PHP vtlib_purifyForSql函数代码示例

function vtSaveWorkflowTemplate($adb, $request)
{
    $util = new VTWorkflowUtils();
    $module = new VTWorkflowApplication("savetemplate");
    $mod = return_module_language($current_language, $module->name);
    if (!$util->checkAdminAccess()) {
        $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
        $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
        return;
    }
    $title = vtlib_purifyForSql($request['title']);
    $workflowId = $request['workflow_id'];
    $wfs = new VTworkflowManager($adb);
    $workflow = $wfs->retrieve($workflowId);
    $tm = new VTWorkflowTemplateManager($adb);
    $tpl = $tm->newTemplate($title, $workflow);
    $tm->saveTemplate($tpl);
    $returnUrl = vtlib_purify($request['return_url']);
    ?>
		<script type="text/javascript" charset="utf-8">
			 window.location="<?php 
    echo $returnUrl;
    ?>
";
		</script>
		<a href="<?php 
    echo $returnUrl;
    ?>
">Return</a>
	<?php 
}

function vtSaveTask($adb, $request)
{
    $util = new VTWorkflowUtils();
    $module = new VTWorkflowApplication("savetask");
    $mod = return_module_language($current_language, $module->name);
    if (!$util->checkAdminAccess()) {
        $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
        $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
        return;
    }
    $tm = new VTTaskManager($adb);
    if (isset($request["task_id"])) {
        $task = $tm->retrieveTask($request["task_id"]);
    } else {
        $taskType = vtlib_purifyForSql($request["task_type"]);
        $workflowId = $request["workflow_id"];
        $task = $tm->createTask($taskType, $workflowId);
    }
    $task->summary = $request["summary"];
    if ($request["active"] == "true") {
        $task->active = true;
    } else {
        if ($request["active"] == "false") {
            $task->active = false;
        }
    }
    if (isset($request['check_select_date'])) {
        $trigger = array('days' => ($request['select_date_direction'] == 'after' ? 1 : -1) * (int) $request['select_date_days'], 'field' => $request['select_date_field']);
        $task->trigger = $trigger;
    } else {
        $task->trigger = null;
    }
    $fieldNames = $task->getFieldNames();
    foreach ($fieldNames as $fieldName) {
        $task->{$fieldName} = $request[$fieldName];
        if ($fieldName == 'calendar_repeat_limit_date') {
            $task->{$fieldName} = DateTimeField::convertToDBFormat($request[$fieldName]);
        }
    }
    $tm->saveTask($task);
    if (isset(vtlib_purify($request["return_url"]))) {
        $returnUrl = vtlib_purify($request["return_url"]);
    } else {
        $returnUrl = $module->editTaskUrl($task->id);
    }
    ?>
		<script type="text/javascript" charset="utf-8">
			window.location="<?php 
    echo $returnUrl;
    ?>
";
		</script>
		<a href="<?php 
    echo $returnUrl;
    ?>
">Return</a>
		<?php 
}

/**	function used to get the picklist values
 *	@param array $input_array - array which contains the following values
 =>	int $id - customer ie., contact id
	int $sessionid - session id
	string $picklist_name - picklist name you want to retrieve from database
	*	return array $picklist_array - all values of the corresponding picklist will be returned as a array
	*/
function get_picklists($input_array)
{
    $adb = PearDatabase::getInstance();
    $log = vglobal('log');
    $log->debug("Entering customer portal function get_picklists");
    $adb->println("INPUT ARRAY for the function get_picklists");
    $adb->println($input_array);
    //To avoid SQL injection we are type casting as well as bound the id variable
    $id = (int) vtlib_purify($input_array['id']);
    $sessionid = $input_array['sessionid'];
    //To avoid SQL injection.
    $picklist_name = vtlib_purifyForSql($input_array['picklist_name']);
    if (empty($picklist_name)) {
        return null;
    }
    if (!validateSession($id, $sessionid)) {
        return null;
    }
    $picklist_array = array();
    $admin_role = 'H2';
    $userid = getPortalUserid();
    $roleres = $adb->pquery("SELECT roleid from vtiger_user2role where userid = ?", array($userid));
    $RowCount = $adb->num_rows($roleres);
    if ($RowCount > 0) {
        $admin_role = $adb->query_result($roleres, 0, 'roleid');
    }
    $res = $adb->pquery("select vtiger_" . $picklist_name . ".* from vtiger_" . $picklist_name . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $picklist_name . ".picklist_valueid and vtiger_role2picklist.roleid='{$admin_role}'", array());
    for ($i = 0; $i < $adb->num_rows($res); $i++) {
        $picklist_val = $adb->query_result($res, $i, $picklist_name);
        $picklist_array[$i] = $picklist_val;
    }
    $adb->println($picklist_array);
    $log->debug("Exiting customer portal function get_picklists({$picklist_name})");
    return $picklist_array;
}

function vtTaskEdit($adb, $request, $current_language, $app_strings)
{
    global $theme;
    $util = new VTWorkflowUtils();
    $request = vtlib_purify($request);
    // this cleans all values of the array
    $image_path = "themes/{$theme}/images/";
    $module = new VTWorkflowApplication('edittask');
    $mod = return_module_language($current_language, $module->name);
    if (!$util->checkAdminAccess()) {
        $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
        $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
        return;
    }
    $smarty = new vtigerCRM_Smarty();
    $tm = new VTTaskManager($adb);
    $smarty->assign('edit', isset($request["task_id"]));
    if (isset($request["task_id"])) {
        $task = $tm->retrieveTask($request["task_id"]);
        $taskClass = get_class($task);
        $workflowId = $task->workflowId;
    } else {
        $workflowId = $request["workflow_id"];
        $taskClass = vtlib_purifyForSql($request["task_type"]);
        $task = $tm->createTask($taskClass, $workflowId);
    }
    if ($task == null) {
        $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_TASK']);
        $util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_TASK']);
        return;
    }
    $wm = new VTWorkflowManager($adb);
    $workflow = $wm->retrieve($workflowId);
    if ($workflow == null) {
        $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_WORKFLOW']);
        $util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_WORKFLOW']);
        return;
    }
    $smarty->assign("workflow", $workflow);
    $smarty->assign("returnUrl", $request["return_url"]);
    $smarty->assign("task", $task);
    $smarty->assign("taskType", $taskClass);
    $smarty->assign("saveType", $request['save_type']);
    $taskTypeInstance = VTTaskType::getInstanceFromTaskType($taskClass);
    $taskTemplateClass = $tm->retrieveTemplatePath($module->name, $taskTypeInstance);
    $smarty->assign("taskTemplate", $taskTemplateClass);
    $et = VTWSEntityType::usingGlobalCurrentUser($workflow->moduleName);
    $smarty->assign("entityType", $et);
    $smarty->assign('entityName', $workflow->moduleName);
    $smarty->assign("fieldNames", $et->getFieldNames());
    $repeat_date = $task->calendar_repeat_limit_date;
    if (!empty($repeat_date)) {
        $repeat_date = DateTimeField::convertToUserFormat($repeat_date);
    }
    $smarty->assign('REPEAT_DATE', $repeat_date);
    $dateFields = array();
    $fieldTypes = $et->getFieldTypes();
    $fieldLabels = $et->getFieldLabels();
    foreach ($fieldTypes as $name => $type) {
        if ($type->type == 'Date' || $type->type == 'DateTime') {
            $dateFields[$name] = $fieldLabels[$name];
        }
    }
    $smarty->assign('dateFields', $dateFields);
    if ($task->trigger != null) {
        $trigger = $task->trigger;
        $days = $trigger['days'];
        if ($days < 0) {
            $days *= -1;
            $direction = 'before';
        } else {
            $direction = 'after';
        }
        $smarty->assign('trigger', array('days' => $days, 'direction' => $direction, 'field' => $trigger['field']));
    }
    $metaVariables = $task->getMetaVariables();
    $date = new DateTimeField(null);
    $time = substr($date->getDisplayTime(), 0, 5);
    $smarty->assign("META_VARIABLES", $metaVariables);
    $smarty->assign("SYSTEM_TIMEZONE", $db_timezone);
    $smarty->assign("USER_TIME", $task->formatTimeForTimePicker($time));
    $smarty->assign("USER_DATE", $date->getDisplayDate());
    $smarty->assign("MOD", array_merge(return_module_language($current_language, 'Settings'), return_module_language($current_language, 'Calendar'), return_module_language($current_language, $module->name)));
    $smarty->assign("APP", $app_strings);
    $smarty->assign("dateFormat", parse_calendardate($app_strings['NTC_DATE_FORMAT']));
    $smarty->assign("IMAGE_PATH", $image_path);
    $smarty->assign("THEME", $theme);
    $smarty->assign("MODULE_NAME", $module->label);
    $smarty->assign("PAGE_NAME", $mod['LBL_EDIT_TASK']);
    $smarty->assign("PAGE_TITLE", $mod['LBL_EDIT_TASK_TITLE']);
    $users = $group = array();
    $users['user'] = get_user_array();
    $users['group'] = get_group_array();
    $smarty->assign('ASSIGNED_TO', $users);
    $smarty->assign("module", $module);
    $smarty->display("{$module->name}/EditTask.tpl");
}

	/**
	 * Function to validate the input with given pattern.
	 * @param <String> $string
	 * @param <Boolean> $skipEmpty Skip the check if string is empty.
	 * @return <String>
	 * @throws AppException
	 */
	public static function validateStringForSql($string, $skipEmpty=true) {
		if (vtlib_purifyForSql($string, $skipEmpty)) {
			return $string;
		}
		return false;
	}

/**
 * Function returns the id of the User selected by current user in the picklist of the ListView or Calendar view of Current User
 * return String -  Id of the user that the current user has selected
 */
function calendarview_getSelectedUserId()
{
    global $current_user, $default_charset;
    $only_for_user = htmlspecialchars(strip_tags(vtlib_purifyForSql($_REQUEST['onlyforuser'])), ENT_QUOTES, $default_charset);
    if ($only_for_user == '') {
        $only_for_user = $current_user->id;
    }
    return $only_for_user;
}

function AddEmailAttachment($emailid, $filedata, $filename, $filesize, $filetype, $username, $session)
{
    if (!validateSession($username, $session)) {
        return null;
    }
    if (empty($emailid)) {
        return null;
    }
    global $adb;
    require_once 'modules/Users/Users.php';
    require_once 'include/utils/utils.php';
    $filename = vtlib_purifyForSql(sanitizeUploadFileName(str_replace('..', '_', $filename), $upload_badext));
    // Avoid relative file path attacks.
    $date_var = date('Y-m-d H:i:s');
    $seed_user = new Users();
    $user_id = $seed_user->retrieve_user_id($username);
    $crmid = $adb->getUniqueID("vtiger_crmentity");
    $upload_file_path = decideFilePath();
    $handle = fopen($upload_file_path . $crmid . "_" . $filename, "wb");
    fwrite($handle, base64_decode($filedata), $filesize);
    fclose($handle);
    $sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values (?,?,?,?,?,?,?)";
    $params1 = array($crmid, $user_id, $user_id, 'Emails Attachment', ' ', $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
    $entityresult = $adb->pquery($sql1, $params1);
    $filetype = "application/octet-stream";
    if ($entityresult != false) {
        $sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values (?,?,?,?,?)";
        $params2 = array($crmid, $filename, ' ', $filetype, $upload_file_path);
        $result = $adb->pquery($sql2, $params2);
        $sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
        $adb->pquery($sql3, array($emailid, $crmid));
        return $crmid;
    } else {
        //$server->setError("Invalid username and/or password");
        return "";
    }
}