本文整理汇总了PHP中Sanitize::stripScripts方法的典型用法代码示例。如果您正苦于以下问题:PHP Sanitize::stripScripts方法的具体用法?PHP Sanitize::stripScripts怎么用?PHP Sanitize::stripScripts使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Sanitize
的用法示例。
在下文中一共展示了Sanitize::stripScripts方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: writemessage
/**
*
* Write the message ...
* @param $sender_id
*/
function writemessage($redirect = 1)
{
if (!empty($this->data)) {
$this->data["PrivateMessage"]["content"] = Sanitize::stripScripts($this->data["PrivateMessage"]["content"]);
$this->data["PrivateMessage"]["title"] = Sanitize::stripScripts($this->data["PrivateMessage"]["title"]);
$this->data["PrivateMessage"]["member_id"] = $this->Session->read("Member.id");
$this->layout = "ajax";
if ($this->PrivateMessage->writeMessage($this->data)) {
$this->Session->setFlash("Your message has been sent", "flash_success");
$to_id = $this->data["PrivateMessage"]["to_id"];
$this->data["ReceiveMessage"]["private_message_id"] = $this->PrivateMessage->getLastInsertId();
$this->data["ReceiveMessage"]["member_id"] = $to_id;
if ($this->data["ReceiveMessage"]["private_message_id"] != "") {
$this->PrivateMessage->ReceiveMessage->create($this->data);
$this->PrivateMessage->ReceiveMessage->save($this->data);
}
$this->loadModel("Match");
$this->Match->updateMatchStatus($this->Session->read("Member.id"), $to_id, 2);
$this->Session->setFlash("Message has been sent", "flash_success");
if ($redirect) {
$this->redirect("/");
}
} else {
$this->Session->setFlash("Message sending failed", "flash_failed");
$this->render("writemessage_failed", "ajax");
}
}
/*
if ($sender_id!=-1){
$this->layout="ajax";
$sender = $this->PrivateMessage->find("first", array("conditions"=>array("Member.id"=>$sender_id), "recursive"=>0));
$this->set("sender", $sender);
}
*/
}
示例2: parse
/**
* This function takes in a string of markdown formatted text (via POST) and converts it to HTML using the vendor parser
* @param string $content (via $this->data)
*/
public function parse()
{
if (!empty($this->data)) {
$content = $this->data;
$my_html = Sanitize::stripScripts(Markdown($content));
echo $my_html;
}
$this->render(false);
}
示例3: parse
/**
* Parse method
* Split the data across multiple pages
*
* @param string $string String to parse
* @param array $options Valid keys are:
* - highlight_code: whether or not the highlight_string() PHP function must be used for the code
* It generates a messy markup adn can be disabled for users that want "classic" html <code> tags
*/
public function parse($string, $options = array())
{
$_defaults = array('highlight_code' => true);
$options = array_merge($_defaults, $options);
$this->_phpHighlightEnabled = $options['highlight_code'];
$data = explode(self::$pageSeparator, $string);
foreach ($data as &$text) {
$text = Sanitize::stripImages(Sanitize::stripScripts($text));
$text = preg_replace_callback('/<code>(.*?)<\\/code>/s', array($this, '_highlightCode'), $text);
}
return $data;
}
示例4: testStripScripts
/**
* testStripScripts method
*
* @return void
*/
public function testStripScripts()
{
$string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />' . "\n" . '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
$expected = "\n" . '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = '<script type="text/javascript"> alert("hacked!");</script>';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = '<script> alert("hacked!");</script>';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = '<style>#content { display:none; }</style>';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = '<style type="text/css"><!-- #content { display:none; } --></style>';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEquals($expected, $result);
$string = <<<HTML
text
<style type="text/css">
<!--
#content { display:none; }
-->
</style>
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertTextEquals($expected, $result);
$string = <<<HTML
text
<script type="text/javascript">
<!--
alert('wooo');
-->
</script>
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertTextEquals($expected, $result);
}
示例5: stripAll
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @return string sanitized string
* @access public
*/
function stripAll($str)
{
$str = Sanitize::stripWhitespace($str);
$str = Sanitize::stripImages($str);
$str = Sanitize::stripScripts($str);
return $str;
}
示例6: stripAll
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @return string sanitized string
*/
public static function stripAll($str) {
return Sanitize::stripScripts(
Sanitize::stripImages(
Sanitize::stripWhitespace($str)
)
);
}
示例7: _save
function _save()
{
/*******************************************************************
* This method is processed inside an iframe
* To access any of the DOM elements via jQuery it's necessary to prepend
* all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery)
********************************************************************/
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
$parentFrame = 'window.parent';
$validation = '';
$listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0);
$isNew = $this->Listing->isNew = $listing_id == 0 ? true : false;
$this->data['email'] = Sanitize::getString($this->data, 'email');
$this->data['name'] = Sanitize::getString($this->data, 'name');
$this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden');
$cat_id = Sanitize::getVar($this->data['Listing'], 'catid');
$this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id;
/*J16*/
$this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', '');
$this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', '');
if ($this->cmsVersion == CMS_JOOMLA15) {
$this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden');
$this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid');
} else {
$this->data['Listing']['language'] = '*';
$this->data['Listing']['access'] = 1;
}
$category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden'];
# Get criteria info
$criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id =
(SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content")
')));
if (!$criteria) {
$validation = __t("The category selected is invalid.", true, true);
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
$this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id'];
# Override global configuration
isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']);
# Perform access checks
if ($isNew && !$this->Access->canAddListing()) {
return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')");
} elseif (!$isNew) {
$query = "SELECT created_by FROM #__content WHERE id = " . $listing_id;
$this->_db->setQuery($query);
$listing_owner = $this->_db->loadResult();
if (!$this->Access->canEditListing($listing_owner)) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')");
}
}
# Load the notifications observer model component and initialize it.
# Done here so it only loads on save and not for all controlller actions.
$this->components = array('security', 'notifications');
$this->__initComponents();
if ($this->invalidToken == true) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')");
}
# Override configuration
$category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid'])));
$this->Config->override($category['ListingType']['config']);
if ($this->Access->loadWysiwygEditor()) {
$this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext')));
$this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext')));
$this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset());
$this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset());
} else {
$this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', '');
if (isset($this->data['Listing']['fulltext'])) {
$this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', '');
} else {
$this->data['Listing']['fulltext'] = '';
}
}
$this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']);
$this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']);
if ($this->Access->canAddMeta()) {
$this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc');
$this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey');
}
// Title alias handling
$slug = '';
$alias = Sanitize::getString($this->data['Listing'], 'alias');
if ($isNew && $alias == '') {
$slug = S2Router::sefUrlEncode($this->data['Listing']['title']);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
} elseif ($alias != '') {
// Alias filled in so we convert it to a valid alias
$slug = S2Router::sefUrlEncode($alias);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
}
$slug != '' and $this->data['Listing']['alias'] = $slug;
//.........这里部分代码省略.........
示例8: save
function save(&$data, $location = 'listing', $isNew, &$validFields)
{
$msg = '';
$fieldLocation = inflector::camelize($location);
// Check if there are custom fields to save or exit
if (isset($data['Field']) && (!is_array($data['Field'][$fieldLocation]) || count($data['Field'][$fieldLocation]) == 1)) {
return $msg;
}
// Define field types that accept predefined options to store the reference values
$optionsArray = array("select", "selectmultiple", "checkboxes", "radiobuttons");
if (!empty($validFields)) {
foreach ($validFields as $validField) {
$fieldName = $validField['name'];
$inputValue = '';
if (Sanitize::getVar($data['Field'][$fieldLocation], $fieldName, '') != '' || $validField['type'] == 'code' && Sanitize::getVar($data['__raw']['Field'][$fieldLocation], $fieldName, '') != '') {
switch ($validField['type']) {
case 'selectmultiple':
case 'checkboxes':
//Checks for types with options
$multi_options = Sanitize::getVar($data['Field'][$fieldLocation], $fieldName, '');
$inputValue = '*' . implode('*', $multi_options) . '*';
break;
case 'select':
case 'radiobuttons':
//Checks for types with options
$inputValue = '*' . Sanitize::getString($data['Field'][$fieldLocation], $fieldName) . '*';
break;
case 'code':
// Affiliate code left unfiltered
$inputValue = Sanitize::getString($data['__raw']['Field'][$fieldLocation], $fieldName, '');
break;
case 'decimal':
$inputValue = Sanitize::getFloat($data['Field'][$fieldLocation], $fieldName);
break;
case 'integer':
$inputValue = Sanitize::getInt($data['Field'][$fieldLocation], $fieldName);
break;
case 'date':
if (Sanitize::getString($data['Field'][$fieldLocation], $fieldName) != '' && Sanitize::getString($data['Field'][$fieldLocation], $fieldName) != null) {
$inputValue = strftime(_CURRENT_SERVER_TIME_FORMAT, strtotime(Sanitize::getString($data['Field'][$fieldLocation], $fieldName)));
} else {
$inputValue = '';
}
break;
case 'textarea':
case 'text':
if (isset($validField['_params']['allow_html']) && $validField['_params']['allow_html'] == 1) {
$inputValue = Sanitize::stripScripts(Sanitize::getVar($data['__raw']['Field'][$fieldLocation], $fieldName));
$inputValue = stripslashes($inputValue);
} else {
$inputValue = Sanitize::getString($data['Field'][$fieldLocation], $fieldName, '');
}
break;
case 'website':
case 'email':
$inputValue = Sanitize::stripScripts(Sanitize::getVar($data['Field'][$fieldLocation], $fieldName));
break;
default:
$inputValue = Sanitize::getVar($data['Field'][$fieldLocation], $fieldName);
break;
}
# Modify form post arrays to current values
if ($inputValue === '' || $inputValue === '**') {
$inputValue = '';
}
$data['Field'][$fieldLocation][$fieldName] = $inputValue;
} else {
// To clear multiple choice fields
switch ($validField['type']) {
case 'decimal':
case 'integer':
$data['Field'][$fieldLocation][$fieldName] = null;
break;
default:
$data['Field'][$fieldLocation][$fieldName] = '';
break;
}
}
// Debug custom fields array
$msg .= "{$validField['name']}=>{$inputValue}" . "<br />";
}
}
# Need to check if jreviews_content or jreviews_reviews record exists to decide whether to insert or update the table
if ($location == 'review') {
App::import('Model', 'jreviews_review_field', 'jreviews');
$JreviewsReviewFieldModel = new JreviewsReviewFieldModel();
$recordExists = $JreviewsReviewFieldModel->findCount(array('conditions' => array('JreviewsReviewField.reviewid= ' . $data['Field']['Review']['reviewid'])));
} else {
App::import('Model', 'jreviews_content', 'jreviews');
$JreviewsContentModel = new JreviewsContentModel();
$recordExists = $JreviewsContentModel->findCount(array('conditions' => array('JreviewsContent.contentid = ' . $data['Listing']['id'])));
}
$dbAction = $recordExists ? 'update' : 'insert';
if ($location == 'review') {
$this->{$dbAction}('#__jreviews_review_fields', $fieldLocation, $data['Field'], 'reviewid');
} else {
if (Configure::read('PaidListings.enabled') && Sanitize::getInt($data, 'paid_category')) {
# PaidListings integration - saves all fields to jreviews_paid_listing_fields table and removes unpaid fields from jreviews_content table
$PaidListingField = RegisterClass::getInstance('PaidListingFieldModel');
$PaidListingField->save($data);
//.........这里部分代码省略.........
示例9: stripAll
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @access public
*/
function stripAll($var, $key, $default = null)
{
$str = Sanitize::getVar($var, $key, $default);
if ($str) {
// $str = Sanitize::stripWhitespace($str); // This one removes line breaks \n
$str = Sanitize::stripImages($str);
$str = Sanitize::stripScripts($str);
$str = stripslashes($str);
}
return $str;
}