示例#1
0
 /**
  * JS concatenation subroutine.
  * 
  * @param string|array $source_filename
  * @param string $target_filename
  * @return string
  */
 public static function concatJS($source_filename, $target_filename)
 {
     $result = '';
     if (!is_array($source_filename)) {
         $source_filename = array($source_filename);
     }
     foreach ($source_filename as $filename) {
         // Get the IE condition.
         if (is_array($filename) && count($filename) >= 2) {
             list($filename, $targetie) = $filename;
         } else {
             $targetie = null;
         }
         // Clean the content.
         $content = utf8_clean(file_get_contents($filename));
         // Wrap the content in an IE condition if there is one.
         if ($targetie !== null) {
             $content = 'if (' . self::convertIECondition($targetie) . ') {' . "\n\n" . trim($content) . ";\n\n" . '}';
         }
         // Append to the result string.
         $original_filename = starts_with(\RX_BASEDIR, $filename) ? substr($filename, strlen(\RX_BASEDIR)) : $filename;
         $result .= '/* Original file: ' . $original_filename . ' */' . "\n\n" . trim($content) . ";\n\n";
     }
     return $result;
 }
/**
 * utf8_strtoupper( )
 * 
 * Make a UTF-8 string Upper Case
 * @since 1.3
 * 
 * @param    string $str The input string
 * @return   string The string with all lower case chars turned to upper case
 */
function utf8_strtoupper($str)
{
    static $table = null;
    if (mbstring_loaded()) {
        //Auto Removes Invalid UTF-8 Byte Sequances
        return mb_strtoupper($str, 'UTF-8');
    }
    //Fallback
    if (empty($table)) {
        $table = utf8_case_table();
    }
    $str = utf8_clean($str);
    return strtr($str, $table);
}
/**
 * Get data of returned email
 * 
 * @param string Prepared message text (without text after body terminator)
 * @param string Full message text
 * @param string Headers
 * @return array ( 'address', 'errormsg', 'message', 'headers', 'errtype' )
 */
function dre_get_email_data($content, $message_text, $headers)
{
    global $servertimenow;
    // Extract emails from content:
    $emails = utf8_strtolower(dre_get_emails($content));
    // Get content between email and body terminator:
    $content = dre_get_processing_content($content, $emails);
    // Get Error info:
    $error_info = dre_get_error_info($content);
    $email_returned = array('address' => $emails, 'errormsg' => $error_info['text'], 'timestamp' => date2mysql($servertimenow), 'message' => htmlspecialchars(utf8_clean($message_text)), 'headers' => $headers, 'errtype' => $error_info['type']);
    return $email_returned;
}
示例#4
0
/**
 * Sets a parameter with values from the request or to provided default,
 * except if param is already set!
 *
 * Also removes magic quotes if they are set automatically by PHP.
 * Also forces type.
 * Priority order: POST, GET, COOKIE, DEFAULT.
 *
 * @todo when bad_request_die() gets called, the GLOBAL should not be left set to the invalid value!
 * fp> Why? if the process dies anyway
 *
 * @param string Variable to set
 * @param string Force value type to one of:
 * - integer
 * - float, double
 * - string (strips (HTML-)Tags, trims whitespace)
 * - text like string but allows multiple lines
 * - array (it may contains arbitrary array elements) NOTE: If there is one way to avoid and use some other array type then it should not be used
 * - array:integer (elements of array must be integer)
 * - array:string (strips (HTML-)Tags, trims whitespace of array's elements)
 * - array:/regexp/ (elements of array must match to the given regular expression) e.g. 'array:/^[a-z]*$/'
 * - array:array:integer (two dimensional array and the elements must be integers)
 * - array:array:string (strips (HTML-)Tags, trims whitespace of the two dimensional array's elements)
 * - html (does nothing, for now)
 * - raw (does nothing)
 * - '' (does nothing) -- DEPRECATED, use "raw" instead
 * - '/^...$/' check regexp pattern match (string)
 * - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
 * - url (like string but dies on illegal urls)
 * Value type will be forced only if resulting value (probably from default then) is !== NULL
 * @param mixed Default value or TRUE if user input required
 * @param boolean Do we need to memorize this to regenerate the URL for this page?
 * @param boolean Override if variable already set
 * @param boolean Force setting of variable to default if no param is sent and var wasn't set before
 * @param mixed true will refuse illegal values,
 *              false will try to convert illegal to legal values,
 *              'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests)
 * @return mixed Final value of Variable, or false if we don't force setting and did not set
 */
function param($var, $type = 'raw', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty')
{
    global $Debuglog, $debug, $evo_charset, $io_charset;
    // NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)!
    /*
     * STEP 1 : Set the variable
     *
     * Check if already set
     * WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!!
     *   dh> I never understood that comment.. does it refer to "variables_order" php.ini setting?
     *		fp> I guess
     */
    if (!isset($GLOBALS[$var]) || $override) {
        if (isset($_POST[$var])) {
            $GLOBALS[$var] = remove_magic_quotes($_POST[$var]);
            // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' );
        } elseif (isset($_GET[$var])) {
            $GLOBALS[$var] = remove_magic_quotes($_GET[$var]);
            // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' );
        } elseif (isset($_COOKIE[$var])) {
            $GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]);
            // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' );
        } elseif ($default === true) {
            bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var));
        } elseif ($use_default) {
            // We haven't set any value yet and we really want one: use default:
            if (in_array($type, array('array', 'array:integer', 'array:string', 'array:array:integer', 'array:array:string')) && $default === '') {
                // Change default '' into array() (otherwise there would be a notice with settype() below)
                $default = array();
            }
            $GLOBALS[$var] = $default;
            // echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default';
            // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' );
        } else {
            // param not found! don't set the variable.
            // Won't be memorized nor type-forced!
            return false;
        }
    } else {
        // Variable was already set but we need to remove the auto quotes
        $GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]);
        // if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' );
    }
    if (isset($io_charset) && !empty($evo_charset)) {
        $GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset);
    }
    // Check if the type is the special array or regexp
    if (substr($type, 0, 7) == 'array:/') {
        // It is an array type param which may contains elements mathcing to the given regular expression
        $elements_regexp = substr($type, 6);
        $elements_type = 'string';
        $type = 'array:regexp';
    }
    /*
     * STEP 2: make sure the data fits the expected type
     *
     * type will be forced even if it was set before and not overriden
     */
    if (!empty($type) && $GLOBALS[$var] !== NULL) {
        // Force the type
        // echo "forcing type!";
        switch ($type) {
            case 'html':
                // Technically does the same as "raw", but may do more in the future.
            // Technically does the same as "raw", but may do more in the future.
            case 'raw':
                if (!is_scalar($GLOBALS[$var])) {
                    // This happens if someone uses "foo[]=x" where "foo" is expected as string
                    debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                }
                // Clean utf8:
                $GLOBALS[$var] = utf8_clean($GLOBALS[$var]);
                // do nothing
                if (isset($Debuglog)) {
                    $Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params');
                }
                break;
            case 'htmlspecialchars':
                if (!is_scalar($GLOBALS[$var])) {
                    // This happens if someone uses "foo[]=x" where "foo" is expected as string
                    debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                }
                // convert all html to special characters:
                $GLOBALS[$var] = utf8_trim(htmlspecialchars($GLOBALS[$var], ENT_COMPAT, $evo_charset));
                // cross-platform newlines:
                $GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
                $Debuglog->add('param(-): <strong>' . $var . '</strong> as text with html special chars', 'params');
                break;
            case 'text':
                if (!is_scalar($GLOBALS[$var])) {
                    // This happens if someone uses "foo[]=x" where "foo" is expected as string
                    debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                }
                // strip out any html:
                $GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
                // cross-platform newlines:
                $GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
                $Debuglog->add('param(-): <strong>' . $var . '</strong> as text', 'params');
                break;
            case 'string':
                if (!is_scalar($GLOBALS[$var])) {
                    // This happens if someone uses "foo[]=x" where "foo" is expected as string
                    debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                }
                // echo $var, '=', $GLOBALS[$var], '<br />';
                // Make sure the string is a single line
                $GLOBALS[$var] = preg_replace('~\\r|\\n~', '', $GLOBALS[$var]);
                // strip out any html:
                $GLOBALS[$var] = utf8_strip_tags($GLOBALS[$var]);
                // echo "param $var=".$GLOBALS[$var]."<br />\n";
                $GLOBALS[$var] = utf8_trim($GLOBALS[$var]);
                // echo "param $var=".$GLOBALS[$var]."<br />\n";
                $Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params');
                break;
            case 'url':
                if (!is_scalar($GLOBALS[$var])) {
                    // This happens if someone uses "foo[]=x" where "foo" is expected as string
                    debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                }
                // Decode url:
                $GLOBALS[$var] = urldecode($GLOBALS[$var]);
                // strip out any html:
                $GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
                // Remove new line chars and double quote from url
                $GLOBALS[$var] = preg_replace('~\\r|\\n|"~', '', $GLOBALS[$var]);
                if (!empty($GLOBALS[$var]) && !preg_match('#^(/|\\?|https?://)#i', $GLOBALS[$var])) {
                    // We cannot accept this MISMATCH:
                    bad_request_die(sprintf(T_('Illegal value received for parameter &laquo;%s&raquo;!'), $var));
                }
                $Debuglog->add('param(-): <strong>' . $var . '</strong> as url', 'params');
                break;
            case 'array:integer':
            case 'array:array:integer':
                // Set elements type to integer, and set the corresponding regular expression
                $elements_type = 'integer';
                $elements_regexp = '/^(\\+|-)?[0-9]+$/';
            case 'array':
            case 'array:string':
            case 'array:regexp':
            case 'array:array:string':
                if (!is_array($GLOBALS[$var])) {
                    // This param must be array
                    debug_die('param(-): <strong>' . $var . '</strong> is not array!');
                }
                // Store current array in temp var for checking and preparing
                $globals_var = $GLOBALS[$var];
                // Check if the given array type is one dimensional array
                $one_dimensional = $type == 'array' || $type == 'array:integer' || $type == 'array:string' || $type == 'array:regexp';
                // Check if the given array type should contains string elements
                $contains_strings = $type == 'array:string' || $type == 'array:array:string';
                if ($one_dimensional) {
                    // Convert to a two dimensional array to handle one and two dimensional arrays the same way
                    $globals_var = array($globals_var);
                }
                foreach ($globals_var as $i => $var_array) {
                    if (!is_array($var_array)) {
                        // This param must be array
                        // Note: In case of one dimensional array params this will never happen
                        debug_die('param(-): <strong>' . $var . '[' . $i . ']</strong> is not array!');
                    }
                    if ($type == 'array') {
                        // This param may contain any kind of elements we need to check and validate it recursively
                        $globals_var[$i] = param_check_general_array($var_array);
                        break;
                    }
                    foreach ($var_array as $j => $var_value) {
                        if (!is_scalar($var_value)) {
                            // This happens if someone uses "foo[][]=x" where "foo[]" is expected as string
                            debug_die('param(-): element of array <strong>' . $var . '</strong> is not scalar!');
                        }
                        if ($contains_strings) {
                            // Prepare string elements of array
                            // Make sure the string is a single line
                            $var_value = preg_replace('~\\r|\\n~', '', $var_value);
                            // strip out any html:
                            $globals_var[$i][$j] = utf8_trim(utf8_strip_tags($var_value));
                            continue;
                        }
                        if (isset($elements_regexp)) {
                            // Array contains elements which must match to the given regular expression
                            if (preg_match($elements_regexp, $var_value)) {
                                // OK match, set the corresponding type
                                settype($globals_var[$i][$j], $elements_type);
                            } else {
                                // No match, cannot accept this MISMATCH
                                // Note: In case of array:integer or array:regexp we always use strict typing for the array elements
                                bad_request_die(sprintf(T_('Illegal value received for parameter &laquo;%s&raquo;!'), $var));
                            }
                        }
                    }
                }
                if ($one_dimensional) {
                    // Extract real array from temp array
                    $globals_var = $globals_var[0];
                }
                // Restore current array with prepared data
                $GLOBALS[$var] = $globals_var;
                $Debuglog->add('param(-): <strong>' . $var . '</strong> as ' . $type, 'params');
                if ($GLOBALS[$var] === array() && $strict_typing === false && $use_default) {
                    // We want to consider empty values as invalid and fall back to the default value:
                    $GLOBALS[$var] = $default;
                }
                break;
            default:
                if (utf8_substr($type, 0, 1) == '/') {
                    // We want to match against a REGEXP:
                    if (!is_scalar($GLOBALS[$var])) {
                        // This happens if someone uses "foo[]=x" where "foo" is expected as string
                        debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
                    } elseif (preg_match($type, $GLOBALS[$var])) {
                        // Okay, match
                        if (isset($Debuglog)) {
                            $Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params');
                        }
                    } elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
                        // No match but we accept empty value:
                        if (isset($Debuglog)) {
                            $Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params');
                        }
                    } elseif ($strict_typing) {
                        // We cannot accept this MISMATCH:
                        bad_request_die(sprintf(T_('Illegal value received for parameter &laquo;%s&raquo;!'), $var));
                    } else {
                        // Fall back to default:
                        $GLOBALS[$var] = $default;
                        if (isset($Debuglog)) {
                            $Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params');
                        }
                    }
                    // From now on, consider this as a string: (we need this when memorizing)
                    $type = 'string';
                } elseif ($GLOBALS[$var] === '') {
                    // Special handling of empty values.
                    if ($strict_typing === false && $use_default) {
                        // ADDED BY FP 2006-07-06
                        // We want to consider empty values as invalid and fall back to the default value:
                        $GLOBALS[$var] = $default;
                    } else {
                        // We memorize the empty value as NULL:
                        // fplanque> note: there might be side effects to this, but we need
                        // this to distinguish between 0 and 'no input'
                        // Note: we do this after regexps because we may or may not want to allow empty strings in regexps
                        $GLOBALS[$var] = NULL;
                        if (isset($Debuglog)) {
                            $Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params');
                        }
                    }
                } else {
                    if ($strict_typing) {
                        // We want to make sure the value is valid:
                        $regexp = '';
                        switch ($type) {
                            case 'boolean':
                                $regexp = '/^(0|1|false|true)$/i';
                                break;
                            case 'integer':
                                $regexp = '/^(\\+|-)?[0-9]+$/';
                                break;
                            case 'float':
                            case 'double':
                                $regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/';
                                break;
                            default:
                                // Note: other types are not tested and they are not allowed without testing.
                                debug_die('Invalid parameter type!');
                        }
                        if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
                            // We have an empty value and we accept it
                            // ok..
                        } elseif (!empty($regexp)) {
                            if ($type == 'boolean' && strtolower($GLOBALS[$var]) == 'false') {
                                // 'false' string must be interpreted as boolean false value
                                $GLOBALS[$var] = false;
                            } elseif (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var])) {
                                // Value of scalar var does not match!
                                bad_request_die(sprintf(T_('Illegal value received for parameter &laquo;%s&raquo;!'), $var));
                            }
                        }
                    }
                    // Change the variable type:
                    settype($GLOBALS[$var], $type);
                    if (isset($Debuglog)) {
                        $Debuglog->add('param(-): <strong>' . var_export($var, true) . '</strong> typed to ' . $type . ', new value=' . var_export($GLOBALS[$var], true), 'params');
                    }
                }
        }
    }
    /*
     * STEP 3: memorize the value for later url regeneration
     */
    if ($memorize) {
        // Memorize this parameter
        memorize_param($var, $type, $default);
    }
    // echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />';
    return $GLOBALS[$var];
}