function update() { if (!empty($this->data)) { $this->data["InMyOwnWordsAnswer"]["answer"] = Sanitize::stripTags($this->data["InMyOwnWordsAnswer"]["answer"]); if ($this->InMyOwnWordsAnswer->save($this->data)) { $this->Session->setFlash(__('Answer has been saved', true), "default", array("class" => "success")); } else { $this->Session->setFlash(__('Error occured while saving.', true), "default", array("class" => "error")); } $this->render("result", "ajax"); } }
/** * testStripTags method * * @return void */ public function testStripTags() { $string = '<h2>Headline</h2><p><a href="http://example.com">My Link</a> could go to a bad site</p>'; $expected = 'Headline<p>My Link could go to a bad site</p>'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEquals($expected, $result); $string = '<script type="text/javascript" src="http://evildomain.com"> </script>'; $expected = ' '; $result = Sanitize::stripTags($string, 'script'); $this->assertEquals($expected, $result); $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; $expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEquals($expected, $result); $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; $expected = 'Important<p>Additional information here . Read even more here</p>'; $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); $this->assertEquals($expected, $result); $string = '<b>Important message!</b><br>This message will self destruct!'; $expected = 'Important message!<br>This message will self destruct!'; $result = Sanitize::stripTags($string, 'b'); $this->assertEquals($expected, $result); $string = '<b>Important message!</b><br />This message will self destruct!'; $expected = 'Important message!<br />This message will self destruct!'; $result = Sanitize::stripTags($string, 'b'); $this->assertEquals($expected, $result); $string = '<h2 onclick="alert(\'evil\'); onmouseover="badness()">Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; $expected = 'Important<p>Additional information here . Read even more here</p>'; $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); $this->assertEquals($expected, $result); }
/** * testStripTags method * * @access public * @return void */ function testStripTags() { $string = '<h2>Headline</h2><p><a href="http://example.com">My Link</a> could go to a bad site</p>'; $expected = 'Headline<p>My Link could go to a bad site</p>'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEqual($result, $expected); $string = '<script type="text/javascript" src="http://evildomain.com"> </script>'; $expected = ' '; $result = Sanitize::stripTags($string, 'script'); $this->assertEqual($result, $expected); $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; $expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEqual($result, $expected); }
/** * Sincronizarea LDAP-ului cu SINU */ function updateldap($data = null) { // Incarcam clase App::import('HttpSocket'); // Pentru request-uri http App::import('Sanitize'); // Pentru sanitizare if (!$data) { $data = 4861; } // Start if (empty($this->data['Admin'])) { $result = "Rezultate UPGRADE: "; // Ce sa fie ignorat la sanitizare $ignoreOnStrip = array(" ", ".", "_", ",", "\\(", "\\)", "/", "\"", '@', '!', "\$", "%", "^", "*", "-", "+", "=", "?", "[", "]", "|"); // Preluare cnp $LdapCnp = $this->Admin->getCnpByUid($data); // Pentru a putea sanitiza $cleaner = new Sanitize(); // Pentru a putea face request-uri http $http = new HttpSocket(); $uri = 'http://sinu.utcluj.ro/cc_pk_cnp/checkLogin.jsp'; $request = array('cnp' => $LdapCnp, 'Submit' => 'Login'); // Preluam datele din LDAP $fromLdap = $this->Admin->getByCNP($LdapCnp); // Preluam date sinu, curatam si reordonam // Fara array-uri spre stripTags, ala nu le stie $httpData = null; $tries = 1; while (empty($httpData) && $tries <= 5) { $httpData = $http->post($uri, $request); $tries++; } $sinuResult = $cleaner->stripTags($httpData, 'body', 'html', 'meta', 'head', 'br'); $sinuResultOK = array_filter(explode('\\n', preg_replace('/\\s\\s+/', '\\n', $sinuResult))); if (!empty($sinuResult) && !empty($sinuResultOK) && $sinuResultOK[9] != 'OK') { $this->Admin->diffUpdate_alumni($fromLdap['LdapUser']); $result .= "A fost actualizat utilizatorul " . $fromLdap['LdapUser']['displayname'] . " ID: " . $fromLdap['LdapUser']['uidnumber'] . " UID: " . $fromLdap['LdapUser']['uid'] . "\n"; $sinuResult = null; } else { if (!empty($sinuResult)) { $fromSinu = array_filter(explode('\\n', preg_replace('/\\s\\s+/', '\\n', $sinuResult))); // Primul element va fi header-ul http request-ului venit de la sinu for ($i = 8; $i != 0; $i--) { array_shift($fromSinu); } $fromSinu = array_filter($fromSinu); // Bug - An V (CA rom) if ($fromSinu[5] == 'An V' && $fromSinu[6] == '(CA rom)') { $fromSinu[5] .= " " . $fromSinu[6]; $fromSinu[6] = $fromSinu[7]; array_pop($fromSinu); } // Bug - An V (AU rom) if ($fromSinu[5] == 'An V' && $fromSinu[6] == '(AU rom)') { $fromSinu[5] .= " " . $fromSinu[6]; $fromSinu[6] = $fromSinu[7]; array_pop($fromSinu); } // Bug - Design Industrial (lic) if ($fromSinu[4] == 'Design Industrial' && $fromSinu[5] == '(lic)') { $fromSinu[4] .= " " . $fromSinu[5]; unset($fromSinu[5]); } // Bug - Ingineria mediului industrial if ($fromSinu[4] == 'Ingineria mediului' && $fromSinu[5] == 'industrial') { $fromSinu[4] .= " " . $fromSinu[5]; unset($fromSinu[5]); } // Bug - An V (IEI-rom) if ($fromSinu[5] == 'An V' && $fromSinu[6] == '(IEI-rom)') { $fromSinu[5] .= " " . $fromSinu[6]; unset($fromSinu[6]); } // Bug - Ingineria procesarii materialelor (ld) if ($fromSinu[4] == 'Ingineria' && $fromSinu[5] == 'procesarii materialelor (ld)') { $fromSinu[4] .= " " . $fromSinu[5]; unset($fromSinu[5]); } // Bug - multiple nume if (count($fromSinu) > 7) { $fromSinu[1] .= " " . $fromSinu[2]; unset($fromSinu[2]); } //pr($fromSinu); $fromSinuKeys = array('status', 'nume', 'prenume', 'facultatea', 'catedra', 'cod_an', 'grupa'); if (array_combine($fromSinuKeys, $fromSinu) != false) { $fromSinu = array_combine($fromSinuKeys, $fromSinu); if ($this->Admin->diffUpdate($fromLdap['LdapUser'], $fromSinu)) { $result .= "A fost actualizat utilizatorul " . $fromSinu['nume'] . " " . $fromSinu['prenume'] . " ID: " . $fromLdap['LdapUser']['uidnumber'] . " UID: " . $fromLdap['LdapUser']['uid']; $result .= ' | <a href="/admins/updateldap/' . $fromLdap['LdapUser']['uidnumber'] . '" target="_blank">Reactualizare</a>' . "\n"; //pr($this->Admin->getByUid($fromLdap['LdapUser']['uidnumber'])); } } } else { $result .= "Eroare la conectarea cu SINU!"; } } } else { $this->redirect(array('controller' => 'admins', 'action' => 'index')); } $this->set('result', $result); return $result; }