/**
* Prepares field data for saving to database (safe transfer from $postdata to $user)
* Override
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
* @param array $postdata Typically $_POST (but not necessarily), filtering required.
* @param string $reason 'edit' for save profile edit, 'register' for registration, 'search' for searches
*/
function prepareFieldDataSave(&$field, &$user, &$postdata, $reason)
{
global $ueConfig;
$this->_prepareFieldMetaSave($field, $user, $postdata, $reason);
foreach ($field->getTableColumns() as $col) {
$value = stripslashes(cbGetParam($postdata, $col, '', _CB_ALLOWRAW));
if ($value !== null) {
$badHtmlFilter = new CBInputFilter(array(), array(), 1, 1, 1);
if (isset($ueConfig['html_filter_allowed_tags']) && $ueConfig['html_filter_allowed_tags']) {
$badHtmlFilter->tagBlacklist = array_diff($badHtmlFilter->tagBlacklist, explode(" ", $ueConfig['html_filter_allowed_tags']));
}
$value = $badHtmlFilter->process($value);
}
$validated = $this->validate($field, $user, $col, $value, $postdata, $reason);
if ($value !== null) {
if ($validated && isset($user->{$col}) && (string) $user->{$col} !== (string) $value) {
$this->_logFieldUpdate($field, $user, $reason, $user->{$col}, $value);
}
$user->{$col} = $value;
}
}
}
function cbGetParam( &$arr, $name, $def=null, $mask=0 ) {
static $noHtmlFilter = null;
if ( isset( $arr[$name] ) ) {
if ( is_array( $arr[$name] ) ) {
$ret = array();
foreach ( array_keys( $arr[$name] ) as $k ) {
$ret[$k] = cbGetParam( $arr[$name], $k, $def, $mask);
if ( $def === array( 0 ) ) {
$ret[$k] = (int) $ret[$k];
}
}
} else {
$ret = $arr[$name];
if ( is_string( $ret ) ) {
if ( ! ( $mask & _CB_NOTRIM ) ) {
$ret = trim( $ret );
}
if ( ! ( $mask & _CB_ALLOWRAW ) ) {
if ( is_null( $noHtmlFilter ) ) {
cbimport( 'phpinputfilter.inputfilter' );
$noHtmlFilter = new CBInputFilter( /* $tags, $attr, $tag_method, $attr_method, $xss_auto */ );
}
$ret = $noHtmlFilter->process( $ret );
}
if ( is_int( $def ) ) {
$ret = (int) $ret;
} elseif ( is_float( $def ) ) {
$ret = (float) $ret;
} elseif ( ! get_magic_quotes_gpc() ) {
$ret = addslashes( $ret );
}
}
}
return $ret;
} elseif ( false !== ( $firstSeparator = strpos( $name, '[' ) ) ) {
// html-input-name-encoded array selection, e.g. a[b][c]
$indexes = null;
$mainArrName = substr( $name, 0, $firstSeparator );
$count = preg_match_all( '/\\[([^\\[\\]]+)\\]/', substr( $name, $firstSeparator ), $indexes );
if ( isset( $arr[$mainArrName] ) && ( $count > 0 ) ) {
$a = $arr[$mainArrName];
for ( $i = 0; $i < ( $count - 1 ); $i++ ) {
if ( ! isset( $a[$indexes[1][$i]] ) ) {
$a = null;
break;
}
$a = $a[$indexes[1][$i]];
}
} else {
$a = null;
}
if ( $a !== null ) {
return cbGetParam( $a, $indexes[1][$i], $def, $mask );
}
}
if ( $def === array( 0 ) ) {
return array();
}
return $def;
}
/**
* cleans text string for safe storage/display of HTML
*
* @param string $text
* @return string
*/
static public function getFilteredText( $text ) {
global $ueConfig;
cbimport( 'phpinputfilter.inputfilter' );
$filter = new CBInputFilter( array(), array(), 1, 1, 1 );
if ( isset( $ueConfig['html_filter_allowed_tags'] ) && $ueConfig['html_filter_allowed_tags'] ) {
$filter->tagBlacklist = array_diff( $filter->tagBlacklist, explode( ' ', $ueConfig['html_filter_allowed_tags'] ) );
}
return trim( $filter->process( $text ) );
}