function testNoDefault()
{
$filter = new DeclFilter();
$filter->addStaticKeyFilters(array('hello' => 'digits'));
$data = $filter->filter(array('hello' => '123abc', 'world' => '123abc'));
$this->assertEquals($data['world'], '123abc');
$this->assertEquals($data['hello'], '123');
}
function performRequest($url, $postBody = null)
{
$cachelib = TikiLib::lib('cache');
$tikilib = TikiLib::lib('tiki');
if ($cache = $cachelib->getSerialized($url . $postBody)) {
if (time() < $cache['expires']) {
return $cache['data'];
}
$cachelib->invalidate($url . $postBody);
}
$client = $tikilib->get_http_client($url);
$method = null;
if (empty($postBody)) {
$method = 'GET';
$client->setHeaders(array('Accept' => 'application/json,text/x-yaml', 'OIntegrate-Version' => '1.0'));
} else {
$client->setHeaders(array('Accept' => 'application/json,text/x-yaml', 'OIntegrate-Version' => '1.0'));
$client->setRawData($postBody, 'application/x-www-form-urlencoded');
}
if (count($this->schemaVersion)) {
$client->setHeaders('OIntegrate-SchemaVersion', implode(', ', $this->schemaVersion));
}
if (count($this->acceptTemplates)) {
$client->setHeaders('OIntegrate-AcceptTemplate', implode(', ', $this->acceptTemplates));
}
$httpResponse = $client->request($method);
$content = $httpResponse->getBody();
$contentType = $httpResponse->getHeader('Content-Type');
$cacheControl = $httpResponse->getHeader('Cache-Control');
$response = new OIntegrate_Response();
$response->contentType = $contentType;
$response->cacheControl = $cacheControl;
$response->data = $this->unserialize($contentType, $content);
$filter = new DeclFilter();
$filter->addCatchAllFilter('xss');
$response->data = $filter->filter($response->data);
$response->version = $httpResponse->getHeader('OIntegrate-Version');
$response->schemaVersion = $httpResponse->getHeader('OIntegrate-SchemaVersion');
if (!$response->schemaVersion && isset($response->data->_version)) {
$response->schemaVersion = $response->data->_version;
}
$response->schemaDocumentation = $httpResponse->getHeader('OIntegrate-SchemaDocumentation');
global $prefs;
// Respect cache duration asked for
if (preg_match('/max-age=(\\d+)/', $cacheControl, $parts)) {
$expiry = time() + $parts[1];
$cachelib->cacheItem($url, serialize(array('expires' => $expiry, 'data' => $response)));
// Unless service specifies not to cache result, apply a default cache
} elseif (false !== strpos($cacheControl, 'no-cache') && $prefs['webservice_consume_defaultcache'] > 0) {
$expiry = time() + $prefs['webservice_consume_defaultcache'];
$cachelib->cacheItem($url, serialize(array('expires' => $expiry, 'data' => $response)));
}
return $response;
}
function testUnsetPattern()
{
$configuration = array(array('keyPatternUnset' => array('/^hello/')));
$filter = DeclFilter::fromConfiguration($configuration);
$data = $filter->filter(array('hello123' => '123abc', 'hello456' => '123abc', 'world' => '123abc'));
$this->assertFalse(isset($data['hello123']));
$this->assertFalse(isset($data['hello456']));
$this->assertEquals($data['world'], '123abc');
}
$smarty->assign('CSRFTicket', isset( $_SESSION['ticket'] ) ? $_SESSION['ticket'] : null);
}
require_once ('lib/setup/perms.php');
// --------------------------------------------------------------
// deal with register_globals
if (ini_get('register_globals')) {
foreach (array($_ENV, $_GET, $_POST, $_COOKIE, $_SERVER) as $superglob) {
foreach ($superglob as $key => $val) {
if (isset($GLOBALS[$key]) && $GLOBALS[$key] == $val) { // if global has been set some other way
// that is OK (prevents munging of $_SERVER with ?_SERVER=rubbish etc.)
unset($GLOBALS[$key]);
}
}
}
}
$serverFilter = new DeclFilter;
if ( ( isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input'] ) !== 'y' || $tiki_p_trust_input != 'y') {
$serverFilter->addStaticKeyFilters(array('QUERY_STRING' => 'xss', 'REQUEST_URI' => 'xss', 'PHP_SELF' => 'xss',));
}
$jitServer = new JitFilter($_SERVER);
$_SERVER = $serverFilter->filter($_SERVER);
// Rebuild request after gpc fix
// _REQUEST should only contain GET and POST in the app
$prepareInput = new TikiFilter_PrepareInput('~');
$_GET = $prepareInput->prepare($_GET);
$_POST = $prepareInput->prepare($_POST);
$_REQUEST = array_merge($_GET, $_POST);
// Preserve unfiltered values accessible through JIT filtering
$jitPost = new JitFilter($_POST);
if (is_file('db/virtuals.inc')) {
$virtuals = array_map('trim', file('db/virtuals.inc'));
foreach ($virtuals as $v) {
if ($v) {
if (is_file("db/{$v}/local.php") && is_readable("db/{$v}/local.php")) {
$virt[$v] = 'y';
} else {
$virt[$v] = 'n';
}
}
}
} else {
$virt = false;
$virtuals = false;
}
$serverFilter = new DeclFilter();
if ((isset($prefs['tiki_allow_trust_input']) && $prefs['tiki_allow_trust_input']) !== 'y' || $tiki_p_trust_input != 'y') {
$serverFilter->addStaticKeyFilters(array('TIKI_VIRTUAL' => 'striptags', 'SERVER_NAME' => 'striptags', 'HTTP_HOST' => 'striptags'));
}
$jitServer = new JitFilter($_SERVER);
$_SERVER = $serverFilter->filter($_SERVER);
$multi = '';
// If using multiple Tiki installations (MultiTiki)
if ($virtuals) {
if (isset($_POST['multi']) && in_array($_POST['multi'], $virtuals)) {
$multi = $_POST['multi'];
} else {
if (isset($_SERVER['TIKI_VIRTUAL']) && is_file('db/' . $_SERVER['TIKI_VIRTUAL'] . '/local.php')) {
$multi = $_SERVER['TIKI_VIRTUAL'];
} elseif (isset($_SERVER['SERVER_NAME']) && is_file('db/' . $_SERVER['SERVER_NAME'] . '/local.php')) {
$multi = $_SERVER['SERVER_NAME'];
function wikiplugin_rss($data, $params)
{
global $smarty;
global $tikilib;
global $dbTiki;
global $rsslib;
if (!isset($rsslib)) {
include_once 'lib/rss/rsslib.php';
}
extract($params, EXTR_SKIP);
if (!isset($max)) {
$max = '10';
}
if (!isset($id)) {
return tra('You need to specify a RSS Id');
}
if (!isset($date)) {
$date = 0;
}
if (!isset($desc)) {
$desc = 0;
}
if (!isset($author)) {
$author = 0;
}
$ids = explode(':', $id);
$repl = '';
$items = array();
$filter = new DeclFilter();
$filter->addStaticKeyFilters(array('link' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'pubDate' => 'striptags', 'description' => 'striptags'));
foreach ($ids as $val) {
if (!($rssdata = $rsslib->get_rss_module_content($val))) {
$repl = tra('RSS Id incorrect:') . ' ' . $val;
}
$itemsrss = $rsslib->parse_rss_data($rssdata, $val, $rssdata);
foreach ($itemsrss as &$item) {
foreach ($item as &$v) {
$v = TikiLib::htmldecode($v);
}
$item = $filter->filter($item);
if ($desc > 1 && strlen($item['description']) > $desc) {
$item['description'] = substr($item['description'], 0, $desc) . ' [...]';
}
}
$items = array_merge($items, $itemsrss);
}
$title = null;
if (isset($items[0]) && $items[0]['isTitle'] == 'y') {
$title = array_shift($items);
}
// No need to waste time sorting with only one feed
if (count($ids) > 1) {
usort($items, 'rss_sort');
}
$items = array_slice($items, 0, $max);
if (count($items) < $max) {
$max = count($items);
}
global $smarty;
$smarty->assign('title', $title);
$smarty->assign('items', $items);
$smarty->assign('showdate', $date > 0);
$smarty->assign('showdesc', $desc > 0);
$smarty->assign('showauthor', $author > 0);
return '~np~' . $smarty->fetch('wiki-plugins/wikiplugin_rss.tpl') . '~/np~';
}
private function update_feed($rssId, $url, $actions)
{
global $tikilib;
$filter = new DeclFilter();
$filter->addStaticKeyFilters(array('url' => 'url', 'title' => 'striptags', 'author' => 'striptags', 'description' => 'striptags', 'content' => 'purifier'));
$guidFilter = TikiFilter::get('url');
try {
$content = $tikilib->httprequest($url);
$feed = Zend_Feed_Reader::importString($content);
} catch (Zend_Exception $e) {
$this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => 'N/A', 'siteurl' => '#'), array('rssId' => $rssId));
return;
}
$siteTitle = TikiFilter::get('striptags')->filter($feed->getTitle());
$siteUrl = TikiFilter::get('url')->filter($feed->getLink());
$this->modules->update(array('lastUpdated' => $tikilib->now, 'sitetitle' => $siteTitle, 'siteurl' => $siteUrl), array('rssId' => $rssId));
foreach ($feed as $entry) {
// TODO: optimize. Atom entries have an 'updated' element which can be used to only update updated entries
$guid = $guidFilter->filter($entry->getId());
$authors = $entry->getAuthors();
$data = $filter->filter(array('title' => $entry->getTitle(), 'url' => $entry->getLink(), 'description' => $entry->getDescription(), 'content' => $entry->getContent(), 'author' => $authors ? implode(', ', $authors->getValues()) : ''));
$data['guid'] = $guid;
if (method_exists($entry, 'getDateCreated') && ($createdDate = $entry->getDateCreated())) {
$data['publication_date'] = $createdDate->get(Zend_Date::TIMESTAMP);
} else {
global $tikilib;
$data['publication_date'] = $tikilib->now;
}
$count = $this->items->fetchCount(array('rssId' => $rssId, 'guid' => $guid));
if (0 == $count) {
$this->insert_item($rssId, $data, $actions);
} else {
$this->update_item($rssId, $data['guid'], $data);
}
}
}