示例#1
0
 public function __construct($from_id = 0, $from_ip = "0.0.0.0", $to_id = 0, $subject = "A Message", $message = "Some Text", $read = False)
 {
     # PHP: the P stands for "really", the H stands for "awful" and the other P stands for "language"
     if (is_array($from_id)) {
         $a = $from_id;
         $this->id = $a["id"];
         $this->from_id = $a["from_id"];
         $this->from_ip = $a["from_ip"];
         $this->to_id = $a["to_id"];
         $this->sent_date = $a["sent_date"];
         $this->subject = $a["subject"];
         $this->message = $a["message"];
         $this->is_read = bool_escape($a["is_read"]);
     } else {
         $this->id = -1;
         $this->from_id = $from_id;
         $this->from_ip = $from_ip;
         $this->to_id = $to_id;
         $this->subject = $subject;
         $this->message = $message;
         $this->is_read = $read;
     }
 }
示例#2
0
文件: main.php 项目: JarJak/shimmie2
 /**
  * Handle an transload.
  *
  * @param string $url
  * @param mixed $tags
  * @param string $source
  * @param string $replace
  * @return bool Returns TRUE on transload successful.
  */
 private function try_transload($url, $tags, $source, $replace = '')
 {
     global $page, $config, $user;
     $ok = true;
     // Checks if user is admin > check if you want locked.
     if ($user->can("edit_image_lock") && !empty($_GET['locked'])) {
         $locked = bool_escape($_GET['locked']);
     }
     // Checks if url contains rating, also checks if the rating extension is enabled.
     if ($config->get_string("transload_engine", "none") != "none" && class_exists("Ratings") && !empty($_GET['rating'])) {
         // Rating event will validate that this is s/q/e/u
         $rating = strtolower($_GET['rating']);
         $rating = $rating[0];
     } else {
         $rating = "";
     }
     $tmp_filename = tempnam(ini_get('upload_tmp_dir'), "shimmie_transload");
     // transload() returns Array or Bool, depending on the transload_engine.
     $headers = transload($url, $tmp_filename);
     $s_filename = is_array($headers) ? findHeader($headers, 'Content-Disposition') : null;
     $h_filename = $s_filename ? preg_replace('/^.*filename="([^ ]+)"/i', '$1', $s_filename) : null;
     $filename = $h_filename ?: basename($url);
     if (!$headers) {
         $this->theme->display_upload_error($page, "Error with " . html_escape($filename), "Error reading from " . html_escape($url));
         return false;
     }
     if (filesize($tmp_filename) == 0) {
         $this->theme->display_upload_error($page, "Error with " . html_escape($filename), "No data found -- perhaps the site has hotlink protection?");
         $ok = false;
     } else {
         $pathinfo = pathinfo($url);
         $metadata = array();
         $metadata['filename'] = $filename;
         $metadata['extension'] = getExtension(findHeader($headers, 'Content-Type')) ?: $pathinfo['extension'];
         $metadata['tags'] = $tags;
         $metadata['source'] = $url == $source && !$config->get_bool('upload_tlsource') ? "" : $source;
         /* check for locked > adds to metadata if it has */
         if (!empty($locked)) {
             $metadata['locked'] = $locked ? "on" : "";
         }
         /* check for rating > adds to metadata if it has */
         if (!empty($rating)) {
             $metadata['rating'] = $rating;
         }
         /* check if we have been given an image ID to replace */
         if (!empty($replace)) {
             $metadata['replace'] = $replace;
         }
         $event = new DataUploadEvent($tmp_filename, $metadata);
         try {
             send_event($event);
         } catch (UploadException $ex) {
             $this->theme->display_upload_error($page, "Error with " . html_escape($url), $ex->getMessage());
             $ok = false;
         }
     }
     unlink($tmp_filename);
     return $ok;
 }
 /**
  * @param bool $tf
  * @throws SCoreException
  */
 public function set_locked($tf)
 {
     global $database;
     $ln = $tf ? "Y" : "N";
     $sln = $database->scoreql_to_sql('SCORE_BOOL_' . $ln);
     $sln = str_replace("'", "", $sln);
     $sln = str_replace('"', "", $sln);
     if (bool_escape($sln) !== $this->locked) {
         $database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn" => $sln, "id" => $this->id));
         log_info("core_image", "Setting Image #{$this->id} lock to: {$ln}", false, array("image_id" => $this->id));
     }
 }
示例#4
0
文件: main.php 项目: nsuan/shimmie2
 private function try_transload($url, $tags, $source, $replace = '')
 {
     global $page;
     global $config;
     global $user;
     $ok = true;
     //Allows external source to be set.
     if (!empty($_GET['source'])) {
         $source = $_GET['source'];
     } else {
         $source = $url;
     }
     if (!preg_match("#^(https?|ftp)://#", $source)) {
         $source = $url;
     }
     // Checks if user is admin > check if you want locked.
     if ($user->is_admin()) {
         $locked = bool_escape($_GET['locked']);
     }
     // Checks if url contains rating, also checks if the rating extension is enabled.
     if ($config->get_string("transload_engine", "none") != "none" && file_exists("ext/rating") && !empty($_GET['rating'])) {
         // Rating event will validate that this is s/q/e/u
         $rating = strtolower($_GET['rating']);
         $rating = $rating[0];
     } else {
         $rating = "";
     }
     // PHP falls back to system default if /tmp fails, can't we just
     // use the system default to start with? :-/
     $tmp_filename = tempnam("/tmp", "shimmie_transload");
     $filename = basename($url);
     if ($config->get_string("transload_engine") == "fopen") {
         $fp = @fopen($url, "r");
         if (!$fp) {
             $this->theme->display_upload_error($page, "Error with " . html_escape($filename), "Error reading from " . html_escape($url));
             return false;
         }
         $data = "";
         $length = 0;
         while (!feof($fp) && $length <= $config->get_int('upload_size')) {
             $data .= fread($fp, 8192);
             $length = strlen($data);
         }
         fclose($fp);
         $fp = fopen($tmp_filename, "w");
         fwrite($fp, $data);
         fclose($fp);
     }
     if ($config->get_string("transload_engine") == "curl" && function_exists("curl_init")) {
         $ch = curl_init($url);
         $fp = fopen($tmp_filename, "w");
         curl_setopt($ch, CURLOPT_FILE, $fp);
         curl_setopt($ch, CURLOPT_HEADER, 0);
         curl_setopt($ch, CURLOPT_REFERER, $url);
         curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
         curl_exec($ch);
         curl_close($ch);
         fclose($fp);
     }
     if ($config->get_string("transload_engine") == "wget") {
         $ua = "Shimmie-" . VERSION;
         $s_url = escapeshellarg($url);
         $s_tmp = escapeshellarg($tmp_filename);
         system("wget {$s_url} --output-document={$s_tmp} --user-agent={$ua} --referer={$s_url}");
     }
     if (filesize($tmp_filename) == 0) {
         $this->theme->display_upload_error($page, "Error with " . html_escape($filename), "No data found -- perhaps the site has hotlink protection?");
         $ok = false;
     } else {
         global $user;
         $pathinfo = pathinfo($url);
         $metadata['filename'] = $pathinfo['basename'];
         $metadata['extension'] = $pathinfo['extension'];
         $metadata['tags'] = $tags;
         $metadata['source'] = $source;
         /* check for locked > adds to metadata if it has */
         if (!empty($locked)) {
             $metadata['locked'] = $locked ? "on" : "";
         }
         /* check for rating > adds to metadata if it has */
         if (!empty($rating)) {
             $metadata['rating'] = $rating;
         }
         /* check if we have been given an image ID to replace */
         if (!empty($replace)) {
             $metadata['replace'] = $replace;
         }
         $event = new DataUploadEvent($user, $tmp_filename, $metadata);
         try {
             send_event($event);
         } catch (UploadException $ex) {
             $this->theme->display_upload_error($page, "Error with " . html_escape($url), $ex->getMessage());
             $ok = false;
         }
     }
     unlink($tmp_filename);
     return $ok;
 }
示例#5
0
文件: main.php 项目: JarJak/shimmie2
 function __construct($file)
 {
     $xml_parser = xml_parser_create();
     xml_set_element_handler($xml_parser, array($this, "startElement"), array($this, "endElement"));
     $this->valid = bool_escape(xml_parse($xml_parser, file_get_contents($file), true));
     xml_parser_free($xml_parser);
 }
示例#6
0
文件: main.php 项目: JarJak/shimmie2
 /**
  * @param int $tipID
  */
 private function setStatus($tipID)
 {
     global $database;
     $tip = $database->get_row("SELECT * FROM tips WHERE id = ? ", array(int_escape($tipID)));
     if (bool_escape($tip['enable'])) {
         $enable = "N";
     } else {
         $enable = "Y";
     }
     $database->execute("UPDATE tips SET enable = ? WHERE id = ?", array($enable, int_escape($tipID)));
 }
示例#7
0
function validate_input($inputs)
{
    $outputs = array();
    foreach ($inputs as $key => $validations) {
        $flags = explode(',', $validations);
        if (in_array('bool', $flags) && !isset($_POST[$key])) {
            $_POST[$key] = 'off';
        }
        if (in_array('optional', $flags)) {
            if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
                $outputs[$key] = null;
                continue;
            }
        }
        if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
            throw new InvalidInput("Input '{$key}' not set");
        }
        $value = trim($_POST[$key]);
        if (in_array('user_id', $flags)) {
            $id = int_escape($value);
            if (in_array('exists', $flags)) {
                if (is_null(User::by_id($id))) {
                    throw new InvalidInput("User #{$id} does not exist");
                }
            }
            $outputs[$key] = $id;
        } else {
            if (in_array('user_name', $flags)) {
                if (strlen($value) < 1) {
                    throw new InvalidInput("Username must be at least 1 character");
                } else {
                    if (!preg_match('/^[a-zA-Z0-9-_]+$/', $value)) {
                        throw new InvalidInput("Username contains invalid characters. Allowed characters are " . "letters, numbers, dash, and underscore");
                    }
                }
                $outputs[$key] = $value;
            } else {
                if (in_array('user_class', $flags)) {
                    global $_shm_user_classes;
                    if (!array_key_exists($value, $_shm_user_classes)) {
                        throw new InvalidInput("Invalid user class: " . html_escape($value));
                    }
                    $outputs[$key] = $value;
                } else {
                    if (in_array('email', $flags)) {
                        $outputs[$key] = trim($value);
                    } else {
                        if (in_array('password', $flags)) {
                            $outputs[$key] = $value;
                        } else {
                            if (in_array('int', $flags)) {
                                $value = trim($value);
                                if (empty($value) || !is_numeric($value)) {
                                    throw new InvalidInput("Invalid int: " . html_escape($value));
                                }
                                $outputs[$key] = (int) $value;
                            } else {
                                if (in_array('bool', $flags)) {
                                    $outputs[$key] = bool_escape($value);
                                } else {
                                    if (in_array('string', $flags)) {
                                        if (in_array('trim', $flags)) {
                                            $value = trim($value);
                                        }
                                        if (in_array('lower', $flags)) {
                                            $value = strtolower($value);
                                        }
                                        if (in_array('not-empty', $flags)) {
                                            throw new InvalidInput("{$key} must not be blank");
                                        }
                                        if (in_array('nullify', $flags)) {
                                            if (empty($value)) {
                                                $value = null;
                                            }
                                        }
                                        $outputs[$key] = $value;
                                    } else {
                                        throw new InvalidInput("Unknown validation '{$validations}'");
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    return $outputs;
}
示例#8
0
 /**
  * @param string $name
  * @param null|bool|string $default
  * @return bool
  */
 public function get_bool($name, $default = null)
 {
     return bool_escape($this->get($name, $default));
 }