PageRenderTime 43ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/plugins/contact-form-7-to-database-extension/CFDBPermittedFunctions.php

https://gitlab.com/mattswann/launch-housing
PHP | 237 lines | 189 code | 19 blank | 29 comment | 5 complexity | a14a3b9ffafd770f0354fbb2598b7c4d MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.     "Contact Form to Database" Copyright (C) 2011-2014 Michael Simpson  (email : michael.d.simpson@gmail.com)
    5. 

    6. 

  6.     This file is part of Contact Form to Database.
    7. 

    8. 

  8.     Contact Form to Database is free software: you can redistribute it and/or modify
    9. 

  9.     it under the terms of the GNU General Public License as published by
    10. 

  10.     the Free Software Foundation, either version 3 of the License, or
    11. 

  11.     (at your option) any later version.
    12. 

    13. 

  13.     Contact Form to Database is distributed in the hope that it will be useful,
    14. 

  14.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16. 

  16.     GNU General Public License for more details.
    17. 

    18. 

  18.     You should have received a copy of the GNU General Public License
    19. 

  19.     along with Contact Form to Database.
    20. 

  20.     If not, see <http://www.gnu.org/licenses/>.
    21. 

  21. */
    22. 

  22. 

  23. /**
    24. 

  24.  * @singleton
    25. 

  25.  */
    26. 

  26. class CFDBPermittedFunctions {
    27. 

  27. 

  28.     var $permitAllFunctions = false;
    29. 

  29. 

  30.     var $permittedFunctions;
    31. 

  31. 

  32.     static $defaultPermitted = array(
    33. 

  33. 

  34.         // PHP functions
    35. 

  35.             'addcslashes',
    36. 

  36.             'addslashes',
    37. 

  37.             'chop',
    38. 

  38.             'chr',
    39. 

  39.             'count_chars',
    40. 

  40.             'localeconv',
    41. 

  41.             'ltrim',
    42. 

  42.             'md5',
    43. 

  43.             'money_format',
    44. 

  44.             'nl2br',
    45. 

  45.             'number_format',
    46. 

  46.             'rtrim',
    47. 

  47.             'sha1',
    48. 

  48.             'str_ireplace',
    49. 

  49.             'str_pad',
    50. 

  50.             'str_repeat',
    51. 

  51.             'str_replace',
    52. 

  52.             'str_shuffle',
    53. 

  53.             'str_word_count',
    54. 

  54.             'strcasecmp',
    55. 

  55.             'strchr',
    56. 

  56.             'strcmp',
    57. 

  57.             'strcoll',
    58. 

  58.             'strcspn',
    59. 

  59.             'strip_tags',
    60. 

  60.             'stripcslashes',
    61. 

  61.             'stripos',
    62. 

  62.             'strlen',
    63. 

  63.             'strnatcasecmp',
    64. 

  64.             'strnatcmp',
    65. 

  65.             'strncasecmp',
    66. 

  66.             'strncmp',
    67. 

  67.             'strpbrk',
    68. 

  68.             'strpos',
    69. 

  69.             'strspn',
    70. 

  70.             'strrev',
    71. 

  71.             'strstr',
    72. 

  72.             'strtok',
    73. 

  73.             'strtolower',
    74. 

  74.             'strtoupper',
    75. 

  75.             'strtr',
    76. 

  76.             'substr',
    77. 

  77.             'substr_compare',
    78. 

  78.             'substr_count',
    79. 

  79.             'substr_replace',
    80. 

  80.             'trim',
    81. 

  81.             'ucfirst',
    82. 

  82.             'ucwords',
    83. 

  83.             'wordwrap',
    84. 

  84.             'date',
    85. 

  85.             'microtime',
    86. 

  86.             'strtotime',
    87. 

  87.             'idate',
    88. 

  88.             'gmstrftime',
    89. 

  89.             'mktime',
    90. 

  90.             'strftime',
    91. 

  91.             'time',
    92. 

  92.             'intval',
    93. 

  93.             'boolval',
    94. 

  94.             'floatval',
    95. 

  95.             'strval',
    96. 

  96.             'bcmul',
    97. 

  97.             'bcdiv',
    98. 

  98.             'abs',
    99. 

  99.             'acos',
    100. 

  100.             'acoh',
    101. 

  101.             'asin',
    102. 

  102.             'asinh',
    103. 

  103.             'atan2',
    104. 

  104.             'atan',
    105. 

  105.             'atanh',
    106. 

  106.             'base_convert',
    107. 

  107.             'bindec',
    108. 

  108.             'ceil',
    109. 

  109.             'cos',
    110. 

  110.             'cosh',
    111. 

  111.             'decbin',
    112. 

  112.             'dechex',
    113. 

  113.             'decoct',
    114. 

  114.             'deg2rad',
    115. 

  115.             'exp',
    116. 

  116.             'expm1',
    117. 

  117.             'floor',
    118. 

  118.             'fmod',
    119. 

  119.             'getrandmax',
    120. 

  120.             'hexdec',
    121. 

  121.             'hypot',
    122. 

  122.             'intdiv',
    123. 

  123.             'is_finite',
    124. 

  124.             'is_infinite',
    125. 

  125.             'is_nan',
    126. 

  126.             'lcg_value',
    127. 

  127.             'log10',
    128. 

  128.             'log1p',
    129. 

  129.             'log',
    130. 

  130.             'max',
    131. 

  131.             'min',
    132. 

  132.             'mb_strtolower',
    133. 

  133.             'mb_check_encoding',
    134. 

  134.             'mb_convert_case',
    135. 

  135.             'mb_convert_encoding',
    136. 

  136.             'mb_convert_kana',
    137. 

  137.             'mb_decode_numericentity',
    138. 

  138.             'mb_detect_encoding',
    139. 

  139.             'mb_detect_order',
    140. 

  140.             'mb_encode_numericentity',
    141. 

  141.             'mb_ereg_match',
    142. 

  142.             'mb_ereg_replace',
    143. 

  143.             'mb_ereg_search_getpos',
    144. 

  144.             'mb_ereg_search_pos',
    145. 

  145.             'mb_ereg_search',
    146. 

  146.             'mb_ereg',
    147. 

  147.             'mb_eregi_replace',
    148. 

  148.             'mb_eregi',
    149. 

  149.             'mb_internal_encoding',
    150. 

  150.             'mb_language',
    151. 

  151.             'mb_preferred_mime_name',
    152. 

  152.             'mb_regex_encoding',
    153. 

  153.             'mb_regex_set_options',
    154. 

  154.             'mb_strcut',
    155. 

  155.             'mb_strimwidth',
    156. 

  156.             'mb_stripos',
    157. 

  157.             'mb_stristr',
    158. 

  158.             'mb_strlen',
    159. 

  159.             'mb_strpos',
    160. 

  160.             'mb_strrchr',
    161. 

  161.             'mb_strrichr',
    162. 

  162.             'mb_strripos',
    163. 

  163.             'mb_strstr',
    164. 

  164.             'mb_strtolower',
    165. 

  165.             'mb_strtoupper',
    166. 

  166.             'mb_strwidth',
    167. 

  167.             'mb_substr_count',
    168. 

  168.             'mb_substr',
    169. 

  169.             'mt_getrandmax',
    170. 

  170.             'mt_rand',
    171. 

  171.             'mt_srand',
    172. 

  172.             'octdec',
    173. 

  173.             'pi',
    174. 

  174.             'pow',
    175. 

  175.             'rad2deg',
    176. 

  176.             'rand',
    177. 

  177.             'round',
    178. 

  178.             'sin',
    179. 

  179.             'sqrt',
    180. 

  180.             'srand',
    181. 

  181.             'tan',
    182. 

  182.             'tanh',
    183. 

  183. 

  184. 

  185.         // WordPress-defined functions
    186. 

  186.             'human_time_diff',
    187. 

  187.             'current_time',
    188. 

  188. 

  189.         // CFDB-defined functions
    190. 

  190.             'concat',
    191. 

  191.             'sum',
    192. 

  192.             'multiply'
    193. 

  193. 

  194.     );
    195. 

  195. 

  196. 

  197.     public function init() {
    198. 

  198.         $this->permittedFunctions = CFDBPermittedFunctions::$defaultPermitted;
    199. 

  199.     }
    200. 

  200. 

  201.     public static function getInstance() {
    202. 

  202.         static $inst = null;
    203. 

  203.         if ($inst === null) {
    204. 

  204.             $inst = new CFDBPermittedFunctions();
    205. 

  205.             $inst->init();
    206. 

  206.         }
    207. 

  207.         return $inst;
    208. 

  208.     }
    209. 

  209. 

  210.     public function setPermitAllFunctions($trueOrFalse) {
    211. 

  211.         $this->permitAllFunctions = $trueOrFalse;
    212. 

  212.     }
    213. 

  213. 

  214.     public function isFunctionPermitted($functionName) {
    215. 

  215.         if ($this->permitAllFunctions === true) {
    216. 

  216.             return true;
    217. 

  217.         } else {
    218. 

  218.             return in_array($functionName, $this->permittedFunctions);
    219. 

  219.         }
    220. 

  220.     }
    221. 

  221. 

  222.     public function addPermittedFunction($functionName) {
    223. 

  223.         if ($functionName && !in_array($functionName, $this->permittedFunctions)) {
    224. 

  224.             $this->permittedFunctions[] = $functionName;
    225. 

  225.         }
    226. 

  226.     }
    227. 

  227. 

  228. 

  229. }
    230. 

  230. 

  231. /**
    232. 

  232.  * A function wrapper to register function names in a CFDBPermittedFunctions singleton
    233. 

  233.  * @param $function_name
    234. 

  234.  */
    235. 

  235. function cfdb_register_function($function_name) {
    236. 

  236.     CFDBPermittedFunctions::getInstance()->addPermittedFunction($function_name);
    237. 

  237. }
    238. 

  238.