/** * Securise la variable utilisateur entrée en parametre * @author Valentin * @param<String> variable a sécuriser * @param<Integer> niveau de securisation * @return<String> variable securisée */ public static function secure($var) { $response = ''; if (is_array($var)) { foreach ($var as $key => $value) { $response[Functions::secure($key)] = Functions::secure($value); } } else { $response = addslashes(htmlspecialchars($var, ENT_QUOTES, "UTF-8")); } return $response; }
public function setFromForms() { foreach ($_POST as $key => $val) { $setter = 'set' . ucfirst($key); if (method_exists($this, $setter)) { $this->{$setter}(empty($val) ? $this->{$key} : Functions::secure($val)); } } foreach ($_FILES as $key => $val) { $this->{$key} = (Functions::upload($key, ROOT . 'public/img/' . $this->table . '/' . $this->getNextId() . '/', 'picture', $this->pictureFormats) or $this->{$key}); } }
$languageList = $i18n->languages; if (file_exists('constant.php')) { die(_t('ALREADY_INSTALLED')); } // Cookie de la session $cookiedir = ''; if (dirname($_SERVER['SCRIPT_NAME']) != '/') { $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; } session_set_cookie_params(0, $cookiedir); session_start(); // Protection des variables $_ = array_merge($_GET, $_POST); $whiteList = array('mysqlHost', 'mysqlLogin', 'mysqlMdp', 'mysqlBase', 'mysqlPrefix'); foreach ($_ as $key => &$val) { $val = in_array($key, $whiteList) ? str_replace("'", "\\'", $val) : Functions::secure($val); } // Valeurs par défaut, remplacées si une autre valeur est saisie. foreach (array('login', 'mysqlBase', 'mysqlHost', 'mysqlLogin', 'mysqlMdp', 'mysqlPrefix', 'password', 'root') as $var) { /* Initalise les variables avec le contenu des champs * pour rappeler les valeurs déjà saisies. */ if (!empty($_[$var])) { ${$var} = $_[$var]; } else { ${$var} = ''; } } if (empty($root)) { // Ne peut être vide, alors on met la valeur par défaut $root = str_replace(basename(__FILE__), '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']); }
public function secureReduced($fieldName, $n) { return Functions::secure(Functions::reduce($this->get($fieldName), $n)); }
public static function createSelect($name, $options, $selectedOption = '', $useOldValue = false, $oldValue = '', $class = '', $id = '', $more = '') { $res = "\n" . '<select name="' . $name . '"'; if (!empty($class)) { $res .= ' class="' . $class . '"'; } if (!empty($id)) { $res .= ' id="' . $id . '"'; } if (!empty($more)) { $res .= ' ' . $more; } $res .= ">\n"; $val = $useOldValue ? isset($_POST[$name]) ? $_POST[$name] : $oldValue : $selectedOption; $mode = is_array($val) ? 'array' : 'string'; foreach ($options as $optionValue => $optionText) { $isSelected = $mode == 'array' ? in_array($optionValue, $val) : $optionValue == $val; $res .= '<option value="' . $optionValue . '"'; if ($isSelected && $useOldValue) { $res .= ' selected=selected'; } $res .= '>' . Functions::secure($optionText) . '</option>' . "\n"; } $res .= '</select>' . "\n"; return $res; }
raintpl::configure("base_url", null); raintpl::configure("tpl_dir", './templates/' . $theme . '/'); raintpl::configure("cache_dir", "./cache/tmp/"); i18n_init($language, dirname(__FILE__) . '/templates/' . $theme . '/'); if ($resultUpdate) { die(_t('LEED_UPDATE_MESSAGE')); } $view = ''; $tpl->assign('myUser', $myUser); $tpl->assign('feedManager', $feedManager); $tpl->assign('eventManager', $eventManager); $tpl->assign('userManager', $userManager); $tpl->assign('folderManager', $folderManager); $tpl->assign('configurationManager', $configurationManager); $tpl->assign('synchronisationCode', $configurationManager->get('synchronisationCode')); //Récuperation et sécurisation de toutes les variables POST et GET $_ = array(); foreach ($_POST as $key => $val) { $_[$key] = Functions::secure($val, 2); // on ne veut pas d'addslashes } foreach ($_GET as $key => $val) { $_[$key] = Functions::secure($val, 2); // on ne veut pas d'addslashes } $tpl->assign('_', $_); $tpl->assign('action', ''); //Inclusion des plugins Plugin::includeAll(); // pour inclure aussi les traductions des plugins dans les js $tpl->assign('i18n_js', $i18n_js);