/** * Is used as error handler * * @param int $level Error level * @param null|string $string Error message */ function trigger($level, $string = null) { if (!$this->error) { return; } $string = xap($string); $dump = 'null'; $debug_backtrace = debug_backtrace(); if (isset($debug_backtrace[0]['file'], $debug_backtrace[0]['file'])) { $file = $debug_backtrace[0]['file']; $line = $debug_backtrace[0]['line']; } else { $file = $debug_backtrace[1]['file']; $line = $debug_backtrace[1]['line']; } if (DEBUG) { $dump = _json_encode($debug_backtrace); } unset($debug_backtrace); $log_file = LOGS . '/' . date('d-m-Y') . '_' . strtr(date_default_timezone_get(), '/', '_'); $time = date('d-m-Y h:i:s') . ' [' . microtime(true) . ']'; switch ($level) { case E_USER_ERROR: case E_ERROR: ++$this->num; file_put_contents($log_file, "E {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "E {$time} {$string} Occurred: {$file}:{$line}"; error_code(500); /** * If Index instance exists - execution will be stopped there, otherwise in Page instance */ Index::instance(true)->__finish(); Page::instance()->error(); break; case E_USER_WARNING: case E_WARNING: ++$this->num; file_put_contents($log_file, "W {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "W {$time} {$string} Occurred: {$file}:{$line}"; break; default: file_put_contents($log_file, "N {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "N {$time} {$string} Occurred: {$file}:{$line}"; break; } /** * If too many non-critical errors - also stop execution */ if ($this->num >= 100) { /** * If Index instance exists - execution will be stopped there, otherwise in Page instance */ Index::instance(true)->__finish(); Page::instance()->error(); } }
/** * Set client data * * @param string $id * @param string $secret * @param string $name * @param string $domain * @param int $active * * @return bool */ function set_client($id, $secret, $name, $domain, $active) { if (!is_md5($id) || !is_md5($secret) || !$domain || strpos($domain, '/') !== false) { return false; } $result = $this->db_prime()->q("UPDATE `[prefix]oauth2_clients`\n\t\t\tSET\n\t\t\t\t`secret`\t\t= '%s',\n\t\t\t\t`name`\t\t\t= '%s',\n\t\t\t\t`domain`\t\t= '%s',\n\t\t\t\t`active`\t\t= '%s'\n\t\t\tWHERE `id` = '%s'\n\t\t\tLIMIT 1", $secret, xap($name), xap($domain), (int) (bool) $active, $id); unset($this->cache->{$id}); return $result; }
$Config->core['default_module'] = $module_name; $a->save(); } break; case 'db': if (Trigger::instance()->run('admin/System/components/modules/db/process', ['name' => $module_name])) { if (isset($_POST['db']) && is_array($_POST['db']) && count($Config->db) > 1) { $module_data['db'] = xap($_POST['db']); $a->save(); } } break; case 'storage': if (Trigger::instance()->run('admin/System/components/modules/storage/process', ['name' => $module_name])) { if (isset($_POST['storage']) && is_array($_POST['storage']) && count($Config->storage) > 1) { $module_data['storage'] = xap($_POST['storage']); $a->save(); } } break; case 'enable': $module_data['active'] = 1; $a->save(); clean_pcache(); Trigger::instance()->run('admin/System/components/modules/enable', ['name' => $module_name]); unset($Cache->functionality, $Cache->languages); break; case 'disable': $module_data['active'] = 0; $a->save(); clean_pcache();
<?php /** * Xap bootstrap */ // import Xap engine require_once './lib/Xap/Engine.php'; // import Xap Model class (if using '/model' query option) // require_once './lib/Xap/Model.php'; // import Xap Decorate class (if using decorators) // require_once './lib/Xap/Decorate.php'; // import Xap Cache class (if using '/cache' query option for caching) // require_once './lib/Xap/Cache.php'; // import xap() function require_once './lib/Xap/xap.php'; // register database connection xap(['host' => 'localhost', 'database' => 'test', 'user' => 'myuser', 'password' => 'mypass']); // set global pagination records per page (default 10) // xap(':pagination', ['rpp' => 10]); // set global cache settings // \Xap\Cache::setExpireGlobal('10 seconds'); // global cache expire time (default '30 seconds') // \Xap\Cache::setPath('/var/www/app/cache'); // global cache directory path // \Xap\Cache::$use_compression = false; // globally turn off cache file compression (enabled by default)
/** * XSS Attack Protection. Returns secure string using several types of filters * * @param string|string[] $in HTML code * @param bool|string $html <b>text</b> - text at output (default)<br> * <b>true</b> - processed HTML at output<br> * <b>false</b> - HTML tags will be deleted * @param bool $iframe Whether to allow iframes without inner content (for example, video from youtube)<br> * Works only if <i>$html === true</i> * @return string|string[] */ function xap($in, $html = 'text', $iframe = false) { if (is_array($in)) { foreach ($in as &$item) { $item = xap($item, $html, $iframe); } return $in; /** * Make safe HTML */ } elseif ($html === true) { $in = preg_replace('/ <[^a-z=>]*(link|script|object|applet|embed|[a-z0-9]+-[a-z0-9]+)[^>]*>? # Open tag ( .* # Some content <\\/[^>]*\\1[^>]*> # Close tag (with reference for tag name to open tag) )? # Section is optional /xims', '', $in); /** * Remove iframes (regular expression the same as previous) */ if (!$iframe) { $in = preg_replace('/ <[^a-z=>]*iframe[^>]*>? # Open tag ( .* # Some content <\\/[^>]*iframe[^>]*> # Close tag )? # Section is optional /xims', '', $in); /** * Allow iframes without inner content (for example, video from youtube) */ } else { $in = preg_replace('/ (<[^a-z=>]*iframe[^>]*>\\s*) # Open tag [^<\\s]+ # Search if there something that is not space or < character (<\\/[^>]*iframe[^>]*>)? # Optional close tag /xims', '', $in); $in = preg_replace_callback('/ <[^\\/a-z=>]*iframe[^>]*> /xims', function ($matches) { $result = preg_replace('/sandbox\\s*=\\s*([\'"])?[^\\1>]*\\1?/ims', '', $matches[0]); $result = str_replace('>', ' sandbox="allow-same-origin allow-forms allow-popups allow-scripts">', $result); return $result; }, $in); } $in = preg_replace('/(script|data|vbscript):/i', '\\1:', $in); $in = preg_replace('/(expression[\\s]*)\\(/i', '\\1(', $in); $in = preg_replace('/<[^>]*\\s(on[a-z]+|dynsrc|lowsrc|formaction|is)=[^>]*>?/ims', '', $in); $in = preg_replace('/(href[\\s\\t\\r\\n]*=[\\s\\t\\r\\n]*["\'])((?:http|https|ftp)\\:\\/\\/.*?["\'])/ims', '\\1redirect/\\2', $in); return $in; } elseif ($html === false) { return strip_tags($in); } else { return htmlspecialchars($in, ENT_NOQUOTES | ENT_HTML5 | ENT_DISALLOWED | ENT_SUBSTITUTE | ENT_HTML5); } }
$User->set($_POST['user'], null, $id); $User->__finish(); $Index->save(true); } break; case 'edit': if (isset($_POST['user'])) { $id = (int) $_POST['user']['id']; if ($id == User::GUEST_ID || $id == User::ROOT_ID) { break; } $user_data =& $_POST['user']; $columns = array('id', 'login', 'username', 'password', 'email', 'language', 'timezone', 'status', 'block_until', 'avatar'); foreach ($user_data as $item => &$value) { if (in_array($item, $columns) && $item != 'data') { $value = xap($value, false); } elseif ($item != 'data') { unset($user_data[$item]); } } unset($item, $value, $columns); if ($_POST['user']['block_until'] > TIME) { $block_until = $user_data['block_until']; $block_until = explode('T', $block_until); $block_until[0] = explode('-', $block_until[0]); $block_until[1] = explode(':', $block_until[1]); $user_data['block_until'] = mktime($block_until[1][0], $block_until[1][1], 0, $block_until[0][1], $block_until[0][2], $block_until[0][0]); unset($block_until); } else { $user_data['block_until'] = 0; }
/** * Set group data * * @param array $data May contain items title|description|data * @param int $group * * @return bool */ function set($data, $group) { $group = (int) $group; if (!$group) { return false; } $update = []; if (isset($data['title'])) { $update[] = '`title` = ' . $this->db_prime()->s(xap($data['title'], false)); } if (isset($data['description'])) { $update[] = '`description` = ' . $this->db_prime()->s(xap($data['description'], false)); } if (isset($data['data'])) { $update[] = '`data` = ' . $this->db_prime()->s(_json_encode($data['data'])); } $update = implode(', ', $update); if (!empty($update) && $this->db_prime()->q("UPDATE `[prefix]groups` SET {$update} WHERE `id` = '{$group}' LIMIT 1")) { $Cache = $this->cache; unset($Cache->{$group}, $Cache->all); return true; } else { return false; } }
/** * Getting of debug information * * @return Page */ protected function get_debug_info() { $Config = Config::instance(); $db = DB::instance(); $L = Language::instance(); $debug_tabs = []; $debug_tabs_content = ''; /** * DB queries */ if ($Config->core['show_db_queries']) { $debug_tabs[] = $L->db_queries; $tmp = ''; foreach ($db->get_connections_list() as $name => $database) { $queries = $database->queries(); $tmp .= h::{'p.cs-padding-left'}($L->debug_db_info($name != 0 ? $L->db . ' ' . $database->database() : $L->core_db . ' (' . $database->database() . ')', format_time(round($database->connecting_time(), 5)), $queries['num'], format_time(round($database->time(), 5)))); foreach ($queries['text'] as $i => $text) { $tmp .= h::code($text . h::br(2) . '#' . h::i(format_time(round($queries['time'][$i], 5))), ['class' => ($queries['time'][$i] > 0.1 ? 'uk-alert-danger ' : '') . 'uk-alert']); } } unset($error, $name, $database, $i, $text); $debug_tabs_content .= h::div(h::p($L->debug_db_total($db->queries, format_time(round($db->time, 5))), $L->failed_connections . ': ' . h::b(implode(', ', $db->get_connections_list(false)) ?: $L->no), $L->successful_connections . ': ' . h::b(implode(', ', $db->get_connections_list(true)) ?: $L->no), $L->mirrors_connections . ': ' . h::b(implode(', ', $db->get_connections_list('mirror')) ?: $L->no), $L->active_connections . ': ' . (count($db->get_connections_list()) ? '' : h::b($L->no))) . $tmp); unset($tmp); } /** * Cookies */ if ($Config->core['show_cookies']) { $debug_tabs[] = $L->cookies; $tmp = [h::td($L->key . ':', ['style' => 'width: 20%;']) . h::td($L->value)]; foreach ($_COOKIE as $i => $v) { $tmp[] = h::td($i . ':', ['style' => 'width: 20%;']) . h::td(xap($v)); } unset($i, $v); $debug_tabs_content .= h::{'table.cs-padding-left tr'}($tmp); unset($tmp); } $this->debug_info = $this->process_replacing(h::{'ul.cs-tabs li'}($debug_tabs) . h::div($debug_tabs_content)); return $this; }
<?php /** * @package Plupload * @category modules * @author Moxiecode Systems AB * @author Nazar Mokrynskyi <*****@*****.**> (integration with CleverStyle CMS) * @copyright Moxiecode Systems AB * @license GNU GPL v2, see license.txt */ namespace cs; use h; if (isset($_POST['edit_settings'], $_POST['max_file_size']) && $_POST['edit_settings'] == 'save') { $module_data = Config::instance()->module('Plupload'); $module_data->max_file_size = xap($_POST['max_file_size']); $module_data->confirmation_time = (int) $_POST['confirmation_time']; Index::instance()->save(true); } Page::instance()->main_sub_menu = h::{'li.uk-active a'}('Plupload', ['href' => 'admin/Plupload']);
/** * @param Closure[]|string[] $data_model * @param array $arguments */ private function crud_arguments_preparation($data_model, &$arguments) { $arguments = array_combine(array_keys($data_model), $arguments); array_walk($arguments, function (&$argument, $item) use($data_model) { $model = $data_model[$item]; if ($model instanceof Closure) { $argument = $model($argument); return; } $model = explode(':', $model, 2); $type = $model[0]; if (isset($model[1])) { $format = $model[1]; } switch ($type) { case 'int': case 'float': $argument = $type == 'int' ? (int) $argument : (double) $argument; /** * Ranges processing */ if (isset($format)) { $format = explode('..', $format); $min = $format[0]; if (isset($format[1])) { $max = $format[1]; } /** * Minimum */ $argument = max($argument, $min); /** * Maximum */ if (isset($max)) { $argument = min($argument, $max); } } break; case 'text': case 'html': $argument = xap($argument, $model[0] == 'text' ? 'text' : true); /** * Truncation */ if (isset($format)) { $format = explode(':', $format); $length = $format[0]; if (isset($format[1])) { $ending = $format[1]; } $argument = truncate($argument, $length, isset($ending) ? $ending : '...', true); } break; case 'set': /** * @var $format */ $allowed_arguments = explode(',', $format); if (array_search($argument, $allowed_arguments) === false) { $argument = $allowed_arguments[0]; } break; } }); }
case 'mail_from_name': case 'mail_signature': case 'rules': $value = set_core_ml_text($item, $value); break; case 'url': case 'cookie_domain': case 'cookie_path': case 'ip_black_list': case 'ip_admin_list': $value = _trim(explode("\n", $value)); if ($value[0] == '') { $value = []; } } $temp[$item] = xap($value, true); if ($item == 'theme') { $temp['color_scheme'] = $Config->core['color_schemes'][$temp['theme']][0]; } } unset($item, $value); if ($part == 'routing' || $part == 'replace') { $temp['in'] = explode("\n", $temp['in']); $temp['out'] = explode("\n", $temp['out']); foreach ($temp['in'] as $i => $value) { if (empty($value)) { unset($temp['in'][$i], $temp['out'][$i]); } } unset($i, $value); }
/** * Saving changes of cache and users data */ function __finish() { /** * Updating users data */ if (is_array($this->data_set) && !empty($this->data_set)) { $update = []; foreach ($this->data_set as $id => &$data_set) { $data = []; foreach ($data_set as $i => &$val) { if (in_array($i, $this->users_columns) && $i != 'id') { $val = xap($val, false); $data[] = "`{$i}` = " . $this->db_prime()->s($val); } elseif ($i != 'id') { unset($data_set[$i]); } } if (!empty($data)) { $data = implode(', ', $data); $update[] = "UPDATE `[prefix]users`\n\t\t\t\t\t\tSET {$data}\n\t\t\t\t\t\tWHERE `id` = '{$id}'"; unset($i, $val, $data); } } if (!empty($update)) { $this->db_prime()->q($update); } unset($update); } /** * Updating users cache */ foreach ($this->data as $id => &$data) { if (isset($this->update_cache[$id]) && $this->update_cache[$id]) { $data['id'] = $id; $this->cache->{$id} = $data; } } $this->update_cache = []; unset($id, $data); $this->data_set = []; }
/** * Set permission * * @param int $id * @param string $group * @param string $label * * @return bool */ function set($id, $group, $label) { $id = (int) $id; if (!$id) { return false; } if ($this->db_prime()->q("UPDATE `[prefix]permissions`\n\t\t\tSET\n\t\t\t\t`label` = '%s',\n\t\t\t\t`group` = '%s'\n\t\t\tWHERE `id` = '{$id}'\n\t\t\tLIMIT 1", xap($label), xap($group))) { $this->del_all_cache(); return true; } else { return false; } }
/** * Sending of email * * @param array|string|string[] $email if emails without names - string (may be several emails separated by comma) or * 1-dimensional array(<i>email</i>)<br> * else - 2-dimensional array(<i>email</i>, <i>name</i>) must be given * @param string $subject Mail subject * @param string $body html body * @param string|null $body_text plain text body * @param array|null|string $attachments 1- or 2-dimensional array of array(<i>path</i>, <i>name</i>) or simply string * with path to the file in file system * @param array|null|string|string[] $reply_to Similar to <b>$email</b> * @param bool|string $signature <b>true</b> - add system signature<br> * <b>false</b> - without signature<br> * <b>string</b> - custom signature * @return bool */ function send_to($email, $subject, $body, $body_text = null, $attachments = null, $reply_to = null, $signature = true) { if (empty($email) || empty($subject) || empty($body)) { return false; } if (is_array($email)) { if (count($email) == 2) { $this->AddAddress($email[0], $email[1]); } else { foreach ($email as $m) { if (is_array($m)) { $this->AddAddress($m[0], $m[1]); } else { $this->AddAddress($m); } } } } else { $email = _trim(explode(',', $email)); foreach ($email as $e) { $this->AddAddress($e); } unset($e, $email); } $this->Subject = $subject; if ($signature === true) { if ($signature = get_core_ml_text('mail_signature')) { $signature = "{$this->LE}-- {$this->LE}.{$signature}"; } } elseif ($signature) { $signature = "{$this->LE}-- {$this->LE}" . xap($signature, true); } else { $signature = ''; } $this->Body = $this->body_normalization($body, $signature); if ($body_text) { $this->AltBody = $body_text . strip_tags($signature); } if (is_array($attachments)) { if (count($attachments) == 2) { $this->AddStringAttachment($attachments[0], $attachments[1]); } else { foreach ($attachments as $a) { if (is_array($a)) { $this->AddStringAttachment($a[0], $a[1]); } else { $this->AddStringAttachment($a, pathinfo($a, PATHINFO_FILENAME)); } } } } elseif (is_string($attachments)) { $this->AddStringAttachment($attachments, pathinfo($attachments, PATHINFO_FILENAME)); } if (is_array($reply_to)) { if (count($reply_to) == 2) { $this->AddReplyTo($reply_to[0], $reply_to[1]); } else { foreach ($reply_to as $r) { if (is_array($r)) { $this->AddReplyTo($r[0], $r[1]); } else { $this->AddReplyTo($r); } } } } elseif (is_string($reply_to)) { $this->AddReplyTo($reply_to); } $result = $this->Send(); $this->ClearAddresses(); $this->ClearAttachments(); $this->ClearReplyTos(); return $result; }
$start[0] = explode('-', $start[0]); $start[1] = explode(':', $start[1]); $block['start'] = mktime($start[1][0], $start[1][1], 0, $start[0][1], $start[0][2], $start[0][0]); unset($start); if ($block_new['expire']['state']) { $expire =& $block_new['expire']['date']; $expire = explode('T', $expire); $expire[0] = explode('-', $expire[0]); $expire[1] = explode(':', $expire[1]); $block['expire'] = mktime($expire[1][0], $expire[1][1], 0, $expire[0][1], $expire[0][2], $expire[0][0]); unset($expire); } else { $block['expire'] = 0; } if ($block['type'] == 'html') { $block['content'] = $Text->set($Config->module('System')->db('texts'), 'System/Config/blocks/content', $block['index'], xap($block_new['html'], true)); } elseif ($block['type'] == 'raw_html') { $block['content'] = $Text->set($Config->module('System')->db('texts'), 'System/Config/blocks/content', $block['index'], $block_new['raw_html']); } elseif ($_POST['mode'] == 'add') { $block['content'] = ''; } if ($_POST['mode'] == 'add') { $Config->components['blocks'][] = $block; $Permission->add('Block', $block['index']); } else { unset($Cache->{'blocks/' . $block['index'] . '_' . $L->clang}); } unset($block, $block_new); $a->save(); break; case 'delete':