/** * Verifies the specified value against either a regular * expression or a function to see whether or not it contains valid * input. Understood $type's are 'regex', 'func' or 'function', * 'type' which checks for the type of the value (int, numeric, string, * etc.), and 'rule' which evaluates a MailForm rule on the value. * Functions must accept only the value of the variable and return * a boolean value. * * @access public * @param string $param * @param string $type * @param string $validator * @return boolean * */ function verify($param, $type, $validator) { $this->error = ''; if ($type == 'regex') { if (preg_match($validator, $this->{$param})) { return true; } else { $this->error = 'Regex validator did not match value'; return false; } } elseif ($type == 'func' || $type == 'function') { if (call_user_func($validator, $this->{$param})) { return true; } else { $this->error = 'Validator did not return true'; return false; } } elseif ($type == 'type') { if (call_user_func('is_' . $validator, $this->{$param})) { return true; } else { $this->error = 'Type validator did not return true'; return false; } } elseif ($type == 'rule') { loader_import('saf.MailForm.Rule'); $rule = new MailFormRule($validator, $param); if ($rule->validate($this->{$param}, array(), $this)) { return true; } else { $this->error = 'Rule validator did not return true'; return false; } } else { $this->error = 'Unknown validation type'; return false; } }
/** * Executes the specified box using the Sitellite box API, * which is essentially just an include. * * @access public * @param string $name * @param associative array $parameters * @param string $context * @return string * */ function box($name, $parameters = array(), $context = 'normal') { if (!is_array($this->boxAccess)) { if (!$this->boxAllowed($name, $context)) { return ''; } } if (isset($this->boxAccess['sitellite_secure']) && $this->boxAccess['sitellite_secure']) { if (site_secure()) { if (!cgi_is_https()) { cgi_force_https(); } } else { die('The requested box requires an SSL connection, but Sitellite does not have SSL enabled.'); } } elseif (isset($this->boxAccess['sitellite_secure']) && $this->boxAccess['sitellite_secure'] === '') { if (cgi_is_https()) { cgi_force_http(); } } $app = $this->getApp($name); $name = $this->removeApp($name, $app); $this->apps[] = $app; //echo 'App: ' . $app . ', Box: ' . $name . '<br />'; exit; if (isset($this->boxAccess['sitellite_fname']) && $this->boxAccess['sitellite_fname'] && !@is_dir($this->prefix . '/' . $app . '/' . $this->boxPath . '/' . $name)) { $name = preg_split('/\\//', $name); $file = array_pop($name); $name = join('/', $name); } else { $file = 'index'; } if (@file_exists($this->prefix . '/' . $app . '/' . $this->boxPath . '/' . $name . '/' . $file . '.php')) { global $intl; $old_intl_path = $intl->directory; $intl->directory = $this->prefix . '/' . $app . '/lang'; $intl->getIndex(); if (@file_exists($this->prefix . '/' . $app . '/conf/properties.php')) { include_once $this->prefix . '/' . $app . '/conf/properties.php'; } /*if (@file_exists ($this->prefix . '/' . $app . '/conf/settings.ini.php')) { $settings = ini_parse ($this->prefix . '/' . $app . '/conf/settings.ini.php', true); foreach ($settings as $k => $v) { appconf_set ($k, $v['value']); } }*/ appconf_default_settings(); ob_start(); $box = $this->getBoxSettings($name, $app); $box['context'] = $context; $box['parameters'] =& $parameters; // automatic input validation loader_import('saf.MailForm'); foreach (array_keys($box) as $field) { if ($field == 'Meta' || $field == 'context' || $field == 'parameters') { continue; } foreach ($box[$field] as $key => $value) { if (strpos($key, 'rule ') === 0) { list($rule, $msg) = preg_split('/, ?/', $value, 2); $r = new MailFormRule($rule, $field, $msg); if (!$r->validate($box['parameters'][$field], new StdClass(), new StdClass())) { ob_end_clean(); if ($context == 'action') { echo '<h1>Input validation failed!</h1>'; echo '<p>Parameter: <strong>' . $field . '</strong></p>'; echo '<p>Message: <strong>' . $msg . '</strong></p>'; exit; } else { $this->boxAccess = false; array_pop($this->apps); return '<p class="notice">Input validation failed (' . $field . '): ' . $msg . '</p>'; } } } } } // special behaviour changes for global objects when in a box global $simple, $tpl; $old_simple_path = $simple->path; $simple->path = $this->prefix . '/' . $app . '/html'; $old_tpl_path = $tpl->path; $tpl->path = $this->prefix . '/' . $app . '/html'; if (isset($this->boxAccess['sitellite_chdir']) && $this->boxAccess['sitellite_chdir']) { $this->originalDirectory = getcwd(); //echo $this->boxPath . '/' . $name; //exit; chdir($this->prefix . '/' . $app . '/' . $this->boxPath . '/' . $name); include $file . '.php'; chdir($this->originalDirectory); } else { include $this->prefix . '/' . $app . '/' . $this->boxPath . '/' . $name . '/' . $file . '.php'; } $simple->path = $old_simple_path; $tpl->path = $old_tpl_path; $intl->directory = $old_intl_path; $contents = ob_get_contents(); ob_end_clean(); $contents = $this->boxRewrite($contents); if (isset($this->boxAccess['sitellite_exit']) && $this->boxAccess['sitellite_exit']) { echo $contents; $this->boxAccess = false; exit; } $this->boxAccess = false; array_pop($this->apps); return $contents; } else { $this->boxAccess = false; array_pop($this->apps); global $errno; $errno = E_NOT_FOUND; switch (conf('Server', 'error_handler_type')) { case 'box': return $this->box(conf('Server', 'error_handler')); case 'form': return $this->form(conf('Server', 'error_handler')); default: header('Location: ' . site_prefix() . '/index/' . conf('Server', 'error_handler')); exit; } } $this->boxAccess = false; array_pop($this->apps); return ''; }