/** * Sanitizes given array or value for safe input. Use the options to specify * what filters should be applied (with a boolean value). Valid filters: * * - odd_spaces - removes any non space whitespace characters * - encode - Encode any html entities. Encode must be true for the `remove_html` to work. * - dollar - Escape `$` with `\$` * - carriage - Remove `\r` * - unicode - * - backslash - * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work. * * @param string|array $data Data to sanitize * @param string|array $options Set of options * @return mixed Sanitized data */ public static function clean($data, $options = array()) { if (empty($data)) { return $data; } $options = array_merge(array('odd_spaces' => true, 'remove_html' => false, 'encode' => true, 'dollar' => true, 'carriage' => true, 'unicode' => true, 'backslash' => true), $options); if (is_array($data)) { foreach ($data as $key => $val) { $data[$key] = pjSanitize::clean($val, $options); } return $data; } if ($options['odd_spaces']) { $data = str_replace(chr(0xca), '', $data); } if ($options['encode']) { $data = pjSanitize::html($data, array('remove' => $options['remove_html'])); } if ($options['dollar']) { $data = str_replace("\\\$", "\$", $data); } if ($options['carriage']) { $data = str_replace("\r", "", $data); } if ($options['unicode']) { $data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data); } if ($options['backslash']) { $data = preg_replace("/\\\\(?!&#|\\?#)/", "\\", $data); } return $data; }
<span class="pj-form-field-before"><abbr class="pj-form-field-icon-email"></abbr></span> <input type="text" name="c_email" id="email" class="pj-form-field w300 email required" placeholder="*****@*****.**" value="<?php echo htmlspecialchars(stripslashes($tpl['arr']['c_email'])); ?> "/> </span> </p> <p> <label class="title"><?php __('pass'); ?> </label> <span class="pj-form-field-custom pj-form-field-custom-before"> <span class="pj-form-field-before"><abbr class="pj-form-field-icon-password"></abbr></span> <input type="text" name="c_password" id="c_password" class="pj-form-field required w200" value="<?php echo pjSanitize::html($tpl['arr']['c_password']); ?> " /> </span> </p> <p> <label class="title"><?php __('lblPhone'); ?> </label> <span class="pj-form-field-custom pj-form-field-custom-before"> <span class="pj-form-field-before"><abbr class="pj-form-field-icon-phone"></abbr></span> <input type="text" name="c_phone" id="phone" class="pj-form-field w150" placeholder="(123) 456-7890" value="<?php echo htmlspecialchars(stripslashes($tpl['arr']['c_phone'])); ?> "/>
index.php?controller=pjLocale&action=pjActionExport" method="post" class="form pj-form"> <input type="hidden" name="export" value="1" /> <p> <label class="title"><?php __('plugin_locale_separator'); ?> </label> <select name="separator" class="pj-form-field"> <?php foreach (__('plugin_locale_separators', true) as $k => $v) { ?> <option value="<?php echo $k; ?> "><?php echo pjSanitize::html($v); ?> </option><?php } ?> </select> </p> <p> <label class="title"> </label> <input type="submit" value="<?php __('plugin_locale_export'); ?> " class="pj-button" /> </p> </form> </fieldset>
} if (isset($tpl['arr']['cancel_return']) && !empty($tpl['arr']['cancel_return'])) { ?> <input type="hidden" name="cancel_return" value="<?php echo $tpl['arr']['cancel_return']; ?> " /> <?php } if (isset($tpl['arr']['notify_url']) && !empty($tpl['arr']['notify_url'])) { ?> <input type="hidden" name="notify_url" value="<?php echo $tpl['arr']['notify_url']; ?> " /> <?php } if (isset($tpl['arr']['submit'])) { ?> <input type="submit" value="<?php echo pjSanitize::html($tpl['arr']['submit']); ?> " class="<?php echo pjSanitize::html(@$tpl['arr']['submit_class']); ?> " /> <?php } ?> <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1" /> </form>
/** * Make data XML-ready * * @param array $data * @access public * @return self */ public function process($data = array()) { $rows = array(); $rows[] = '<?xml version="' . $this->version . '" encoding="' . $this->encoding . '"?>'; $rows[] = '<' . $this->root . '>'; foreach ($data as $item) { $cells = array(); $cells[] = "\t<" . $this->record . ">"; foreach ($item as $key => $value) { $cells[] = "\t\t<" . $key . ">" . pjSanitize::html($value) . "</" . $key . ">"; } $cells[] = "\t</" . $this->record . ">"; $rows[] = join($this->eol, $cells); } $rows[] = "</" . $this->root . ">"; $this->setData(join($this->eol, $rows)); return $this; }
?> " /> <?php if ($tpl['arr'][$i]['key'] == 'o_show_upto') { __('lblDays'); } break; case 'float': ?> <input type="text" name="value-<?php echo $tpl['arr'][$i]['type']; ?> -<?php echo $tpl['arr'][$i]['key']; ?> " class="pj-form-field field-float w60" value="<?php echo pjSanitize::html($tpl['arr'][$i]['value']); ?> " /><?php break; case 'enum': ?> <select name="value-<?php echo $tpl['arr'][$i]['type']; ?> -<?php echo $tpl['arr'][$i]['key']; ?> " class="pj-form-field"> <?php $default = explode("::", $tpl['arr'][$i]['value']); $enum = explode("|", $default[0]);
__('lblInstallConfigLocale'); ?> </label> <select class="pj-form-field w200 pj-install-config" id="install_locale" name="install_locale"> <option value="">-- <?php __('lblAll'); ?> --</option> <?php foreach ($tpl['locale_arr'] as $locale) { ?> <option value="<?php echo $locale['id']; ?> "><?php echo pjSanitize::html($locale['title']); ?> </option><?php } ?> </select> </p> <p> <label class="title"> </label> <a id="pj_preview_install" target="_blank" href="javascript:void(0);" class="pj-button" rel="<?php echo PJ_INSTALL_URL; ?> index.php?controller=pjAdminOptions&action=pjActionPreview{LOCALE}"/><?php __('btnPreview'); ?> </a>
<span class="inline_block"> <input type="text" name="name" id="name" value="<?php echo pjSanitize::html($tpl['arr']['name']); ?> " class="pj-form-field w250 required" /> </span> </p> <p> <label class="title"><?php __('lblPhone'); ?> </label> <span class="pj-form-field-custom pj-form-field-custom-before"> <span class="pj-form-field-before"><abbr class="pj-form-field-icon-phone"></abbr></span> <input type="text" name="phone" id="phone" value="<?php echo pjSanitize::html($tpl['arr']['phone']); ?> " class="pj-form-field w200" placeholder="(123) 456-7890"/> </span> </p> <p> <label class="title"><?php __('lblStatus'); ?> </label> <?php if ((int) $tpl['arr']['id'] !== 1) { ?> <span class="inline_block"> <select name="status" id="status" class="pj-form-field required"> <option value="">-- <?php
?> :</span> <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?controller=pjAdminClients&action=pjActionUpdate&id=<?php echo $v['client_id']; ?> "><?php echo pjSanitize::html($v['client_name']); ?> </a></label> <label><span><?php __('lblLocation'); ?> :</span> <?php echo pjSanitize::html($v['location']); ?> </label> <label><span><?php __('lblStatus'); ?> :</span> <?php echo $order_statuses[$v['status']]; ?> </label> <label><span><?php __('lblDateTime'); ?> :</span> <?php echo date($tpl['option_arr']['o_date_format'], strtotime($v['p_dt'])) . ', ' . date($tpl['option_arr']['o_time_format'], strtotime($v['p_dt'])); ?>
:</label> <span class="pj-form-field-custom pj-form-field-custom-before"> <span class="pj-form-field-before"><abbr class="pj-form-field-icon-password"></abbr></span> <input type="text" name="password" id="password" class="pj-form-field required w200" value="<?php echo pjSanitize::html($tpl['arr']['password']); ?> " autocomplete="off" /> </span> </p> <p> <label class="title"><?php __('lblName'); ?> </label> <span class="inline_block"> <input type="text" name="name" id="name" value="<?php echo pjSanitize::html($tpl['arr']['name']); ?> " class="pj-form-field w250 required" /> </span> </p> <p> <label class="title"> </label> <input type="submit" value="<?php __('btnSave', false, true); ?> " class="pj-button" /> </p> </form> <?php }
?> </span> <span><textarea name="message" id="confirm_message" class="pj-form-field w600 h300 required"><?php echo stripslashes(str_replace(array('\\r\\n', '\\n'), ' ', $tpl['arr']['message'])); ?> </textarea></span> </p> <?php if (!empty($tpl['arr']['client_email'])) { ?> <p> <label> <input type="hidden" name="to" value="<?php echo pjSanitize::html($tpl['arr']['client_email']); ?> "/> <?php __('lblClientEmail'); ?> (<?php echo pjSanitize::html($tpl['arr']['client_email']); ?> ) </label> </p> <?php } ?> </form> <?php }
:</label> <span class="inline_block"> <input type="text" name="alpha_2" id="alpha_2" class="pj-form-field w50" value="<?php echo pjSanitize::html($tpl['arr']['alpha_2']); ?> " maxlength="2" /> </span> </p> <p> <label class="title"><?php __('plugin_country_alpha_3'); ?> :</label> <span class="inline_block"> <input type="text" name="alpha_3" id="alpha_3" class="pj-form-field w50" value="<?php echo pjSanitize::html($tpl['arr']['alpha_3']); ?> " maxlength="3" /> </span> </p> <p> <label class="title"> </label> <input type="submit" value="<?php __('plugin_country_btn_save'); ?> " class="pj-button" /> <input type="button" value="<?php __('plugin_country_btn_cancel'); ?> " class="pj-button" onclick="window.location.href='<?php echo PJ_INSTALL_URL;
} break; case 'bank': ?> //<?php include PJ_VIEWS_PATH . 'pjFront/elements/api_test.php'; ?> <div class="fdSystemMessage"> <?php $system_msg = str_replace("[STAG]", "<a href='#' class='fdStartOver'>", $front_messages[3]); $system_msg = str_replace("[ETAG]", "</a>", $system_msg); echo $system_msg; ?> <br /><br /> <?php echo pjSanitize::html(nl2br($tpl['option_arr']['o_bank_account'])); ?> </div> <?php break; case 'creditcard': case 'cash': default: $user_name = urlencode($_SESSION['order_data']['o_user_name']); ?> <div class="fdSystemMessage"> <?php $system_msg = str_replace("[STAG]", "<a href='" . PJ_BASE_PATH . $user_name . '/restaurants/' . base64_encode($_SESSION['order_data']['o_user_id']) . "'>", $front_messages[3]); $system_msg = str_replace("[ETAG]", "</a>", $system_msg); echo $system_msg;