PageRenderTime 25ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/Zikula-1.2.3/includes/FormUtil.class.php

#
PHP | 384 lines | 219 code | 41 blank | 124 comment | 81 complexity | 0c81f99645fc9d563fc75c1dd72ebb8f MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, BSD-3-Clause 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Zikula Application Framework
    4. 

  4.  *
    5. 

  5.  * @copyright Zikula Development Team
    6. 

  6.  * @link http://www.zikula.org
    7. 

  7.  * @version $Id: FormUtil.class.php 27233 2009-10-27 20:07:15Z mateo $
    8. 

  8.  * @license GNU/GPL - http://www.gnu.org/copyleft/gpl.html
    9. 

  9.  * @author Robert Gasch rgasch@gmail.com
    10. 

  10.  * @package Zikula_Core
    11. 

  11.  * @subpackage FormUtil
    12. 

  12.  */
    13. 

  13. 

  14. /**
    15. 

  15.  * FormUtil
    16. 

  16.  *
    17. 

  17.  * @package Zikula_Core
    18. 

  18.  * @subpackage FormUtil
    19. 

  19.  */
    20. 

  20. class FormUtil
    21. 

  21. {
    22. 

  22.     /**
    23. 

  23.      * Return the requested key from input in a safe way. This function
    24. 

  24.      * is safe to use for recursive arrays and either returns a non-empty
    25. 

  25.      * string or the (optional) default.
    26. 

  26.      *
    27. 

  27.      * This method is based on pnVarCleanFromInput but array-safe.
    28. 

  28.      *
    29. 

  29.      * @param key        The field to return
    30. 

  30.      * @param default    The value to return if the requested field is not found (optional) (default=false)
    31. 

  31.      * @param source     The sourc field to get a parameter from
    32. 

  32.      *
    33. 

  33.      * @return The requested input key or the specified default
    34. 

  34.      */
    35. 

  35.     function getPassedValue($key, $default = null, $source = null)
    36. 

  36.     {
    37. 

  37.         if (!$key) {
    38. 

  38.             return pn_exit(__f('Empty %1$s passed to %2$s.', array('key', 'FormUtil::getPassedValueSafe')));
    39. 

  39.         }
    40. 

  40. 

  41.         $source = strtoupper($source);
    42. 

  42.         $src = ($source ? $source : 'REQUEST') . '_' . ($default != null ? $default : 'null');
    43. 

  43. 

  44.         $doClean = false;
    45. 

  45.         switch (true)
    46. 

  46.         {
    47. 

  47.             case (isset($_REQUEST[$key]) && !isset($_FILES[$key]) && (!$source || $source == 'R' || $source == 'REQUEST')):
    48. 

  48.                 $value = $_REQUEST[$key];
    49. 

  49.                 $doClean = true;
    50. 

  50.                 break;
    51. 

  51.             case isset($_GET[$key]) && (!$source || $source == 'G' || $source == 'GET'):
    52. 

  52.                 $value = $_GET[$key];
    53. 

  53.                 $doClean = true;
    54. 

  54.                 break;
    55. 

  55.             case isset($_POST[$key]) && (!$source || $source == 'P' || $source == 'POST'):
    56. 

  56.                 $value = $_POST[$key];
    57. 

  57.                 $doClean = true;
    58. 

  58.                 break;
    59. 

  59.             case isset($_COOKIE[$key]) && (!$source || $source == 'C' || $source == 'COOKIE'):
    60. 

  60.                 $value = $_COOKIE[$key];
    61. 

  61.                 $doClean = true;
    62. 

  62.                 break;
    63. 

  63.             case isset($_FILES[$key]) && ($source == 'F' || $source == 'FILES'):
    64. 

  64.                 $value = $_FILES[$key];
    65. 

  65.                 break;
    66. 

  66.             case (isset($_GET[$key]) || isset($_POST[$key])) && ($source == 'GP' || $source == 'GETPOST'):
    67. 

  67.                 if (isset($_GET[$key])) {
    68. 

  68.                     $value = $_GET[$key];
    69. 

  69.                 }
    70. 

  70.                 if (isset($_POST[$key])) {
    71. 

  71.                     $value = $_POST[$key];
    72. 

  72.                 }
    73. 

  73.                 $doClean = true;
    74. 

  74.                 break;
    75. 

  75.             default:
    76. 

  76.                 if ($source) {
    77. 

  77.                     static $valid = array('R', 'REQUEST', 'G', 'GET', 'P', 'POST', 'C', 'COOKIE', 'F', 'FILES', 'GP', 'GETPOST');
    78. 

  78.                     if (!in_array($source, $valid)) {
    79. 

  79.                         pn_exit(__f('Invalid input source [%s] received.', DataUtil::formatForDisplay($source)));
    80. 

  80.                         return $default;
    81. 

  81.                     }
    82. 

  82.                 }
    83. 

  83.         }
    84. 

  84. 

  85.         if (isset($value) && !is_null($value)) {
    86. 

  86.             if (is_array($value)) {
    87. 

  87.                 FormUtil::cleanArray($value);
    88. 

  88.             } else {
    89. 

  89.                 static $alwaysclean = array('name', 'module', 'type', 'file', 'authid');
    90. 

  90.                 if (in_array($key, $alwaysclean)) {
    91. 

  91.                     $doClean = true;
    92. 

  92.                 }
    93. 

  93.                 if ($doClean && !defined('_PNINSTALLVER')) {
    94. 

  94.                     FormUtil::cleanValue($value);
    95. 

  95.                 }
    96. 

  96.             }
    97. 

  97. 

  98.             return $value;
    99. 

  99.         }
    100. 

  100. 

  101.         return $default;
    102. 

  102.     }
    103. 

  103. 

  104.     /**
    105. 

  105.      * Clean an array acquired from input. This method is safe to use for recursive arrays
    106. 

  106.      * and cleans the array in place as well as returning it.
    107. 

  107.      *
    108. 

  108.      * @param array     The array to clean up
    109. 

  109.      *
    110. 

  110.      * @return The the altered/cleaned data array.
    111. 

  111.      */
    112. 

  112.     function cleanArray(&$array)
    113. 

  113.     {
    114. 

  114.         if (!is_array($array)) {
    115. 

  115.             return pn_exit(__f('Non-array passed to %s.', 'FormUtil::cleanArray'));
    116. 

  116.         }
    117. 

  117. 

  118.         $ak = array_keys($array);
    119. 

  119.         $kc = count($ak);
    120. 

  120. 

  121.         for ($i = 0; $i < $kc; $i++) {
    122. 

  122.             $key = $ak[$i];
    123. 

  123.             if (is_array($array[$key])) {
    124. 

  124.                 FormUtil::cleanArray($array[$key]);
    125. 

  125.             } else {
    126. 

  126.                 FormUtil::cleanValue($array[$key]);
    127. 

  127.             }
    128. 

  128.         }
    129. 

  129. 

  130.         return $array;
    131. 

  131.     }
    132. 

  132. 

  133.     /**
    134. 

  134.      * Clean an individual data element in place; cleans the array in place
    135. 

  135.      * as well as returning it.
    136. 

  136.      *
    137. 

  137.      * @param value     The value to clean
    138. 

  138.      *
    139. 

  139.      * @return A reference to the original (altered/cleaned) data array
    140. 

  140.      */
    141. 

  141.     function cleanValue(&$value)
    142. 

  142.     {
    143. 

  143.         static $isAdmin = null;
    144. 

  144.         if ($isAdmin === null)
    145. 

  145.             $isAdmin = SecurityUtil::checkPermission('.*', '.*', ACCESS_ADMIN);
    146. 

  146. 

  147.         if (!$value) {
    148. 

  148.             return $value;
    149. 

  149.         }
    150. 

  150. 

  151.         if (get_magic_quotes_gpc()) {
    152. 

  152.             pnStripslashes($value);
    153. 

  153.         }
    154. 

  154. 

  155.         if (!$isAdmin) {
    156. 

  156.             static $replace = array();
    157. 

  157.             static $search = array('|</?\s*SCRIPT.*?>|si', '|</?\s*FRAME.*?>|si', '|</?\s*OBJECT.*?>|si', '|</?\s*META.*?>|si', '|</?\s*APPLET.*?>|si', '|</?\s*LINK.*?>|si', '|</?\s*IFRAME.*?>|si', '|STYLE\s*=\s*"[^"]*"|si');
    158. 

  158. 

  159.             $value = preg_replace($search, $replace, $value);
    160. 

  160.         }
    161. 

  161. 

  162.         $value = trim($value);
    163. 

  163.         return $value;
    164. 

  164.     }
    165. 

  165. 

  166.     /**
    167. 

  167.      * Return a boolean indicating whether the specified field is required
    168. 

  168.      *
    169. 

  169.      * @param validationInfo   The plain (non-structured) validation array
    170. 

  170.      * @param field            The fieldname
    171. 

  171.      *
    172. 

  172.      * @return A boolean indicating whether or not the specified field is required
    173. 

  173.      */
    174. 

  174.     function isRequiredField($validationInfo, $field)
    175. 

  175.     {
    176. 

  176.         if (!$validationInfo) {
    177. 

  177.             return pn_exit(__f('Empty %1$s passed to %2$s.', array('validationInfo', 'FormUtil::isRequiredField')));
    178. 

  178.         }
    179. 

  179. 

  180.         if (!$field) {
    181. 

  181.             return pn_exit(__f('Empty %1$s passed to %2$s.', array('fieldname', 'FormUtil::isRequiredField')));
    182. 

  182.         }
    183. 

  183. 

  184.         $rec = isset($validationInfo[$field]) ? $validationInfo[$field] : null;
    185. 

  185. 

  186.         if (!$rec) {
    187. 

  187.             return false;
    188. 

  188.         }
    189. 

  189. 

  190.         return $rec[1];
    191. 

  191.     }
    192. 

  192. 

  193.     /**
    194. 

  194.      * Get the required field marker (or nothing) for the specified field
    195. 

  195.      *
    196. 

  196.      * @param validationInfo   The plain (non-structured) validation array
    197. 

  197.      * @param field            The fieldname
    198. 

  198.      *
    199. 

  199.      * @return The required field marker or an empty string
    200. 

  200.      */
    201. 

  201.     function getRequiredFieldMarker($validationInfo, $field)
    202. 

  202.     {
    203. 

  203.         if (FormUtil::isRequiredField($validationInfo, $field)) {
    204. 

  204.             return _REQUIRED_MARKER;
    205. 

  205.         }
    206. 

  206. 

  207.         return _MARKER_NONE;
    208. 

  208.     }
    209. 

  209. 

  210.     /**
    211. 

  211.      * Clear the validation error array
    212. 

  212.      *
    213. 

  213.      * @param objectType       The (string) object type
    214. 

  214.      *
    215. 

  215.      * @return nothing
    216. 

  216.      */
    217. 

  217.     function clearValidationErrors($objectType = null)
    218. 

  218.     {
    219. 

  219.         if ($objectType) {
    220. 

  220.             if (isset($_SESSION['validationErrors'][$objectType])) {
    221. 

  221.                 unset($_SESSION['validationErrors'][$objectType]);
    222. 

  222.             }
    223. 

  223.         } else {
    224. 

  224.             if (isset($_SESSION['validationErrors'])) {
    225. 

  225.                 unset($_SESSION['validationErrors']);
    226. 

  226.             }
    227. 

  227.         }
    228. 

  228.     }
    229. 

  229. 

  230.     /**
    231. 

  231.      * Clear the objects which failed validation
    232. 

  232.      *
    233. 

  233.      * @param objectType       The (string) object type
    234. 

  234.      *
    235. 

  235.      * @return nothing
    236. 

  236.      */
    237. 

  237.     function clearValidationFailedObjects($objectType = null)
    238. 

  238.     {
    239. 

  239.         if ($objectType) {
    240. 

  240.             if (isset($_SESSION['validationFailedObjects'][$objectType])) {
    241. 

  241.                 unset($_SESSION['validationFailedObjects'][$objectType]);
    242. 

  242.             }
    243. 

  243.         } else {
    244. 

  244.             if (isset($_SESSION['validationFailedObjects'])) {
    245. 

  245.                 unset($_SESSION['validationFailedObjects']);
    246. 

  246.             }
    247. 

  247.         }
    248. 

  248.     }
    249. 

  249. 

  250.     /**
    251. 

  251.      * Get the validation errors
    252. 

  252.      *
    253. 

  253.      * @return The validation error array or null
    254. 

  254.      */
    255. 

  255.     function getValidationErrors()
    256. 

  256.     {
    257. 

  257.         static $ve = null;
    258. 

  258.         if (!$ve) {
    259. 

  259.             if (isset($_SESSION['validationErrors']) && is_array($_SESSION['validationErrors'])) {
    260. 

  260.                 $ve = $_SESSION['validationErrors'];
    261. 

  261.                 unset($_SESSION['validationErrors']);
    262. 

  262.             }
    263. 

  263.         }
    264. 

  264. 

  265.         return $ve;
    266. 

  266.     }
    267. 

  267. 

  268.     /**
    269. 

  269.      * Return the objects which failed validation
    270. 

  270.      *
    271. 

  271.      * @return The validation error array or null
    272. 

  272.      */
    273. 

  273.     function getFailedValidationObjects($objectType = null)
    274. 

  274.     {
    275. 

  275.         static $objects = null;
    276. 

  276.         if (!$objects) {
    277. 

  277.             if (isset($_SESSION['validationFailedObjects']) && is_array($_SESSION['validationFailedObjects'])) {
    278. 

  278.                 if ($objectType && isset($_SESSION['validationFailedObjects'][$objectType])) {
    279. 

  279.                     $objects = $_SESSION['validationFailedObjects'][$objectType];
    280. 

  280.                     unset($_SESSION['validationFailedObjects'][$objectType]);
    281. 

  281.                 } else {
    282. 

  282.                     $objects = $_SESSION['validationFailedObjects'];
    283. 

  283.                     unset($_SESSION['validationFailedObjects']);
    284. 

  284.                 }
    285. 

  285.             }
    286. 

  286.         }
    287. 

  287. 

  288.         return $objects;
    289. 

  289.     }
    290. 

  290. 

  291.     /**
    292. 

  292.      * Return a boolean indicating whether or not the specified field failed validation
    293. 

  293.      *
    294. 

  294.      * @param objectType       The (string) object type
    295. 

  295.      * @param field            The fieldname
    296. 

  296.      *
    297. 

  297.      * @return A boolean indicating whether or not the specified field failed validation
    298. 

  298.      */
    299. 

  299.     function hasValidationErrors($objectType, $field = null)
    300. 

  300.     {
    301. 

  301.         if (!$objectType) {
    302. 

  302.             return pn_exit(__f('Empty %1$s passed to %2$s.', array('objectType', 'FormUtil::hasValidationErrors')));
    303. 

  303.         }
    304. 

  304. 

  305.         if (!$field) {
    306. 

  306.             return pn_exit(__f('Empty %1$s passed to %2$s.', array('field', 'FormUtil::hasValidationErrors')));
    307. 

  307.         }
    308. 

  308. 

  309.         $ve = FormUtil::getValidationErrors();
    310. 

  310.         return (boolean) ($ve[$objectType][$field]);
    311. 

  311.     }
    312. 

  312. 

  313.     /**
    314. 

  314.      * Get the required field marker (or nothing) for the specified field
    315. 

  315.      *
    316. 

  316.      * @param objectType       The (string) object type
    317. 

  317.      * @param field            The fieldname
    318. 

  318.      *
    319. 

  319.      * @return The validation error marker or an empty string
    320. 

  320.      */
    321. 

  321.     function getValidationFieldMarker($objectType, $field)
    322. 

  322.     {
    323. 

  323.         if (FormUtil::hasValidationErrors($objectType, $field)) {
    324. 

  324.             return _VALIDATION_MARKER;
    325. 

  325.         }
    326. 

  326. 

  327.         return _MARKER_NONE;
    328. 

  328.     }
    329. 

  329. 

  330.     /**
    331. 

  331.      * Get the validation error for the specified field
    332. 

  332.      *
    333. 

  333.      * @param objectType       The (string) object type
    334. 

  334.      * @param field            The fieldname to get the error for
    335. 

  335.      *
    336. 

  336.      * @return The validation error or an empty string
    337. 

  337.      */
    338. 

  338.     function getValidationError($objectType, $field)
    339. 

  339.     {
    340. 

  340.         if (!FormUtil::hasValidationErrors($objectType, $field)) {
    341. 

  341.             return '';
    342. 

  342.         }
    343. 

  343. 

  344.         $ve = FormUtil::getValidationErrors();
    345. 

  345.         $error = $ve[$objectType][$field];
    346. 

  346.         if ($error) {
    347. 

  347.             $error = '&nbsp;' . $error;
    348. 

  348.         }
    349. 

  349. 

  350.         return $error;
    351. 

  351.     }
    352. 

  352. 

  353.     /**
    354. 

  354.      * Get the appropriate field marker
    355. 

  355.      *
    356. 

  356.      * @param objectType       The (string) object type
    357. 

  357.      * @param validationInfo   The plain (non-structured) validation array
    358. 

  358.      * @param field            The fieldname
    359. 

  359.      *
    360. 

  360.      * @return The a marker string or an 'nbsp';
    361. 

  361.      */
    362. 

  362.     function getFieldMarker($objectType, $validationInfo, $field)
    363. 

  363.     {
    364. 

  364.         if (FormUtil::hasValidationErrors($objectType, $field)) {
    365. 

  365.             return _VALIDATION_MARKER;
    366. 

  366.         } else if (FormUtil::isRequiredField($validationInfo, $field)) {
    367. 

  367.             return _REQUIRED_MARKER;
    368. 

  368.         }
    369. 

  369. 

  370.         return _MARKER_NONE;
    371. 

  371.     }
    372. 

  372. 

  373.     /**
    374. 

  374.      * Return a newly created pnFormRender instance with the given name
    375. 

  375.      *
    376. 

  376.      * @return The newly created pnFormRender instance.
    377. 

  377.      */
    378. 

  378.     function newPNForm($name)
    379. 

  379.     {
    380. 

  380.         Loader::requireOnce('includes/pnForm.php');
    381. 

  381.         return new pnFormRender($name);
    382. 

  382.     }
    383. 

  383. }
    384. 

  384. 

  385.