public static function sanitize($value)
{
if (is_array($value) or is_object($value)) {
foreach ($value as $key => $val) {
$value[$key] = Kohana::sanitize($val);
}
} elseif (is_string($value)) {
if (Kohana::$magic_quotes === TRUE) {
$value = stripslashes($value);
}
if (strpos($value, "\r") !== FALSE) {
$value = str_replace(array("\r\n", "\r"), "\n", $value);
}
}
return $value;
}
/**
* Pre determine error display logic
*/
public function before($template = NULL)
{
parent::before();
// Sub requests only!
if (!$this->request->is_initial()) {
if ($message = rawurldecode($this->request->param('message'))) {
$this->_message = $message;
}
if ($requested_page = rawurldecode($this->request->param('origuri'))) {
$this->_requested_page = $requested_page;
}
} else {
// This one was directly requested, don't allow
$this->request->action(404);
// Set the requested page accordingly
$this->_requested_page = Arr::get($_SERVER, 'REQUEST_URI');
}
//sanitize the url....
$this->_requested_page = Kohana::sanitize($this->_requested_page);
$this->response->status((int) $this->request->action());
}
/**
* Override
* Recursively sanitizes an input variable:
*
* - Strips slashes if magic quotes are enabled
* - Normalizes all newlines to LF
*
* @param mixed $value any variable
* @return mixed sanitized variable
*/
public static function sanitize($value)
{
if (is_array($value) or is_object($value)) {
foreach ($value as $key => $val) {
// Recursively clean each value
$value[$key] = Kohana::sanitize($val);
}
} elseif (is_string($value)) {
if (Kohana::$magic_quotes === TRUE) {
// Remove slashes added by magic quotes
$value = stripslashes($value);
}
if (strpos($value, "\r") !== FALSE) {
// Standardize newlines
$value = str_replace(array("\r\n", "\r"), "\n", $value);
}
//Added strip tags
$value = strip_tags($value);
}
return $value;
}
/**
* Tests Kohana::santize()
*
* @test
* @dataProvider provider_sanitize
* @covers Kohana::sanitize
* @param boolean $value Input for Kohana::sanitize
* @param boolean $result Output for Kohana::sanitize
*/
public function test_sanitize($value, $result)
{
$this->setEnvironment(array('Kohana::$magic_quotes' => TRUE));
$this->assertSame($result, Kohana::sanitize($value));
}
public function action_index()
{
if (!$this->model_name or $this->model_name === 'App') {
$services = array();
$models = $this->models;
$models[] = 'User';
foreach ($models as $model) {
$url = Kohana::$base_url . 'api/' . strtolower($model) . '/';
$services[$model] = $url;
}
return $this->json($services);
}
$method = $this->request->post('_method');
$method = $method ? $method : $this->request->method();
if ($method === Request::POST or $method === Request::PUT) {
$body_vars = (array) @json_decode($this->request->body());
$body_vars = Kohana::sanitize($body_vars);
$values = Arr::merge($this->request->post(), $body_vars);
parse_str(file_get_contents('php://input'), $php_vars);
$php_vars = Kohana::sanitize($php_vars);
$values = Arr::merge($values, $php_vars);
if ($this->request->param('id')) {
$values['id'] = $this->request->param('id');
}
$this->save($values);
} else {
if ($method === Request::GET) {
$this->get();
} else {
if ($method === Request::DELETE) {
$this->delete();
}
}
}
}
private function eval_search($photos = NULL, $users = NULL, $tags = NULL, $type = 'user')
{
if (empty($photos) && !empty($users)) {
return 'user';
} else {
if (empty($photos) && !empty($tags)) {
return 'tag';
} else {
return Kohana::sanitize($type);
}
}
}
