1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* XOOPS Kernel Object |
4
|
|
|
* |
5
|
|
|
* You may not change or alter any portion of this comment or credits |
6
|
|
|
* of supporting developers from this source code or any supporting source code |
7
|
|
|
* which is considered copyrighted (c) material of the original comment or credit authors. |
8
|
|
|
* This program is distributed in the hope that it will be useful, |
9
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
10
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
11
|
|
|
* |
12
|
|
|
* @copyright (c) 2000-2019 XOOPS Project (https://xoops.org) |
13
|
|
|
* @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html) |
14
|
|
|
* @package kernel |
15
|
|
|
* @since 2.0.0 |
16
|
|
|
* @author Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, http://jp.xoops.org/ |
17
|
|
|
* @author Taiwen Jiang <[email protected]> |
18
|
|
|
*/ |
19
|
|
|
|
20
|
|
|
defined('XOOPS_ROOT_PATH') || exit('Restricted access'); |
21
|
|
|
/** |
22
|
|
|
* YOU SHOULD NOT USE ANY OF THE UNICODE TYPES, THEY WILL BE REMOVED |
23
|
|
|
*/ |
24
|
|
|
|
25
|
|
|
/** |
26
|
|
|
* *#@+ |
27
|
|
|
* Xoops object datatype |
28
|
|
|
*/ |
29
|
|
|
define('XOBJ_DTYPE_TXTBOX', 1); |
30
|
|
|
define('XOBJ_DTYPE_TXTAREA', 2); |
31
|
|
|
define('XOBJ_DTYPE_INT', 3); |
32
|
|
|
define('XOBJ_DTYPE_URL', 4); |
33
|
|
|
define('XOBJ_DTYPE_EMAIL', 5); |
34
|
|
|
define('XOBJ_DTYPE_ARRAY', 6); |
35
|
|
|
define('XOBJ_DTYPE_OTHER', 7); |
36
|
|
|
define('XOBJ_DTYPE_SOURCE', 8); |
37
|
|
|
define('XOBJ_DTYPE_STIME', 9); |
38
|
|
|
define('XOBJ_DTYPE_MTIME', 10); |
39
|
|
|
define('XOBJ_DTYPE_LTIME', 11); |
40
|
|
|
define('XOBJ_DTYPE_FLOAT', 13); |
41
|
|
|
define('XOBJ_DTYPE_DECIMAL', 14); |
42
|
|
|
define('XOBJ_DTYPE_ENUM', 15); |
43
|
|
|
// YOU SHOULD NEVER USE THE FOLLOWING TYPES, THEY WILL BE REMOVED |
44
|
|
|
define('XOBJ_DTYPE_UNICODE_TXTBOX', 16); |
45
|
|
|
define('XOBJ_DTYPE_UNICODE_TXTAREA', 17); |
46
|
|
|
define('XOBJ_DTYPE_UNICODE_URL', 18); |
47
|
|
|
define('XOBJ_DTYPE_UNICODE_EMAIL', 19); |
48
|
|
|
define('XOBJ_DTYPE_UNICODE_ARRAY', 20); |
49
|
|
|
define('XOBJ_DTYPE_UNICODE_OTHER', 21); |
50
|
|
|
// Addition for 2.5.5 |
51
|
|
|
define('XOBJ_DTYPE_DATE', 22); |
52
|
|
|
define('XOBJ_DTYPE_TIME', 23); |
53
|
|
|
define('XOBJ_DTYPE_TIMESTAMP', 24); |
54
|
|
|
|
55
|
|
|
/** |
56
|
|
|
* Base class for all objects in the Xoops kernel (and beyond) |
57
|
|
|
*/ |
58
|
|
|
class XoopsObject |
59
|
|
|
{ |
60
|
|
|
/** |
61
|
|
|
* holds all variables(properties) of an object |
62
|
|
|
* |
63
|
|
|
* @var array |
64
|
|
|
* @access protected |
65
|
|
|
*/ |
66
|
|
|
public $vars = array(); |
67
|
|
|
|
68
|
|
|
/** |
69
|
|
|
* variables cleaned for store in DB |
70
|
|
|
* |
71
|
|
|
* @var array |
72
|
|
|
* @access protected |
73
|
|
|
*/ |
74
|
|
|
public $cleanVars = array(); |
75
|
|
|
|
76
|
|
|
/** |
77
|
|
|
* is it a newly created object? |
78
|
|
|
* |
79
|
|
|
* @var bool |
80
|
|
|
* @access private |
81
|
|
|
*/ |
82
|
|
|
public $_isNew = false; |
83
|
|
|
|
84
|
|
|
/** |
85
|
|
|
* has any of the values been modified? |
86
|
|
|
* |
87
|
|
|
* @var bool |
88
|
|
|
* @access private |
89
|
|
|
*/ |
90
|
|
|
public $_isDirty = false; |
91
|
|
|
|
92
|
|
|
/** |
93
|
|
|
* errors |
94
|
|
|
* |
95
|
|
|
* @var array |
96
|
|
|
* @access private |
97
|
|
|
*/ |
98
|
|
|
public $_errors = array(); |
99
|
|
|
|
100
|
|
|
/** |
101
|
|
|
* additional filters registered dynamically by a child class object |
102
|
|
|
* |
103
|
|
|
* @access private |
104
|
|
|
*/ |
105
|
|
|
public $_filters = array(); |
106
|
|
|
|
107
|
|
|
/** |
108
|
|
|
* constructor |
109
|
|
|
* |
110
|
|
|
* normally, this is called from child classes only |
111
|
|
|
* |
112
|
|
|
* @access public |
113
|
|
|
*/ |
114
|
|
|
public function __construct() |
115
|
|
|
{ |
116
|
|
|
} |
117
|
|
|
|
118
|
|
|
/** |
119
|
|
|
* PHP 4 style constructor compatibility shim |
120
|
|
|
* @deprecated all callers should be using parent::__construct() |
121
|
|
|
*/ |
122
|
|
|
public function XoopsObject() |
123
|
|
|
{ |
124
|
|
|
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); |
125
|
|
|
trigger_error("Should call parent::__construct in {$trace[0]['file']} line {$trace[0]['line']},"); |
126
|
|
|
self::__construct(); |
|
|
|
|
127
|
|
|
} |
128
|
|
|
|
129
|
|
|
/** |
130
|
|
|
* *#@+ |
131
|
|
|
* used for new/clone objects |
132
|
|
|
* |
133
|
|
|
* @access public |
134
|
|
|
*/ |
135
|
|
|
public function setNew() |
136
|
|
|
{ |
137
|
|
|
$this->_isNew = true; |
138
|
|
|
} |
139
|
|
|
|
140
|
|
|
public function unsetNew() |
141
|
|
|
{ |
142
|
|
|
$this->_isNew = false; |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
/** |
146
|
|
|
* @return bool |
147
|
|
|
*/ |
148
|
|
|
public function isNew() |
149
|
|
|
{ |
150
|
|
|
return $this->_isNew; |
151
|
|
|
} |
152
|
|
|
|
153
|
|
|
/** |
154
|
|
|
* *#@+ |
155
|
|
|
* mark modified objects as dirty |
156
|
|
|
* |
157
|
|
|
* used for modified objects only |
158
|
|
|
* |
159
|
|
|
* @access public |
160
|
|
|
*/ |
161
|
|
|
public function setDirty() |
162
|
|
|
{ |
163
|
|
|
$this->_isDirty = true; |
164
|
|
|
} |
165
|
|
|
|
166
|
|
|
public function unsetDirty() |
167
|
|
|
{ |
168
|
|
|
$this->_isDirty = false; |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
/** |
172
|
|
|
* @return bool |
173
|
|
|
*/ |
174
|
|
|
public function isDirty() |
175
|
|
|
{ |
176
|
|
|
return $this->_isDirty; |
177
|
|
|
} |
178
|
|
|
|
179
|
|
|
/** |
180
|
|
|
* initialize variables for the object |
181
|
|
|
* |
182
|
|
|
* YOU SHOULD NOT USE THE $enumeration PARAMETER |
183
|
|
|
* |
184
|
|
|
* @access public |
185
|
|
|
* |
186
|
|
|
* @param string $key |
187
|
|
|
* @param int $data_type set to one of XOBJ_DTYPE_XXX constants (set to XOBJ_DTYPE_OTHER if no data type checking nor text sanitizing is required) |
188
|
|
|
* @param null $value |
|
|
|
|
189
|
|
|
* @param bool $required require html form input? |
190
|
|
|
* @param int $maxlength for XOBJ_DTYPE_TXTBOX type only |
191
|
|
|
* @param string $options |
192
|
|
|
* @param string $enumerations |
193
|
|
|
* |
194
|
|
|
* @return void |
195
|
|
|
*/ |
196
|
|
|
public function initVar($key, $data_type, $value = null, $required = false, $maxlength = null, $options = '', $enumerations = '') |
197
|
|
|
{ |
198
|
|
|
$this->vars[$key] = array( |
199
|
|
|
'value' => $value, |
200
|
|
|
'required' => $required, |
201
|
|
|
'data_type' => $data_type, |
202
|
|
|
'maxlength' => $maxlength, |
203
|
|
|
'changed' => false, |
204
|
|
|
'options' => $options, |
205
|
|
|
'enumeration' => $enumerations); |
206
|
|
|
} |
207
|
|
|
|
208
|
|
|
/** |
209
|
|
|
* assign a value to a variable |
210
|
|
|
* |
211
|
|
|
* @access public |
212
|
|
|
* @param string $key name of the variable to assign |
213
|
|
|
* @param mixed $value value to assign |
214
|
|
|
*/ |
215
|
|
|
public function assignVar($key, $value) |
216
|
|
|
{ |
217
|
|
|
if (isset($key) && isset($this->vars[$key])) { |
218
|
|
|
switch ($this->vars[$key]['data_type']) { |
219
|
|
|
case XOBJ_DTYPE_UNICODE_ARRAY: |
220
|
|
|
if (is_array($value)) { |
221
|
|
|
$this->vars[$key]['value'] =& array_walk($value, 'xoops_aw_decode'); |
222
|
|
|
} else { |
223
|
|
|
$this->vars[$key]['value'] =& xoops_convert_decode($value); |
224
|
|
|
} |
225
|
|
|
break; |
226
|
|
|
case XOBJ_DTYPE_UNICODE_URL: |
227
|
|
|
case XOBJ_DTYPE_UNICODE_EMAIL: |
228
|
|
|
case XOBJ_DTYPE_UNICODE_OTHER: |
229
|
|
|
case XOBJ_DTYPE_UNICODE_TXTBOX: |
230
|
|
|
case XOBJ_DTYPE_UNICODE_TXTAREA: |
231
|
|
|
$this->vars[$key]['value'] = xoops_convert_decode($value); |
232
|
|
|
break; |
233
|
|
|
case XOBJ_DTYPE_DATE: |
234
|
|
|
if (!is_string($value) && is_numeric($value)) { |
235
|
|
|
$this->vars[$key]['value'] = date(_DBDATESTRING, $value); |
236
|
|
|
} else { |
237
|
|
|
$this->vars[$key]['value'] = date(_DBDATESTRING, strtotime($value)); |
238
|
|
|
} |
239
|
|
|
break; |
240
|
|
|
case XOBJ_DTYPE_TIME: |
241
|
|
|
if (!is_string($value) && is_numeric($value)) { |
242
|
|
|
$this->vars[$key]['value'] = date(_DBTIMESTRING, $value); |
243
|
|
|
} else { |
244
|
|
|
$this->vars[$key]['value'] = date(_DBTIMESTRING, strtotime($value)); |
245
|
|
|
} |
246
|
|
|
break; |
247
|
|
|
case XOBJ_DTYPE_TIMESTAMP: |
248
|
|
|
if (!is_string($value) && is_numeric($value)) { |
249
|
|
|
$this->vars[$key]['value'] = date(_DBTIMESTAMPSTRING, $value); |
250
|
|
|
} else { |
251
|
|
|
$this->vars[$key]['value'] = date(_DBTIMESTAMPSTRING, strtotime($value)); |
252
|
|
|
} |
253
|
|
|
break; |
254
|
|
|
// YOU SHOULD NOT USE THE ABOVE TYPES, THEY WILL BE REMOVED |
255
|
|
|
default: |
256
|
|
|
$this->vars[$key]['value'] =& $value; |
257
|
|
|
} |
258
|
|
|
} |
259
|
|
|
} |
260
|
|
|
|
261
|
|
|
/** |
262
|
|
|
* assign values to multiple variables in a batch |
263
|
|
|
* |
264
|
|
|
* @access private |
265
|
|
|
* @param array $var_arr associative array of values to assign |
266
|
|
|
*/ |
267
|
|
|
public function assignVars($var_arr) |
268
|
|
|
{ |
269
|
|
|
if (is_array($var_arr)) { |
|
|
|
|
270
|
|
|
foreach ($var_arr as $key => $value) { |
271
|
|
|
$this->assignVar($key, $value); |
272
|
|
|
} |
273
|
|
|
} |
274
|
|
|
} |
275
|
|
|
|
276
|
|
|
/** |
277
|
|
|
* assign a value to a variable |
278
|
|
|
* |
279
|
|
|
* @access public |
280
|
|
|
* @param string $key name of the variable to assign |
281
|
|
|
* @param mixed $value value to assign |
282
|
|
|
* @param bool $not_gpc |
283
|
|
|
*/ |
284
|
|
|
public function setVar($key, $value, $not_gpc = false) |
285
|
|
|
{ |
286
|
|
|
if (!empty($key) && isset($value) && isset($this->vars[$key])) { |
287
|
|
|
$this->vars[$key]['value'] =& $value; |
288
|
|
|
$this->vars[$key]['not_gpc'] = $not_gpc; |
289
|
|
|
$this->vars[$key]['changed'] = true; |
290
|
|
|
$this->setDirty(); |
291
|
|
|
} |
292
|
|
|
} |
293
|
|
|
|
294
|
|
|
/** |
295
|
|
|
* assign values to multiple variables in a batch |
296
|
|
|
* |
297
|
|
|
* @access private |
298
|
|
|
* @param array $var_arr associative array of values to assign |
299
|
|
|
* @param bool $not_gpc |
300
|
|
|
*/ |
301
|
|
|
public function setVars($var_arr, $not_gpc = false) |
302
|
|
|
{ |
303
|
|
|
if (is_array($var_arr)) { |
|
|
|
|
304
|
|
|
foreach ($var_arr as $key => $value) { |
305
|
|
|
$this->setVar($key, $value, $not_gpc); |
306
|
|
|
} |
307
|
|
|
} |
308
|
|
|
} |
309
|
|
|
|
310
|
|
|
/** |
311
|
|
|
* unset variable(s) for the object |
312
|
|
|
* |
313
|
|
|
* @access public |
314
|
|
|
* |
315
|
|
|
* @param mixed $var |
316
|
|
|
* |
317
|
|
|
* @return bool |
318
|
|
|
*/ |
319
|
|
|
public function destroyVars($var) |
320
|
|
|
{ |
321
|
|
|
if (empty($var)) { |
322
|
|
|
return true; |
323
|
|
|
} |
324
|
|
|
$var = !is_array($var) ? array($var) : $var; |
325
|
|
|
foreach ($var as $key) { |
326
|
|
|
if (!isset($this->vars[$key])) { |
327
|
|
|
continue; |
328
|
|
|
} |
329
|
|
|
$this->vars[$key]['changed'] = null; |
330
|
|
|
} |
331
|
|
|
|
332
|
|
|
return true; |
333
|
|
|
} |
334
|
|
|
|
335
|
|
|
/** |
336
|
|
|
* @param $var |
337
|
|
|
* @return bool |
338
|
|
|
* @deprecated use destroyVars() instead, destoryVars() will be removed in the next major release |
339
|
|
|
*/ |
340
|
|
|
public function destoryVars($var) |
341
|
|
|
{ |
342
|
|
|
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); |
343
|
|
|
trigger_error("XoopsObject::destoryVars() is deprecated, called from {$trace[0]['file']} line {$trace[0]['line']}"); |
344
|
|
|
return $this->destroyVars($var); |
345
|
|
|
} |
346
|
|
|
|
347
|
|
|
/** |
348
|
|
|
* Assign values to multiple variables in a batch |
349
|
|
|
* |
350
|
|
|
* Meant for a CGI context: |
351
|
|
|
* - prefixed CGI args are considered save |
352
|
|
|
* - avoids polluting of namespace with CGI args |
353
|
|
|
* |
354
|
|
|
* @param array $var_arr associative array of values to assign |
355
|
|
|
* @param string $pref prefix (only keys starting with the prefix will be set) |
356
|
|
|
* @param bool $not_gpc |
357
|
|
|
* |
358
|
|
|
* @return void |
359
|
|
|
* |
360
|
|
|
* @deprecated This method will be removed in the next major XOOPS version |
361
|
|
|
*/ |
362
|
|
|
public function setFormVars($var_arr = null, $pref = 'xo_', $not_gpc = false) |
363
|
|
|
{ |
364
|
|
|
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); |
365
|
|
|
trigger_error("XoopsObject::setFormVars() is deprecated, called from {$trace[0]['file']} line {$trace[0]['line']}"); |
366
|
|
|
|
367
|
|
|
$len = strlen($pref); |
368
|
|
|
if (is_array($var_arr)) { |
369
|
|
|
foreach ($var_arr as $key => $value) { |
370
|
|
|
if ($pref == substr($key, 0, $len)) { |
371
|
|
|
$this->setVar(substr($key, $len), $value, $not_gpc); |
372
|
|
|
} |
373
|
|
|
} |
374
|
|
|
} |
375
|
|
|
} |
376
|
|
|
|
377
|
|
|
/** |
378
|
|
|
* returns all variables for the object |
379
|
|
|
* |
380
|
|
|
* @access public |
381
|
|
|
* @return array associative array of key->value pairs |
382
|
|
|
*/ |
383
|
|
|
public function &getVars() |
384
|
|
|
{ |
385
|
|
|
return $this->vars; |
386
|
|
|
} |
387
|
|
|
|
388
|
|
|
/** |
389
|
|
|
* Returns the values of the specified variables |
390
|
|
|
* |
391
|
|
|
* @param mixed $keys An array containing the names of the keys to retrieve, or null to get all of them |
392
|
|
|
* @param string $format Format to use (see getVar) |
393
|
|
|
* @param int $maxDepth Maximum level of recursion to use if some vars are objects themselves |
394
|
|
|
* @return array associative array of key->value pairs |
395
|
|
|
*/ |
396
|
|
|
public function getValues($keys = null, $format = 's', $maxDepth = 1) |
397
|
|
|
{ |
398
|
|
|
if (!isset($keys)) { |
399
|
|
|
$keys = array_keys($this->vars); |
400
|
|
|
} |
401
|
|
|
$vars = array(); |
402
|
|
|
foreach ($keys as $key) { |
403
|
|
|
if (isset($this->vars[$key])) { |
404
|
|
|
if (is_object($this->vars[$key]) && is_a($this->vars[$key], 'XoopsObject')) { |
405
|
|
|
if ($maxDepth) { |
406
|
|
|
$vars[$key] = $this->vars[$key]->getValues(null, $format, $maxDepth - 1); |
407
|
|
|
} |
408
|
|
|
} else { |
409
|
|
|
$vars[$key] = $this->getVar($key, $format); |
410
|
|
|
} |
411
|
|
|
} |
412
|
|
|
} |
413
|
|
|
|
414
|
|
|
return $vars; |
415
|
|
|
} |
416
|
|
|
|
417
|
|
|
/** |
418
|
|
|
* returns a specific variable for the object in a proper format |
419
|
|
|
* |
420
|
|
|
* YOU SHOULD NOT USE ANY OF THE UNICODE TYPES, THEY WILL BE REMOVED |
421
|
|
|
* |
422
|
|
|
* @access public |
423
|
|
|
* @param string $key key of the object's variable to be returned |
424
|
|
|
* @param string $format format to use for the output |
425
|
|
|
* @return mixed formatted value of the variable |
426
|
|
|
*/ |
427
|
|
|
public function getVar($key, $format = 's') |
428
|
|
|
{ |
429
|
|
|
$ret = null; |
430
|
|
|
if (!isset($this->vars[$key])) { |
431
|
|
|
return $ret; |
432
|
|
|
} |
433
|
|
|
$ret = $this->vars[$key]['value']; |
434
|
|
|
$ts = MyTextSanitizer::getInstance(); |
435
|
|
|
switch ($this->vars[$key]['data_type']) { |
436
|
|
|
case XOBJ_DTYPE_INT: |
437
|
|
|
$ret = (null === $ret) ? null : (int) $ret; |
438
|
|
|
break; |
439
|
|
|
case XOBJ_DTYPE_UNICODE_TXTBOX: |
440
|
|
|
case XOBJ_DTYPE_TXTBOX: |
441
|
|
|
switch (strtolower($format)) { |
442
|
|
|
case 's': |
443
|
|
|
case 'show': |
444
|
|
|
case 'e': |
445
|
|
|
case 'edit': |
446
|
|
|
return $ts->htmlSpecialChars($ret); |
447
|
|
|
break 1; |
|
|
|
|
448
|
|
|
case 'p': |
449
|
|
|
case 'preview': |
450
|
|
|
case 'f': |
451
|
|
|
case 'formpreview': |
452
|
|
|
return $ts->htmlSpecialChars($ts->stripSlashesGPC($ret)); |
|
|
|
|
453
|
|
|
break 1; |
454
|
|
|
case 'n': |
455
|
|
|
case 'none': |
456
|
|
|
default: |
457
|
|
|
break 1; |
458
|
|
|
} |
459
|
|
|
break; |
460
|
|
|
case XOBJ_DTYPE_UNICODE_TXTAREA: |
461
|
|
|
case XOBJ_DTYPE_TXTAREA: |
462
|
|
|
switch (strtolower($format)) { |
463
|
|
|
case 's': |
464
|
|
|
case 'show': |
465
|
|
|
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0; |
466
|
|
|
$xcode = (!isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1) ? 1 : 0; |
467
|
|
|
$smiley = (!isset($this->vars['dosmiley']['value']) || $this->vars['dosmiley']['value'] == 1) ? 1 : 0; |
468
|
|
|
$image = (!isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1) ? 1 : 0; |
469
|
|
|
$br = (!isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1) ? 1 : 0; |
470
|
|
|
|
471
|
|
|
return $ts->displayTarea($ret, $html, $smiley, $xcode, $image, $br); |
472
|
|
|
break 1; |
473
|
|
|
case 'e': |
474
|
|
|
case 'edit': |
475
|
|
|
return htmlspecialchars($ret, ENT_QUOTES); |
476
|
|
|
break 1; |
477
|
|
|
case 'p': |
478
|
|
|
case 'preview': |
479
|
|
|
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0; |
480
|
|
|
$xcode = (!isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1) ? 1 : 0; |
481
|
|
|
$smiley = (!isset($this->vars['dosmiley']['value']) || $this->vars['dosmiley']['value'] == 1) ? 1 : 0; |
482
|
|
|
$image = (!isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1) ? 1 : 0; |
483
|
|
|
$br = (!isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1) ? 1 : 0; |
484
|
|
|
|
485
|
|
|
return $ts->previewTarea($ret, $html, $smiley, $xcode, $image, $br); |
486
|
|
|
break 1; |
487
|
|
|
case 'f': |
488
|
|
|
case 'formpreview': |
489
|
|
|
return htmlspecialchars($ts->stripSlashesGPC($ret), ENT_QUOTES); |
|
|
|
|
490
|
|
|
break 1; |
491
|
|
|
case 'n': |
492
|
|
|
case 'none': |
493
|
|
|
default: |
494
|
|
|
break 1; |
495
|
|
|
} |
496
|
|
|
break; |
497
|
|
|
case XOBJ_DTYPE_UNICODE_ARRAY: |
498
|
|
|
switch (strtolower($format)) { |
499
|
|
|
case 'n': |
500
|
|
|
case 'none': |
501
|
|
|
break 1; |
502
|
|
|
default: |
503
|
|
|
if (!is_array($ret)) { |
504
|
|
|
if ($ret != '') { |
505
|
|
|
$ret = unserialize($ret); |
506
|
|
|
} |
507
|
|
|
$ret = is_array($ret) ? $ret : array(); |
508
|
|
|
if (is_array($ret)) { |
|
|
|
|
509
|
|
|
$ret = array_walk($ret, 'xoops_aw_decode'); |
510
|
|
|
} |
511
|
|
|
} |
512
|
|
|
|
513
|
|
|
return $ret; |
514
|
|
|
break 1; |
515
|
|
|
} |
516
|
|
|
break; |
517
|
|
|
case XOBJ_DTYPE_ARRAY: |
518
|
|
|
switch (strtolower($format)) { |
519
|
|
|
case 'n': |
520
|
|
|
case 'none': |
521
|
|
|
break 1; |
522
|
|
|
default: |
523
|
|
|
if (!is_array($ret)) { |
524
|
|
|
if ($ret != '') { |
525
|
|
|
$ret = unserialize($ret); |
526
|
|
|
} |
527
|
|
|
$ret = is_array($ret) ? $ret : array(); |
528
|
|
|
} |
529
|
|
|
|
530
|
|
|
return $ret; |
531
|
|
|
break 1; |
532
|
|
|
} |
533
|
|
|
break; |
534
|
|
|
case XOBJ_DTYPE_SOURCE: |
535
|
|
|
switch (strtolower($format)) { |
536
|
|
|
case 's': |
537
|
|
|
case 'show': |
538
|
|
|
break 1; |
539
|
|
|
case 'e': |
540
|
|
|
case 'edit': |
541
|
|
|
return htmlspecialchars($ret, ENT_QUOTES); |
542
|
|
|
break 1; |
543
|
|
|
case 'p': |
544
|
|
|
case 'preview': |
545
|
|
|
return $ts->stripSlashesGPC($ret); |
|
|
|
|
546
|
|
|
break 1; |
547
|
|
|
case 'f': |
548
|
|
|
case 'formpreview': |
549
|
|
|
return htmlspecialchars($ts->stripSlashesGPC($ret), ENT_QUOTES); |
|
|
|
|
550
|
|
|
break 1; |
551
|
|
|
case 'n': |
552
|
|
|
case 'none': |
553
|
|
|
default: |
554
|
|
|
break 1; |
555
|
|
|
} |
556
|
|
|
break; |
557
|
|
|
case XOBJ_DTYPE_DATE: |
558
|
|
|
switch (strtolower($format)) { |
559
|
|
|
case 's': |
560
|
|
|
case 'show': |
561
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
562
|
|
|
return date(_DBDATESTRING, strtotime($ret)); |
563
|
|
|
} else { |
564
|
|
|
return date(_DBDATESTRING, $ret); |
565
|
|
|
} |
566
|
|
|
break 1; |
567
|
|
|
case 'e': |
568
|
|
|
case 'edit': |
569
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
570
|
|
|
return htmlspecialchars(date(_DBDATESTRING, strtotime($ret)), ENT_QUOTES); |
571
|
|
|
} else { |
572
|
|
|
return htmlspecialchars(date(_DBDATESTRING, $ret), ENT_QUOTES); |
573
|
|
|
} |
574
|
|
|
break 1; |
575
|
|
|
case 'p': |
576
|
|
|
case 'preview': |
577
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
578
|
|
|
return $ts->stripSlashesGPC(date(_DBDATESTRING, strtotime($ret))); |
|
|
|
|
579
|
|
|
} else { |
580
|
|
|
return $ts->stripSlashesGPC(date(_DBDATESTRING, $ret)); |
|
|
|
|
581
|
|
|
} |
582
|
|
|
break 1; |
583
|
|
|
case 'f': |
584
|
|
|
case 'formpreview': |
585
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
586
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBDATESTRING, strtotime($ret))), ENT_QUOTES); |
|
|
|
|
587
|
|
|
} else { |
588
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBDATESTRING, $ret)), ENT_QUOTES); |
|
|
|
|
589
|
|
|
} |
590
|
|
|
break 1; |
591
|
|
|
case 'n': |
592
|
|
|
case 'none': |
593
|
|
|
default: |
594
|
|
|
break 1; |
595
|
|
|
} |
596
|
|
|
break; |
597
|
|
|
case XOBJ_DTYPE_TIME: |
598
|
|
|
switch (strtolower($format)) { |
599
|
|
|
case 's': |
600
|
|
|
case 'show': |
601
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
602
|
|
|
return date(_DBTIMESTRING, strtotime($ret)); |
603
|
|
|
} else { |
604
|
|
|
return date(_DBTIMESTRING, $ret); |
605
|
|
|
} |
606
|
|
|
break 1; |
607
|
|
|
case 'e': |
608
|
|
|
case 'edit': |
609
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
610
|
|
|
return htmlspecialchars(date(_DBTIMESTRING, strtotime($ret)), ENT_QUOTES); |
611
|
|
|
} else { |
612
|
|
|
return htmlspecialchars(date(_DBTIMESTRING, $ret), ENT_QUOTES); |
613
|
|
|
} |
614
|
|
|
break 1; |
615
|
|
|
case 'p': |
616
|
|
|
case 'preview': |
617
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
618
|
|
|
return $ts->stripSlashesGPC(date(_DBTIMESTRING, strtotime($ret))); |
|
|
|
|
619
|
|
|
} else { |
620
|
|
|
return $ts->stripSlashesGPC(date(_DBTIMESTRING, $ret)); |
|
|
|
|
621
|
|
|
} |
622
|
|
|
break 1; |
623
|
|
|
case 'f': |
624
|
|
|
case 'formpreview': |
625
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
626
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBTIMESTRING, strtotime($ret))), ENT_QUOTES); |
|
|
|
|
627
|
|
|
} else { |
628
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBTIMESTRING, $ret)), ENT_QUOTES); |
|
|
|
|
629
|
|
|
} |
630
|
|
|
break 1; |
631
|
|
|
case 'n': |
632
|
|
|
case 'none': |
633
|
|
|
default: |
634
|
|
|
break 1; |
635
|
|
|
} |
636
|
|
|
break; |
637
|
|
|
case XOBJ_DTYPE_TIMESTAMP: |
638
|
|
|
switch (strtolower($format)) { |
639
|
|
|
case 's': |
640
|
|
|
case 'show': |
641
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
642
|
|
|
return date(_DBTIMESTAMPSTRING, strtotime($ret)); |
643
|
|
|
} else { |
644
|
|
|
return date(_DBTIMESTAMPSTRING, $ret); |
645
|
|
|
} |
646
|
|
|
break 1; |
647
|
|
|
case 'e': |
648
|
|
|
case 'edit': |
649
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
650
|
|
|
return htmlspecialchars(date(_DBTIMESTAMPSTRING, strtotime($ret)), ENT_QUOTES); |
651
|
|
|
} else { |
652
|
|
|
return htmlspecialchars(date(_DBTIMESTAMPSTRING, $ret), ENT_QUOTES); |
653
|
|
|
} |
654
|
|
|
break 1; |
655
|
|
|
case 'p': |
656
|
|
|
case 'preview': |
657
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
658
|
|
|
return $ts->stripSlashesGPC(date(_DBTIMESTAMPSTRING, strtotime($ret))); |
|
|
|
|
659
|
|
|
} else { |
660
|
|
|
return $ts->stripSlashesGPC(date(_DBTIMESTAMPSTRING, $ret)); |
|
|
|
|
661
|
|
|
} |
662
|
|
|
break 1; |
663
|
|
|
case 'f': |
664
|
|
|
case 'formpreview': |
665
|
|
|
if (is_string($ret) && !is_numeric($ret)) { |
666
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBTIMESTAMPSTRING, strtotime($ret))), ENT_QUOTES); |
|
|
|
|
667
|
|
|
} else { |
668
|
|
|
return htmlspecialchars($ts->stripSlashesGPC(date(_DBTIMESTAMPSTRING, $ret)), ENT_QUOTES); |
|
|
|
|
669
|
|
|
} |
670
|
|
|
break 1; |
671
|
|
|
case 'n': |
672
|
|
|
case 'none': |
673
|
|
|
default: |
674
|
|
|
break 1; |
675
|
|
|
} |
676
|
|
|
break; |
677
|
|
|
default: |
678
|
|
|
if ($this->vars[$key]['options'] != '' && $ret != '') { |
679
|
|
|
switch (strtolower($format)) { |
680
|
|
|
case 's': |
681
|
|
|
case 'show': |
682
|
|
|
$selected = explode('|', $ret); |
683
|
|
|
$options = explode('|', $this->vars[$key]['options']); |
684
|
|
|
$i = 1; |
685
|
|
|
$ret = array(); |
686
|
|
|
foreach ($options as $op) { |
687
|
|
|
if (in_array($i, $selected)) { |
688
|
|
|
$ret[] = $op; |
689
|
|
|
} |
690
|
|
|
++$i; |
691
|
|
|
} |
692
|
|
|
|
693
|
|
|
return implode(', ', $ret); |
694
|
|
|
case 'e': |
695
|
|
|
case 'edit': |
696
|
|
|
$ret = explode('|', $ret); |
697
|
|
|
break 1; |
698
|
|
|
default: |
699
|
|
|
break 1; |
700
|
|
|
} |
701
|
|
|
} |
702
|
|
|
break; |
703
|
|
|
} |
704
|
|
|
|
705
|
|
|
return $ret; |
706
|
|
|
} |
707
|
|
|
|
708
|
|
|
/** |
709
|
|
|
* clean values of all variables of the object for storage. |
710
|
|
|
* also add slashes wherever needed |
711
|
|
|
* |
712
|
|
|
* YOU SHOULD NOT USE ANY OF THE UNICODE TYPES, THEY WILL BE REMOVED |
713
|
|
|
* |
714
|
|
|
* @return bool true if successful |
715
|
|
|
* @access public |
716
|
|
|
*/ |
717
|
|
|
public function cleanVars() |
718
|
|
|
{ |
719
|
|
|
$ts = MyTextSanitizer::getInstance(); |
720
|
|
|
$existing_errors = $this->getErrors(); |
721
|
|
|
$this->_errors = array(); |
722
|
|
|
foreach ($this->vars as $k => $v) { |
723
|
|
|
$cleanv = $v['value']; |
724
|
|
|
if (!$v['changed']) { |
725
|
|
|
} else { |
726
|
|
|
$cleanv = is_string($cleanv) ? trim($cleanv) : $cleanv; |
727
|
|
|
switch ($v['data_type']) { |
728
|
|
|
case XOBJ_DTYPE_TIMESTAMP: |
729
|
|
|
$cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTAMPSTRING, $cleanv) : date(_DBTIMESTAMPSTRING, strtotime($cleanv)); |
730
|
|
|
break; |
731
|
|
|
case XOBJ_DTYPE_TIME: |
732
|
|
|
$cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTRING, $cleanv) : date(_DBTIMESTRING, strtotime($cleanv)); |
733
|
|
|
break; |
734
|
|
|
case XOBJ_DTYPE_DATE: |
735
|
|
|
$cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBDATESTRING, $cleanv) : date(_DBDATESTRING, strtotime($cleanv)); |
736
|
|
|
break; |
737
|
|
|
case XOBJ_DTYPE_TXTBOX: |
738
|
|
|
if ($v['required'] && $cleanv != '0' && $cleanv == '') { |
739
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
740
|
|
|
continue 2; |
741
|
|
|
} |
742
|
|
|
if (isset($v['maxlength']) && strlen($cleanv) > (int)$v['maxlength']) { |
743
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int)$v['maxlength'])); |
744
|
|
|
continue 2; |
745
|
|
|
} |
746
|
|
|
if (!$v['not_gpc']) { |
747
|
|
|
$cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); |
|
|
|
|
748
|
|
|
} else { |
749
|
|
|
$cleanv = $ts->censorString($cleanv); |
|
|
|
|
750
|
|
|
} |
751
|
|
|
break; |
752
|
|
|
case XOBJ_DTYPE_TXTAREA: |
753
|
|
|
if ($v['required'] && $cleanv != '0' && $cleanv == '') { |
754
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
755
|
|
|
continue 2; |
756
|
|
|
} |
757
|
|
|
if (!$v['not_gpc']) { |
758
|
|
|
$cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); |
|
|
|
|
759
|
|
|
} else { |
760
|
|
|
$cleanv = $ts->censorString($cleanv); |
|
|
|
|
761
|
|
|
} |
762
|
|
|
break; |
763
|
|
|
case XOBJ_DTYPE_SOURCE: |
764
|
|
|
if (!$v['not_gpc']) { |
765
|
|
|
$cleanv = $ts->stripSlashesGPC($cleanv); |
|
|
|
|
766
|
|
|
} |
767
|
|
|
break; |
768
|
|
|
case XOBJ_DTYPE_INT: |
769
|
|
|
$cleanv = (int)$cleanv; |
770
|
|
|
break; |
771
|
|
|
|
772
|
|
|
case XOBJ_DTYPE_EMAIL: |
773
|
|
|
if ($v['required'] && $cleanv == '') { |
774
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
775
|
|
|
continue 2; |
776
|
|
|
} |
777
|
|
|
if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$/i", $cleanv)) { |
778
|
|
|
$this->setErrors('Invalid Email'); //_XOBJ_ERR_INVALID_EMAIL |
779
|
|
|
continue 2; |
780
|
|
|
} |
781
|
|
|
if (!$v['not_gpc']) { |
782
|
|
|
$cleanv = $ts->stripSlashesGPC($cleanv); |
|
|
|
|
783
|
|
|
} |
784
|
|
|
break; |
785
|
|
|
case XOBJ_DTYPE_URL: |
786
|
|
|
if ($v['required'] && $cleanv == '') { |
787
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
788
|
|
|
continue 2; |
789
|
|
|
} |
790
|
|
|
if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) { |
791
|
|
|
$cleanv = XOOPS_PROT . $cleanv; |
792
|
|
|
} |
793
|
|
|
if (!$v['not_gpc']) { |
794
|
|
|
$cleanv =& $ts->stripSlashesGPC($cleanv); |
|
|
|
|
795
|
|
|
} |
796
|
|
|
break; |
797
|
|
|
case XOBJ_DTYPE_ARRAY: |
798
|
|
|
$cleanv = (array)$cleanv; |
799
|
|
|
$cleanv = serialize($cleanv); |
800
|
|
|
break; |
801
|
|
|
case XOBJ_DTYPE_STIME: |
802
|
|
|
case XOBJ_DTYPE_MTIME: |
803
|
|
|
case XOBJ_DTYPE_LTIME: |
804
|
|
|
$cleanv = !is_string($cleanv) ? (int)$cleanv : strtotime($cleanv); |
805
|
|
|
break; |
806
|
|
|
case XOBJ_DTYPE_FLOAT: |
807
|
|
|
$cleanv = (float)$cleanv; |
808
|
|
|
break; |
809
|
|
|
case XOBJ_DTYPE_DECIMAL: |
810
|
|
|
$cleanv = (float)$cleanv; |
811
|
|
|
break; |
812
|
|
|
case XOBJ_DTYPE_ENUM: |
813
|
|
|
if (!in_array($cleanv, $v['enumeration'])) { |
814
|
|
|
$this->setErrors('Invalid Enumeration');//_XOBJ_ERR_INVALID_ENUMERATION |
815
|
|
|
continue 2; |
816
|
|
|
} |
817
|
|
|
break; |
818
|
|
|
case XOBJ_DTYPE_UNICODE_TXTBOX: |
819
|
|
|
if ($v['required'] && $cleanv != '0' && $cleanv == '') { |
820
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
821
|
|
|
continue 2; |
822
|
|
|
} |
823
|
|
|
$cleanv = xoops_convert_encode($cleanv); |
824
|
|
|
if (isset($v['maxlength']) && strlen($cleanv) > (int)$v['maxlength']) { |
825
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int)$v['maxlength'])); |
826
|
|
|
continue 2; |
827
|
|
|
} |
828
|
|
|
if (!$v['not_gpc']) { |
829
|
|
|
$cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); |
|
|
|
|
830
|
|
|
} else { |
831
|
|
|
$cleanv = $ts->censorString($cleanv); |
|
|
|
|
832
|
|
|
} |
833
|
|
|
break; |
834
|
|
|
case XOBJ_DTYPE_UNICODE_TXTAREA: |
835
|
|
|
if ($v['required'] && $cleanv != '0' && $cleanv == '') { |
836
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
837
|
|
|
continue 2; |
838
|
|
|
} |
839
|
|
|
$cleanv = xoops_convert_encode($cleanv); |
840
|
|
|
if (!$v['not_gpc']) { |
841
|
|
|
$cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv)); |
|
|
|
|
842
|
|
|
} else { |
843
|
|
|
$cleanv = $ts->censorString($cleanv); |
|
|
|
|
844
|
|
|
} |
845
|
|
|
break; |
846
|
|
|
case XOBJ_DTYPE_UNICODE_EMAIL: |
847
|
|
|
if ($v['required'] && $cleanv == '') { |
848
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
849
|
|
|
continue 2; |
850
|
|
|
} |
851
|
|
|
if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$/i", $cleanv)) { |
852
|
|
|
$this->setErrors('Invalid Email'); |
853
|
|
|
continue 2; |
854
|
|
|
} |
855
|
|
|
$cleanv = xoops_convert_encode($cleanv); |
856
|
|
|
if (!$v['not_gpc']) { |
857
|
|
|
$cleanv = $ts->stripSlashesGPC($cleanv); |
|
|
|
|
858
|
|
|
} |
859
|
|
|
break; |
860
|
|
|
case XOBJ_DTYPE_UNICODE_URL: |
861
|
|
|
if ($v['required'] && $cleanv == '') { |
862
|
|
|
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k)); |
863
|
|
|
continue 2; |
864
|
|
|
} |
865
|
|
|
if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) { |
866
|
|
|
$cleanv = XOOPS_PROT . $cleanv; |
867
|
|
|
} |
868
|
|
|
$cleanv = xoops_convert_encode($cleanv); |
869
|
|
|
if (!$v['not_gpc']) { |
870
|
|
|
$cleanv =& $ts->stripSlashesGPC($cleanv); |
|
|
|
|
871
|
|
|
} |
872
|
|
|