PHP mf_sanitize函数代码示例

require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/language.php';
require 'includes/view-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
/***************************************************************************************************************/
/* 1. Get new field parameters 																	   			   */
/***************************************************************************************************************/
$element_type = strtolower(trim($_POST['element_type']));
$form_id = (int) $_POST['form_id'];
$element_position = (int) $_POST['position'];
//the position of the element within the preview page
$element_properties_input = mf_sanitize($_POST['field_properties']);
//when a field being created by dragging the button to the form preview page, a temporary id is being assigned to to field
//the id being sent here need to be sent back, so that the javascript could replace it with the actual field markup
$holder_id = strtolower(trim($_POST['holder_id']));
// A new field can be created from few actions
// Dragging from the sidebar -- drag_new
// Clicking the button -- click_new
// Duplicate an existing field -- duplicate
// Changing a field type -- change_type (NOT YET implemented)
$action = strtolower(trim($_POST['action']));
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("You don't have permission to edit this form.");

 $user_input['priv_new_forms'] = (int) $_POST['au_priv_new_forms'];
 $user_input['priv_new_themes'] = (int) $_POST['au_priv_new_themes'];
 $user_input['priv_administer'] = (int) $_POST['au_priv_administer'];
 //if the user has administer privileges, make sure to get all other privileges as well
 if (!empty($user_input['priv_administer'])) {
     $user_input['priv_new_forms'] = 1;
     $user_input['priv_new_themes'] = 1;
 }
 foreach ($form_list_array as $value) {
     $form_id = $value['form_id'];
     $user_input['perm_editform_' . $form_id] = (int) $_POST['perm_editform_' . $form_id];
     $user_input['perm_editentries_' . $form_id] = (int) $_POST['perm_editentries_' . $form_id];
     $user_input['perm_viewentries_' . $form_id] = (int) $_POST['perm_viewentries_' . $form_id];
 }
 //clean the inputs
 $user_input = mf_sanitize($user_input);
 //validate inputs
 $error_messages = array();
 //validate email
 if (empty($user_input['user_bulk_data'])) {
     $error_messages['user_bulk_data'] = 'This field is required. Please enter users data.';
 } else {
     //parse data into array for easier processing
     $temp_data = explode("\n", $user_input['user_bulk_data']);
     array_walk($temp_data, 'mf_trim_value');
     $i = 0;
     foreach ($temp_data as $row_data) {
         if (empty($row_data)) {
             continue;
         }
         $columns = array();

require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
if (empty($_POST['form_id'])) {
    die("Error! You can't open this file directly");
}
$form_id = (int) trim($_POST['form_id']);
$field_rule_properties = mf_sanitize($_POST['field_rule_properties']);
$field_rule_conditions = mf_sanitize($_POST['field_rule_conditions']);
$page_rule_properties = mf_sanitize($_POST['page_rule_properties']);
$page_rule_conditions = mf_sanitize($_POST['page_rule_conditions']);
$logic_statuses = mf_sanitize($_POST['logic_status']);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("Access Denied. You don't have permission to edit this form.");
    }
}
$logic_field_enable = (int) $logic_statuses['logic_field_enable'];
$logic_page_enable = (int) $logic_statuses['logic_page_enable'];
/** Field Logic **/
//save field_rule_properties into ap_field_logic_elements table
$query = "delete from " . MF_TABLE_PREFIX . "field_logic_elements where form_id=?";
$params = array($form_id);
mf_do_query($query, $params, $dbh);

 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/common-validator.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//sleep(2); //temporary for localhost testing
$element_properties_array = mf_sanitize($_POST['ep']);
$form_id = (int) $_POST['form_id'];
$form_properties = mf_sanitize($_POST['fp']);
$last_pagebreak_properties = mf_sanitize($_POST['lp']);
parse_str($_POST['el_pos']);
$element_positions = $el_pos;
//contain the positions of the elements
unset($el_pos);
/***************************************************************************************************************/
/* 1. Process form properties																			   	   */
/***************************************************************************************************************/
if ($form_properties['active'] == 2) {
    $is_new_form = true;
} else {
    $is_new_form = false;
}
foreach ($form_properties as $key => $value) {
    if ($key == 'schedule_start_hour' || $key == 'schedule_end_hour') {
        $exploded = array();

/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$form_id = (int) trim($_POST['form_id']);
$column_preferences = mf_sanitize($_POST['col_pref']);
if (empty($form_id)) {
    die("This file can't be opened directly.");
}
$dbh = mf_connect_db();
//first delete all previous preferences
$query = "delete from `" . MF_TABLE_PREFIX . "column_preferences` where form_id=?";
$params = array($form_id);
mf_do_query($query, $params, $dbh);
//save the new preference
$query = "insert into `" . MF_TABLE_PREFIX . "column_preferences`(form_id,element_name,position) values(?,?,?)";
$position = 1;
if (!empty($column_preferences)) {
    foreach ($column_preferences as $data) {
        $column_name = $data['name'];
        $params = array($form_id, $column_name, $position);

                //delete previous file from the listfile if any
                $current_listfile_array = array();
                $current_listfile_array = file($listfile_name, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
                if (file_exists($current_listfile_array[1])) {
                    unlink($current_listfile_array[1]);
                }
                $listfile_content = '<?php' . "\n" . $destination_file . "\n" . "?>";
            }
        }
        // Write the contents to the file
        file_put_contents($listfile_name, $listfile_content, LOCK_EX);
        $upload_success = true;
    } else {
        $upload_success = false;
        $error_message = "Unable to move file!";
    }
}
$response_data = new stdClass();
if ($upload_success) {
    $response_data->status = "ok";
    $response_data->message = mf_sanitize($_FILES['Filedata']['name']);
} else {
    $response_data->status = "error";
    $response_data->message = $error_message;
}
$response_json = json_encode($response_data);
echo $response_json;
//we need to use output buffering to be able capturing error messages
$output = ob_get_contents();
ob_end_clean();
echo $output;

  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/entry-functions.php';
require 'includes/users-functions.php';
$form_id = (int) trim($_POST['form_id']);
$selected_entries = mf_sanitize($_POST['selected_entries']);
$delete_all = (int) $_POST['delete_all'];
$origin = trim($_POST['origin']);
$user_id = (int) $_SESSION['mf_user_id'];
if (empty($form_id)) {
    die("This file can't be opened directly.");
}
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_entries permission
    if (empty($user_perms['edit_entries'])) {
        die("Access Denied. You don't have permission to edit this entry.");
    }

/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$_POST = mf_sanitize($_POST);
$default_date = trim($_POST['default_date']);
$input_format = trim($_POST['date_format']);
$response_data = new stdClass();
$slash_pos = strpos($default_date, '/');
if ($input_format == 'europe_date' && !empty($slash_pos)) {
    //if the input format is europe date (dd/mm/yyyy) and the input is ##/##/#### we need to convert the input into mm/dd/yyyy format
    //since the strtotime function only accept mm/dd/yyyy
    $exploded = explode('/', $default_date);
    $default_date = $exploded[1] . '/' . $exploded[0] . '/' . $exploded[2];
}
$timestamp = strtotime($default_date);
if ($timestamp !== false && $timestamp != -1) {
    $response_data->status = "ok";
    $response_data->default_date = date('d-m-Y', $timestamp);
} else {

/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$filter_properties_array = mf_sanitize($_POST['filter_prop']);
$filter_type = mf_sanitize($_POST['filter_type']);
if (empty($filter_type) || empty($filter_properties_array)) {
    die("This file can't be opened directly.");
}
//we only need to save the filter into session variable
$_SESSION['filter_users'] = array();
$i = 0;
foreach ($filter_properties_array as $data) {
    $_SESSION['filter_users'][$i]['element_name'] = $data['element_name'];
    $_SESSION['filter_users'][$i]['filter_condition'] = $data['condition'];
    $_SESSION['filter_users'][$i]['filter_keyword'] = $data['keyword'];
    $i++;
}
$_SESSION['filter_users_type'] = $filter_type;
$response_data = new stdClass();
$response_data->status = "ok";

 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
if (empty($_POST['payment_properties'])) {
    die("Error! You can't open this file directly");
}
$payment_properties = mf_sanitize($_POST['payment_properties']);
$field_prices = mf_sanitize($_POST['field_prices']);
$form_id = (int) $payment_properties['form_id'];
unset($payment_properties['form_id']);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("Access Denied. You don't have permission to edit this form.");
    }
}
//save payment properties into ap_forms table
foreach ($payment_properties as $key => $value) {
    $form_input['payment_' . $key] = $value;
}
mf_ap_forms_update($form_id, $form_input, $dbh);

<?php

/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'lib/password-hash.php';
$dbh = mf_connect_db();
$input = mf_sanitize($_POST);
if (empty($input['np'])) {
    die("Error! You can't open this file directly");
} else {
    $new_password_plain = $input['np'];
}
$hasher = new PasswordHash(8, FALSE);
$new_password_hash = $hasher->HashPassword($new_password_plain);
$settings['admin_password'] = $new_password_hash;
mf_ap_settings_update($settings, $dbh);
$_SESSION['MF_SUCCESS'] = 'Your new password has been saved.';
echo '{"status" : "ok"}';

 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$action = trim($_POST['action']);
$selected_users = mf_sanitize($_POST['selected_users']);
$select_all = (int) $_POST['delete_all'];
$no_session_msg = (int) $_POST['no_session_msg'];
$origin = trim($_POST['origin']);
if (empty($action)) {
    die("This file can't be opened directly.");
} else {
    if ($action == 'delete') {
        $new_user_status = 0;
    } else {
        if ($action == 'suspend') {
            $new_user_status = 2;
        } else {
            if ($action == 'unsuspend') {
                $new_user_status = 1;
            } else {

//.........这里部分代码省略.........
    $state_list[50]['value'] = 'Wyoming';
    global $mf_lang;
    $li_class = '';
    $error_message = '';
    $span_required = '';
    $guidelines = '';
    $el_class = array();
    $el_class[] = 'address';
    if (!empty($element->is_private)) {
        $el_class[] = 'private';
    }
    if (!empty($element->css_class)) {
        $el_class[] = trim($element->css_class);
    }
    if (!empty($element->is_error)) {
        $el_class[] = 'error';
        if ($element->error_message != 'error_no_display') {
            $error_message = "<p class=\"error\">{$element->error_message}</p>";
        }
    }
    //check for required
    if ($element->is_required) {
        $span_required = "<span id=\"required_{$element->id}\" class=\"required\">*</span>";
    }
    //check for guidelines
    if (!empty($element->guidelines)) {
        $guidelines = "<p class=\"guidelines\" id=\"guide_{$element->id}\"><small>{$element->guidelines}</small></p>";
    }
    if (!empty($element->default_value)) {
        $default_value_6 = $element->default_value;
    }
    //check for GET parameter to populate default value
    if (isset($_GET['element_' . $element->id . '_1'])) {
        $default_value_1 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_1']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_2'])) {
        $default_value_2 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_2']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_3'])) {
        $default_value_3 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_3']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_4'])) {
        $default_value_4 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_4']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_5'])) {
        $default_value_5 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_5']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_6'])) {
        $default_value_6 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_6']), ENT_QUOTES);
    }
    //check for populated values, if exist override the default value
    if (!empty($element->populated_value['element_' . $element->id . '_1']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_2']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_3']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_4']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_5']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_6']['default_value'])) {
        $default_value_1 = '';
        $default_value_2 = '';
        $default_value_3 = '';
        $default_value_4 = '';
        $default_value_5 = '';
        $default_value_1 = $element->populated_value['element_' . $element->id . '_1']['default_value'];
        $default_value_2 = $element->populated_value['element_' . $element->id . '_2']['default_value'];
        $default_value_3 = $element->populated_value['element_' . $element->id . '_3']['default_value'];
        $default_value_4 = $element->populated_value['element_' . $element->id . '_4']['default_value'];
        $default_value_5 = $element->populated_value['element_' . $element->id . '_5']['default_value'];
        $default_value_6 = $element->populated_value['element_' . $element->id . '_6']['default_value'];
    }
    //create country markup, if no default value, provide a blank option
    if (!empty($element->address_us_only)) {

require 'includes/view-functions.php';
require 'includes/post-functions.php';
require 'includes/filter-functions.php';
require 'includes/entry-functions.php';
require 'includes/helper-functions.php';
require 'includes/theme-functions.php';
require 'lib/swift-mailer/swift_required.php';
require 'lib/recaptchalib.php';
require 'lib/php-captcha/php-captcha.inc.php';
require 'lib/text-captcha.php';
require 'hooks/custom_hooks.php';
$dbh = mf_connect_db();
$ssl_suffix = mf_get_ssl_suffix();
if (mf_is_form_submitted()) {
    //if form submitted
    $input_array = mf_sanitize($_POST);
    $submit_result = mf_process_form($dbh, $input_array);
    if (!isset($input_array['password'])) {
        //if normal form submitted
        if ($submit_result['status'] === true) {
            if (!empty($submit_result['form_resume_url'])) {
                //the user saving a form, display success page with the resume URL
                $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url'];
                header("Location: http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1");
                exit;
            } else {
                if ($submit_result['logic_page_enable'] === true) {
                    //the page has skip logic enable and a custom destination page has been set
                    $target_page_id = $submit_result['target_page_id'];
                    if (is_numeric($target_page_id)) {
                        header("Location: http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$target_page_id}");

 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$form_id = (int) $_POST['form_id'];
$tags = mf_sanitize($_POST['tags']);
$action = $_POST['action'];
if (empty($form_id) || empty($tags) || empty($action)) {
    die('error! missing parameters.');
}
if ($action == 'add') {
    //add a new tag name
    //get existing tags for current form
    $query = "SELECT `form_tags` from " . MF_TABLE_PREFIX . "forms WHERE form_id=?";
    $params = array($form_id);
    $sth = mf_do_query($query, $params, $dbh);
    $row = mf_do_fetch_result($sth);
    if (!empty($row['form_tags'])) {
        $current_tags_array = explode(',', $row['form_tags']);
    }
    //get the new tag names