function custom_form_generate_validation($invoice_type_id) { global $wpdb; // get form fields to validate $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_invoice_info where invoice_type_id = %d ORDER BY field_order ASC", $invoice_type_id)); $error_msg .= validate_emails(); /* ********** BEGIN Validate form fields */ foreach ($results as $row2) { $attributesArray = unserialize($row2->attributes); // nametracking is different that means we have a new field...we only care about non duplicate entries if ($nametracking != $row2->field_name) { if ($_POST[$row2->field_name] != "") { // use != "" instead of == 0 because sometimes 0 is a valid field value switch ($row2->field_type) { // check to see if the posted value passes validation case "textbox": $error_msg .= validateTextbox($row2); break; default: // rest don't need validation break; } // switch } elseif (array_key_exists("required", $attributesArray)) { $error_msg .= '<p class="cstem_im_form_error">Form field "' . $row2->field_description . '" must not be empty</p>'; } } // if: it is a new field so need to validate $nametracking = $row2->field_name; $prevtype = $row2->field_type; } // for: look through results /* END Validate form fields ********** */ return $error_msg; }
function validate_form_input() { //Grab the address of params in $GLOBALS. Is this necessary? $params =& $GLOBALS["params"]; $params["to"] = isset($_REQUEST["to"]) ? $_REQUEST["to"] : ""; $params["from"] = isset($_REQUEST["from"]) ? $_REQUEST["from"] : ""; $params["subject"] = isset($_REQUEST["subject"]) ? $_REQUEST["subject"] : ""; $params["message"] = isset($_REQUEST["message"]) ? $_REQUEST["message"] : ""; $params["bcc_checkbox"] = isset($_REQUEST["bcc_checkbox"]) ? $_REQUEST["bcc_checkbox"] : "no"; $result = validate_input_presence($params); if ($result !== TRUE) { return $result; } $result = validate_emails($params["to"]); if ($result !== TRUE) { return $result; } $result = validate_emails($params["from"]); if ($result !== TRUE) { return $result; } $result = validate_text_input($params["subject"], "subject"); if ($result !== TRUE) { return $result; } $result = validate_text_input($params["message"], "message"); if ($result !== TRUE) { return $result; } $bcc_address = ""; //Only validate the BCC address(es) if the checkbox has been checked if (strcmp($params["bcc_checkbox"], "yes") === 0) { $bcc_address = isset($_REQUEST["bcc_input"]) ? $_REQUEST["bcc_input"] : ""; $result = validate_emails($bcc_address); if ($result !== TRUE) { return $result; } } $GLOBALS["headers"] = 'From: ' . $params["from"] . "\r\n"; $GLOBALS["headers"] .= 'Bcc: spencerbartz@gmail.com,' . $bcc_address . "\r\n"; return TRUE; }
<?php require_once "./config.php"; $input = array(); $errors = array(); $success = array(); $input['number_ppl'] = $_POST['number_ppl'] ? $_POST['number_ppl'] : $_GET['number_ppl']; $input['form_key'] = $_POST['form_key'] ? $_POST['form_key'] : $_GET['form_key']; $input['rand_key'] = $_POST['rand_key'] ? $_POST['rand_key'] : $_GET['rand_key']; $input['names'] = $_POST['names'] ? $_POST['names'] : $_GET['names']; $input['emails'] = $_POST['emails'] ? $_POST['emails'] : $_GET['emails']; $input['others'] = $_POST['others'] ? $_POST['others'] : $_GET['others']; $input['gift_value'] = $_POST['gift_value'] ? $_POST['gift_value'] : $_GET['gift_value']; try { if (validate_input($input, $errors) && validate_form($input, $errors) && eliminate_blank_values($input) && validate_emails($input, $errors) && count($input['names']) >= 1) { if (send_emails($input, $errors, $success)) { return_success($success); } else { return_errors($errors); } } else { return_errors($errors); } } catch (Exception $e) { return_errors($errors, $input, $e); } function validate_input(&$input, &$errors) { $return_val = true; //Testing Form Key if (!isset($input['form_key']) || empty($input['form_key']) || !is_numeric($input['form_key'])) {
break; case 'setAdmin': $sql = "SELECT cvs_is_private FROM groups WHERE group_id=" . (int) $group_id; $result = db_query($sql); $initial_settings = db_fetch_array($result); $feedback .= $Language->getText('cvs_index', 'config_updated'); $status = $Language->getText('cvs_index', 'full_success'); if (trim($custom_mailing_header) == '') { $mailing_header = 'NULL'; } else { $mailing_header = $custom_mailing_header; } if (trim($mailing_list) == '') { $mailing_list = 'NULL'; } else { if (!validate_emails($mailing_list)) { $mailing_list = 'NULL'; $status = $Language->getText('cvs_index', 'partial_success'); } } $feedback = $feedback . ' ' . $status; $is_private = ''; if ($request->exist('private')) { //TODO check that the project is public (else the cvs is always private) $private = $request->get('private') ? 1 : 0; $is_private = ', cvs_is_private = ' . $private; //Raise an event if needed if ($initial_settings['cvs_is_private'] != $private) { EventManager::instance()->processEvent('cvs_is_private', array('group_id' => $group_id, 'cvs_is_private' => $private)); } }
/** * update - Update number of common properties. * * Unlike updateAdmin(), this function accessible to project admin. * * @param object User requesting operation (for access control). * @param bool Whether group is publicly accessible (0/1). * @param string Project's license (string ident). * @param int Group type (1-project, 2-foundry). * @param string Machine on which group's home directory located. * @param string Domain which serves group's WWW. * @return int status. * @access public. */ function update(&$user, $group_name, $homepage, $short_description, $use_mail, $use_survey, $use_forum, $use_pm, $use_pm_depend_box, $use_scm, $use_news, $use_docman, $new_doc_address, $send_all_docs, $logo_image_id, $enable_pserver, $enable_anonscm, $use_ftp, $use_tracker, $use_frs, $use_stats, $is_public) { $perm =& $this->getPermission($user); if (!$perm || !is_object($perm)) { $this->setError(_('Could not get permission.')); return false; } if (!$perm->isAdmin()) { $this->setError(_('Permission denied.')); return false; } // Validate some values if (!$group_name) { $this->setError(_('Invalid Group Name')); return false; } if ($new_doc_address) { $invalid_mails = validate_emails($new_doc_address); if (count($invalid_mails) > 0) { $this->setError(sprintf(ngettext('New Doc Address Appeared Invalid: %s', 'New Doc Addresses Appeared Invalid: %s', count($invalid_mails)), implode(',', $invalid_mails))); return false; } } // in the database, these all default to '1', // so we have to explicity set 0 if (!$use_mail) { $use_mail = 0; } if (!$use_survey) { $use_survey = 0; } if (!$use_forum) { $use_forum = 0; } if (!$use_pm) { $use_pm = 0; } if (!$use_pm_depend_box) { $use_pm_depend_box = 0; } if (!$use_scm) { $use_scm = 0; } if (!$use_news) { $use_news = 0; } if (!$use_docman) { $use_docman = 0; } if (!$use_ftp) { $use_ftp = 0; } if (!$use_tracker) { $use_tracker = 0; } if (!$use_frs) { $use_frs = 0; } if (!$use_stats) { $use_stats = 0; } if (!$send_all_docs) { $send_all_docs = 0; } if (!$homepage) { $homepage = $GLOBALS['sys_default_domain'] . '/projects/' . $this->getUnixName() . '/'; } if (strlen($short_description) > 255) { $this->setError(_('Error updating project information: Maximum length for Project Description is 255 chars.')); return false; } db_begin(); //XXX not yet actived logo_image_id='$logo_image_id', $sql = "\n\t\t\tUPDATE groups\n\t\t\tSET \n\t\t\t\tgroup_name='" . htmlspecialchars($group_name) . "',\n\t\t\t\thomepage='{$homepage}',\n\t\t\t\tshort_description='" . htmlspecialchars($short_description) . "',\n\t\t\t\tuse_mail='{$use_mail}',\n\t\t\t\tuse_survey='{$use_survey}',\n\t\t\t\tuse_forum='{$use_forum}',\n\t\t\t\tuse_pm='{$use_pm}',\n\t\t\t\tuse_pm_depend_box='{$use_pm_depend_box}',\n\t\t\t\tuse_scm='{$use_scm}',\n\t\t\t\tuse_news='{$use_news}',\n\t\t\t\tuse_docman='{$use_docman}',\n is_public='{$is_public}',\n\t\t\t\tnew_doc_address='{$new_doc_address}',\n\t\t\t\tsend_all_docs='{$send_all_docs}',\n\t\t"; if ($enable_pserver != '') { $sql .= "\n\t\t\t\tenable_pserver='{$enable_pserver}',\n\t\t"; } if ($enable_anonscm != '') { $sql .= "\n\t\t\t\tenable_anonscm='{$enable_anonscm}',\n\t\t"; } $sql .= "\n\t\t\t\tuse_ftp='{$use_ftp}',\n\t\t\t\tuse_tracker='{$use_tracker}',\n\t\t\t\tuse_frs='{$use_frs}',\n\t\t\t\tuse_stats='{$use_stats}'\n\t\t\tWHERE group_id='" . $this->getID() . "'\n\t\t"; $res = db_query($sql); if (!$res) { $this->setError(sprintf(_('Error updating project information: %s'), db_error())); db_rollback(); return false; } $hook_params = array(); $hook_params['group'] = $this; $hook_params['group_id'] = $this->getID(); $hook_params['group_homepage'] = $homepage; $hook_params['group_name'] = htmlspecialchars($group_name); $hook_params['group_description'] = htmlspecialchars($short_description); plugin_hook("group_update", $hook_params); // Log the audit trail $this->addHistory('Changed Public Info', ''); if (!$this->fetchData($this->getID())) { db_rollback(); return false; } db_commit(); return true; }
/** * update - use this function to update an entry in the database. * * @param string The name of the forum. * @param string The description of the forum. * @param int if it should be public (0) for private. * @param int if we should allow non-logged-in users to post (0) for mandatory login. * @param string The email address to send all new posts to. * @param int if the messages that are posted in the forum should go to moderation before available. 0-> no moderation 1-> moderation for anonymous and non-project members 2-> moderation for everyone * @return boolean success. */ function update($forum_name, $description, $allow_anonymous, $is_public, $send_all_posts_to = '', $moderation_level = 0) { if (strlen($forum_name) < 3) { $this->setError(_('Forum Name Must Be At Least 3 Characters')); return false; } if (strlen($description) < 10) { $this->setError(_('Forum Description Must Be At Least 10 Characters')); return false; } if (eregi('[^_\\.0-9a-z-]', $forum_name)) { $this->setError(_('Illegal Characters in Forum Name')); return false; } if ($send_all_posts_to) { $invalid_mails = validate_emails($send_all_posts_to); if (count($invalid_mails) > 0) { $this->setInvalidEmailError(); return false; } } if (!$this->userIsAdmin()) { $this->setPermissionDeniedError(); return false; } $res = db_query("UPDATE forum_group_list SET\n\t\t\tforum_name='" . strtolower($forum_name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\tsend_all_posts_to='" . $send_all_posts_to . "',\n\t\t\tallow_anonymous='" . $allow_anonymous . "',\n\t\t\tmoderation_level='" . $moderation_level . "',\n\t\t\tis_public='" . $is_public . "'\n\t\t\tWHERE group_id='" . $this->Group->getID() . "'\n\t\t\tAND group_forum_id='" . $this->getID() . "'"); if (!$res || db_affected_rows($res) < 1) { $this->setError(_('Error On Update:') . ': ' . db_error()); return false; } return true; }
/** * update - update a ProjectGroup in the database. * * @param string The project name. * @param string The project description. * @param string The email address to send new notifications to. * @return boolean success. */ function update($project_name, $description, $send_all_posts_to = '') { if (strlen($project_name) < 3) { $this->setError(_('Title Must Be At Least 5 Characters')); return false; } if (strlen($description) < 10) { $this->setError(_('Document Description Must Be At Least 10 Characters')); return false; } if ($send_all_posts_to) { $invalid_mails = validate_emails($send_all_posts_to); if (count($invalid_mails) > 0) { $this->setInvalidEmailError(); return false; } } if (!$this->userIsAdmin()) { $this->setPermissionDeniedError(); return false; } $sql = "UPDATE project_group_list SET\n\t\t\tproject_name='" . htmlspecialchars($project_name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\tsend_all_posts_to='{$send_all_posts_to}'\n\t\t\tWHERE group_id='" . $this->Group->getID() . "'\n\t\t\tAND group_project_id='" . $this->getID() . "'"; $res = db_query($sql); if (!$res || db_affected_rows($res) < 1) { $this->setError('Error On Update: ' . db_error() . $sql); return false; } return true; }
/** * update - use this to update this ArtifactType in the database. * * @param string The item name. * @param string The item description. * @param bool (1) true (0) false - whether to email on all updates. * @param string The address to send new entries and updates to. * @param int Days before this item is considered overdue. * @param int Days before stale items time out. * @param bool (1) true (0) false - whether the resolution box should be shown. * @param string Free-form string that project admins can place on the submit page. * @param string Free-form string that project admins can place on the browse page. * @return true on success, false on failure. */ function update($name, $description, $email_all, $email_address, $due_period, $status_timeout, $use_resolution, $submit_instructions, $browse_instructions) { if (!$this->userIsAdmin()) { $this->setPermissionDeniedError(); return false; } if ($this->getDataType()) { $name = $this->getName(); $description = $this->getDescription(); } if (!$name || !$description || !$due_period || !$status_timeout) { $this->setError(_('ArtifactType: Name, Description, Due Period, and Status Timeout are required')); return false; } if ($email_address) { $invalid_emails = validate_emails($email_address); if (count($invalid_emails) > 0) { $this->SetError(_('E-mail address(es) appeared invalid') . ': ' . implode(',', $invalid_emails)); return false; } } $email_all = !$email_all ? 0 : $email_all; $use_resolution = !$use_resolution ? 0 : $use_resolution; $sql = "UPDATE artifact_group_list SET \n\t\t\tname='" . htmlspecialchars($name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\temail_all_updates='{$email_all}',\n\t\t\temail_address='{$email_address}',\n\t\t\tdue_period='" . $due_period * (60 * 60 * 24) . "',\n\t\t\tstatus_timeout='" . $status_timeout * (60 * 60 * 24) . "',\n\t\t\tsubmit_instructions='" . htmlspecialchars($submit_instructions) . "',\n\t\t\tbrowse_instructions='" . htmlspecialchars($browse_instructions) . "'\n\t\t\tWHERE \n\t\t\tgroup_artifact_id='" . $this->getID() . "' \n\t\t\tAND group_id='" . $this->Group->getID() . "'"; $res = db_query($sql); if (!$res || db_affected_rows($res) < 1) { $this->setError('ArtifactType::Update(): ' . db_error()); return false; } else { $this->fetchData($this->getID()); return true; } }