function run_create_translation($args, $opts)
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$opts = $filter->xssFilterHard($opts);
$args = $filter->xssFilterHard($args);
$rootDir = realpath(__DIR__."/../../../../");
$app = new Maveriks\WebApplication();
$app->setRootDir($rootDir);
$loadConstants = false;
$workspaces = get_workspaces_from_args($args);
$lang = array_key_exists("lang", $opts) ? $opts['lang'] : 'en';
$translation = new Translation();
CLI::logging("Updating labels Mafe ...\n");
foreach ($workspaces as $workspace) {
try {
echo "Updating labels for workspace " . pakeColor::colorize($workspace->name, "INFO") . "\n";
$translation->generateTransaltionMafe($lang);
} catch (Exception $e) {
echo "Errors upgrading labels for workspace " . CLI::info($workspace->name) . ": " . CLI::error($e->getMessage()) . "\n";
}
}
CLI::logging("Create successful\n");
}
/**
* Dump the contents of the file using fpassthru().
*
* @return void
* @throws Exception if no file or contents.
*/
function dump()
{
if (!$this->data) {
// hmmm .. must be a file that needs to read in
if ($this->inFile) {
$fp = @fopen($this->inFile, "rb");
if (!$fp) {
throw new Exception('Unable to open file: ' . $this->inFile);
}
fpassthru($fp);
@fclose($fp);
} else {
throw new Exception('No data to dump');
}
} else {
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.inputfilter.php';
$filter = new InputFilter();
$data = $filter->xssFilterHard($this->data);
echo $data;
}
}
/** overloaded check function */
function check()
{
// filter malicious code
$ignoreList = array('params');
$this->filter($ignoreList);
// specific filters
$iFilter = new InputFilter();
if ($iFilter->badAttributeValue(array('href', $this->url))) {
$this->_error = 'Please provide a valid URL';
return false;
}
/** check for valid name */
if (trim($this->title) == '') {
$this->_error = _WEBLINK_TITLE;
return false;
}
if (!(preg_match('http://', $this->url) || preg_match('https://', $this->url) || preg_match('ftp://', $this->url))) {
$this->url = 'http://' . $this->url;
}
/** check for existing name */
$query = "SELECT id" . "\n FROM #__weblinks " . "\n WHERE title = " . $this->_db->Quote($this->title) . "\n AND catid = " . (int) $this->catid;
$this->_db->setQuery($query);
$xid = intval($this->_db->loadResult());
if ($xid && $xid != intval($this->id)) {
$this->_error = _WEBLINK_EXIST;
return false;
}
return true;
}
public function getInputFilter()
{
if (!$this->inputFilter) {
$inputFilter = new InputFilter();
$inputFilter->add(array('name' => 'id', 'required' => 'true', 'filters' => array(array('name' => 'Int'))));
$inputFilter->add(array('name' => 'jenis', 'required' => 'true', 'filters' => array(array('name' => 'StripTags'), array('name' => 'StringTrim')), 'validators' => array(array('name' => 'StringLength', 'options' => array('encoding' => 'UTF-8', 'min' => 1, 'max' => 100)))));
$inputFilter->add(array('name' => 'inmission', 'required' => 'true'));
}
return $inputFilter;
}
public function getInputFilter()
{
if (!$this->inputFilter) {
$inputFilter = new InputFilter();
$factory = new InputFactory();
$inputFilter->add($factory->createInput(array('name' => 'email', 'required' => true, 'filters' => array(array('name' => 'StripTags'), array('name' => 'StringTrim')), 'validators' => array(array('name' => 'StringLength', 'options' => array('encoding' => 'UTF-8', 'min' => 1, 'max' => 100))))));
$inputFilter->add($factory->createInput(array('name' => 'password', 'required' => true)));
$this->inputFilter = $inputFilter;
}
return $this->inputFilter;
}
public function getInputFilter($data)
{
$inputFilter = new InputFilter();
$factory = new InputFactory();
$inputFilter->add($factory->createInput(array('name' => 'id', 'required' => false)));
$validator = new \DoctrineModule\Validator\NoObjectExists(array('object_repository' => $this->objectManager->getRepository($this->entityName), 'fields' => array('fullname')));
//use in check email exist when sign up
$filter = $validator->isValid(array('fullname' => $data['fullName']));
// dumps 'true' if an entity matches
return $filter;
}
/**
* Filters public properties
* @access protected
* @param array List of fields to ignore
*/
function filter($ignoreList = null)
{
$ignore = is_array($ignoreList);
$iFilter = new InputFilter();
foreach ($this->getPublicProperties() as $k) {
if ($ignore && in_array($k, $ignoreList)) {
continue;
}
$this->{$k} = $iFilter->process($this->{$k});
}
}
/**
* A validation function that returns an error if the value passed in is not a valid URL.
*
* @param string $text A string to test if it is a valid URL
* @param FormControl $control The control that defines the value
* @param FormContainer $form The container that holds the control
* @param string $warning An optional error message
* @return array An empty array if the string is a valid URL, or an array with strings describing the errors
*/
public static function validate_url($text, $control, $form, $warning = null, $schemes = array('http', 'https'), $guess = true)
{
if (!empty($text)) {
$parsed = InputFilter::parse_url($text);
if ($parsed['is_relative']) {
if ($guess) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $text);
if ($parsed['is_error']) {
// disallow relative URLs
$warning = empty($warning) ? _t('Relative urls are not allowed') : $warning;
return array($warning);
} else {
$warning = empty($warning) ? _t('Relative urls are not allowed') : $warning;
return array($warning);
}
}
}
if ($parsed['is_pseudo'] || !in_array($parsed['scheme'], $schemes)) {
// allow only http(s) URLs
$warning = empty($warning) ? _t('Only %s urls are allowed', array(Format::and_list($schemes))) : $warning;
return array($warning);
}
}
return array();
}
function process()
{
$input_filter = new InputFilter();
$input_filter->process($this);
if (!is_null($this->request->get("method"))) {
$basic = array('reqip' => $this->request->userip . ':' . $this->request->clientip, 'uri' => $this->request->url, 'method' => $this->request->get("method"), 'logid' => $this->requestId);
} else {
$basic = array('reqip' => $this->request->userip . ':' . $this->request->clientip, 'uri' => $this->request->url, 'logid' => $this->requestId);
}
kc_log_addbasic($basic);
$dispatch = new Dispatch($this);
App::getTimer()->set('framework prepare');
$dispatch->dispatch_url($this->request->url);
$this->response->send();
KC_LOG_TRACE('[TIME COST STATISTIC] [ ' . App::getTimer()->getString() . ' ].');
}
function rangeDownload($location, $mimeType)
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$location = $filter->xssFilterHard($location, "path");
if (!file_exists($location)) {
header("HTTP/1.0 404 Not Found");
return;
}
$size = filesize($location);
$time = date('r', filemtime($location));
$fm = @fopen($location, 'rb');
if (!$fm) {
header("HTTP/1.0 505 Internal server error");
return;
}
$begin = 0;
$end = $size - 1;
if (isset($_SERVER['HTTP_RANGE'])) {
if (preg_match('/bytes=\\h*(\\d+)-(\\d*)[\\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches)) {
$begin = intval($matches[1]);
if (!empty($matches[2])) {
$end = intval($matches[2]);
}
}
}
header('HTTP/1.0 206 Partial Content');
header("Content-Type: {$mimeType}");
header('Cache-Control: public, must-revalidate, max-age=0');
header('Pragma: no-cache');
header('Accept-Ranges: bytes');
header('Content-Length:' . ($end - $begin + 1));
if (isset($_SERVER['HTTP_RANGE'])) {
header("Content-Range: bytes {$begin}-{$end}/{$size}");
}
header("Content-Disposition: inline; filename={$location}");
header("Content-Transfer-Encoding: binary");
header("Last-Modified: {$time}");
$cur = $begin;
fseek($fm, $begin, 0);
while (!feof($fm) && $cur <= $end && connection_status() == 0) {
set_time_limit(0);
print fread($fm, min(1024 * 16, $end - $cur + 1));
$cur += 1024 * 16;
flush();
}
}
/**
* returns a filter object to use for this
*
* @param string $name
* @return InputFilter
*/
public final function filter($name)
{
if ($this->_input_filter !== null) {
return $this->_input_filter->filter($name);
}
App::getInstance()->includeFile('Sonic/InputFilter.php');
$this->_input_filter = new InputFilter($this->request());
return $this->_input_filter->filter($name);
}
public function test_parse_url_sanitization_javascript()
{
$urls = array('javascript:alert(0);', 'javascript:alert(0);', 'java	script:alert(0);', '	javascript:alert(0);', 'java
script:alert(0);', '
javascript:alert(0);', 'java
script:alert(0);', '
javascript:alert(0);');
foreach ($urls as $url) {
$url = html_entity_decode($url, null, 'UTF-8');
$parsed = InputFilter::parse_url($url);
$this->assert_equal($parsed['scheme'], 'javascript', $url . ' != ' . $parsed['scheme']);
}
}
public function execute($method, $url, $headers, $body, $config)
{
$merged_headers = array();
foreach ($headers as $k => $v) {
$merged_headers[] = $k . ': ' . $v;
}
// parse out the URL so we can refer to individual pieces
$url_pieces = InputFilter::parse_url($url);
// set up the options we'll use when creating the request's context
$options = array('http' => array('method' => $method, 'header' => implode("\n", $merged_headers), 'timeout' => $config['timeout'], 'follow_location' => $this->can_followlocation, 'max_redirects' => $config['max_redirects'], 'verify_peer' => $config['ssl']['verify_peer'], 'cafile' => $config['ssl']['cafile'], 'capath' => $config['ssl']['capath'], 'local_cert' => $config['ssl']['local_cert'], 'passphrase' => $config['ssl']['passphrase']));
if ($method == 'POST') {
$options['http']['content'] = $body;
}
if ($config['proxy']['server'] != '' && !in_array($url_pieces['host'], $config['proxy']['exceptions'])) {
$proxy = $config['proxy']['server'] . ':' . $config['proxy']['port'];
if ($config['proxy']['username'] != '') {
$proxy = $config['proxy']['username'] . ':' . $config['proxy']['password'] . '@' . $proxy;
}
$options['http']['proxy'] = 'tcp://' . $proxy;
}
// create the context
$context = stream_context_create($options);
// perform the actual request - we use fopen so stream_get_meta_data works
$fh = @fopen($url, 'r', false, $context);
if ($fh === false) {
throw new Exception(_t('Unable to connect to %s', array($url_pieces['host'])));
}
// read in all the contents -- this is the same as file_get_contens, only for a specific stream handle
$body = stream_get_contents($fh);
// get meta data
$meta = stream_get_meta_data($fh);
// close the connection before we do anything else
fclose($fh);
// did we timeout?
if ($meta['timed_out'] == true) {
throw new RemoteRequest_Timeout(_t('Request timed out'));
}
// $meta['wrapper_data'] should be a list of the headers, the same as is loaded into $http_response_header
$headers = array();
foreach ($meta['wrapper_data'] as $header) {
// break the header up into field and value
$pieces = explode(': ', $header, 2);
if (count($pieces) > 1) {
// if the header was a key: value format, store it keyed in the array
$headers[$pieces[0]] = $pieces[1];
} else {
// some headers (like the HTTP version in use) aren't keyed, so just store it keyed as itself
$headers[$pieces[0]] = $pieces[0];
}
}
$this->response_headers = $headers;
$this->response_body = $body;
$this->executed = true;
return true;
}
/**
* Updates a particular model.
* @param integer $_GET['id'] the ID of the model to be updated
* @return updated comment text
*/
public function actionUpdate()
{
Yii::app()->end();
//disalow updates
// get Comments object from $id parameter
$model = $this->loadModel($_GET['id']);
// if Comments form exist and was called via ajax
if (isset($_POST['Comments']) && isset($_POST['ajax'])) {
// set form elements to Users model attributes
$model->attributes = $_POST['Comments'];
// clear tag from text
Yii::import('application.extensions.InputFilter.InputFilter');
$filter = new InputFilter(array('br', 'pre'));
$model->comment_text = $filter->process($model->comment_text);
// update comment
$model->save(false);
echo $model->comment_text;
}
Yii::app()->end();
}
function DumpHeaders($filename)
{
global $root_path;
if (!$filename) {
return;
}
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
$isIE = 0;
if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false && strstr($HTTP_USER_AGENT, 'Opera') === false) {
$isIE = 1;
}
if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false && strstr($HTTP_USER_AGENT, 'Opera') === false) {
$isIE6 = 1;
}
$aux = preg_replace('[^-a-zA-Z0-9\\.]', '_', $filename);
$aux = explode('_', $aux);
$downloadName = $aux[count($aux) - 1];
// $downloadName = $filename;
//$downloadName = ereg_replace('[^-a-zA-Z0-9\.]', '_', $filename);
if ($isIE && !isset($isIE6)) {
// http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
// Do not have quotes around filename, but that applied to
// "attachment"... does it apply to inline too?
// This combination seems to work mostly. IE 5.5 SP 1 has
// known issues (see the Microsoft Knowledge Base)
header("Content-Disposition: inline; filename={$downloadName}");
// This works for most types, but doesn't work with Word files
header("Content-Type: application/download; name=\"{$downloadName}\"");
//header("Content-Type: $type0/$type1; name=\"$downloadName\"");
//header("Content-Type: application/x-msdownload; name=\"$downloadName\"");
//header("Content-Type: application/octet-stream; name=\"$downloadName\"");
} else {
header("Content-Disposition: attachment; filename=\"{$downloadName}\"");
header("Content-Type: application/octet-stream; name=\"{$downloadName}\"");
}
//$filename = PATH_UPLOAD . "$filename";
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$filename = $filter->xssFilterHard($filename, 'path');
readfile($filename);
}
function test_complete_filtering_run()
{
$this->assert_equal(InputFilter::filter('<p>I am <div><script src=\\"ohnoes\\" /><a>not a paragraph.</a><p CLASS=old><span> Or am I?</span>'), '<p>I am <div><a>not a paragraph.</a><p><span> Or am I?</span>');
$this->assert_equal(InputFilter::filter('<p onClick=\\"window.alert(\'stole yer cookies!\');\\">Do not click here.</p>\\n<script>alert(\\"See this?\\")</script>'), '<p>Do not click here.</p>\\n');
// http://ha.ckers.org/blog/20070124/stopping-xss-but-allowing-html-is-hard/
$this->assert_equal(InputFilter::filter('<IMG src=\\"http://ha.ckers.org/\\" style\\"=\\"style=\\"a/onerror=alert(String.fromCharCode(88,83,83))//\\" &gt;`>'), 'onerror=alert(String.fromCharCode(88,83,83))//\\" &`>');
$this->assert_equal(InputFilter::filter('<b>Hello world</b>\\n\\nThis is a <test>test</test> post.\\n\\nHere\'s a first XSS attack. <<SCRIPT>alert(\'XSS\');//<</SCRIPT>\\n\\nHere\'s a second try at a <a href=\\"#\\">second link</a>.\\n\\nHere\'s a second XSS attack. <IMG SRC=\\"  javascript:alert(\'XSS\');\\">\\n\\nHere\'s a third link hopefully <a href=\\"#\\">it won\'t get removed</a>.\\n\\n<em>Thanks!</em>'), '<b>Hello world</b>\\n\\nThis is a post.\\n\\nHere\'s a first XSS attack. ');
$this->assert_equal(InputFilter::filter('<<test>script>alert(\'boom\');</test>'), '');
$this->assert_equal(InputFilter::filter('<<test></test>script>alert(\'boom\');'), '');
$this->assert_equal(InputFilter::filter('<<test><</test>script>alert(\'boom\');'), '');
$this->assert_equal(InputFilter::filter('<ScRIpT>alert(\'whee\');</SCRiPT>'), '');
}
/**
* @package Mambo
* @author Mambo Foundation Inc see README.php
* @copyright Mambo Foundation Inc.
* See COPYRIGHT.php for copyright notices and details.
* @license GNU/GPL Version 2, see LICENSE.php
* Mambo is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; version 2 of the License.
*/
function externalCallCheck($path, $secret)
{
if (isset($_COOKIE['mostlyce']['startup_key']) && isset($_COOKIE['mostlyce']['usertype'])) {
require_once $path . '/includes/phpInputFilter/class.inputfilter.php';
$iFilter = new InputFilter(null, null, 1, 1);
$startupKey = trim($iFilter->process($_COOKIE['mostlyce']['startup_key']));
//The MOStlyCE rebuild key should match this
$usertype = strtolower(str_replace(' ', '', trim($iFilter->process($_COOKIE['mostlyce']['usertype']))));
} else {
return false;
}
$env = md5($_SERVER['HTTP_USER_AGENT']);
$rebuildKey = md5($secret . $env . $_SERVER['REMOTE_ADDR']);
if ($rebuildKey !== $startupKey) {
return false;
}
//Valid user types
$vUsers = array('author', 'editor', 'publisher', 'manager', 'administrator', 'superadministrator');
if (!in_array($usertype, $vUsers)) {
return false;
}
return true;
}
protected static function fetch_backtype($url)
{
$backtype = array();
$cacheName = "backtype-{$url}";
if (Cache::has($cacheName)) {
foreach (Cache::get($cacheName) as $cachedBacktype) {
$cachedBacktype->date = HabariDateTime::date_create($cachedBacktype->date);
$backtype[] = $cachedBacktype;
}
return $backtype;
}
$connectData = json_decode(file_get_contents("http://api.backtype.com/comments/connect.json?url={$url}&key=key&itemsperpage=10000"));
if (isset($connectData->comments)) {
foreach ($connectData->comments as $dat) {
$comment = new StdClass();
switch ($dat->entry_type) {
case 'tweet':
$comment->id = 'backtype-twitter-' . $dat->tweet_id;
$comment->url = 'http://twitter.com/' . $dat->tweet_from_user . '/status/' . $dat->tweet_id;
$comment->name = '@' . $dat->tweet_from_user . ' (via Backtype: Twitter)';
$comment->content_out = InputFilter::filter($dat->tweet_text);
$comment->date = $dat->tweet_created_at;
break;
case 'comment':
$comment->id = 'backtype-comment-' . $dat->comment->id;
$comment->url = $dat->comment->url;
$comment->name = $dat->author->name . ' (via Backtype: ' . InputFilter::filter($dat->blog->title) . ')';
$comment->content_out = InputFilter::filter($dat->comment->content);
$comment->date = $dat->comment->date;
break;
}
if (!$comment) {
continue;
}
$comment->status = Comment::STATUS_APPROVED;
$comment->type = Comment::TRACKBACK;
$comment->email = null;
$backtype[] = $comment;
}
}
Cache::set($cacheName, $backtype);
return $backtype;
}
/**
* Dispatch a request from Apache
*
* Called from file dispatch.php, which is invoked by
* {@link http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html Apache mod_rewrite}
* whenever a client makes a request. Actions:
* <ol>
* <li>Remove forbidden tags and attributes from
* {@link http://www.php.net/reserved.variables#reserved.variables.get $_GET},
* {@link http://www.php.net/reserved.variables#reserved.variables.post $_POST} and
* {@link http://www.php.net/reserved.variables#reserved.variables.request $_REQUEST}.
</li>
* <li>Start a session to keep track of state between requests from
* the client.</li>
* <li>Construct an ActionController to process the action.</li>
* <li>Process the route</li>
* </ol>
* @uses ActionController::__construct()
* @uses ActionController::process_route()
* @uses ActionController::process_with_exception()
* @uses InputFilter::process_all()
* @uses Session::start()
*/
function dispatch()
{
if (TRAX_ENV != 'production') {
$start = microtime(true);
}
try {
InputFilter::process_all();
Session::start();
$ac = new ActionController();
$ac->process_route();
} catch (Exception $e) {
ActionController::process_with_exception($e);
}
if (TRAX_ENV != 'production') {
$duration = "(" . round((microtime(true) - $start) * 1000, 1) . "ms)";
$url = parse_url($_SERVER['REQUEST_URI']);
Trax::log("[1mRendered {$url['path']} {$duration}[0m");
}
}
/**
* Callback function for strip_illegal_entities, do not use.
* @access private
* @param array $m matches
*/
public static function _validate_entity($m)
{
$is_valid = FALSE;
// valid entity references have the form
// /&named([;<\n\r])/
// for named entities, or
// /&#(\d{1,5}|[xX][0-9a-fA-F]{1,4})([;<\n\r])/
// for numeric character references
$e = trim($m[1]);
$r = $m[2];
if ($r == ';') {
$r = '';
}
if ($e[0] == '#') {
$e = strtolower($e);
if ($e[1] == 'x') {
$e = hexdec(substr($e, 2));
} else {
$e = substr($e, 1);
}
// numeric character references may only have values in the range 0-65535 (16 bit)
// we strip null, though, just for kicks
$is_valid = intval($e) > 0 && intval($e) <= 65535;
if ($is_valid) {
// normalize to decimal form
$e = '#' . intval($e) . ';';
}
} else {
if (self::$character_entities_re == '') {
self::$character_entities_re = ';(' . implode('|', self::$character_entities) . ');';
}
// named entities must be known
$is_valid = preg_match(self::$character_entities_re, $e, $matches);
// XXX should we map named entities to their numeric equivalents?
if ($is_valid) {
// normalize to name and nothing but the name... eh.
$e = $matches[1] . ';';
}
}
return $is_valid ? '&' . $e . $r : '';
}
function startCase()
{
G::LoadClass('case');
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION = $filter->xssFilterHard($_SESSION);
/* GET , POST & $_SESSION Vars */
/* unset any variable, because we are starting a new case */
if (isset($_SESSION['APPLICATION'])) {
unset($_SESSION['APPLICATION']);
}
if (isset($_SESSION['PROCESS'])) {
unset($_SESSION['PROCESS']);
}
if (isset($_SESSION['TASK'])) {
unset($_SESSION['TASK']);
}
if (isset($_SESSION['INDEX'])) {
unset($_SESSION['INDEX']);
}
if (isset($_SESSION['STEP_POSITION'])) {
unset($_SESSION['STEP_POSITION']);
}
/* Process */
try {
$oCase = new Cases();
lookinginforContentProcess($_POST['processId']);
$aData = $oCase->startCase($_REQUEST['taskId'], $_SESSION['USER_LOGGED']);
$aData = $filter->xssFilterHard($aData);
$_SESSION['APPLICATION'] = $aData['APPLICATION'];
$_SESSION['INDEX'] = $aData['INDEX'];
$_SESSION['PROCESS'] = $aData['PROCESS'];
$_SESSION['TASK'] = $_REQUEST['taskId'];
$_SESSION['STEP_POSITION'] = 0;
$_SESSION['CASES_REFRESH'] = true;
/*----------------------------------********---------------------------------*/
$oCase = new Cases();
$aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']);
$aNextStep['PAGE'] = 'open?APP_UID=' . $aData['APPLICATION'] . '&DEL_INDEX=' . $aData['INDEX'] . '&action=draft';
$_SESSION['BREAKSTEP']['NEXT_STEP'] = $aNextStep;
$aData['openCase'] = $aNextStep;
$aData['status'] = 'success';
print G::json_encode($aData);
} catch (Exception $e) {
$aData['status'] = 'failure';
$aData['message'] = $e->getMessage();
print_r(G::json_encode($aData));
}
}
/**
* Writes $message to the text browser. Also, passes the message
* along to any Log_observer instances that are observing this Log.
*
* @param mixed $message String or object containing the message to log.
* @param string $priority The priority of the message. Valid
* values are: PEAR_LOG_EMERG, PEAR_LOG_ALERT,
* PEAR_LOG_CRIT, PEAR_LOG_ERR, PEAR_LOG_WARNING,
* PEAR_LOG_NOTICE, PEAR_LOG_INFO, and PEAR_LOG_DEBUG.
* @return boolean True on success or false on failure.
* @access public
*/
function log($message, $priority = null)
{
/* If a priority hasn't been specified, use the default value. */
if ($priority === null) {
$priority = $this->_priority;
}
/* Abort early if the priority is above the maximum logging level. */
if (!$this->_isMasked($priority)) {
return false;
}
/* Extract the string representation of the message. */
$message = $this->_extractMessage($message);
/* Build and output the complete log line. */
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.inputfilter.php';
$filter = new InputFilter();
$tag = $filter->xssFilterHard(ucfirst($this->priorityToString($priority)));
echo $this->_error_prepend . '<b>' . $tag . '</b>: ' . nl2br(htmlspecialchars($message)) . $this->_error_append . $this->_linebreak;
/* Notify observers about this log message. */
$this->_announce(array('priority' => $priority, 'message' => $message));
return true;
}
/**
* Test saveSQL()
* @todo Figure out problem w/ mysql_real_escape_string()
* @todo Figure out how to test with magic quotes either on or off
*/
public function testSafeSQL()
{
$rs = mysql_connect();
if ($rs == false) {
PHPUnit2_Framework_Assert::fail("InputFilterTest:" . " unable to open a connction to MySQL");
}
// Trivial case, nothing to clean
$this->assertEquals(InputFilter::safeSQL('foo', $rs), 'foo');
$this->assertEquals(InputFilter::safeSQL(array('foo', 'bar'), $rs), array('foo', 'bar'));
if (get_magic_quotes_gpc()) {
// verify stripping of magic quotes
// FIXME: figure out how to test this case
$this->assertEquals(InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\\x00e\\\\nf\\\\rg\\\\x1a', $rs), 'a\\\'b\\"c\\\\d\\\\x00e\\\\nf\\\\rg\\\\x1a');
} else {
// verify magic quotes aren't there
$pattern = "a'b\"c\\de\nf\rgh";
$non_zero_pattern = "a'b\"c\\de\nf\rgh";
$quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\h";
$quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\h";
// echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
// $this->assertEquals(mysql_real_escape_string($non_zero_pattern),
// $quoted_non_zero_pattern);
// echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
// $this->assertEquals(mysql_real_escape_string($pattern),
// $quoted_pattern);
// $this->assertEquals(
// InputFilter::safeSQL($pattern,$rs),$quoted_pattern);
}
// Remove the following line when you complete this test.
throw new PHPUnit2_Framework_IncompleteTestError();
}
<?php
$mongo = new MongoClient('mongodb://*****:*****@ds052827.mongolab.com:52827/miblog');
$db = $mongo->selectDB("miblog");
$c_favoritos = $mongo->selectCollection($db, "favorito");
/////////////////////////////////
require_once 'seguridad/class.inputfilter.php';
$filtro = new InputFilter();
$_POST = $filtro->process($_POST);
////////////////////////////////////////
$id = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST['id'])))));
$titulo = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST['titulo'])))));
$categoria = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST["categoria"])))));
$id = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST["id"])))));
$descripcion = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST['descripcion'])))));
$url = htmlspecialchars(addslashes(stripslashes(strip_tags(trim($_POST['url'])))));
////////////////////////////////////
$condicion = array("_id" => new MongoId($id));
$modFavorito = array("titulo" => $titulo, "categoria" => $categoria, "descripcion" => $descripcion, "url" => $url);
$c_favoritos->update($condicion, $modFavorito);
header("Refresh: 0;url=principal.php?mensaje=3");
/**
* Gets the value of a user state variable
* @param string The name of the user state variable
* @param string The name of the variable passed in a request
* @param string The default value for the variable if not found
*/
function getUserStateFromRequest($var_name, $req_name, $var_default = null)
{
if (is_array($this->_userstate)) {
if (isset($_REQUEST[$req_name])) {
$this->setUserState($var_name, $_REQUEST[$req_name]);
} else {
if (!isset($this->_userstate[$var_name])) {
$this->setUserState($var_name, $var_default);
}
}
// filter input
$iFilter = new InputFilter();
$this->_userstate[$var_name] = $iFilter->process($this->_userstate[$var_name]);
return $this->_userstate[$var_name];
} else {
return null;
}
}
/**
* Constructor for inputFilter class. Only first parameter is required.
* @access constructor
* @data Mixed - input string/array-of-string to be 'cleaned'
* @param Array $tagsArray - list of user-defined tags
* @param Array $attrArray - list of user-defined attributes
* @param int $tagsMethod - 0= allow just user-defined, 1= allow all but user-defined
* @param int $attrMethod - 0= allow just user-defined, 1= allow all but user-defined
* @param int $xssAuto - 0= only auto clean essentials, 1= allow clean blacklisted tags/attr
*/
public function sanitizeInput($data, $tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1)
{
G::LoadSystem('inputfilter');
$filtro = new InputFilter($tagsArray, $attrArray, $tagsMethod, $attrMethod, $xssAuto);
return $filtro->process($data);
}
function cleanHTML($text, $allowable_tags = null, $forbidden_attr = null)
{
// INCLUDE FILTER CLASS
if (!class_exists("InputFilter")) {
require SE_ROOT . "/include/class_inputfilter.php";
}
// New method
if (!method_exists('InputFilter', 'safeSQL')) {
return InputFilter::process($text, array('allowedTags' => $allowable_tags, 'forbiddenAttributes' => $forbidden_attr));
} else {
// INSTANTIATE INPUT FILTER CLASS WITH APPROPRIATE TAGS
$xssFilter = new InputFilter(explode(",", str_replace(" ", "", $allowable_tags)), "", 0, 1, 1);
// ADD NECESSARY BLACKLIST ITEMS
for ($i = 0; $i < count($forbidden_attr); $i++) {
$xssFilter->attrBlacklist[] = $forbidden_attr[$i];
}
// RETURN PROCESSED TEXT
return $xssFilter->process($text);
}
}
/**
* function act_comment_insert_before
* This function is executed when the action "comment_insert_before"
* is invoked from a Comment object.
* The parent class, Plugin, handles registering the action
* and hook name using the name of the function to determine
* where it will be applied.
* You can still register functions as hooks without using
* this method, but boy, is it handy.
* @param Comment The comment that will be processed before storing it in the database.
**/
function action_comment_insert_before ( $comment )
{
// This plugin ignores non-comments
if ($comment->type != Comment::COMMENT) {
return;
}
$spamcheck = array();
// <script> is bad, mmmkay?
$comment->content = InputFilter::filter($comment->content);
// first, check the commenter's name
// if it's only digits, then we can discard this comment
if ( preg_match( "/^\d+$/", $comment->name ) ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Commenters with numeric names are spammy.');
}
// now look at the comment text
// if it's digits only, discard it
$textonly = strip_tags( $comment->content );
if ( preg_match( "/^\d+$/", $textonly ) ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Comments that are only numeric are spammy.');
}
// is the content whitespaces only?
if ( preg_match( "/\A\s+\z/", $textonly ) ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Comments that are only whitespace characters are spammy.');
}
// is the content the single word "array"?
if ( 'array' == strtolower( $textonly ) ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Comments that are only "array" are spammy.');
}
// is the content the same as the name?
if ( strtolower( $textonly ) == strtolower( $comment->name ) ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Comments that consist of only the commenters name are spammy.');
}
// a lot of spam starts with "<strong>some text...</strong>"
if ( preg_match( "#^<strong>[^.]+\.\.\.</strong>#", $comment->content ) )
{
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Comments that start with strong text are spammy.');
}
// are there more than 3 URLs posted? If so, it's almost certainly spam
if ( preg_match_all( "#https?://#", strtolower( $comment->content ), $matches, PREG_SET_ORDER ) > 3 ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('There is a 3 URL limit in comments.');
}
// are there more than 3 URLencoded characters in the content?
if ( preg_match_all( "/%[0-9a-f]{2}/", strtolower( $comment->content ), $matches, PREG_SET_ORDER ) > 3 ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('There is a 3 URL-encoded character limit in comments.');
}
// Was the tcount high enough?
/* // This only works with special javascript running on comment form
if ( empty($handlervars['tcount']) || $handlervars['tcount'] < 10 ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Commenter did not actually type content.');
}
*/
// We don't allow bbcode here, silly
if ( stripos($comment->content, '[url=') !== false ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('We do not accept BBCode here.');
}
// Must have less than half link content
$nonacontent = strip_tags(preg_replace('/<a.*?<\/a/i', '', $comment->content));
$text_length = strlen( $textonly );
if ( strlen($nonacontent) / ( $text_length == 0 ? 1 : $text_length) < 0.5 ) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = _t('Too much text that is a link compared to that which is not.');
}
// Only do db checks if it's not already spam
if ($comment->status != Comment::STATUS_SPAM) {
$spams = DB::get_value('SELECT count(*) FROM ' . DB::table('comments') . ' WHERE status = ? AND ip = ?', array(Comment::STATUS_SPAM, $comment->ip));
// If you've already got two spams on your IP address, all you ever do is spam
if ($spams > 1) {
$comment->status = Comment::STATUS_SPAM;
$spamcheck[] = sprintf(_t('Too many existing spams from this IP: %s'), $comment->ip);
}
}
// Any commenter that takes longer than the session timeout is automatically moderated
if (!isset($_SESSION['comments_allowed']) || ! in_array(Controller::get_var('ccode'), $_SESSION['comments_allowed'])) {
$comment->status = Comment::STATUS_UNAPPROVED;
$spamcheck[] = _t("The commenter's session timed out.");
}
if ( isset($comment->info->spamcheck) && is_array($comment->info->spamcheck)) {
$comment->info->spamcheck = array_unique(array_merge($comment->info->spamcheck, $spamcheck));
}
else {
$comment->info->spamcheck = $spamcheck;
}
// otherwise everything looks good
// so continue processing the comment
return;
}
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
$path = PATH_DB;
//using the opendir function
if (!($dir_handle = @opendir(PATH_DB))) {
header("location: /errors/error704.php");
die;
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>";
echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>";
echo "<tr valign='top'>";
$curPage = getenv("REQUEST_URI");
$curPage = $filter->xssFilterHard($curPage, "url");
//running the while loop
$first = 0;
while ($file = readdir($dir_handle)) {
if (substr($file, 0, 3) == 'db_') {
if ($first == 0) {
echo "<td><table class='Record' ><tr class='formLabel''><td>RBAC built-in workspaces</td></tr>";
$first = 1;
}
$name = substr(substr($file, 0, strlen($file) - 4), 3);
$link = str_replace("/sys/", "/sys{$name}/", $curPage);
public function filter_post_content($content, Post $post)
{
if ($post->info->password) {
// if user logged in, show post
// make sure it's not just the anonymous user!
$user = User::identify();
if ($user instanceof User && $user != User::anonymous()) {
return $content;
}
$session = Session::get_set('post_passwords', false);
$token = Utils::crypt('42' . $post->info->password . $post->id . Options::get('GUID'));
// if password was submitted verify it
if (Controller::get_var('post_password') && Controller::get_var('post_password_id') == $post->id) {
$pass = InputFilter::filter(Controller::get_var('post_password'));
if (Utils::crypt($pass, $post->info->password)) {
Session::add_to_set('post_passwords', $token, $post->id);
$session[$post->id] = $token;
} else {
Session::error(_t('That password was incorrect.', 'postpass'));
}
}
// if password is stored in session verify it
if (isset($session[$post->id]) && $session[$post->id] == $token) {
return $content;
} else {
$theme = Themes::create();
$theme->post = $post;
return $theme->fetch('post_password_form');
}
} else {
return $content;
}
}
