/** * clean * * @since 2.2.0 * @deprecated 2.0.0 * * @package Redaxscript * @category Migrate * @author Henry Ruhs * * @param string $input * @param integer $mode * @return string */ function clean($input = null, $mode = null) { $output = $input; $registry = Redaxscript\Registry::getInstance(); /* if untrusted user */ if ($registry->get('filter') == 1) { if ($mode == 0) { $specialFilter = new Redaxscript\Filter\Special(); $output = $specialFilter->sanitize($output); } if ($mode == 1) { $htmlFilter = new Redaxscript\Filter\Html(); $output = $htmlFilter->sanitize($output); } if ($mode == 5) { $output = strip_tags($output); } } /* type related clean */ if ($mode == 2) { $aliasFilter = new Redaxscript\Filter\Alias(); $output = $aliasFilter->sanitize($output); } if ($mode == 3) { $emailFilter = new Redaxscript\Filter\Email(); $output = $emailFilter->sanitize($output); } if ($mode == 4) { $urlFilter = new Redaxscript\Filter\Url(); $output = $urlFilter->sanitize($output); } $output = stripslashes($output); return $output; }
/** * anchor element * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Generate * @author Henry Ruhs * * @param string $type * @param string $id * @param string $class * @param string $name * @param string $value * @param string $title * @param string $code * @return string */ function anchor_element($type = '', $id = '', $class = '', $name = '', $value = '', $title = '', $code = '') { /* build attribute strings */ if ($id) { $selector_string = ' id="' . $id . '"'; } if ($class) { $selector_string .= ' class="' . $class . '"'; } if ($value) { $value_string = ' href="'; /* switch type */ switch ($type) { case 'external': $urlFilter = new Redaxscript\Filter\Url(); $urlFilter->sanitize($value); break; case 'internal': $value_string .= REWRITE_ROUTE; break; case 'email': $emailFilter = new Redaxscript\Filter\Email(); $emailFilter->sanitize($value); $value_string .= 'mailto:'; break; } $value_string .= $value . '"'; } if ($value_string == ' href=""') { $value_string = ''; } if ($title) { $title_string = ' title="' . $title . '"'; } if ($code) { $code_string = ' ' . $code; } /* collect output */ $output = '<a' . $selector_string . $value_string . $title_string . $code_string . '>' . $name . '</a>'; return $output; }
/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasFilter = new Redaxscript\Filter\Alias(); $emailFilter = new Redaxscript\Filter\Email(); $urlFilter = new Redaxscript\Filter\Url(); $htmlFilter = new Redaxscript\Filter\Html(); $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance()); $filter = Redaxscript\Registry::get('filter'); $tableParameter = Redaxscript\Registry::get('tableParameter'); $idParameter = Redaxscript\Registry::get('idParameter'); /* clean post */ switch ($tableParameter) { /* categories */ case 'categories': $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']); /* articles */ /* articles */ case 'articles': $r['keywords'] = $_POST['keywords']; $r['robots'] = $specialFilter->sanitize($_POST['robots']); $r['template'] = $specialFilter->sanitize($_POST['template']); /* extras */ /* extras */ case 'extras': $title = $r['title'] = $_POST['title']; if ($tableParameter != 'categories') { $r['headline'] = $specialFilter->sanitize($_POST['headline']); } $r['sibling'] = $specialFilter->sanitize($_POST['sibling']); $author = $r['author'] = Redaxscript\Registry::get('myUser'); /* comments */ /* comments */ case 'comments': if ($tableParameter == 'comments') { $r['url'] = $urlFilter->sanitize($_POST['url']); $author = $r['author'] = $_POST['author']; } if ($tableParameter != 'categories') { $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text']; $date = $r['date'] = $_POST['date']; } $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']); /* groups */ /* groups */ case 'groups': if ($tableParameter != 'comments') { $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']); } /* users */ /* users */ case 'users': if ($tableParameter != 'groups') { $language = $r['language'] = $specialFilter->sanitize($_POST['language']); } /* modules */ /* modules */ case 'modules': $alias = $aliasFilter->sanitize($_POST['alias']); $status = $r['status'] = $specialFilter->sanitize($_POST['status']); if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) { $access = array_map([$specialFilter, 'sanitize'], $_POST['access']); $access_string = implode(', ', $access); if (!$access_string) { $access_string = null; } $access = $r['access'] = $access_string; } if ($tableParameter != 'extras' && $tableParameter != 'comments') { $r['description'] = $_POST['description']; } $token = $_POST['token']; break; } /* clean contents post */ if ($tableParameter == 'articles') { $r['byline'] = $specialFilter->sanitize($_POST['byline']); $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']); if ($category && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if ($tableParameter == 'articles' || $tableParameter == 'extras') { $category = $r['category'] = $specialFilter->sanitize($_POST['category']); } if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') { if ($date > Redaxscript\Registry::get('now')) { $status = $r['status'] = 2; } if (!$date) { $r['date'] = Redaxscript\Registry::get('now'); } } if ($tableParameter == 'extras' || $tableParameter == 'comments') { $article = $r['article'] = $specialFilter->sanitize($_POST['article']); } if ($tableParameter == 'comments' && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if ($tableParameter == 'comments' || $tableParameter == 'users') { $email = $r['email'] = $emailFilter->sanitize($_POST['email']); } /* clean groups post */ if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) { $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules']; foreach ($groups_array as $value) { ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]); $groups_string = implode(', ', ${$value}); if (!$groups_string) { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = $specialFilter->sanitize($_POST['settings']); $r['filter'] = $specialFilter->sanitize($_POST['filter']); } if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) { $status = $r['status'] = 1; } if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') { $name = $r['name'] = $specialFilter->sanitize($_POST['name']); } /* clean users post */ if ($tableParameter == 'users') { if ($_POST['user']) { $user = $r['user'] = $specialFilter->sanitize($_POST['user']); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = $specialFilter->sanitize($_POST['password']); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = Redaxscript\Registry::get('now'); } if (!$idParameter || $idParameter > 1) { $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']); $groups_string = implode(', ', $groups); if (!$groups_string) { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch ($tableParameter) { /* contents */ case 'categories': case 'articles': case 'extras': if (!$title) { $error = Redaxscript\Language::get('title_empty'); } if ($tableParameter == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if ($tableParameter == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = Redaxscript\Language::get('alias_exists'); } if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = Redaxscript\Language::get('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if (!$alias) { $error = Redaxscript\Language::get('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = Redaxscript\Language::get('alias_exists'); } } /* validate general post */ switch ($tableParameter) { case 'articles': case 'extras': case 'comments': if (!$text) { $error = Redaxscript\Language::get('text_empty'); } break; case 'groups': case 'users': case 'modules': if (!$name) { $error = Redaxscript\Language::get('name_empty'); } break; } /* validate users post */ if ($tableParameter == 'users') { if (!$user) { $error = Redaxscript\Language::get('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = Redaxscript\Language::get('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('user_incorrect'); } if ($password_check == 1) { if (!$password) { $error = Redaxscript\Language::get('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch ($tableParameter) { case 'comments': if (!$author) { $error = Redaxscript\Language::get('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (!$idParameter) { $route .= '/new/' . $tableParameter; } else { $route .= '/edit/' . $tableParameter . '/' . $idParameter; } /* show error */ echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred')); return; } else { if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) { $route .= '/view/' . $tableParameter; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* select to null */ foreach ($r as $key => $value) { if ($value == 'select') { $r[$key] = null; } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if ($tableParameter == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter); $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findFlatArray(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save(); } $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); } /* query articles */ if ($tableParameter == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save(); } if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) { $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance()); $auth->init(); $auth->setUser('name', $name); $auth->setUser('email', $email); $auth->setUser('language', $language); $auth->save(); Redaxscript\Request::setSession('language', $language); } /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; } }