/** * */ public function requestParser($template) { if (!user_allowed_to('backup works')) { return $template; } $merged_post_get = array_merge($_GET, $_POST); if (!isset($merged_post_get['module']) || $merged_post_get['module'] != 'backup') { return $template; } $input_filter = array('backup_name' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\-]+(|\\.zip)$~ui')), 'backup_description' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\s\\-а-яА-Я.:;"]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(create|restore|delete|download)+$~ui')), 'result' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z_]+$~ui'))); $_INPUT = get_filtered_input($input_filter); $result_text = 'Неизвестное действие'; $result_class = 'backup_result_bad'; switch ($_INPUT['action']) { case 'create': if ($_INPUT['backup_name'] == '') { popup_message_add('Некорректное имя файла', JCMS_MESSAGE_ERROR); break; } // force extension if (substr($_INPUT['backup_name'], -4) != '.zip') { $_INPUT['backup_name'] .= '.zip'; } if (($result = $this->createBackup($_INPUT['backup_name'], $_INPUT['backup_description'])) === true) { popup_message_add('Резервная копия создана', JCMS_MESSAGE_OK); } else { popup_message_add('Не удалось создать резервную копию', JCMS_MESSAGE_ERROR); } terminate('', 'Location: ./?module=backup&action=manage', 302); break; case 'restore': if (($result = $this->restoreBackup($_INPUT['backup_name'])) === true) { popup_message_add('Резервная копия восстановлена', JCMS_MESSAGE_OK); } else { popup_message_add('Не удалось восстановить резервную копию (' . $result . ')', JCMS_MESSAGE_ERROR); } terminate('', 'Location: ./?module=backup&action=manage', 302); break; case 'delete': if ($this->deleteBackup($_INPUT['backup_name'])) { popup_message_add('Резервная копия удалена', JCMS_MESSAGE_OK); } else { popup_message_add('Не удалось удалить резервную копию (' . $result . ')', JCMS_MESSAGE_ERROR); } terminate('', 'Location: ./?module=backup&action=manage', 302); break; case 'download': header('HTTP/1.1 200 OK'); header('Content-Length: ' . filesize(__DIR__ . '/data/' . $_INPUT['backup_name'])); header('Content-Type: octet/stream'); header('Content-Transfer-Encoding: 8bit'); header('Content-Disposition: attachment; filename*=UTF-8\'\'' . str_replace('+', '%20', urlencode(iconv('windows-1251', 'utf-8', $_INPUT['backup_name']))) . ''); readfile(__DIR__ . '/data/' . $_INPUT['backup_name']); exit; break; } return $template; }
/** * */ public function requestParser($template) { if (!user_allowed_to('chat')) { return $template; } $input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(post)+$~ui'))); $_INPUT = get_filtered_input($input_filter); return $template; }
/** * */ function requestParser($template) { if (!user_allowed_to('manage files')) { return $template; } $module_name = 'filemanager'; // check if something to do if (@$_GET['module'] != $module_name && @$_POST['module'] != $module_name) { return $template; } // filter input $input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(update_file|upload|delete)$~ui')), 'category' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(?!(\\.\\.|\\|//|[a-zA-Zа-яА-Я0-9\\s_\\-\\(\\)]:)).*$~u')), 'new_filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(?!(\\.\\.|\\|//|[a-zA-Zа-яА-Я0-9\\s_\\-\\(\\)]:)).*$~u')), 'filecontent' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~.*~'))); $_INPUT = get_filtered_input($input_filter); // prepare redirect $redirect_target = './?module=' . $module_name . '&action=manage&category=' . $_INPUT['category']; $redirect_status = false; switch (get_array_value($_INPUT, 'action')) { case 'upload': for ($i = 0; $i < count($_FILES['files']['name']); $i++) { // check extension against directory configuration, use only if matches if (($dir = $this->getUserFolderParams($_FILES['files']['name'][$i], $_INPUT['category'])) != false) { move_uploaded_file($_FILES['files']['tmp_name'][$i], iconv('utf-8', filesystem_encoding(), $dir['dir'] . $_FILES['files']['name'][$i])); } } $redirect_status = true; break; case 'delete': if ($this->getUserFolderParams($_INPUT['filename']) != false) { unlink($_INPUT['filename']); } $redirect_status = true; break; case 'update_file': // check if filenames (old and new) are ok if ($this->getUserFolderParams($_INPUT['filename']) === false || $this->getUserFolderParams($_INPUT['new_filename']) === false) { popup_message_add('Расширение не подходит для этой папки', JCMS_MESSAGE_ERROR); return $template; } // write contents, yeah file_put_contents(iconv('utf-8', filesystem_encoding(), $_INPUT['filename']), $_INPUT['filecontent']); // rename if requested if ($_INPUT['filename'] != $_INPUT['new_filename']) { rename($_INPUT['filename'], $_INPUT['new_filename']); } popup_message_add('Файл обновлен', JCMS_MESSAGE_OK); $redirect_status = true; break; } // check for redirect if ($redirect_status) { terminate('', 'Location: ' . $redirect_target, 302); }
/** * Adds a comment * * $input keys supported: * row_id : object to add comment to * comment_text : comment itself * * Files attachment is also supported * * @param array $input parameters * @param array $return metadata parameters * @param resource $DB database connection to use * @return string 'OK' or some error text */ public static function commentsAdd($input, &$return_metadata, $DB) { // check ID first if (($object_id = $input['row_id']) == '') { $return_metadata = array('status' => 'ERROR'); return 'bad row ID'; } // check if no text and no files if (trim($input['comments_comment_text']) == '' && $_FILES['attachthis']['name'][0] == '') { $return_metadata = array('status' => 'ERROR'); return 'nothing to add'; } $user_id = 'admin'; // TAG_TODO $stamp = date('Y.m.d H:i:s'); // get specials for the input $input_filter = array('comment_text' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9\\!\\"\\№\\;\\%\\:\\?\\*\\(\\)\\-\\_\\=\\+\\s]+$~smui'))); $filtered_input = get_filtered_input($input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL)); $sql = 'insert into comments (id, object_id, user_id, stamp, comment_text, attached_name, comment_state) values (:id, :object_id, :user_id, :stamp, :comment_text, :attached_name, :comment_state)'; $prepared = $DB->prepare($sql); // iterate uploaded files, add comment for each // NOTE: if the line below generates an error "no index 'attachthis'", // ensure that the form has 'enctype="multipart/form-data"' attribute for ($file_index = 0; $file_index < count($_FILES['attachthis']['name']); $file_index++) { $comment_id = create_guid(); // full comment text - append "(1/10)" in case of multiple files $comment_text_full = $filtered_input['comments_comment_text']; if (count($_FILES['attachthis']['name']) > 1) { $comment_text_full = '(' . ($file_index + 1) . '/' . count($_FILES['attachthis']['name']) . ') ' . $comment_text_full; } // copy attached file, mark comment if failed if ($_FILES['attachthis']['name'][$file_index] > '') { $copy_result = move_uploaded_file($_FILES['attachthis']['tmp_name'][$file_index], self::COMMENTS_ATTACHED_DIR . $comment_id); if (!$copy_result) { $comment_text_full .= '(file not copied - re-attach)'; } } // add the comment to the base $prepared->execute(array(':id' => $comment_id, ':object_id' => $object_id, ':user_id' => $user_id, ':stamp' => $stamp, ':comment_text' => $comment_text_full, ':attached_name' => $_FILES['attachthis']['name'][$file_index], ':comment_state' => 'new comment')); } return 'OK'; }
/** * AJAX requests handler * * nothing special - mainly API call */ function AJAXHandler() { $filtered_input = get_filtered_input(self::$input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL)); switch ($filtered_input['action']) { case 'contextmenu': $report_id = $filtered_input['report_id']; $row_id = null; // TAG_TODO вот тут нужен идентификатор $field_name = null; // TAG_TODO и тут нужен return J_DB_UI::generateContextMenu($report_id, $row_id, $field_name, $this->DB); break; case 'call_api': return $this->callAPI($filtered_input, $return_metadata); break; default: return 'error: action not set'; break; } }
/** * AJAX! * */ function AJAXHandler() { $input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui'))); $_INPUT = get_filtered_input($input_filter, array(FILTER_GET_BY_LIST)); // default responce $response = 'unknown function'; switch ($_INPUT['action']) { // add/edit dialog case 'edit_elem': if (!user_allowed_to('manage news')) { terminate('Forbidden', '', 403); } // what to edit if ($_INPUT['id'] == '') { return 'bad ID'; } module_init('menu'); // get element description $q = CMS::$DB->query("select id, caption, link, page, streams, summary from `{$this->CONFIG['table']}` where id={$_INPUT['id']}"); $row = $q->fetch(PDO::FETCH_ASSOC); $row['id'] = $_INPUT['id']; $xml = array_to_xml($row, array('news-edit-data')); // add pages list $xml->documentElement->appendChild($xml->importNode(aliasCatchersAsXML(array('root' => 'page-list'))->documentElement, true)); return XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/edit.xsl'); break; } return $response; }
/** * Here generated data for module configuration dialog * */ public function AJAXHandler() { if (!user_allowed_to('manage modules')) { terminate('Forbidden', '', 403); } // фильтруем вход $input_filter = array('target' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')), 'value' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[\\sa-zA-Zа-яА-Я0-9\\_\\-%!@$^*\\(\\)\\[\\]&=.,/\\\\]+$~ui')), 'hash' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9]+$~ui'))); $_INPUT = get_filtered_input($input_filter); switch ($_INPUT['action']) { case 'get_settings': if (($module_name = $_INPUT['target']) == '') { terminate('Unknown module [from:admin]', '', 404); } // get config XML, mark nodes, transform and return $xml = new DOMDocument('1.0', 'utf-8'); if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) { $xml->loadXML($this->CMSSettingsXML()); } else { $xml->load(get_module_config_filename($module_name)); } $this->iterateAndMark($xml); return XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/settings_box.xsl'); break; case 'save_setting': if (($module_name = $_INPUT['target']) == '') { terminate('Unknown module [from:admin]', '', 404); } // first, get right XML $xml = new DOMDocument('1.0', 'utf-8'); if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) { $xml->loadXML($this->CMSSettingsXML()); } else { $filename = get_module_config_filename($module_name); $xml->load($filename); } // traverse and find the node to change $config_xml_path = $this->config_xml_path; $found = false; // means that node found $this->iterateXMLFromNode($xml->documentElement, function ($element) use(&$found, $_INPUT, $config_xml_path) { $node_path = $element->getNodePath(); if (md5($node_path) == $_INPUT['hash'] && substr($node_path, 0, strlen($config_xml_path)) == $config_xml_path) { $found = $element->nodeName; $element->nodeValue = htmlspecialchars($_INPUT['value']); } }); // if all OK, update file and return good if ($found) { if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) { if (!$this->updateConstInFile('./userfiles/_data_common/conf.php', $found, $_INPUT['value'])) { terminate('Error updating file', '', 500); } } else { if (!$xml->save($filename)) { terminate('Error updating file', '', 500); } } return 'OK'; } else { terminate('Config file changed', '', 403); } break; default: terminate('Unknown action [from: admin]', '', 404); break; } }
function AJAXHandler() { // фильтруем вход $input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui'))); $_INPUT = get_filtered_input($input_filter); // ответ по умолчанию $response = 'unknown function'; switch ($_INPUT['action']) { // содержимое диалога редактирования/добавления /////////////////////////////////////////// case 'edit_elem': // элемент, который редактировать будем (-1, если новый) if (($elem_id = $_INPUT['id']) == '') { return 'bad ID'; } $q = CMS::$DB->query('select * from `' . $this->CONFIG['table'] . '` where id=' . $elem_id); $row = $q->fetch(PDO::FETCH_ASSOC); $row['id'] = $elem_id; // set "-1" when creating new page as there comes empty array $xml = array_to_xml($row, array('page-edit-data')); $response = XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/edit.xsl'); break; } return $response; }
/** * Updates menu element record * * @param array $input data to use. It may specially prepared array or even unfiltered POST/GET input * @return mixed true on success, message string on failure */ private function elementUpdate($input) { // configuration check if (!preg_match(REGEXP_IDENTIFIER, $this->CONFIG['table_menu'])) { return 'некорректное имя таблицы'; } $table = $this->CONFIG['table_menu']; // filter input $input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'alias' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'parent' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[0-9]+$~ui')), 'caption' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9/\\-_:.,=+!@#$%^&*()"]+$~ui')), 'page' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'link' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(https?://)?[a-zA-Z0-9\\-/.,=&?_]+(\\?.*)?$~i')), 'picture' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\-_.]+\\.(jpg|jpeg|gif|png)$~ui')), 'text' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9\\-_:.,=+!@#$%^&*()<>"/]+$~smui')), 'style_content' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\-]+$~ui')), 'style_item' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(([a-zA-Z\\-]+\\s*:\\s*[a-zA-Z0-9\\-;%\\s]+)+|[a-zA-Z0-9\\s\\-_]+)$~ui')), 'class_item' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\-][a-zA-Z0-9\\-\\s]*$~ui')), 'add_more' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9\\-_:]+$~ui')), 'hidden' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(on|)$~ui')), 'title' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9а-яА-Я\\s\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\=\\+\\,\\.\\?\\:\\№]+$~ui')), 'meta' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^.*$~smui'))); $_INPUT = get_filtered_input($input_filter); // shorthand $element_id = $_INPUT['id']; // some special mode $insert_mode = $element_id < 0; // pull existing values to replace incorrect input $q = CMS::$DB->query("select * from {$table} where id = {$element_id}"); if ($current = $q->fetch(PDO::FETCH_ASSOC)) { foreach ($current as $index => $value) { if (isset($_INPUT[$index]) && $_INPUT[$index] == '' && (@$_POST[$index] > '' || @$_GET[$index] > '') && $value > '') { // all that mean that input was incorrect $_INPUT[$index] = $value; } } } // on insert, we will need new ordermark to $new_ordermark = CMS::$DB->querySingle("select ifnull(max(ordermark),0)+1 from {$table}"); // choose the proper SQL $sql = $insert_mode ? " insert into {$table} " . " ( parent_id, caption, page, link, ordermark, alias, text, picture, style_content, style_item, class_item, hidden, title, meta ) " . " values " . " (:parent_id, :caption, :page, :link, :ordermark, :alias, :text, :picture, :style_content, :style_item, :class_item, :hidden, :title, :meta ) " : " update {$table} set " . " parent_id = :parent_id, " . " caption = :caption, " . " page = :page, " . " link = :link, " . " alias = :alias, " . " text = :text, " . " picture = :picture, " . " style_content = :style_content, " . " style_item = :style_item, " . " class_item = :class_item, " . " hidden = :hidden, " . " title = :title, " . " meta = :meta " . " where id = :id "; // take caption from linked page title if not set, cancel if nothing found if ($_INPUT['caption'] == '') { if ($_INPUT['title'] > '') { $_INPUT['caption'] = $_INPUT['title']; } else { if (module_get_config('content', $content_module_config)) { $_INPUT['caption'] = CMS::$DB->querySingle("select title from `{$content_module_config['config']['table']}` where alias = '{$_INPUT['link']}'"); } } } if ($_INPUT['caption'] == '') { return 'Некорректный заголовок'; } $query_params = array('id' => $_INPUT['id'], 'parent_id' => $_INPUT['parent'], 'caption' => $_INPUT['caption'], 'page' => trim($_INPUT['page'] == '') ? '' : $_INPUT['page'], 'link' => $_INPUT['link'], 'ordermark' => $new_ordermark, 'alias' => trim($_INPUT['alias']) > '' ? $_INPUT['alias'] : strtolower(create_guid()), 'text' => $_INPUT['text'], 'picture' => $_INPUT['picture'], 'style_content' => $_INPUT['style_content'], 'style_item' => $_INPUT['style_item'], 'class_item' => $_INPUT['class_item'], 'hidden' => $_INPUT['hidden'] > '' ? 1 : 0, 'title' => $_INPUT['title'], 'meta' => $_INPUT['meta']); // some items are unnercessary when inserting or updating, PDO will get mad of them, so remove them! if ($insert_mode) { unset($query_params['id']); } else { unset($query_params['ordermark']); } // ok, go $prepared = CMS::$DB->prepare($sql); if ($prepared->execute($query_params) == false) { return $prepared->errorInfo[2] . ')'; } return true; }
/** * * */ function AJAXHandler() { // фильтруем вход $input_filter = array('filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9][a-zA-Zа-яА-Я0-9_\\-\\s]*\\.html$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui'))); $_INPUT = get_filtered_input($input_filter); switch ($_INPUT['action']) { case 'edit_template': if ($_INPUT['filename'] == '') { break; } $xml = new DOMDocument('1.0', 'utf-8'); $xml->appendChild($root = $xml->createElement('root')); $root->appendChild($xml->createElement('filename'))->nodeValue = $_INPUT['filename']; $root->appendChild($xml->createElement('content'))->nodeValue = file_get_contents(__DIR__ . '/templates/' . $_INPUT['filename']); return XSLTransform($xml->saveXML($root), __DIR__ . '/edit.xsl'); } return 'unknown action'; }
public function AJAXHandler() { // фильтруем вход $input_filter = array('row_id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\-]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui'))); $_INPUT = get_filtered_input($input_filter); // ответ по умолчанию $response = 'unknown function'; switch ($_INPUT['action']) { case 'send_all': break; case 'send': return $this->sendFromJ_DB($_INPUT['row_id']); break; case 'delete_all': return $this->deleteFromJ_DB(); break; case 'update_status': if (isset($_POST['data'])) { $this->parseNotificatorMessage($_POST['data']); } return '100'; break; } }
function requestParser($template) { // now some bunch of samples if you don',t want to modify config file // // ! absolute redirect area, take care ! // //////////////////////////////////////////////////////// // common version //////////////////////////////////////////////////////// //if ( // (($_GET['key1',] == 'value1',) && ($_GET['key2',] == 'value2',)) // || ($_SERVER['QUERY_STRING',] == 'key1=value1&key2=value2',) // //) { // header('HTTP/1.1 301 Moved Permanently',); // header('Location: chillers',); // terminate(); //} //////////////////////////////////////////////////////// // use this if you need only some GET keys to match //////////////////////////////////////////////////////// //if (($_GET['key1',] == 'value1',) && ($_GET['key2',] == 'value2',)) { // header('HTTP/1.1 301 Moved Permanently',); // header('Location: chillers',); // terminate(); //} //////////////////////////////////////////////////////// // full match version //////////////////////////////////////////////////////// //if ($_SERVER['QUERY_STRING',] == 'key1=value1&key2=value2',) { // header('HTTP/1.1 301 Moved Permanently',); // header('Location: chillers',); // terminate(); //} //////////////////////////////////////////////////////// // absolute redirect, ignoring module call method if (isset($this->CONFIG['redirect_rules']) && is_array($this->CONFIG['redirect_rules'])) { foreach ($this->CONFIG['redirect_rules'] as $rule) { $redirect = false; if (!isset($rule['check'])) { popup_message_add('Redirect: no "check" section found, skipping rule', JCMS_MESSAGE_WARNING); continue; } $check_this = $rule['check']; // if rule is string, check entire query string if (is_string($check_this)) { $redirect = $_SERVER['QUERY_STRING'] == $check_this; } // if rule is array, check all pairs if (is_array($check_this)) { $redirect = count(array_diff($check_this, $_GET)) == 0; } // ok, we need to redirect if ($redirect) { // first use default code as default ;-) $http_code = self::DEFAULT_HTTP_CODE; // if location specified, use 301 if (isset($rule['location'])) { $http_code = 301; } // if code set explicitly, use if correct if (isset($rule['code']) && isset($this->http_code_texts[$rule['code']])) { $http_code = $rule['code']; } // send special headers for special cases switch ($http_code) { case '301': header('Location: ' . $rule['location']); break; } terminate($this->http_code_texts[$http_code], '', $http_code); } } } if (@$_POST['module'] == 'redirect' || @$_GET['module'] == 'redirect') { // yeah filter input $input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(redirect|no_redirect)$~ui')), 'target' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS))); $R = get_filtered_input($input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL)); switch ($R['action']) { // explicit redirect case 'redirect': header('Location: ./' . $R['target']); terminate(); break; } } return $template; }
/** * Filters input arrays ($_GET and $_POST) * * @return array filtered GET and POST requests */ private function getInput() { $input_filter = array('username' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9!@\\-]+$~ui')), 'password' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'password1' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'password2' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'module' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(login|logout|change_password|chpass)$~ui')), 'ajaxproxy' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui'))); return get_filtered_input($input_filter); }