LANG, $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate, $mm_action_url, $database, $mainframe, $mosConfig_absolute_path, $vendor_full_image, $vendor_name, $limitstart, $limit, $vm_mainframe, $keyword, $cur_template; while (@ob_end_clean()) { } error_reporting(0); ini_set("allow_url_fopen", "1"); switch ($showpage) { case "shop.product_details": $_REQUEST['flypage'] = "shop.flypage_lite_pdf"; $_REQUEST['product_id'] = $product_id; ob_start(); include PAGEPATH . $showpage . '.php'; $html .= ob_get_contents(); ob_end_clean(); $html = repairImageLinks($html); break; case "shop.browse": // vmInputFilter is needed for the browse page if (!isset($vmInputFilter) || !isset($GLOBALS['vmInputFilter'])) { $GLOBALS['vmInputFilter'] = $vmInputFilter = vmInputFilter::getInstance(); } $_REQUEST['category_id'] = $category_id; ob_start(); include PAGEPATH . $showpage . '.php'; $html .= ob_get_contents(); ob_end_clean(); $html = repairImageLinks($html); break; } $logo = IMAGEPATH . "vendor/{$vendor_full_image}"; $logourl = IMAGEURL . "vendor/{$vendor_full_image}"; if (version_compare(phpversion(), '5.0') < 0 || extension_loaded('domxml') || !file_exists(CLASSPATH . "pdf/dompdf/dompdf_config.inc.php")) { define('FPDF_FONTPATH', CLASSPATH . 'pdf/font/'); define('RELATIVE_PATH', CLASSPATH . 'pdf/'); require CLASSPATH . 'pdf/html2fpdf.php'; require CLASSPATH . 'pdf/html2fpdf_site.php'; $pdf = new PDF(); $pdf->AddPage(); $pdf->SetFont('Arial', '', 11); $pdf->InitLogo($logo); $pdf->PutTitle($mosConfig_sitename); $pdf->PutAuthor($vendor_name); $html = str_replace("&", "&", $html); $pdf->WriteHTML($html); $pdf->Output(); } elseif (file_exists(CLASSPATH . "pdf/dompdf/dompdf_config.inc.php")) { // In this part you can use the dompdf library (http://www.digitaljunkies.ca/dompdf/) // Just extract the dompdf archive to /classes/pdf/dompdf //require_once( CLASSPATH . "pdf/dompdf/dompdf_config.inc.php" ); //require_once( CLASSPATH . "pdf/dompdf/load_font.php" ); //require_once( CLASSPATH . "pdf/dompdf/dompdf.php" ); //define('DOMPDF_FONTPATH', CLASSPATH.'pdf/dompdf/lib/fonts/'); //define( 'RELATIVE_PATH', CLASSPATH.'pdf/dompdf/' ); $image_details = getimagesize($logo); $footer = '<script type="text/php"> if ( isset($pdf) ) { // Open the object: all drawing commands will // go to the object instead of the current page $footer = $pdf->open_object(); $w = $pdf->get_width(); $h = $pdf->get_height(); // Draw a line along the bottom $y = $h - 2 * 12 - 24; $pdf->line(16, $y, $w - 16, $y, "grey", 1); // Add a logo $img_w = 2 * 72; // 2 inches, in points $img_h = 1 * 72; // 1 inch, in points -- change these as required $pdf->image("' . $logourl . '", "' . $image_details[2] . '", ($w - $img_w) / 2.0, $y - $img_h, $img_w, $img_h); // Close the object (stop capture) $pdf->close_object(); // Add the object to every page. You can // also specify "odd" or "even" $pdf->add_object($footer, "all"); } </script>'; $website = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>' . $mainframe->getHead() . ' <link rel="stylesheet" href="templates/' . $cur_template . '/css/template_css.css" type="text/css" /> <link rel="stylesheet" href="' . VM_THEMEURL . 'theme.css" type="text/css" /> <link rel="shortcut icon" href="' . $mosConfig_live_site . '/images/favicon.ico" /> <meta http-equiv="Content-Type" content="text/html; ' . _ISO . '" /> <meta name="robots" content="noindex, nofollow" /> </head> <body class="contentpane"> ' . $html . ' ' . $footer . ' </body> </html>'; $website = str_replace("resized%2F", "", $website); $website = str_replace("&", "&", $website); $website = str_replace("#", "", $website); require_once CLASSPATH . "pdf/dompdf/dompdf_config.inc.php"; $dompdf = new DOMPDF(); $dompdf->load_html($website); $dompdf->render(); // die( htmlspecialchars($website)); //YOU CAN EITHER UNCOMMENT THE FOLLOWING LINES AND COMMENT THIS LINE --> // $dompdf->stream( "virtue".$limitstart.".pdf", array('Attachment' => 1)); // OR LEAVE THE FOLLOWING LINES COMMENTED WITH // AND THE $dompdf->stream( "virtue".$limitstart.".pdf", array('Attachment' => 1)); UNCOMMENTED, BOTH WORK AT LAST !! // $file = "virtutest1.pdf"; // file_put_contents($file, $website); // $url = "dompdf.php?input_file=". $mosConfig_live_site."/".rawurlencode($file) . // "&paper=letter&output_file=" . rawurlencode("virtue".$limitstart.".pdf"); //$url = str_replace ("%3A", ":", $url ); //$url = str_replace ("%5C", "/", $url ); //$url = str_replace ("&", "&", $url); //header("Location: ".$mosConfig_live_site . "/administrator/components/com_virtuemart/classes/pdf/dompdf/$url"); $dompdf->stream("virtue" . $limitstart . ".pdf", array('Attachment' => 1)); } }