Пример #1
0
 function testNoDefault()
 {
     $filter = new DeclFilter();
     $filter->addStaticKeyFilters(array('hello' => 'digits'));
     $data = $filter->filter(array('hello' => '123abc', 'world' => '123abc'));
     $this->assertEquals($data['world'], '123abc');
     $this->assertEquals($data['hello'], '123');
 }
Пример #2
0
 function performRequest($url, $postBody = null)
 {
     $cachelib = TikiLib::lib('cache');
     $tikilib = TikiLib::lib('tiki');
     if ($cache = $cachelib->getSerialized($url . $postBody)) {
         if (time() < $cache['expires']) {
             return $cache['data'];
         }
         $cachelib->invalidate($url . $postBody);
     }
     $client = $tikilib->get_http_client($url);
     $method = null;
     if (empty($postBody)) {
         $method = 'GET';
         $client->setHeaders(array('Accept' => 'application/json,text/x-yaml', 'OIntegrate-Version' => '1.0'));
     } else {
         $client->setHeaders(array('Accept' => 'application/json,text/x-yaml', 'OIntegrate-Version' => '1.0'));
         $client->setRawData($postBody, 'application/x-www-form-urlencoded');
     }
     if (count($this->schemaVersion)) {
         $client->setHeaders('OIntegrate-SchemaVersion', implode(', ', $this->schemaVersion));
     }
     if (count($this->acceptTemplates)) {
         $client->setHeaders('OIntegrate-AcceptTemplate', implode(', ', $this->acceptTemplates));
     }
     $httpResponse = $client->request($method);
     $content = $httpResponse->getBody();
     $contentType = $httpResponse->getHeader('Content-Type');
     $cacheControl = $httpResponse->getHeader('Cache-Control');
     $response = new OIntegrate_Response();
     $response->contentType = $contentType;
     $response->cacheControl = $cacheControl;
     $response->data = $this->unserialize($contentType, $content);
     $filter = new DeclFilter();
     $filter->addCatchAllFilter('xss');
     $response->data = $filter->filter($response->data);
     $response->version = $httpResponse->getHeader('OIntegrate-Version');
     $response->schemaVersion = $httpResponse->getHeader('OIntegrate-SchemaVersion');
     if (!$response->schemaVersion && isset($response->data->_version)) {
         $response->schemaVersion = $response->data->_version;
     }
     $response->schemaDocumentation = $httpResponse->getHeader('OIntegrate-SchemaDocumentation');
     global $prefs;
     // Respect cache duration asked for
     if (preg_match('/max-age=(\\d+)/', $cacheControl, $parts)) {
         $expiry = time() + $parts[1];
         $cachelib->cacheItem($url, serialize(array('expires' => $expiry, 'data' => $response)));
         // Unless service specifies not to cache result, apply a default cache
     } elseif (false !== strpos($cacheControl, 'no-cache') && $prefs['webservice_consume_defaultcache'] > 0) {
         $expiry = time() + $prefs['webservice_consume_defaultcache'];
         $cachelib->cacheItem($url, serialize(array('expires' => $expiry, 'data' => $response)));
     }
     return $response;
 }
Пример #3
0
 function testUnsetPattern()
 {
     $configuration = array(array('keyPatternUnset' => array('/^hello/')));
     $filter = DeclFilter::fromConfiguration($configuration);
     $data = $filter->filter(array('hello123' => '123abc', 'hello456' => '123abc', 'world' => '123abc'));
     $this->assertFalse(isset($data['hello123']));
     $this->assertFalse(isset($data['hello456']));
     $this->assertEquals($data['world'], '123abc');
 }
Пример #4
0
	$smarty->assign('CSRFTicket', isset( $_SESSION['ticket'] ) ? $_SESSION['ticket'] : null);
}
require_once ('lib/setup/perms.php');
// --------------------------------------------------------------
// deal with register_globals
if (ini_get('register_globals')) {
	foreach (array($_ENV, $_GET, $_POST, $_COOKIE, $_SERVER) as $superglob) {
		foreach ($superglob as $key => $val) {
			if (isset($GLOBALS[$key]) && $GLOBALS[$key] == $val) { // if global has been set some other way
				// that is OK (prevents munging of $_SERVER with ?_SERVER=rubbish etc.)
				unset($GLOBALS[$key]);
			}
		}
	}
}
$serverFilter = new DeclFilter;
if ( ( isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input'] ) !== 'y' || $tiki_p_trust_input != 'y') {
	$serverFilter->addStaticKeyFilters(array('QUERY_STRING' => 'xss', 'REQUEST_URI' => 'xss', 'PHP_SELF' => 'xss',));
}
$jitServer = new JitFilter($_SERVER);
$_SERVER = $serverFilter->filter($_SERVER);
// Rebuild request after gpc fix
// _REQUEST should only contain GET and POST in the app

$prepareInput = new TikiFilter_PrepareInput('~');
$_GET = $prepareInput->prepare($_GET);
$_POST = $prepareInput->prepare($_POST);

$_REQUEST = array_merge($_GET, $_POST);
// Preserve unfiltered values accessible through JIT filtering
$jitPost = new JitFilter($_POST);
Пример #5
0
if (is_file('db/virtuals.inc')) {
    $virtuals = array_map('trim', file('db/virtuals.inc'));
    foreach ($virtuals as $v) {
        if ($v) {
            if (is_file("db/{$v}/local.php") && is_readable("db/{$v}/local.php")) {
                $virt[$v] = 'y';
            } else {
                $virt[$v] = 'n';
            }
        }
    }
} else {
    $virt = false;
    $virtuals = false;
}
$serverFilter = new DeclFilter();
if ((isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input']) !== 'y' || $tiki_p_trust_input != 'y') {
    $serverFilter->addStaticKeyFilters(array('TIKI_VIRTUAL' => 'striptags', 'SERVER_NAME' => 'striptags', 'HTTP_HOST' => 'striptags'));
}
$jitServer = new JitFilter($_SERVER);
$_SERVER = $serverFilter->filter($_SERVER);
$multi = '';
// If using multiple Tiki installations (MultiTiki)
if ($virtuals) {
    if (isset($_POST['multi']) && in_array($_POST['multi'], $virtuals)) {
        $multi = $_POST['multi'];
    } else {
        if (isset($_SERVER['TIKI_VIRTUAL']) && is_file('db/' . $_SERVER['TIKI_VIRTUAL'] . '/local.php')) {
            $multi = $_SERVER['TIKI_VIRTUAL'];
        } elseif (isset($_SERVER['SERVER_NAME']) && is_file('db/' . $_SERVER['SERVER_NAME'] . '/local.php')) {
            $multi = $_SERVER['SERVER_NAME'];
Пример #6
0
function wikiplugin_rss($data, $params)
{
    global $smarty;
    global $tikilib;
    global $dbTiki;
    global $rsslib;
    if (!isset($rsslib)) {
        include_once 'lib/rss/rsslib.php';
    }
    extract($params, EXTR_SKIP);
    if (!isset($max)) {
        $max = '10';
    }
    if (!isset($id)) {
        return tra('You need to specify a RSS Id');
    }
    if (!isset($date)) {
        $date = 0;
    }
    if (!isset($desc)) {
        $desc = 0;
    }
    if (!isset($author)) {
        $author = 0;
    }
    $ids = explode(':', $id);
    $repl = '';
    $items = array();
    $filter = new DeclFilter();
    $filter->addStaticKeyFilters(array('link' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'pubDate' => 'striptags', 'description' => 'striptags'));
    foreach ($ids as $val) {
        if (!($rssdata = $rsslib->get_rss_module_content($val))) {
            $repl = tra('RSS Id incorrect:') . ' ' . $val;
        }
        $itemsrss = $rsslib->parse_rss_data($rssdata, $val, $rssdata);
        foreach ($itemsrss as &$item) {
            foreach ($item as &$v) {
                $v = TikiLib::htmldecode($v);
            }
            $item = $filter->filter($item);
            if ($desc > 1 && strlen($item['description']) > $desc) {
                $item['description'] = substr($item['description'], 0, $desc) . ' [...]';
            }
        }
        $items = array_merge($items, $itemsrss);
    }
    $title = null;
    if (isset($items[0]) && $items[0]['isTitle'] == 'y') {
        $title = array_shift($items);
    }
    // No need to waste time sorting with only one feed
    if (count($ids) > 1) {
        usort($items, 'rss_sort');
    }
    $items = array_slice($items, 0, $max);
    if (count($items) < $max) {
        $max = count($items);
    }
    global $smarty;
    $smarty->assign('title', $title);
    $smarty->assign('items', $items);
    $smarty->assign('showdate', $date > 0);
    $smarty->assign('showdesc', $desc > 0);
    $smarty->assign('showauthor', $author > 0);
    return '~np~' . $smarty->fetch('wiki-plugins/wikiplugin_rss.tpl') . '~/np~';
}
Пример #7
0
 private function update_feed($rssId, $url, $actions)
 {
     global $tikilib;
     $filter = new DeclFilter();
     $filter->addStaticKeyFilters(array('url' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'description' => 'striptags', 'content' => 'purifier'));
     $guidFilter = TikiFilter::get('url');
     try {
         $content = $tikilib->httprequest($url);
         $feed = Zend_Feed_Reader::importString($content);
     } catch (Zend_Exception $e) {
         $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => 'N/A', 'siteurl' => '#'), array('rssId' => $rssId));
         return;
     }
     $siteTitle = TikiFilter::get('striptags')->filter($feed->getTitle());
     $siteUrl = TikiFilter::get('url')->filter($feed->getLink());
     $this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => $siteTitle, 'siteurl' => $siteUrl), array('rssId' => $rssId));
     foreach ($feed as $entry) {
         // TODO: optimize. Atom entries have an 'updated' element which can be used to only update updated entries
         $guid = $guidFilter->filter($entry->getId());
         $authors = $entry->getAuthors();
         $data = $filter->filter(array('title' => $entry->getTitle(), 'url' => $entry->getLink(), 'description' => $entry->getDescription(), 'content' => $entry->getContent(), 'author' => $authors ? implode(', ', $authors->getValues()) : ''));
         $data['guid'] = $guid;
         if (method_exists($entry, 'getDateCreated') && ($createdDate = $entry->getDateCreated())) {
             $data['publication_date'] = $createdDate->get(Zend_Date::TIMESTAMP);
         } else {
             global $tikilib;
             $data['publication_date'] = $tikilib->now;
         }
         $count = $this->items->fetchCount(array('rssId' => $rssId, 'guid' => $guid));
         if (0 == $count) {
             $this->insert_item($rssId, $data, $actions);
         } else {
             $this->update_item($rssId, $data['guid'], $data);
         }
     }
 }