/**
  * Prepares field data for saving to database (safe transfer from $postdata to $user)
  * Override
  *
  * @param  moscomprofilerFields  $field
  * @param  moscomprofilerUser    $user      RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
  * @param  array                 $postdata  Typically $_POST (but not necessarily), filtering required.
  * @param  string                $reason    'edit' for save profile edit, 'register' for registration, 'search' for searches
  */
 function prepareFieldDataSave(&$field, &$user, &$postdata, $reason)
 {
     global $ueConfig;
     $this->_prepareFieldMetaSave($field, $user, $postdata, $reason);
     foreach ($field->getTableColumns() as $col) {
         $value = stripslashes(cbGetParam($postdata, $col, '', _CB_ALLOWRAW));
         if ($value !== null) {
             $badHtmlFilter = new CBInputFilter(array(), array(), 1, 1, 1);
             if (isset($ueConfig['html_filter_allowed_tags']) && $ueConfig['html_filter_allowed_tags']) {
                 $badHtmlFilter->tagBlacklist = array_diff($badHtmlFilter->tagBlacklist, explode(" ", $ueConfig['html_filter_allowed_tags']));
             }
             $value = $badHtmlFilter->process($value);
         }
         $validated = $this->validate($field, $user, $col, $value, $postdata, $reason);
         if ($value !== null) {
             if ($validated && isset($user->{$col}) && (string) $user->{$col} !== (string) $value) {
                 $this->_logFieldUpdate($field, $user, $reason, $user->{$col}, $value);
             }
             $user->{$col} = $value;
         }
     }
 }
示例#2
0
function cbGetParam( &$arr, $name, $def=null, $mask=0 ) {
	static $noHtmlFilter	=	null;

	if ( isset( $arr[$name] ) ) {
        if ( is_array( $arr[$name] ) ) {
        	$ret			=	array();
        	foreach ( array_keys( $arr[$name] ) as $k ) {
        		$ret[$k]	=	cbGetParam( $arr[$name], $k, $def, $mask);
        		if ( $def === array( 0 ) ) {
        			$ret[$k] =	(int) $ret[$k];
        		}
        	}
        } else {
			$ret			=	$arr[$name];
			if ( is_string( $ret ) ) {
				if ( ! ( $mask & _CB_NOTRIM ) ) {
					$ret	=	trim( $ret );
				}
				if ( ! ( $mask & _CB_ALLOWRAW ) ) {
					if ( is_null( $noHtmlFilter ) ) {
						cbimport( 'phpinputfilter.inputfilter' );
						$noHtmlFilter = new CBInputFilter( /* $tags, $attr, $tag_method, $attr_method, $xss_auto */ );
					}
					$ret	=	$noHtmlFilter->process( $ret );
				}
				if ( is_int( $def ) ) {
					$ret	=	(int) $ret;
				} elseif ( is_float( $def ) ) {
					$ret	=	(float) $ret;
				} elseif ( !  get_magic_quotes_gpc() ) {
					$ret	=	addslashes( $ret );
				}
			}
        }
		return $ret;
	} elseif ( false !== ( $firstSeparator = strpos( $name, '[' )  ) ) {
		// html-input-name-encoded array selection, e.g. a[b][c]
		$indexes			=	null;
		$mainArrName		=	substr( $name, 0, $firstSeparator );
		$count				=	preg_match_all( '/\\[([^\\[\\]]+)\\]/', substr( $name, $firstSeparator ), $indexes );
		if ( isset( $arr[$mainArrName] ) && ( $count > 0 ) ) {
			$a				=	$arr[$mainArrName];
			for ( $i = 0; $i < ( $count - 1 ); $i++ ) {
				if ( ! isset( $a[$indexes[1][$i]] ) ) {
					$a		=	null;
					break;
				}
				$a			=	$a[$indexes[1][$i]];
			}
		} else {
			$a				=	null;
		}
		if ( $a !== null ) {
			return cbGetParam( $a, $indexes[1][$i], $def, $mask );
		}
	}
	if ( $def === array( 0 ) ) {
		return array();
	}
	return $def;
}
	/**
	 * cleans text string for safe storage/display of HTML
	 *
	 * @param string $text
	 * @return string
	 */
    static public function getFilteredText( $text ) {
		global $ueConfig;

		cbimport( 'phpinputfilter.inputfilter' );

		$filter						=	new CBInputFilter( array(), array(), 1, 1, 1 );

		if ( isset( $ueConfig['html_filter_allowed_tags'] ) && $ueConfig['html_filter_allowed_tags'] ) {
			$filter->tagBlacklist	=	array_diff( $filter->tagBlacklist, explode( ' ', $ueConfig['html_filter_allowed_tags'] ) );
		}

		return trim( $filter->process( $text ) );
	}