protected function get_post_values($ids) { $data = array(); for ($i = 0; $i < sizeof($ids); $i++) { $data[$ids[$i]] = array(); } foreach ($_POST as $key => $value) { $details = explode("_", $key, 2); if (sizeof($details) == 1) { continue; } $name = $this->name_data($details[1]); $data[$details[0]][$name] = ConnectorSecurity::filter($value); } return $data; }
protected function get_post_values($ids) { if (isset($_GET['action'])) { $data = array(); if (isset($_POST["id"])) { $dataset = array(); foreach ($_POST as $key => $value) { $dataset[$key] = ConnectorSecurity::filter($value); } $data[$_POST["id"]] = $dataset; } else { $data["dummy_id"] = $_POST; } return $data; } return parent::get_post_values($ids); }
protected function parse_request() { //set default dyn. loading params, can be reset in child classes if ($this->dload) { $this->request->set_limit(0, $this->dload); } else { if ($this->limit) { $this->request->set_limit(0, $this->limit); } } if (isset($_GET["posStart"]) && isset($_GET["count"])) { $this->request->set_limit($_GET["posStart"], $_GET["count"]); } $this->parse_request_mode(); if ($this->live_update && ($this->updating || $this->editing)) { $this->request->set_version($_GET["dhx_version"]); $this->request->set_user($_GET["dhx_user"]); } if (isset($_GET[Connector::$sort_var])) { foreach ($_GET[Connector::$sort_var] as $k => $v) { $k = $this->safe_field_name($k); $this->request->set_sort($this->resolve_parameter($k), $v); } } if (isset($_GET[Connector::$sort_var])) { foreach ($_GET[Connector::$filter_var] as $k => $v) { $k = $this->safe_field_name($k); $this->request->set_filter($this->resolve_parameter($k), $v); } } $key = ConnectorSecurity::checkCSRF($this->editing); if ($key !== "") { $this->add_top_attribute(ConnectorSecurity::$security_var, $key); } }
<?php $db = new SQLite3('../../common/testdata.sqlite'); require "../../common/connector/data_connector.php"; require "../../common/connector/db_sqlite3.php"; ConnectorSecurity::$xss = DHX_SECURITY_SAFEHTML; $conn = new DataConnector($db, "SQLite3"); $conn->render_table("films", "id", "title,year,votes,rating,rank");
protected function check_csrf() { $key = ConnectorSecurity::checkCSRF($this->editing); if ($key !== "") { $this->add_top_attribute(ConnectorSecurity::$security_var, $key); } }
<?php require_once "../config.php"; require_once '../../codebase/db_pdo.php'; $res = new PDO($mysql_server, $mysql_user, $mysql_pass); require "../../codebase/tree_connector.php"; ConnectorSecurity::$security_key = true; $grid = new TreeConnector($res, "PDO"); $grid->render_table("tasks", "taskId", "taskName", "", "parentId");
static function checkCSRF($edit) { @session_start(); if (ConnectorSecurity::$security_key) { if ($edit === true) { if (!isset($_POST['dhx_security'])) { return ConnectorSecurity::CSRF_detected(); } $master_key = $_SESSION['dhx_security']; $update_key = $_POST['dhx_security']; if ($master_key != $update_key) { return ConnectorSecurity::CSRF_detected(); } return ""; } //data loading if (!array_key_exists("dhx_security", $_SESSION)) { $_SESSION["dhx_security"] = md5(uniqid()); } return $_SESSION["dhx_security"]; } return ""; }
protected function parse_request() { if (isset($_GET['action'])) { $action = $_GET['action']; //simple request mode if ($action == "get") { //data request if (isset($_GET['id'])) { //single entity data request $this->request->set_filter($this->config->id["name"], $_GET['id'], "="); } else { //loading collection of items } } else { //data saving $this->editing = true; } } else { if (isset($_GET["dhx_colls"])) { $this->fill_collections($_GET["dhx_colls"]); } if (isset($_GET['editing']) && isset($_POST['ids'])) { $this->editing = true; } parent::parse_request(); } if (isset($_GET["start"]) && isset($_GET["count"])) { $this->request->set_limit($_GET["start"], $_GET["count"]); } $key = ConnectorSecurity::checkCSRF($this->editing); if ($key !== "") { $this->add_top_attribute("dhx_security", $key); } }
<?php $db = new SQLite3('../../common/testdata.sqlite'); require "../../common/connector/data_connector.php"; require "../../common/connector/db_sqlite3.php"; ConnectorSecurity::$xss = DHX_SECURITY_TRUSTED; $conn = new DataConnector($db, "SQLite3"); $conn->render_table("films", "id", "title,year,votes,rating,rank");