/** * This escapes data and forces all newline characters to "\n". * * @param unknown_type string to clean * @return string */ function clean_input_data($str) { $ezphp_config = setting::getInstance(); $xss_filter = $ezphp_config->get['security']['xss_filter']; if (is_array($str)) { $new_array = array(); foreach ($str as $key => $val) { // recursion! $new_array[$this->clean_input_keys($key)] = $this->clean_input_data($val); } return $new_array; } if (get_magic_quotes_gpc()) { // remove annoying magic quotes $str = stripslashes($str); } /* if ($xss_filter == '1') { $str = $this->clean_xss($str); } */ if (strpos($str, "\r") !== false) { // standardize newlines $str = str_replace(array("\r\n", "\r"), "\n", $str); } return $str; }
private function parseURL() { $ezphp_config = setting::getInstance(); $path = ""; $route_path = empty($_GET['route']) ? '' : $_GET['route']; $route_path = trim($route_path, '/\\'); $route_path_len = strlen($route_path); if ($route_path_len > 1 && substr($route_path, -1) == '/') { $route_path = substr($route_path, 0, -1); } elseif ($route_path_len == 0) { $route_path = '/'; } //print $route_path;exit; // for routed urls start $routes = $ezphp_config->get['routes']; if (count($routes) > 0) { if (!in_array('/', array_keys($routes))) { $controller = $ezphp_config->get['application']['default_controller'] ? $ezphp_config->get['application']['default_controller'] : 'home'; $routes['/'] = $controller . '/index'; } foreach ($routes as $route => $uri) { if (strpos($route, ':') !== false) { $wildcard = array(':any', ':alphanum', ':num', ':alpha'); $regex = array('(.+)', '([a-z0-9]+)', '([0-9]+)', '([a-z]+)'); $route = str_replace($wildcard, $regex, $route); } if (preg_match('#^' . $route . '$#u', $route_path)) { if (strpos($uri, '$') !== false && strpos($route, '(') !== false) { // for regex routing $route_path = preg_replace('#^' . $route . '$#', $uri, $route_path); } else { // for normal routing $route_path = $uri; } // we found a valid route $lib_uri = ezphp::ez_get('uri'); $lib_uri->ruri = $route_path; $lib_uri->rparts = explode('/', $route_path); break; } } } // for routed urls end // filter bad/malacious urls // (not sure whether we really need this...) // $route_path = $this->filter_url($route_path); $parts = explode('/', str_replace('../', '', $route_path)); $path = __SITE_PATH . '/content/controllers/'; // Find right controller including sub-dirs foreach ($parts as $part) { $fullpath = $path . $part; // do we have dir? if (is_dir($fullpath)) { $path .= $part . '/'; array_shift($parts); continue; } // find the file if (is_file($fullpath . '.php')) { $this->__controller = $part; array_shift($parts); break; } } if (empty($this->__controller)) { if (@$parts[0]) { $this->__controller = $parts[0]; } } if (empty($this->__controller)) { # default controller $def_controller = $ezphp_config->get['application']['default_controller']; $this->__controller = $def_controller ? $def_controller : 'home'; } $method = ''; if (!empty($parts)) { $method = array_shift($parts); } $this->__action = !empty($method) ? $method : 'index'; $this->__args = $parts; # do we have the same suffix in url and config file? if (count($this->__args)) { if ($this->match_suffix(end($this->__args)) === false) { # show the 404 error page $this->error404(); return; } } if ($this->match_suffix($this->__action) === false || $this->match_suffix($this->__controller) === false) { # show the 404 error page $this->error404(); return; } ######################### # strip url suffix if any if (count($this->__args)) { foreach ($this->__args as $key => $value) { $this->__args[$key] = $this->clean_suffix($value); } } $this->__action = $this->clean_suffix($this->__action); $this->__controller = $this->clean_suffix($this->__controller); ################# # is this private action/function? $private = substr($this->__action, 0, 8); if (strtolower($private) === "private_") { # show the 404 error page $this->error404(); } else { $this->__file = $path . $this->__controller . '.php'; $this->__file = str_replace('../', '', $this->__file); } }
} # directory separator define('DS', DIRECTORY_SEPARATOR); # sets folder name application resides in. $_SERVER['PHP_SELF'] = filter_var($_SERVER['PHP_SELF'], FILTER_SANITIZE_STRING); define('__DIRNAME', dirname($_SERVER['PHP_SELF'])); # sets site path for inclusion of files define('__SITE_PATH', $_SERVER['DOCUMENT_ROOT'] . __DIRNAME); # sets absolute site path define('__SITE_PATH_ABS', realpath(__SITE_PATH)); // save paths for global access ezphp::ez_set('ez_dir', __DIRNAME); ezphp::ez_set('ez_site_path', __SITE_PATH); ezphp::ez_set('ez_site_path_abs', __SITE_PATH_ABS); # get the site settings $ezphp_config = setting::getInstance(); // set time zone if (function_exists('date_default_timezone_set')) { # default time zone $timezone = $ezphp_config->get['application']['timezone']; if (!$timezone) { $timezone = 'Europe/London'; } date_default_timezone_set(empty($timezone) ? date_default_timezone_get() : $timezone); } $possible_values = array('0', '1'); # security settings ################################## $error_reporting = $ezphp_config->get['security']['error_reporting']; error_reporting(strlen(trim($error_reporting)) ? $error_reporting : E_ALL); $display_errors = $ezphp_config->get['security']['display_errors']; $xss_filter = $ezphp_config->get['security']['xss_filter'];