PHP sanitizer::getCleanData示例

示例#1

文件： index.php 项目： hostellerie/nexpro

// | You should have received a copy of the GNU General Public License         |
// | along with this program; if not, write to the Free Software Foundation,   |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
// |                                                                           |
// +---------------------------------------------------------------------------+
//
include '../lib-common.php';
include 'library.php';
if (!SEC_inGroup($_FMCONF['access_mode'])) {
    echo COM_refresh($_CONF['site_url']);
    exit;
}
$filter = new sanitizer();
$filter->cleanData('int', array('cid' => $_REQUEST['cid'], 'fid' => $_GET['fid']));
$filter->cleanData('char', array('op' => $_REQUEST['op']));
$_CLEAN = $filter->getCleanData();
$cid = $_CLEAN['int']['cid'];
$fid = $_CLEAN['int']['fid'];
if ($fid > 0 and empty($cid)) {
    $cid = DB_getItem($_TABLES['nxfile_files'], 'cid', "fid={$fid} AND status=1");
    $pid = DB_getItem($_TABLES['nxfile_categories'], 'pid', "cid={$cid}");
    if (empty($cid) or !fm_getPermission($cid, 'view') or $pid > 0 and !fm_getPermission($pid, 'view')) {
        $fid = 0;
        $cid = 0;
    }
} elseif ($cid > 0) {
    if (!fm_getPermission($cid, 'view')) {
        $cid = 0;
    }
}
$op = strtolower($_CLEAN['char']['op']);

示例#2

文件： server.php 项目： hostellerie/nexpro

        if ($_USER['uid'] > 0) {
            $_GROUPS = SEC_getUserGroups($_USER['uid']);
            // Global array of current user permissions [read,edit]
            $_RIGHTS = explode(',', SEC_getUserPermissions());
        }
    }
}
//set up the user
if ($_USER['uid'] < 2) {
    $uid = 0;
} else {
    $uid = $_USER['uid'];
}
$error = 'NULL';
$filter = new sanitizer();
$op = $filter->getCleanData('char', $_REQUEST['op']);
$filter->initFilter();
// Reset Filter
$firephp = FirePHP::getInstance(true);
$firephp->group('Nexfile - AJAX Server');
if (isset($_REQUEST['pending'])) {
    $logmessage = "op:{$op}, user: {$uid}, cid: {$_POST['cid']}, pending request count: {$_REQUEST['pending']}";
} else {
    $logmessage = "op:{$op}, user: {$uid}, reportmode: {$_GET['reportmode']}";
}
$firephp->log($logmessage);
//COM_errorLog ($logmessage);
$data = array();
function firelogmsg($message)
{
    global $firephp, $mytimer;

示例#3

文件： lib-uploadfiles.php 项目： hostellerie/nexpro

function gf_check4files($id, $tempfile = false)
{
    global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00;
    global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore, $_FMCONF;
    $filelinks = '';
    $uploadfile = $_FILES['file_forum'];
    $cid = COM_applyFilter($_POST['filemgmtcat'], true);
    $use_filestore = false;
    if ($uploadfile['name'] != '') {
        if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) {
            $filename = $uploadfile['name'];
            $pos = strrpos($uploadfile['name'], '.') + 1;
            $ext = strtolower(substr($uploadfile['name'], $pos));
            $use_filestore = true;
        } else {
            $uploadfilename = ppRandomFilename();
            $pos = strrpos($uploadfile['name'], '.') + 1;
            $ext = strtolower(substr($uploadfile['name'], $pos));
            $filename = "{$uploadfilename}.{$ext}";
            //COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename");
        }
        if ($use_filestore) {
            if ($CONF_FORUM['filestorage_plugin'] == 'filemgmt') {
                $filestore_path = $filemgmt_FileStore;
            } elseif ($CONF_FORUM['filestorage_plugin'] == 'nexfile') {
                $filestore_path = $_FMCONF['storage_path'] . "{$cid}/";
            } else {
                $filestore_path = $CONF_FORUM['uploadpath'];
            }
        } else {
            $filestore_path = $CONF_FORUM['uploadpath'];
        }
        if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) {
            require_once $_CONF['path'] . 'plugins/forum/simpleimage.class.php';
            if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes'])) {
                if ($_POST['chk_usefilemgmt'] == 1) {
                    $srcImage = "{$filemgmt_FileStore}{$filename}";
                    $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}";
                } else {
                    $srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}";
                    $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}";
                }
                $image = new SimpleImage();
                $image->load($srcImage);
                $image->resize($CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']);
                $image->save($destImage);
            }
            // Store both the created filename and the real file source filename
            $realfilename = $filename;
            $filename = "{$filename}:{$uploadfile['name']}";
            $pos = strrpos($filename, '.') + 1;
            $fileExtension = substr($filename, $pos);
            $filter = new sanitizer();
            $mimetype = $filter->getCleanData('text', $uploadfile['type']);
            if ($tempfile) {
                $temp = 1;
            } else {
                $temp = 0;
            }
            if ($use_filestore) {
                // Check and see if nexfile or the filemgmt plugin is being used
                if ($CONF_FORUM['filestorage_plugin'] == 'nexfile') {
                    $sql = "INSERT INTO {$_TABLES['nxfile_files']} " . "(cid,fname,title,version,ftype,size,mimetype,extension,submitter,status,date) " . "VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}'," . "'{$mimetype}','{$fileExtension}','{$_USER['uid']}','1',UNIX_TIMESTAMP())";
                    DB_query($sql);
                    $fid = DB_insertId();
                    DB_query("INSERT INTO {$_TABLES['nxfile_filedetail']} (fid,description,hits,rating,votes,comments)\r\n                        VALUES ('{$fid}','','0','0','0','0')");
                    DB_query("INSERT INTO {$_TABLES['nxfile_fileversions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n                        VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')");
                    DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n                        VALUES ('{$id}',{$fid},'{$filename}',{$temp})");
                } elseif ($CONF_FORUM['filestorage_plugin'] == 'filemgmt') {
                    $sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) ";
                    $sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())";
                    DB_query($sql);
                    $newid = DB_insertID();
                    DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n                        VALUES ('{$id}',{$newid},'{$filename}',{$temp})");
                    $description = ppPrepareForDB($_POST['filemgmt_desc']);
                    DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
                }
            } else {
                DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n                    VALUES ('{$id}','{$filename}',{$temp})");
            }
        } else {
            COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']);
            $errmsg = $GLOBALS['gf_errmsg'];
        }
    }
    if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) {
        DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}");
    }
    return $filelinks;
}