/**
*
*/
public function requestParser($template)
{
if (!user_allowed_to('backup works')) {
return $template;
}
$merged_post_get = array_merge($_GET, $_POST);
if (!isset($merged_post_get['module']) || $merged_post_get['module'] != 'backup') {
return $template;
}
$input_filter = array('backup_name' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\-]+(|\\.zip)$~ui')), 'backup_description' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\s\\-а-яА-Я.:;"]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(create|restore|delete|download)+$~ui')), 'result' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z_]+$~ui')));
$_INPUT = get_filtered_input($input_filter);
$result_text = 'Неизвестное действие';
$result_class = 'backup_result_bad';
switch ($_INPUT['action']) {
case 'create':
if ($_INPUT['backup_name'] == '') {
popup_message_add('Некорректное имя файла', JCMS_MESSAGE_ERROR);
break;
}
// force extension
if (substr($_INPUT['backup_name'], -4) != '.zip') {
$_INPUT['backup_name'] .= '.zip';
}
if (($result = $this->createBackup($_INPUT['backup_name'], $_INPUT['backup_description'])) === true) {
popup_message_add('Резервная копия создана', JCMS_MESSAGE_OK);
} else {
popup_message_add('Не удалось создать резервную копию', JCMS_MESSAGE_ERROR);
}
terminate('', 'Location: ./?module=backup&action=manage', 302);
break;
case 'restore':
if (($result = $this->restoreBackup($_INPUT['backup_name'])) === true) {
popup_message_add('Резервная копия восстановлена', JCMS_MESSAGE_OK);
} else {
popup_message_add('Не удалось восстановить резервную копию (' . $result . ')', JCMS_MESSAGE_ERROR);
}
terminate('', 'Location: ./?module=backup&action=manage', 302);
break;
case 'delete':
if ($this->deleteBackup($_INPUT['backup_name'])) {
popup_message_add('Резервная копия удалена', JCMS_MESSAGE_OK);
} else {
popup_message_add('Не удалось удалить резервную копию (' . $result . ')', JCMS_MESSAGE_ERROR);
}
terminate('', 'Location: ./?module=backup&action=manage', 302);
break;
case 'download':
header('HTTP/1.1 200 OK');
header('Content-Length: ' . filesize(__DIR__ . '/data/' . $_INPUT['backup_name']));
header('Content-Type: octet/stream');
header('Content-Transfer-Encoding: 8bit');
header('Content-Disposition: attachment; filename*=UTF-8\'\'' . str_replace('+', '%20', urlencode(iconv('windows-1251', 'utf-8', $_INPUT['backup_name']))) . '');
readfile(__DIR__ . '/data/' . $_INPUT['backup_name']);
exit;
break;
}
return $template;
}
/**
*
*/
public function requestParser($template)
{
if (!user_allowed_to('chat')) {
return $template;
}
$input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(post)+$~ui')));
$_INPUT = get_filtered_input($input_filter);
return $template;
}
/**
*
*/
function requestParser($template)
{
if (!user_allowed_to('manage files')) {
return $template;
}
$module_name = 'filemanager';
// check if something to do
if (@$_GET['module'] != $module_name && @$_POST['module'] != $module_name) {
return $template;
}
// filter input
$input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(update_file|upload|delete)$~ui')), 'category' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(?!(\\.\\.|\\|//|[a-zA-Zа-яА-Я0-9\\s_\\-\\(\\)]:)).*$~u')), 'new_filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(?!(\\.\\.|\\|//|[a-zA-Zа-яА-Я0-9\\s_\\-\\(\\)]:)).*$~u')), 'filecontent' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~.*~')));
$_INPUT = get_filtered_input($input_filter);
// prepare redirect
$redirect_target = './?module=' . $module_name . '&action=manage&category=' . $_INPUT['category'];
$redirect_status = false;
switch (get_array_value($_INPUT, 'action')) {
case 'upload':
for ($i = 0; $i < count($_FILES['files']['name']); $i++) {
// check extension against directory configuration, use only if matches
if (($dir = $this->getUserFolderParams($_FILES['files']['name'][$i], $_INPUT['category'])) != false) {
move_uploaded_file($_FILES['files']['tmp_name'][$i], iconv('utf-8', filesystem_encoding(), $dir['dir'] . $_FILES['files']['name'][$i]));
}
}
$redirect_status = true;
break;
case 'delete':
if ($this->getUserFolderParams($_INPUT['filename']) != false) {
unlink($_INPUT['filename']);
}
$redirect_status = true;
break;
case 'update_file':
// check if filenames (old and new) are ok
if ($this->getUserFolderParams($_INPUT['filename']) === false || $this->getUserFolderParams($_INPUT['new_filename']) === false) {
popup_message_add('Расширение не подходит для этой папки', JCMS_MESSAGE_ERROR);
return $template;
}
// write contents, yeah
file_put_contents(iconv('utf-8', filesystem_encoding(), $_INPUT['filename']), $_INPUT['filecontent']);
// rename if requested
if ($_INPUT['filename'] != $_INPUT['new_filename']) {
rename($_INPUT['filename'], $_INPUT['new_filename']);
}
popup_message_add('Файл обновлен', JCMS_MESSAGE_OK);
$redirect_status = true;
break;
}
// check for redirect
if ($redirect_status) {
terminate('', 'Location: ' . $redirect_target, 302);
}
/**
* Adds a comment
*
* $input keys supported:
* row_id : object to add comment to
* comment_text : comment itself
*
* Files attachment is also supported
*
* @param array $input parameters
* @param array $return metadata parameters
* @param resource $DB database connection to use
* @return string 'OK' or some error text
*/
public static function commentsAdd($input, &$return_metadata, $DB)
{
// check ID first
if (($object_id = $input['row_id']) == '') {
$return_metadata = array('status' => 'ERROR');
return 'bad row ID';
}
// check if no text and no files
if (trim($input['comments_comment_text']) == '' && $_FILES['attachthis']['name'][0] == '') {
$return_metadata = array('status' => 'ERROR');
return 'nothing to add';
}
$user_id = 'admin';
// TAG_TODO
$stamp = date('Y.m.d H:i:s');
// get specials for the input
$input_filter = array('comment_text' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9\\!\\"\\№\\;\\%\\:\\?\\*\\(\\)\\-\\_\\=\\+\\s]+$~smui')));
$filtered_input = get_filtered_input($input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL));
$sql = 'insert into comments (id, object_id, user_id, stamp, comment_text, attached_name, comment_state) values (:id, :object_id, :user_id, :stamp, :comment_text, :attached_name, :comment_state)';
$prepared = $DB->prepare($sql);
// iterate uploaded files, add comment for each
// NOTE: if the line below generates an error "no index 'attachthis'",
// ensure that the form has 'enctype="multipart/form-data"' attribute
for ($file_index = 0; $file_index < count($_FILES['attachthis']['name']); $file_index++) {
$comment_id = create_guid();
// full comment text - append "(1/10)" in case of multiple files
$comment_text_full = $filtered_input['comments_comment_text'];
if (count($_FILES['attachthis']['name']) > 1) {
$comment_text_full = '(' . ($file_index + 1) . '/' . count($_FILES['attachthis']['name']) . ') ' . $comment_text_full;
}
// copy attached file, mark comment if failed
if ($_FILES['attachthis']['name'][$file_index] > '') {
$copy_result = move_uploaded_file($_FILES['attachthis']['tmp_name'][$file_index], self::COMMENTS_ATTACHED_DIR . $comment_id);
if (!$copy_result) {
$comment_text_full .= '(file not copied - re-attach)';
}
}
// add the comment to the base
$prepared->execute(array(':id' => $comment_id, ':object_id' => $object_id, ':user_id' => $user_id, ':stamp' => $stamp, ':comment_text' => $comment_text_full, ':attached_name' => $_FILES['attachthis']['name'][$file_index], ':comment_state' => 'new comment'));
}
return 'OK';
}
/**
* AJAX requests handler
*
* nothing special - mainly API call
*/
function AJAXHandler()
{
$filtered_input = get_filtered_input(self::$input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL));
switch ($filtered_input['action']) {
case 'contextmenu':
$report_id = $filtered_input['report_id'];
$row_id = null;
// TAG_TODO вот тут нужен идентификатор
$field_name = null;
// TAG_TODO и тут нужен
return J_DB_UI::generateContextMenu($report_id, $row_id, $field_name, $this->DB);
break;
case 'call_api':
return $this->callAPI($filtered_input, $return_metadata);
break;
default:
return 'error: action not set';
break;
}
}
/**
* AJAX!
*
*/
function AJAXHandler()
{
$input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')));
$_INPUT = get_filtered_input($input_filter, array(FILTER_GET_BY_LIST));
// default responce
$response = 'unknown function';
switch ($_INPUT['action']) {
// add/edit dialog
case 'edit_elem':
if (!user_allowed_to('manage news')) {
terminate('Forbidden', '', 403);
}
// what to edit
if ($_INPUT['id'] == '') {
return 'bad ID';
}
module_init('menu');
// get element description
$q = CMS::$DB->query("select id, caption, link, page, streams, summary from `{$this->CONFIG['table']}` where id={$_INPUT['id']}");
$row = $q->fetch(PDO::FETCH_ASSOC);
$row['id'] = $_INPUT['id'];
$xml = array_to_xml($row, array('news-edit-data'));
// add pages list
$xml->documentElement->appendChild($xml->importNode(aliasCatchersAsXML(array('root' => 'page-list'))->documentElement, true));
return XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/edit.xsl');
break;
}
return $response;
}
/**
* Here generated data for module configuration dialog
*
*/
public function AJAXHandler()
{
if (!user_allowed_to('manage modules')) {
terminate('Forbidden', '', 403);
}
// фильтруем вход
$input_filter = array('target' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')), 'value' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[\\sa-zA-Zа-яА-Я0-9\\_\\-%!@$^*\\(\\)\\[\\]&=.,/\\\\]+$~ui')), 'hash' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9]+$~ui')));
$_INPUT = get_filtered_input($input_filter);
switch ($_INPUT['action']) {
case 'get_settings':
if (($module_name = $_INPUT['target']) == '') {
terminate('Unknown module [from:admin]', '', 404);
}
// get config XML, mark nodes, transform and return
$xml = new DOMDocument('1.0', 'utf-8');
if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) {
$xml->loadXML($this->CMSSettingsXML());
} else {
$xml->load(get_module_config_filename($module_name));
}
$this->iterateAndMark($xml);
return XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/settings_box.xsl');
break;
case 'save_setting':
if (($module_name = $_INPUT['target']) == '') {
terminate('Unknown module [from:admin]', '', 404);
}
// first, get right XML
$xml = new DOMDocument('1.0', 'utf-8');
if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) {
$xml->loadXML($this->CMSSettingsXML());
} else {
$filename = get_module_config_filename($module_name);
$xml->load($filename);
}
// traverse and find the node to change
$config_xml_path = $this->config_xml_path;
$found = false;
// means that node found
$this->iterateXMLFromNode($xml->documentElement, function ($element) use(&$found, $_INPUT, $config_xml_path) {
$node_path = $element->getNodePath();
if (md5($node_path) == $_INPUT['hash'] && substr($node_path, 0, strlen($config_xml_path)) == $config_xml_path) {
$found = $element->nodeName;
$element->nodeValue = htmlspecialchars($_INPUT['value']);
}
});
// if all OK, update file and return good
if ($found) {
if ($module_name == self::CMS_SETTINGS_MODULE_PHANTOM) {
if (!$this->updateConstInFile('./userfiles/_data_common/conf.php', $found, $_INPUT['value'])) {
terminate('Error updating file', '', 500);
}
} else {
if (!$xml->save($filename)) {
terminate('Error updating file', '', 500);
}
}
return 'OK';
} else {
terminate('Config file changed', '', 403);
}
break;
default:
terminate('Unknown action [from: admin]', '', 404);
break;
}
}
function AJAXHandler()
{
// фильтруем вход
$input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')));
$_INPUT = get_filtered_input($input_filter);
// ответ по умолчанию
$response = 'unknown function';
switch ($_INPUT['action']) {
// содержимое диалога редактирования/добавления ///////////////////////////////////////////
case 'edit_elem':
// элемент, который редактировать будем (-1, если новый)
if (($elem_id = $_INPUT['id']) == '') {
return 'bad ID';
}
$q = CMS::$DB->query('select * from `' . $this->CONFIG['table'] . '` where id=' . $elem_id);
$row = $q->fetch(PDO::FETCH_ASSOC);
$row['id'] = $elem_id;
// set "-1" when creating new page as there comes empty array
$xml = array_to_xml($row, array('page-edit-data'));
$response = XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/edit.xsl');
break;
}
return $response;
}
/**
* Updates menu element record
*
* @param array $input data to use. It may specially prepared array or even unfiltered POST/GET input
* @return mixed true on success, message string on failure
*/
private function elementUpdate($input)
{
// configuration check
if (!preg_match(REGEXP_IDENTIFIER, $this->CONFIG['table_menu'])) {
return 'некорректное имя таблицы';
}
$table = $this->CONFIG['table_menu'];
// filter input
$input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'alias' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'parent' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[0-9]+$~ui')), 'caption' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9/\\-_:.,=+!@#$%^&*()"]+$~ui')), 'page' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)), 'link' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(https?://)?[a-zA-Z0-9\\-/.,=&?_]+(\\?.*)?$~i')), 'picture' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\-_.]+\\.(jpg|jpeg|gif|png)$~ui')), 'text' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9\\-_:.,=+!@#$%^&*()<>"/]+$~smui')), 'style_content' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\-]+$~ui')), 'style_item' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(([a-zA-Z\\-]+\\s*:\\s*[a-zA-Z0-9\\-;%\\s]+)+|[a-zA-Z0-9\\s\\-_]+)$~ui')), 'class_item' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\-][a-zA-Z0-9\\-\\s]*$~ui')), 'add_more' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Za-яА-Я\\s0-9\\-_:]+$~ui')), 'hidden' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(on|)$~ui')), 'title' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9а-яА-Я\\s\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\=\\+\\,\\.\\?\\:\\№]+$~ui')), 'meta' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^.*$~smui')));
$_INPUT = get_filtered_input($input_filter);
// shorthand
$element_id = $_INPUT['id'];
// some special mode
$insert_mode = $element_id < 0;
// pull existing values to replace incorrect input
$q = CMS::$DB->query("select * from {$table} where id = {$element_id}");
if ($current = $q->fetch(PDO::FETCH_ASSOC)) {
foreach ($current as $index => $value) {
if (isset($_INPUT[$index]) && $_INPUT[$index] == '' && (@$_POST[$index] > '' || @$_GET[$index] > '') && $value > '') {
// all that mean that input was incorrect
$_INPUT[$index] = $value;
}
}
}
// on insert, we will need new ordermark to
$new_ordermark = CMS::$DB->querySingle("select ifnull(max(ordermark),0)+1 from {$table}");
// choose the proper SQL
$sql = $insert_mode ? " insert into {$table} " . " ( parent_id, caption, page, link, ordermark, alias, text, picture, style_content, style_item, class_item, hidden, title, meta ) " . " values " . " (:parent_id, :caption, :page, :link, :ordermark, :alias, :text, :picture, :style_content, :style_item, :class_item, :hidden, :title, :meta ) " : " update {$table} set " . " parent_id = :parent_id, " . " caption = :caption, " . " page = :page, " . " link = :link, " . " alias = :alias, " . " text = :text, " . " picture = :picture, " . " style_content = :style_content, " . " style_item = :style_item, " . " class_item = :class_item, " . " hidden = :hidden, " . " title = :title, " . " meta = :meta " . " where id = :id ";
// take caption from linked page title if not set, cancel if nothing found
if ($_INPUT['caption'] == '') {
if ($_INPUT['title'] > '') {
$_INPUT['caption'] = $_INPUT['title'];
} else {
if (module_get_config('content', $content_module_config)) {
$_INPUT['caption'] = CMS::$DB->querySingle("select title from `{$content_module_config['config']['table']}` where alias = '{$_INPUT['link']}'");
}
}
}
if ($_INPUT['caption'] == '') {
return 'Некорректный заголовок';
}
$query_params = array('id' => $_INPUT['id'], 'parent_id' => $_INPUT['parent'], 'caption' => $_INPUT['caption'], 'page' => trim($_INPUT['page'] == '') ? '' : $_INPUT['page'], 'link' => $_INPUT['link'], 'ordermark' => $new_ordermark, 'alias' => trim($_INPUT['alias']) > '' ? $_INPUT['alias'] : strtolower(create_guid()), 'text' => $_INPUT['text'], 'picture' => $_INPUT['picture'], 'style_content' => $_INPUT['style_content'], 'style_item' => $_INPUT['style_item'], 'class_item' => $_INPUT['class_item'], 'hidden' => $_INPUT['hidden'] > '' ? 1 : 0, 'title' => $_INPUT['title'], 'meta' => $_INPUT['meta']);
// some items are unnercessary when inserting or updating, PDO will get mad of them, so remove them!
if ($insert_mode) {
unset($query_params['id']);
} else {
unset($query_params['ordermark']);
}
// ok, go
$prepared = CMS::$DB->prepare($sql);
if ($prepared->execute($query_params) == false) {
return $prepared->errorInfo[2] . ')';
}
return true;
}
/**
*
*
*/
function AJAXHandler()
{
// фильтруем вход
$input_filter = array('filename' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9][a-zA-Zа-яА-Я0-9_\\-\\s]*\\.html$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')));
$_INPUT = get_filtered_input($input_filter);
switch ($_INPUT['action']) {
case 'edit_template':
if ($_INPUT['filename'] == '') {
break;
}
$xml = new DOMDocument('1.0', 'utf-8');
$xml->appendChild($root = $xml->createElement('root'));
$root->appendChild($xml->createElement('filename'))->nodeValue = $_INPUT['filename'];
$root->appendChild($xml->createElement('content'))->nodeValue = file_get_contents(__DIR__ . '/templates/' . $_INPUT['filename']);
return XSLTransform($xml->saveXML($root), __DIR__ . '/edit.xsl');
}
return 'unknown action';
}
public function AJAXHandler()
{
// фильтруем вход
$input_filter = array('row_id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9_\\-]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui')));
$_INPUT = get_filtered_input($input_filter);
// ответ по умолчанию
$response = 'unknown function';
switch ($_INPUT['action']) {
case 'send_all':
break;
case 'send':
return $this->sendFromJ_DB($_INPUT['row_id']);
break;
case 'delete_all':
return $this->deleteFromJ_DB();
break;
case 'update_status':
if (isset($_POST['data'])) {
$this->parseNotificatorMessage($_POST['data']);
}
return '100';
break;
}
}
function requestParser($template)
{
// now some bunch of samples if you don',t want to modify config file
//
// ! absolute redirect area, take care !
//
////////////////////////////////////////////////////////
// common version
////////////////////////////////////////////////////////
//if (
// (($_GET['key1',] == 'value1',) && ($_GET['key2',] == 'value2',))
// || ($_SERVER['QUERY_STRING',] == 'key1=value1&key2=value2',)
//
//) {
// header('HTTP/1.1 301 Moved Permanently',);
// header('Location: chillers',);
// terminate();
//}
////////////////////////////////////////////////////////
// use this if you need only some GET keys to match
////////////////////////////////////////////////////////
//if (($_GET['key1',] == 'value1',) && ($_GET['key2',] == 'value2',)) {
// header('HTTP/1.1 301 Moved Permanently',);
// header('Location: chillers',);
// terminate();
//}
////////////////////////////////////////////////////////
// full match version
////////////////////////////////////////////////////////
//if ($_SERVER['QUERY_STRING',] == 'key1=value1&key2=value2',) {
// header('HTTP/1.1 301 Moved Permanently',);
// header('Location: chillers',);
// terminate();
//}
////////////////////////////////////////////////////////
// absolute redirect, ignoring module call method
if (isset($this->CONFIG['redirect_rules']) && is_array($this->CONFIG['redirect_rules'])) {
foreach ($this->CONFIG['redirect_rules'] as $rule) {
$redirect = false;
if (!isset($rule['check'])) {
popup_message_add('Redirect: no "check" section found, skipping rule', JCMS_MESSAGE_WARNING);
continue;
}
$check_this = $rule['check'];
// if rule is string, check entire query string
if (is_string($check_this)) {
$redirect = $_SERVER['QUERY_STRING'] == $check_this;
}
// if rule is array, check all pairs
if (is_array($check_this)) {
$redirect = count(array_diff($check_this, $_GET)) == 0;
}
// ok, we need to redirect
if ($redirect) {
// first use default code as default ;-)
$http_code = self::DEFAULT_HTTP_CODE;
// if location specified, use 301
if (isset($rule['location'])) {
$http_code = 301;
}
// if code set explicitly, use if correct
if (isset($rule['code']) && isset($this->http_code_texts[$rule['code']])) {
$http_code = $rule['code'];
}
// send special headers for special cases
switch ($http_code) {
case '301':
header('Location: ' . $rule['location']);
break;
}
terminate($this->http_code_texts[$http_code], '', $http_code);
}
}
}
if (@$_POST['module'] == 'redirect' || @$_GET['module'] == 'redirect') {
// yeah filter input
$input_filter = array('action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(redirect|no_redirect)$~ui')), 'target' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => REGEXP_ALIAS)));
$R = get_filtered_input($input_filter, array(FILTER_GET_FULL, FILTER_POST_FULL));
switch ($R['action']) {
// explicit redirect
case 'redirect':
header('Location: ./' . $R['target']);
terminate();
break;
}
}
return $template;
}
/**
* Filters input arrays ($_GET and $_POST)
*
* @return array filtered GET and POST requests
*/
private function getInput()
{
$input_filter = array('username' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Zа-яА-Я0-9!@\\-]+$~ui')), 'password' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'password1' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'password2' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'module' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^(login|logout|change_password|chpass)$~ui')), 'ajaxproxy' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z\\_0-9]+$~ui')));
return get_filtered_input($input_filter);
}
