Menu
▾
▴
[Webnotes-cvs] webnotes/core gpc_api.php,NONE,1.1 api.php,1.18,1.19 note_api.php,1.14,1.15 string_api.php,1.3,1.4
|
From: <vb...@us...> - 2002-09-13 07:24:09
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv22855/core
Modified Files:
api.php note_api.php string_api.php
Added Files:
gpc_api.php
Log Message:
Fixed 41: Handling single/double quotes + disabling html tags
--- NEW FILE: gpc_api.php ---
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30...
# Copyright (C) 2002 Mantis Team - man...@li...
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: gpc_api.php,v 1.1 2002/09/13 07:17:53 vboctor Exp $
# --------------------------------------------------------
###########################################################################
# GET, POST, and Cookie API
###########################################################################
# ---------------
# Retrieve a GPC variable.
# If the variable is not set, the default is returned.
# If magic_quotes_gpc is on, slashes will be stripped from the value before being returned.
#
# You may pass in any variable as a default (including null) but if
# you pass in *no* default then an error will be triggered if the field
# cannot be found
function gpc_get( $p_var_name, $p_default = null ) {
# simulate auto-globals from PHP v4.1.0 (see also code in php_api.php)
if ( ! php_version_at_least( '4.1.0' ) ) {
global $_POST, $_GET;
}
if ( isset( $_POST[$p_var_name] ) ) {
$t_result = gpc_strip_slashes( $_POST[$p_var_name] );
} else if ( isset( $_GET[$p_var_name] ) ) {
$t_result = gpc_strip_slashes( $_GET[$p_var_name] );
} else if ( func_num_args() > 1 ) { #check for a default passed in (allowing null)
$t_result = $p_default;
} else {
trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
$t_result = null;
}
return $t_result;
}
# -----------------
# Retrieve a string GPC variable. Uses gpc_get().
# If you pass in *no* default, an error will be triggered if
# the variable does not exist
function gpc_get_string( $p_var_name, $p_default = null ) {
# Don't pass along a default unless one was given to us
# otherwise we prevent an error being triggered
if ( func_num_args() > 1 ) {
$t_result = gpc_get( $p_var_name, $p_default );
} else {
$t_result = gpc_get( $p_var_name );
}
if ( is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR );
}
return $t_result;
}
# ------------------
# Retrieve an integer GPC variable. Uses gpc_get().
# If you pass in *no* default, an error will be triggered if
# the variable does not exist
function gpc_get_int( $p_var_name, $p_default = null ) {
# Don't pass along a default unless one was given to us
# otherwise we prevent an error being triggered
if ( func_num_args() > 1 ) {
$t_result = gpc_get( $p_var_name, $p_default );
} else {
$t_result = gpc_get( $p_var_name );
}
if ( is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR );
}
return (integer)$t_result;
}
# ------------------
# Retrieve a boolean GPC variable. Uses gpc_get().
# If you pass in *no* default, false will be used
function gpc_get_bool( $p_var_name, $p_default = false ) {
$t_result = gpc_get( $p_var_name, $p_default );
if ( $t_result === $p_default ) {
return $p_default;
} else {
if ( is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR );
}
return gpc_string_to_bool( $t_result );
}
}
#===================================
# Array Functions
#===================================
# ------------------
# Retrieve a atring array GPC variable. Uses gpc_get().
# If you pass in *no* default, an error will be triggered if
# the variable does not exist
function gpc_get_string_array( $p_var_name, $p_default = null ) {
# Don't pass along a default unless one was given to us
# otherwise we prevent an error being triggered
if ( func_num_args() > 1 ) {
$t_result = gpc_get( $p_var_name, $p_default );
} else {
$t_result = gpc_get( $p_var_name );
}
if ( ! is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR);
}
return $t_result;
}
# ------------------
# Retrieve an integer array GPC variable. Uses gpc_get().
# If you pass in *no* default, an error will be triggered if
# the variable does not exist
function gpc_get_int_array( $p_var_name, $p_default = null ) {
# Don't pass along a default unless one was given to us
# otherwise we prevent an error being triggered
if ( func_num_args() > 1 ) {
$t_result = gpc_get( $p_var_name, $p_default );
} else {
$t_result = gpc_get( $p_var_name );
}
if ( ! is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR);
}
for ( $i=0 ; $i < sizeof( $t_result ) ; $i++ ) {
$t_result[$i] = (integer)$t_result[$i];
}
return $t_result;
}
# ------------------
# Retrieve a boolean array GPC variable. Uses gpc_get().
# If you pass in *no* default, an error will be triggered if
# the variable does not exist
function gpc_get_bool_array( $p_var_name, $p_default = null ) {
# Don't pass along a default unless one was given to us
# otherwise we prevent an error being triggered
if ( func_num_args() > 1 ) {
$t_result = gpc_get( $p_var_name, $p_default );
} else {
$t_result = gpc_get( $p_var_name );
}
if ( ! is_array( $t_result ) ) {
trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR);
}
for ( $i=0 ; $i < sizeof( $t_result ) ; $i++ ) {
$t_result[$i] = gpc_string_to_bool( $t_result[$i] );
}
return $t_result;
}
#===================================
# Cookie Functions
#===================================
# ------------------
# Retrieve a cookie variable
# You may pass in any variable as a default (including null) but if
# you pass in *no* default then an error will be triggered if the cookie
# cannot be found
function gpc_get_cookie( $p_var_name, $p_default = null ) {
# simulate auto-globals from PHP v4.1.0 (see also code in php_api.php)
if ( ! php_version_at_least( '4.1.0' ) ) {
global $_COOKIE;
}
if ( isset( $_COOKIE[$p_var_name] ) ) {
$t_result = gpc_strip_slashes( $_COOKIE[$p_var_name] );
} else if ( func_num_args() > 1 ) { #check for a default passed in (allowing null)
$t_result = $p_default;
} else {
trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
$t_result = null;
}
return $t_result;
}
#===================================
# Helper Functions
#===================================
# ------------------
# Convert a string to a bool
function gpc_string_to_bool( $p_string ) {
if ( 0 == strcasecmp( 'off', $p_string ) ||
0 == strcasecmp( 'no', $p_string ) ||
0 == strcasecmp( 'false', $p_string ) ||
0 == strcasecmp( '0', $p_string ) ) {
return false;
} else {
return true;
}
}
# ------------------
# Strip slashes if necessary (supports arrays)
function gpc_strip_slashes( $p_var ) {
if (get_magic_quotes_gpc() == 0) {
return $p_var;
} else if ( ! is_array( $p_var ) ){
return stripslashes( $p_var );
} else {
for ( $i=0 ; $i < sizeof( $p_var ) ; $i++ ) {
$p_var[$i] = stripslashes( $p_var[$i] );
return $p_var;
}
}
}
?>
Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- api.php 11 Sep 2002 14:33:58 -0000 1.18
+++ api.php 13 Sep 2002 07:17:53 -0000 1.19
@@ -62,6 +62,7 @@
require_once( $t_path_core . 'user_api.php' );
require_once( $t_path_core . 'link_api.php' );
require_once( $t_path_core . 'util_api.php' );
+ require_once( $t_path_core . 'gpc_api.php' );
require_once( $t_path_main . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $g_theme .
DIRECTORY_SEPARATOR . 'theme_api.php' );
Index: note_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/note_api.php,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- note_api.php 12 Sep 2002 21:26:28 -0000 1.14
+++ note_api.php 13 Sep 2002 07:17:53 -0000 1.15
@@ -22,9 +22,9 @@
}
### --------------------
function note_add( $p_page_id, $p_email, $p_remote_addr, $p_note ) {
- global $g_phpWN_note_table, $g_auto_accept_notes;
+ global $g_phpWN_note_table;
- if ( ON == $g_auto_accept_notes ) {
+ if ( ON == config_get('auto_accept_notes') ) {
$t_visible = 1;
} else {
$t_visible = 0;
@@ -106,10 +106,10 @@
$row = db_fetch_array( $result );
extract( $row, EXTR_PREFIX_ALL, 'v' );
- $info['id'] = db_unprepare_string( $v_id );
- $info['email'] = db_unprepare_string( $v_email );
- $info['note'] = string_preserve_spaces ( db_unprepare_string( $v_note ) );
-
+ $info['id'] = $v_id;
+ $info['email'] = $v_email;
+ $info['note'] = string_preserve_spaces( string_disable_html( $v_note ) );
+
#Removed by Remon tell we fix the problem in the sql_to_unix_time
#$info['date'] = date( 'M, d Y H:i', sql_to_unix_time( $v_date_submitted ) );
$info['date'] = $v_date_submitted;
Index: string_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/string_api.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- string_api.php 11 Sep 2002 09:49:54 -0000 1.3
+++ string_api.php 13 Sep 2002 07:17:53 -0000 1.4
@@ -22,7 +22,7 @@
}
### --------------------
function string_display_with_br( $p_string ) {
- return str_replace( "<br>", "<br>", htmlspecialchars(stripslashes( $p_string )));
+ return str_replace( "<br>", "<br />", htmlspecialchars(stripslashes( $p_string )));
}
### --------------------
function string_edit( $p_string ) {
@@ -32,7 +32,6 @@
# return just the URL portion of the file path
function string_get_url( $p_page ) {
global $DOCUMENT_ROOT;
-
return substr( $p_page, strlen($DOCUMENT_ROOT), strlen($p_page));
}
### --------------------
@@ -41,4 +40,11 @@
return str_replace( " ", " ", $p_string );
}
### --------------------
+ function string_to_form( $p_string ) {
+ return htmlspecialchars( addslashes( $p_string ) );
+ }
+ ### --------------------
+ function string_disable_html( $p_string ) {
+ return str_replace(array('<', '>'), array('<', '>'), $p_string );
+ }
?>
|
