function search() { $this->layout = 'ajax'; if (!$this->RequestHandler->isAjax()) { $this->redirect(array('plugin' => false, 'controller' => 'dashboards', 'action' => 'index')); } else { $this->disableCache(); if (!empty($this->params['url']['query'])) { // Add default scope condition $this->paginate['SearchIndex']['conditions'] = array('SearchIndex.active' => 1); // Add published condition NULL or < NOW() $this->paginate['SearchIndex']['conditions']['OR'] = array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))); // Add term condition, and sorting $this->data['SearchIndex']['term'] = $this->params['url']['query']; $term = $this->params['url']['query']; App::import('Core', 'Sanitize'); $term = Sanitize::escape($term); $this->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)"; $this->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score"; $this->paginate['SearchIndex']['order'] = "score DESC"; $results = $this->paginate(); $this->set(compact('results')); } } }
function view($id = null) { if (!$id) { $this->redirect(array('action' => 'index')); } // Make sure the user is allowed to see the account. $id = Sanitize::escape($id); if (!$this->isAuthorized($id)) { $this->Session->setFlash(__('Invalid account', true)); $this->redirect(array('action' => 'index')); } $this->Account->id = $id; $account = Sanitize::html($this->Account->field('name')); $this->set('page_header', __('%s - Overview', $account)); // Set the idata needed for nav menu. $type = $this->NavMenu->checkType($this->Account->getType($id)); $this->set('navMenu', $this->NavMenu->menu($type)); $this->set('selectedTab', 'overview'); $this->set('accountId', $id); $this->set('overview', ''); // If the request is ajax, use ajax component. if ($this->request->isAjax()) { $this->render('/Elements/ajax', 'ajax'); } }
/** * Check if user`s login/password matches our records * * @param string $login * @param string $password * @return array */ function authenticate($login, $password) { $login = Sanitize::escape($login); $password = sha1($password); $this->recursive = -1; return $this->findByLoginAndPassword($login, $password); }
public function editUsers($id) { $this->set('role', $this->UserRole->findById($id)); if (isset($this->request->data['addlist'])) { foreach ($this->request->data['addlist'] as $user_id => $val) { if ($val == 0) { continue; } $data = array(); $data['role_id'] = $id; $data['user_id'] = $user_id; $this->UserRoleAccess->clear(); $this->UserRoleAccess->save($data, false); } } if (isset($this->request->data['deletelist'])) { foreach ($this->request->data['deletelist'] as $user_id => $val) { if ($val == 0) { continue; } $data = array(); $data['UserRoleAccess.role_id'] = $id; $data['UserRoleAccess.user_id'] = $user_id; $this->UserRoleAccess->clear(); $this->UserRoleAccess->deleteAll($data); } } $this->set('listUsers', $this->UserModel->find('all', array('order' => array('UserModel.id'), 'conditions' => array('UserModel.id NOT IN (SELECT user_id FROM user_role_access WHERE role_id = ' . Sanitize::escape($id) . ')')))); $this->set('selectedUsers', $this->UserRoleAccess->findAllByRoleId($id, null, array('UserRoleAccess.user_id'))); }
public function index() { $selectedLang = empty($this->params['pass'][0]) ? 'ara' : $this->params['pass'][0]; $this->Session->write('Translation.selectedLang', $selectedLang); $this->Navigation->addCrumb('List of Translations'); $header = __('List of Translations'); $searchKey = $this->Session->read('Translation.SearchField'); $languageOptions = $this->languageOptions; if ($this->request->is('post', 'put')) { if (isset($this->request->data['Translation']['SearchField'])) { $searchKey = $this->request->data['Translation']['SearchField']; $this->Session->delete('Translation.SearchField'); $this->Session->write('Translation.SearchField', $searchKey); } } if (!empty($searchKey)) { $searchField = Sanitize::escape(trim($searchKey)); $options['conditions']['Translation.eng LIKE'] = '%' . $searchField . '%'; } $options['order'] = array('Translation.eng' => 'asc'); //$conditions = array('order' => array('Translation.eng' => 'asc'), 'conditions' => array('Translation.eng LIKE' => '%home%')); $this->Paginator->settings = array_merge(array('limit' => 30, 'maxLimit' => 100), $options); $data = $this->Paginator->paginate('Translation'); if (empty($data)) { $this->Message->alert('general.search.noResult'); } if (empty($data)) { $this->Message->alert('general.view.noRecords'); } $this->set(compact('header', 'data', 'languageOptions', 'selectedLang', 'searchKey')); }
function testClean() { $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" 'other' ;.$ symbol.another line'; $result = Sanitize::clean($string); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & ' . Sanitize::escape('"quote"') . ' ' . Sanitize::escape('\'other\'') . ' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false)); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false)); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false)); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false)); $this->assertEqual($result, $expected); $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" 'other' ;.$ symbol.another line')); $result = Sanitize::clean($array); $this->assertEqual($result, $expected); $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line')); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false)); $this->assertEqual($result, $expected); }
static function generate($view, $entity = 'Invoice') { $User = ClassRegistry::init('Lil.User'); $Area = ClassRegistry::init('Lil.Area'); $users = $User->find('list'); $projects = $Area->findForUser(null, 'list'); $task = array('fs_tasks_start' => '<fieldset>', 'fs_tasks_legend' => sprintf('<legend>%s</legend>', sprintf('<label for="task-toggle">%1$s %2$s</label>', $view->LilForm->input('Task.exists', array('checked' => (bool) $view->Form->value('Task.exists') || (bool) $view->Form->value('Task.id'), 'id' => 'task-toggle', 'label' => false, 'div' => false)), __d('lil_tasks', 'Task'))), 'fs_tasks_div_start' => '<div id="task">', 'task_id' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.id', 'options' => array('type' => 'hidden'))), 'task_foreign_id' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.foreign_id', 'options' => array('type' => 'hidden'))), 'task_model' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.model', 'options' => array('type' => 'hidden', 'default' => $entity))), 'task_title' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.title', 'options' => array('label' => __d('lil_tasks', 'Title') . ':', 'required' => false))), 'task_descript' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.descript', 'options' => array('type' => 'textarea', 'label' => __d('lil_tasks', 'Descript') . ':'))), 'task_deadline' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.deadline', 'options' => array('type' => 'date', 'label' => __d('lil_tasks', 'Deadline') . ':', 'default' => ''))), 'task_user_id' => $view->Lil->currentUser->role('admin') && sizeof($users) > 1 ? array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.user_id', 'options' => array('type' => 'select', 'options' => $users, 'label' => __d('lil_tasks', 'User') . ':', 'default' => $view->Lil->currentUser->get('id')))) : array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.user_id', 'options' => array('type' => 'hidden', 'default' => $view->Lil->currentUser->get('id')))), 'fs_tasks_div_end' => '</div>', 'fs_tasks_end' => '</fieldset>'); App::uses('Sanitize', 'Utility'); $toggle_confirm = Sanitize::escape(__d('lil_tasks', 'Are you sure you want to clear task data?', true)); $d = <<<EOT \t\t\t\$('#task-toggle').click(function() { \t\t\t\tvar doToggle = true; \t\t\t\tif (!\$(this).attr('checked') && ( \t\t\t\t\t(\$('#TaskTitle').val().trim() !== '') || \t\t\t\t\t(\$('#TaskDeadline').val().trim() !== '') || \t\t\t\t\t(\$('#TaskDescript').val().trim() !== '') \t\t\t\t)) doToggle = confirm('{$toggle_confirm}'); \t\t\t\tif (doToggle) { \t\t\t\t\t\$('#task').toggle(\$(this).attr('checked')); \t\t\t\t\tif (!\$(this).attr('checked') && !\$('#TaskId').val()) { \t\t\t\t\t\t\$('#TaskTitle').val(''); \t\t\t\t\t\t\$('#TaskDescript').val(''); \t\t\t\t\t\t\$('#TaskDeadline').val(''); \t\t\t\t\t} \t\t\t\t} else { \t\t\t\t\t\$(this).attr('checked', 'checked'); \t\t\t\t} \t\t\t}); EOT; $task['javascript'][] = $d; // default hide task $task['javascript'][] = '$("#task-toggle").attr("checked") ? $("#task").show() : $("#task").hide();'; return $task; }
function paginate($term = null, $paginateOptions = array()) { $this->_controller->paginate = array('SearchIndex' => array_merge_recursive(array('conditions' => array(array('SearchIndex.active' => 1), 'or' => array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))))), $paginateOptions)); if (isset($this->_controller->request->params['named']['type']) && $this->_controller->request->params['named']['type'] != 'All') { $this->_controller->request->data['SearchIndex']['type'] = Sanitize::escape($this->_controller->request->params['named']['type']); $this->_controller->paginate['SearchIndex']['conditions']['model'] = $this->_controller->data['SearchIndex']['type']; } // Add term condition, and sorting if (!$term && isset($this->_controller->request->params['named']['term'])) { $term = $this->_controller->request->params['named']['term']; } if ($term) { $term = Sanitize::escape($term); $this->_controller->request->data['SearchIndex']['term'] = $term; $term = implode(' ', array_map(array($this, 'replace'), preg_split('/[\\s_]/', $term))) . '*'; if ($this->like) { $this->_controller->paginate['SearchIndex']['conditions'][] = array('or' => array("MATCH(data) AGAINST('{$term}')", 'SearchIndex.data LIKE' => "%{$this->_controller->data['SearchIndex']['term']}%")); } else { $this->_controller->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)"; } $this->_controller->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score"; if (empty($this->_controller->paginate['SearchIndex']['order'])) { $this->_controller->paginate['SearchIndex']['order'] = "score DESC"; } } return $this->_controller->paginate('SearchIndex'); }
function index() { Configure::write('debug', '0'); $this->layout = '2col_layout'; $san = new Sanitize(); $filter = ""; $limit = 10; $offset = 0; $url = $this->webroot . "torrents/"; if (!empty($this->params['url']['name'])) { $filter = "t.name like '%" . $san->escape($this->params['url']['name']) . "%'"; $url .= "?name=" . $this->params['url']['name']; } if (!empty($this->params['url']['c'])) { $filter .= !empty($filter) ? " AND " : ""; $filter .= "cg.id = " . $san->escape($this->params['url']['c']); $url .= strpos($url, "?") === false ? "?" : "&"; $url .= 'c=' . $this->params['url']['c']; } if (!empty($this->params['url']['t'])) { $filter .= !empty($filter) ? " AND " : ""; $filter .= "t.free_type = " . $san->escape($this->params['url']['t']); $url .= strpos($url, "?") === false ? "?" : "&"; $url .= 't=' . $this->params['url']['t']; } if (!empty($this->params['url']['offset']) && is_numeric($this->params['url']['offset'])) { $offset = $this->params['url']['offset']; } $filter .= !empty($filter) ? " AND " : ""; $filter .= "t.free_type != 2 AND deleted != 1"; if (!$this->isAuthorized($this->ZTAuth->user('username'), $this->name, "hidden")) { $filter .= ' AND t.free_type != 5'; } if (empty($filter)) { $filter = "1"; } $sql = "SELECT t.id, t.name, t.image1, t.size, t.times_completed, t.seeders, t.leechers, t.added, c.flagpic, t.free_type, " . "u.username, u.id, g.status_style, SUM(r.rating) as total, COUNT(r.id) as votes, cg.name, cg.id " . "FROM torrents t JOIN users u ON t.owner = u.id " . "LEFT JOIN groups g ON u.group_id = g.id " . "JOIN countries c ON u.country = c.id " . "LEFT JOIN categories cg ON t.category = cg.id " . "LEFT JOIN ratings r ON r.torrent = t.id WHERE {$filter} GROUP BY t.id ORDER BY t.added DESC LIMIT {$limit} OFFSET {$offset}"; $tsql = "SELECT count(t.id) as total from torrents t LEFT JOIN categories cg ON t.category = cg.id WHERE {$filter}"; $total = $this->Torrent->query($tsql); $torrents = $this->Torrent->query($sql); $this->set('torrents', $torrents); $this->set('total', $total[0][0]['total']); $this->set('offset', $offset); $this->set('request_url', $url); $this->set('pageTitle', 'Список раздач'); }
public function index() { $this->pageTitle = __('ALUMNI_INDEX_TITLE', true); $conditions = array(); // // vyhladavanie if (isset($_POST['name'])) { // // osetrenie uses('sanitize'); $sanit = new Sanitize(); // // podmienka pre vystup $conditions = array('or' => array('User.username ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.first_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.middle_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.last_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%')); // // ak bol zadany aj odbor, tak ho zakomponuj do podmienky if (@$_POST['specialization_id'] != '') { $conditions = array('and' => array('Graduate.specialization_id' => $_POST['specialization_id'], $conditions)); } $_SESSION['search_cond'] = $conditions; $_SESSION['search_name'] = $sanit->html($_POST['name']); $_SESSION['search_specialization_id'] = $_POST['specialization_id']; } else { if (isset($_SESSION['search_cond'])) { // // ak listujem medzi strankami $conditions = $_SESSION['search_cond']; } } $this->Graduate->recursion = 2; $graduates = $this->paginate('Graduate', $conditions); //print_r($graduates); $this->set('graduates', $graduates); // kym nefunguje rekurzivne tahanie typu studia $study_type_names = array(); $study_type_names['sk'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_sk'))); $study_type_names['en'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_en'))); // // najdi vsetky typy podla priority $this->set('study_types', $this->StudyType->findAll(null, null, array('StudyType.priority'))); $this->set('study_type_names', $study_type_names); $this->set('lang', $this->Session->read('Config.language')); $this->set('total_graduate_count', $this->Graduate->findCount()); }
/** * refundTotal method * * @param int $transaction_id A transaction ID * @return boolean|float Returns the total of all refunds for the given * transaction, false if the transaction is invalid */ public function refundTotal($transaction_id) { if (!$this->validForeignKey($transaction_id, 'Transaction')) { return false; } $this->virtualFields['total_amount'] = 0; $query = sprintf("\n\t\t\tSELECT SUM(R.amount) AS Refund__total_amount \n\t\t\tFROM transactions T \n\t\t\tLEFT JOIN refunds R ON T.id = R.transaction_id \n\t\t\tWHERE T.id='%s'", Sanitize::escape($transaction_id)); $refund = $this->query($query, false); return $refund[0]['Refund']['total_amount']; }
function isAuthorized($account) { $accountId = Sanitize::escape($account); $this->loadModel('Account'); $this->Account->id = $accountId; if ($this->Account->field('user_id') == $this->Auth->user('id')) { return true; } return false; }
function admin_index($class) { $conditions = array('Term.class' => $class); if (isset($this->data['Xpagin']['search']) && !empty($this->data['Xpagin']['search'])) { $conditions = array('Term.nombre LIKE' => '%' . Sanitize::escape($this->data['Xpagin']['search']) . '%'); } $this->set("recordset", $this->paginate("Term", $conditions)); if ($class == "Category") { $this->set("parents", $this->Term->generatetreelist(array('Term.class' => 'Category'), null, null, '-- ')); } }
function search() { $this->Line->recursive = 1; $conditions = array(); if (isset($this->passedArgs)) { $input = $_GET["q"]; $q = Sanitize::escape($input); $conditions = array("Post.title LIKE '%{$q}%' OR Post.content LIKE '%{$q}%'"); } $this->set('posts', $this->paginate('Post', $conditions)); }
function index() { App::import('Sanitize'); if (isset($this->params['url']['q'])) { $q = '%' . Sanitize::escape($this->params['url']['q']) . '%'; } else { $q = '%%'; } $classrooms = $this->paginate('Classroom', array("OR" => array('Classroom.name LIKE' => $q, 'Classroom.type LIKE' => $q))); $this->set('classrooms', $classrooms); $this->set('q', isset($this->params['url']['q']) ? $this->params['url']['q'] : ''); }
function index_2($accountId, $yearMonth = null) { // Allow for JSON requests using the callback parameter. if ($this->request->query('callback') || $this->response->type() == 'application/json') { $this->viewClass = 'Json'; } $this->set('_jsonp', true); if (!$accountId || !is_numeric($accountId)) { $this->redirect(array('controller' => 'accounts', 'action' => 'index')); } // Make sure the user is allowed to see the account. $accountId = Sanitize::escape($accountId); if (!$this->isAuthorized($accountId)) { $this->Session->setFlash(__('Invalid account', true)); $this->redirect(array('controller' => 'accounts', 'action' => 'overview')); } // If a year and month are specified, check if they are valid. if ($yearMonth != null && !is_numeric($yearMonth)) { $yearMonth = null; } else { if ($yearMonth != null) { $yearMonth = Sanitize::escape($yearMonth); } } // If no month is given or the given one is invalid, use current month. if ($yearMonth == null) { $yearMonth = date('Ym'); } // Prepare the start and end date. $startDate = substr($yearMonth, 0, 4) . '-' . substr($yearMonth, 4, 2); $endDate = $startDate . '-31'; $startDate .= '-01'; // Get the list of transactions. $transactions = $this->Transaction->listTransactions($accountId, $startDate, $endDate); $this->set('_serialize', 'transactions'); $this->set(compact('transactions')); // Set the data needed for nav menu. $type = $this->NavMenu->checkType($this->Account->getType($accountId)); $this->set('navMenu', $this->NavMenu->menu($type)); $this->set('selectedTab', 'transactions'); $this->set('accountId', $accountId); // Set account name. $this->Account->id = $accountId; //$this->set('account',$this->Account->field('name')); $this->set('page_header', __('%s - Transactions', $this->Account->field('name'))); // Set month and year. $this->set('month', substr($yearMonth, 4, 2)); $this->set('year', substr($yearMonth, 0, 4)); // If this is an AJAX request, render it appropriately. if ($this->request->isAjax()) { $this->render('/Elements/ajax', 'ajax'); } }
public function search($action = 'index') { if (!empty($this->data)) { $data = array_pop($this->data); if (!empty($data['word']) && !empty($data['field'])) { $word = trim(str_replace(";", "", Sanitize::escape($data['word']))); $field = trim(str_replace(";", "", Sanitize::escape($data['field']))); $query = "w={$word};f={$field}"; $this->redirect(array('controller' => $this->name, 'action' => $action, $query)); } } $this->redirect(array('controller' => $this->name, 'action' => 'index')); }
function options(&$model, $keywords, $search_fields, $options = array(), $search_settings = array()) { // @todo remove App::import('sanitize'); //replace zenkaku space with hankaku space, remove trailing spaces $keywords = str_replace(" ", " ", $keywords); $keywords = preg_replace('/\\s+$/', '', $keywords); $conditions = "("; // $modelName = $model->name; $keywords = split(' ', $keywords); $search_fields = split(' ', $search_fields); $this->inject($this->search_settings, $search_settings); $this->inject($this->options, $options); foreach ($keywords as $ck => $keyword) { foreach ($search_fields as $cf => $field) { $keyword = Sanitize::escape($keyword); if ($cf != 0) { $conditions .= " OR "; } switch ($this->search_settings['match_type']) { case self::MATCH_EXACTLY: $conditions .= "{$field} = '{$keyword}'"; break; case self::MATCH_STARTS_WITH: $conditions .= "{$field} LIKE '%{$keyword}'"; break; case self::MATCH_ENDS_WITH: $conditions .= "{$field} LIKE '{$keyword}%'"; break; case self::MATCH_ANYWHERE: $conditions .= "{$field} LIKE '%{$keyword}%'"; break; } } if ($ck < count($keywords) - 1) { switch ($this->search_settings['multiple_keywords']) { case self::MK_MAY_HAVE: $conditions .= ") OR ("; break; case self::MK_MUST_HAVE: $conditions .= ") AND ("; break; } } else { $conditions .= ')'; } } $options['conditions'] = $conditions; return $options; }
/** * Lock a job so that other workers do not try to take it. * * @param string $id */ public function lock($id, $locked_by) { $locked_by = Sanitize::escape($locked_by); $id = Sanitize::escape($id); # Try to lock it. $this->query(sprintf("\n UPDATE jobs \n SET locked_at = '%s', locked_by = '%s'\n WHERE \n id = '%s' AND \n (locked_at IS NULL OR locked_by = '%s') AND\n failed_at IS NULL\n ", date('Y-m-d H:i:s'), $locked_by, $id, $locked_by)); # Did we get it? (This seems necessary because the `query` method's # return is inconsistent across DBs. Maybe there's a better way?) $maybe_locked = $this->findById($id); if ($maybe_locked['locked_by'] == $locked_by) { return true; } return false; }
function getTournamentGames($event_id) { $event_id = Sanitize::escape($event_id); $query = "SELECT * " . "FROM games " . "WHERE event_id = '{$event_id}'"; $games_info_raw = $this->query($query); //Parse and reformat $games_info = array(); foreach ($games_info_raw as $game_info) { $game_info = $game_info['games']; $losing_team_id = $game_info['team1_id'] == $game_info['winningteam_id'] ? $game_info['team2_id'] : $game_info['team1_id']; $games_info[] = array('id' => $game_info['id'], 'game_type' => $game_info['bracketname'], 'game_number' => $game_info['gamenumber'], 'round_number' => $game_info['round'], 'table_number' => $game_info['table'], 'team1_id' => $game_info['team1_id'], 'team2_id' => $game_info['team2_id'], 'picks_side_team_id' => $game_info['team2_id'], 'shoots_first_team_id' => $game_info['team1_id'], 'is_forfeit' => $game_info['isforfeit'], 'winning_team_id' => $game_info['winningteam_id'], 'losing_team_id' => $losing_team_id, 'cup_diff' => $game_info['cupdif']); } return $games_info; }
/** * Public search @TODO * */ function search() { $query = Sanitize::escape($_GET['q']); $postResults = $this->Post->search($query); $pageResults = $this->Page->search($query); if (!is_array($postResults)) { $postResults = array(); } if (!is_array($pageResults)) { $pageResults = array(); } $results = array_merge($postResults, $pageResults); $this->set('results', $results); if ($this->RequestHandler->isAjax()) { $this->render('/elements/search_results'); } }
function index($term = null) { // Redirect with search data in the URL in pretty format if (!empty($this->data)) { $redirect = array(); $redirect['plugin'] = 'searchable'; $redirect['controller'] = 'search_indexes'; $redirect['action'] = 'index'; $redirect['type'] = 'All'; if (isset($this->data['SearchIndex']['type']) && !empty($this->data['SearchIndex']['type'])) { $redirect['type'] = $this->data['SearchIndex']['type']; } elseif (isset($this->params['type']) && $this->params['type'] != 'All') { $redirect['type'] = $this->params['type']; } if (isset($this->data['SearchIndex']['term'])) { $redirect['term'] = $this->data['SearchIndex']['term']; } $this->redirect($redirect); } $term = !$term && isset($this->params['term']) ? $this->params['term'] : $term; // Add default scope condition // Add published condition NULL or < NOW() $this->paginate = array('SearchIndex' => array('conditions' => array('SearchIndex.active' => 1, 'OR' => array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s')))))); // Add type condition if not All if (isset($this->params['type']) && $this->params['type'] != 'All') { $this->data['SearchIndex']['type'] = $this->params['type']; $this->paginate['SearchIndex']['conditions']['model'] = $this->params['type']; } // Add term condition, and sorting if (isset($term) && $term != 'null') { $this->data['SearchIndex']['term'] = $term; App::import('Core', 'Sanitize'); $term = Sanitize::escape($term); $this->paginate['SearchIndex']['conditions'][] = array('OR' => array("MATCH(SearchIndex.data) AGAINST('{$term}' IN BOOLEAN MODE)", 'SearchIndex.data LIKE' => "%{$term}%")); $this->paginate['SearchIndex']['fields'] = "*, MATCH(SearchIndex.data) AGAINST('{$term}' IN BOOLEAN MODE) AS score"; $this->paginate['SearchIndex']['order'] = "score DESC"; } $results = $this->paginate(); if (count($results) == 1) { $this->redirect(json_decode($results['0']['SearchIndex']['url'], true)); } // Get types for select drop down $types = $this->SearchIndex->getTypes(); $this->set(compact('results', 'term', 'types')); $this->pageTitle = 'Search'; }
function index() { // Redirect with search data in the URL in pretty format if (!empty($this->data)) { $redirect = array(); if (isset($this->data['SearchIndex']['term']) && !empty($this->data['SearchIndex']['term'])) { $redirect['term'] = urlencode(urlencode($this->data['SearchIndex']['term'])); } else { $redirect['term'] = 'null'; } if (isset($this->data['SearchIndex']['type']) && !empty($this->data['SearchIndex']['type'])) { $redirect['type'] = $this->data['SearchIndex']['type']; } else { $redirect['type'] = 'All'; } $this->redirect($redirect); } // Add default scope condition $this->paginate['SearchIndex']['conditions'] = array('SearchIndex.active' => 1); // Add published condition NULL or < NOW() $this->paginate['SearchIndex']['conditions']['OR'] = array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))); // Add type condition if not All if (isset($this->params['type']) && $this->params['type'] != 'All') { $this->data['SearchIndex']['type'] = $this->params['type']; $this->paginate['SearchIndex']['conditions']['model'] = $this->params['type']; } // Add term condition, and sorting if (isset($this->params['term']) && $this->params['term'] != 'null') { $this->data['SearchIndex']['term'] = $this->params['term']; $term = $this->params['term']; App::import('Core', 'Sanitize'); $term = Sanitize::escape($term); $this->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)"; $this->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score"; $this->paginate['SearchIndex']['order'] = "score DESC"; } $results = $this->paginate(); // Get types for select drop down $types = $this->SearchIndex->getTypes(); $this->set(compact('results', 'types')); $this->pageTitle = 'Search'; }
/** * SQLをエスケープする * * @access private * @author kozo * @param param エレメントに渡すパラメータ(キー:変数名、値:value) */ private function _escapeSQL(&$model, $param) { // エスケープする App::import('Sanitize'); $escapeParam = array(); foreach ($param as $key => $value) { if (is_object($value) || empty($value)) { // オブジェクトか空の場合は何も処理しない $escapeParam[$key] = $value; continue; } if (is_array($value)) { // 配列の場合は再帰 $escapeParam[$key] = $this->_escapeSQL($model, $value); continue; } // 通常はエスケープ $escapeParam[$key] = Sanitize::escape($value, $model->useDbConfig); } return $escapeParam; }
function testClean() { $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" 'other' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('connection' => 'test_suite')); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & ' . Sanitize::escape('"quote"', 'test_suite') . ' ' . Sanitize::escape('\'other\'', 'test_suite') . ' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" 'other' ;.$ symbol.another line')); $result = Sanitize::clean($array, array('connection' => 'test_suite')); $this->assertEqual($result, $expected); $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line')); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $array = array(array('test odd ' . chr(0xca) . ' spaces' . chr(0xca))); $expected = array(array('test odd ' . chr(0xca) . ' spaces' . chr(0xca))); $result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test_suite')); $this->assertEqual($result, $expected); $array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'))); $expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line'))); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false)); $this->assertEqual($result, $expected); }
public function setData($data, $id, $dataset) { $conditions = array('ObjectPage.dataset' => $dataset, 'ObjectPage.object_id' => (int) $id); $object = $this->find('first', array('conditions' => $conditions)); $db = ConnectionManager::getDataSource('default'); if (isset($data['areas']) && is_array($data['areas'])) { $db->query("DELETE FROM organizacja_obszar WHERE object_id = " . (int) $id); foreach ($data['areas'] as $area_id) { $db->query("INSERT INTO organizacja_obszar VALUES (" . (int) $id . ", " . (int) $area_id . ")"); } } $fields = array('description', 'phone', 'email', 'www', 'facebook', 'twitter', 'instagram', 'youtube', 'vine'); if ($object) { $d = array(); foreach ($fields as $i => $field) { if (isset($data[$field])) { $d[$field] = "'" . Sanitize::escape($data[$field]) . "'"; } } $success = $this->updateAll($d, $conditions); } else { $d = array(); foreach ($fields as $i => $field) { if (isset($data[$field])) { $d[$field] = $data[$field]; } } $success = $this->save(array('ObjectPage' => array_merge(array('dataset' => $dataset, 'object_id' => (int) $id, 'moderated' => '1'), $d))); $row = $this->query('SELECT id FROM objects WHERE dataset = ? AND object_id = ?', array($dataset, $id)); $this->query('UPDATE `objects-pages` SET id = ? WHERE dataset = ? AND object_id = ?', array($row[0]['objects']['id'], $dataset, $id)); } $row = $this->query('SELECT id FROM objects WHERE dataset = ? AND object_id = ?', array($dataset, $id)); $id = $row[0]['objects']['id']; if ($id) { $this->syncById($id); } return (bool) $success; }
function implodeCond($conditions = array(), $join = 'AND') { $output = ''; if (empty($conditions)) { return $output; } $j = "AND"; /*FIRST ALWAYS should be AND*/ foreach ($conditions as $key => $value) { //$output .= ' '.$join.' '.$key.ife(strpos($key, 'LIKE') !== false, '', ' = ').ife(is_int($value), $value, ' "'.Sanitize::escape($value).'"'); $output .= ' ' . $join . ' '; if (empty(strpos($key, 'LIKE') !== false)) { $output .= $key . ' = '; } if (!empty(is_int($value))) { $output .= $value; } else { $output .= ' "' . Sanitize::escape($value) . '"'; } $j = $join; } return $output; }
/** * testClean method * * @return void */ public function testClean() { $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" 'other' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('connection' => 'test')); $this->assertEquals($expected, $result); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" 'other' ;.$ symbol.another line')); $result = Sanitize::clean($array, array('connection' => 'test')); $this->assertEquals($expected, $result); $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line')); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $array = array(array('test odd Ä spacesé')); $expected = array(array('test odd Ä spacesé')); $result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'))); $expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line'))); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); $string = ''; $expected = ''; $result = Sanitize::clean($string, array('connection' => 'test')); $this->assertEquals($string, $expected); $data = array('Grant' => array('title' => '2 o clock grant', 'grant_peer_review_id' => 3, 'institution_id' => 5, 'created_by' => 1, 'modified_by' => 1, 'created' => '2010-07-15 14:11:00', 'modified' => '2010-07-19 10:45:41'), 'GrantsMember' => array(0 => array('id' => 68, 'grant_id' => 120, 'member_id' => 16, 'program_id' => 29, 'pi_percent_commitment' => 1))); $result = Sanitize::clean($data, array('connection' => 'test')); $this->assertEquals($result, $data); }
/** * Update tag * @uses node_subject CloggyNodeSubject * @param int $id * @param string $tagName */ public function updateTag($id, $tagName) { $this->get('node_subject')->updateAll(array('CloggyNodeSubject.subject' => '"' . Sanitize::escape($tagName) . '"'), array('CloggyNodeSubject.node_id' => $id)); }
/** * Search title and content fields * * @TODO Create a Search behavior * * @param string $query * @return array */ function search($query) { $query = Sanitize::escape($query); $fields = null; $titleResults = $this->findAll("{$this->name}.title LIKE '%{$query}%'", $fields, null, null, 1); $contentResults = array(); if (empty($titleResults)) { $titleResults = array(); $contentResults = $this->findAll("MATCH ({$this->name}.content) AGAINST ('{$query}')", $fields, null, null, 1); } else { $alredyFoundIds = join(', ', Set::extract($titleResults, '{n}.' . $this->name . '.id')); $notInQueryPart = ''; if (!empty($alredyFoundIds)) { $notInQueryPart = " AND {$this->name}.id NOT IN ({$alredyFoundIds})"; } $contentResults = $this->findAll("MATCH ({$this->name}.content) AGAINST ('{$query}'){$notInQueryPart}", $fields, null, null, 1); } if (!is_array($contentResults)) { $contentResults = array(); } $results = array_merge($titleResults, $contentResults); return $results; }