public function testFilterString() { $this->assertEquals(Filter::filterString(' <b><?php echo "biber"; ?></b>what? '), 'what?'); }
public static function getTrailByTrailUuid(PDO &$pdo, $trailUuid) { //sanitize the trailUuid before searching try { $trailUuid = Filter::filterString($trailUuid, "trailUuid"); } catch (InvalidArgumentException $invalidArgument) { throw new PDOException($invalidArgument->getMessage(), 0, $invalidArgument); } catch (RangeException $range) { throw new PDOException($range->getMessage(), 0, $range); } catch (Exception $exception) { throw new PDOException($exception->getMessage(), 0, $exception); } //create query template $query = "SELECT trailId, userId, browser, createDate, ipAddress, submitTrailId, trailAmenities, trailCondition,trailDescription, trailDifficulty, trailDistance, trailName, trailSubmissionType,\ntrailTerrain, trailTraffic, trailUse, trailUuid FROM trail WHERE trailUuid = :trailUuid"; $statement = $pdo->prepare($query); //bind trailUuid to placeholder $parameters = array("trailUuid" => $trailUuid); $statement->execute($parameters); //build an array of trails $trails = new SplFixedArray($statement->rowCount()); $statement->setFetchMode(PDO::FETCH_ASSOC); while (($row = $statement->fetch()) !== false) { try { //new trail ($trailId, $userId, $submitTrailId, $browser, $createDate, $ipAddress, $trailAccessibility, $trailAmenities, $trailCondition,$trailDescription, $trailDifficulty, $trailDistance, $trailSubmissionType,$trailTerrain, $trailName, $trailTraffic, $trailUse, $trailUuId) $trail = new Trail($row["trailId"], $row["userId"], $row["browser"], $row["createDate"], $row["ipAddress"], $row["submitTrailId"], $row["trailAmenities"], $row["trailCondition"], $row["trailDescription"], $row["trailDifficulty"], $row["trailDistance"], $row["trailName"], $row["trailSubmissionType"], $row["trailTerrain"], $row["trailTraffic"], $row["trailUse"], $row["trailUuid"]); $trails[$trails->key()] = $trail; $trails->next(); } catch (Exception $e) { //if the row couldn't be converted, rethrow it throw new PDOException($e->getMessage(), 0, $e); } } return $trails; }
public function viewDbAction() { $serverId = Request::post('server_id', 'pagecode', ''); if (!strlen($serverId)) { Response::jsonError($this->_lang->WRONG_REQUEST); } $serverDir = $this->_deployConfig->get('datadir') . $serverId . '/'; $info = array(); $date = '---'; if (file_exists($serverDir . 'lastfsupdate')) { $date = Filter::filterString(@file_get_contents($serverDir . 'lastdbupdate')); } if (file_exists($serverDir . 'db.php')) { $info = (include $serverDir . 'db.php'); } $data = array('info' => $info, 'date' => $date); Response::jsonSuccess($data); }