本文整理汇总了PHP中CRM_Utils_Rule::xssString方法的典型用法代码示例。如果您正苦于以下问题:PHP CRM_Utils_Rule::xssString方法的具体用法?PHP CRM_Utils_Rule::xssString怎么用?PHP CRM_Utils_Rule::xssString使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类CRM_Utils_Rule的用法示例。
在下文中一共展示了CRM_Utils_Rule::xssString方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: civicrm_api3_generic_setValue
/**
* params must contain at least id=xx & {one of the fields from getfields}=value
*/
function civicrm_api3_generic_setValue($apiRequest)
{
$entity = $apiRequest['entity'];
$params = $apiRequest['params'];
// we can't use _spec, doesn't work with generic
civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value'));
$id = $params['id'];
if (!is_numeric($id)) {
return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id"));
}
$field = CRM_Utils_String::munge($params['field']);
$value = $params['value'];
$fields = civicrm_api($entity, 'getFields', array("version" => 3, "sequential"));
// getfields error, shouldn't happen.
if ($fields['is_error']) {
return $fields;
}
$fields = $fields['values'];
if (!array_key_exists($field, $fields)) {
return civicrm_api3_create_error("Param 'field' ({$field}) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
}
$def = $fields[$field];
if (array_key_exists('required', $def) && empty($value)) {
return civicrm_api3_create_error(ts("This can't be empty, please provide a value"), array("error_code" => "required", "field" => $field));
}
switch ($def['type']) {
case 1:
//int
if (!is_numeric($value)) {
return civicrm_api3_create_error("Param '{$field}' must be a number", array('error_code' => 'NaN'));
}
case 2:
//string
require_once "CRM/Utils/Rule.php";
if (!CRM_Utils_Rule::xssString($value)) {
return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
}
if (array_key_exists('maxlength', $def)) {
$value = substr($value, 0, $def['maxlength']);
}
break;
case 16:
//boolean
$value = (bool) $value;
break;
case 4:
//date
//date
default:
return civicrm_api3_create_error("Param '{$field}' is of a type not managed yet. Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
}
if (CRM_Core_DAO::setFieldValue(_civicrm_api3_get_DAO($entity), $id, $field, $value)) {
$entity = array('id' => $id, $field => $value);
CRM_Utils_Hook::post('edit', $entity, $id, $entity);
return civicrm_api3_create_success($entity);
} else {
return civicrm_api3_create_error("error assigning {$field}={$value} for {$entity} (id={$id})");
}
}示例2: _civicrm_api3_validate_string
/**
* Validate string fields being passed into API.
*
* @param array $params
* Params from civicrm_api.
* @param string $fieldName
* Uniquename of field being checked.
* @param array $fieldInfo
* Array of fields from getfields function.
* @param string $entity
*
* @throws API_Exception
* @throws Exception
*/
function _civicrm_api3_validate_string(&$params, &$fieldName, &$fieldInfo, $entity)
{
list($fieldValue, $op) = _civicrm_api3_field_value_check($params, $fieldName);
if (strpos($op, 'NULL') !== FALSE || strpos($op, 'EMPTY') !== FALSE || CRM_Utils_System::isNull($fieldValue)) {
return;
}
if (!is_array($fieldValue)) {
$fieldValue = (string) $fieldValue;
} else {
//@todo what do we do about passed in arrays. For many of these fields
// the missing piece of functionality is separating them to a separated string
// & many save incorrectly. But can we change them wholesale?
}
if ($fieldValue) {
foreach ((array) $fieldValue as $value) {
if (!CRM_Utils_Rule::xssString($fieldValue)) {
throw new Exception('Input contains illegal SCRIPT tag.');
}
if ($fieldName == 'currency') {
//When using IN operator $fieldValue is a array of currency codes
if (!CRM_Utils_Rule::currencyCode($value)) {
throw new Exception("Currency not a valid code: {$currency}");
}
}
}
}
if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) {
_civicrm_api3_api_match_pseudoconstant($fieldValue, $entity, $fieldName, $fieldInfo);
} elseif (is_string($fieldValue) && !empty($fieldInfo['maxlength']) && strlen(utf8_decode($fieldValue)) > $fieldInfo['maxlength']) {
throw new API_Exception("Value for {$fieldName} is " . strlen(utf8_decode($value)) . " characters - This field has a maxlength of {$fieldInfo['maxlength']} characters.", 2100, array('field' => $fieldName));
}
if (!empty($op)) {
$params[$fieldName][$op] = $fieldValue;
} else {
$params[$fieldName] = $fieldValue;
}
}示例3: civicrm_api3_generic_setValue
/**
* params must contain at least id=xx & {one of the fields from getfields}=value
*/
function civicrm_api3_generic_setValue($apiRequest)
{
$entity = $apiRequest['entity'];
$params = $apiRequest['params'];
// we can't use _spec, doesn't work with generic
civicrm_api3_verify_mandatory($params, NULL, array('id', 'field', 'value'));
$id = $params['id'];
if (!is_numeric($id)) {
return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id"));
}
$field = CRM_Utils_String::munge($params['field']);
$value = $params['value'];
$fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential"));
// getfields error, shouldn't happen.
if ($fields['is_error']) {
return $fields;
}
$fields = $fields['values'];
if (!array_key_exists($field, $fields)) {
return civicrm_api3_create_error("Param 'field' ({$field}) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
}
$def = $fields[$field];
// Disallow empty values except for the number zero.
// TODO: create a utility for this since it's needed in many places
// if (array_key_exists('required', $def) && CRM_Utils_System::isNull($value)) {
if (array_key_exists('required', $def) && empty($value) && $value !== '0' && $value !== 0) {
return civicrm_api3_create_error(ts("This can't be empty, please provide a value"), array("error_code" => "required", "field" => $field));
}
switch ($def['type']) {
case CRM_Utils_Type::T_INT:
if (!is_numeric($value)) {
return civicrm_api3_create_error("Param '{$field}' must be a number", array('error_code' => 'NaN'));
}
case CRM_Utils_Type::T_STRING:
case CRM_Utils_Type::T_TEXT:
if (!CRM_Utils_Rule::xssString($value)) {
return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
}
if (array_key_exists('maxlength', $def)) {
$value = substr($value, 0, $def['maxlength']);
}
break;
case CRM_Utils_Type::T_DATE:
$value = CRM_Utils_Type::escape($value, "Date", false);
if (!$value) {
return civicrm_api3_create_error("Param '{$field}' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
}
break;
case CRM_Utils_Type::T_BOOLEAN:
$value = (bool) $value;
break;
default:
return civicrm_api3_create_error("Param '{$field}' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
}
$dao_name = _civicrm_api3_get_DAO($entity);
if (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $value)) {
$params = array('id' => $id, $field => $value);
$entityDAO = new $dao_name();
$entityDAO->copyValues($params);
CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
return civicrm_api3_create_success($params);
} else {
return civicrm_api3_create_error("error assigning {$field}={$value} for {$entity} (id={$id})");
}
}示例4: _civicrm_api3_validate_string
function _civicrm_api3_validate_string(&$params, &$fieldname, &$fieldInfo)
{
// If fieldname exists in params
if ($value = CRM_Utils_Array::value($fieldname, $params)) {
if (!CRM_Utils_Rule::xssString($value)) {
throw new Exception('Illegal characters in input (potential scripting attack)');
}
if ($fieldname == 'currency') {
if (!CRM_Utils_Rule::currencyCode($value)) {
throw new Exception("Currency not a valid code: {$value}");
}
}
if (CRM_Utils_Array::value('pseudoconstant', $fieldInfo) && !CRM_Utils_Array::value('FKClassName', $fieldInfo)) {
// Validate & swap out any pseudoconstants
$constant = $fieldInfo['options'];
if (!$constant && ($enum = CRM_Utils_Array::value('enumValues', $fieldInfo))) {
$constant = explode(',', $enum);
}
// If value passed is not a key, it may be a label
// Try to lookup key from label - if it can't be found throw error
if (!isset($constant[$value])) {
if (!($key = array_search($value, $constant))) {
throw new Exception("{$fieldname} `{$value}` is not valid.");
} else {
$value = $key;
}
}
} elseif (is_string($value) && !empty($fieldInfo['maxlength']) && strlen($value) > $fieldInfo['maxlength']) {
throw new API_Exception("Value for {$fieldname} is " . strlen($value) . " characters - This field has a maxlength of {$fieldInfo['maxlength']} characters.", 2100, array('field' => $fieldname));
}
}
}示例5: civicrm_api3_generic_setValue
/**
* Set a single value using the api.
*
* This function is called when no specific setvalue api exists.
* Params must contain at least id=xx & {one of the fields from getfields}=value
*
* @param array $apiRequest
*
* @throws API_Exception
* @return array
*/
function civicrm_api3_generic_setValue($apiRequest)
{
$entity = $apiRequest['entity'];
$params = $apiRequest['params'];
$id = $params['id'];
if (!is_numeric($id)) {
return civicrm_api3_create_error(ts('Please enter a number'), array('error_code' => 'NaN', 'field' => "id"));
}
$field = CRM_Utils_String::munge($params['field']);
$value = $params['value'];
$fields = civicrm_api($entity, 'getFields', array('version' => 3, 'action' => 'create', "sequential"));
// getfields error, shouldn't happen.
if ($fields['is_error']) {
return $fields;
}
$fields = $fields['values'];
$isCustom = strpos($field, 'custom_') === 0;
// Trim off the id portion of a multivalued custom field name
$fieldKey = $isCustom && substr_count($field, '_') > 1 ? rtrim(rtrim($field, '1234567890'), '_') : $field;
if (!array_key_exists($fieldKey, $fields)) {
return civicrm_api3_create_error("Param 'field' ({$field}) is invalid. must be an existing field", array("error_code" => "invalid_field", "fields" => array_keys($fields)));
}
$def = $fields[$fieldKey];
$title = CRM_Utils_Array::value('title', $def, ts('Field'));
// Disallow empty values except for the number zero.
// TODO: create a utility for this since it's needed in many places
if (!empty($def['required']) || !empty($def['is_required'])) {
if ((empty($value) || $value === 'null') && $value !== '0' && $value !== 0) {
return civicrm_api3_create_error(ts('%1 is a required field.', array(1 => $title)), array("error_code" => "required", "field" => $field));
}
}
switch ($def['type']) {
case CRM_Utils_Type::T_FLOAT:
if (!is_numeric($value) && !empty($value) && $value !== 'null') {
return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
}
break;
case CRM_Utils_Type::T_INT:
if (!CRM_Utils_Rule::integer($value) && !empty($value) && $value !== 'null') {
return civicrm_api3_create_error(ts('%1 must be a number.', array(1 => $title)), array('error_code' => 'NaN'));
}
break;
case CRM_Utils_Type::T_STRING:
case CRM_Utils_Type::T_TEXT:
if (!CRM_Utils_Rule::xssString($value)) {
return civicrm_api3_create_error(ts('Illegal characters in input (potential scripting attack)'), array('error_code' => 'XSS'));
}
if (array_key_exists('maxlength', $def)) {
$value = substr($value, 0, $def['maxlength']);
}
break;
case CRM_Utils_Type::T_DATE:
$value = CRM_Utils_Type::escape($value, "Date", FALSE);
if (!$value) {
return civicrm_api3_create_error("Param '{$field}' is not a date. format YYYYMMDD or YYYYMMDDHHMMSS");
}
break;
case CRM_Utils_Type::T_BOOLEAN:
// Allow empty value for non-required fields
if ($value === '' || $value === 'null') {
$value = '';
} else {
$value = (bool) $value;
}
break;
default:
return civicrm_api3_create_error("Param '{$field}' is of a type not managed yet (" . $def['type'] . "). Join the API team and help us implement it", array('error_code' => 'NOT_IMPLEMENTED'));
}
$dao_name = _civicrm_api3_get_DAO($entity);
$params = array('id' => $id, $field => $value);
if ((!empty($def['pseudoconstant']) || !empty($def['option_group_id'])) && $value !== '' && $value !== 'null') {
_civicrm_api3_api_match_pseudoconstant($params[$field], $entity, $field, $def);
}
CRM_Utils_Hook::pre('edit', $entity, $id, $params);
// Custom fields
if ($isCustom) {
CRM_Utils_Array::crmReplaceKey($params, 'id', 'entityID');
// Treat 'null' as empty value. This is awful but the rest of the code supports it.
if ($params[$field] === 'null') {
$params[$field] = '';
}
CRM_Core_BAO_CustomValueTable::setValues($params);
CRM_Utils_Hook::post('edit', $entity, $id, CRM_Core_DAO::$_nullObject);
} elseif (CRM_Core_DAO::setFieldValue($dao_name, $id, $field, $params[$field])) {
$entityDAO = new $dao_name();
$entityDAO->copyValues($params);
CRM_Utils_Hook::post('edit', $entity, $entityDAO->id, $entityDAO);
} else {
return civicrm_api3_create_error("error assigning {$field}={$value} for {$entity} (id={$id})");
//.........这里部分代码省略.........
示例6: _civicrm_api3_validate_string
/**
* Validate string fields being passed into API.
* @param array $params params from civicrm_api
* @param string $fieldName uniquename of field being checked
* @param array $fieldInfo array of fields from getfields function
* @param string $entity
* @throws API_Exception
* @throws Exception
*/
function _civicrm_api3_validate_string(&$params, &$fieldName, &$fieldInfo, $entity)
{
// If fieldname exists in params
$value = CRM_Utils_Array::value($fieldName, $params, '');
if (!is_array($value)) {
$value = (string) $value;
} else {
//@todo what do we do about passed in arrays. For many of these fields
// the missing piece of functionality is separating them to a separated string
// & many save incorrectly. But can we change them wholesale?
}
if ($value) {
if (!CRM_Utils_Rule::xssString($value)) {
throw new Exception('Illegal characters in input (potential scripting attack)');
}
if ($fieldName == 'currency') {
if (!CRM_Utils_Rule::currencyCode($value)) {
throw new Exception("Currency not a valid code: {$value}");
}
}
if (!empty($fieldInfo['pseudoconstant']) || !empty($fieldInfo['options'])) {
_civicrm_api3_api_match_pseudoconstant($params, $entity, $fieldName, $fieldInfo);
} elseif (is_string($value) && !empty($fieldInfo['maxlength']) && strlen(utf8_decode($value)) > $fieldInfo['maxlength']) {
throw new API_Exception("Value for {$fieldName} is " . strlen(utf8_decode($value)) . " characters - This field has a maxlength of {$fieldInfo['maxlength']} characters.", 2100, array('field' => $fieldName));
}
}
}