当前位置: 首页>>代码示例>>PHP>>正文


PHP sensitiveIO::sanitizeSQLString方法代码示例

本文整理汇总了PHP中sensitiveIO::sanitizeSQLString方法的典型用法代码示例。如果您正苦于以下问题:PHP sensitiveIO::sanitizeSQLString方法的具体用法?PHP sensitiveIO::sanitizeSQLString怎么用?PHP sensitiveIO::sanitizeSQLString使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在sensitiveIO的用法示例。


在下文中一共展示了sensitiveIO::sanitizeSQLString方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: getByEmail

    /**
     * Get array of contacts data by Email
     *
     * @param string $data
     * @return array of CMS_profile_user
     * @access public
     */
    static function getByEmail($data)
    {
        if (!SensitiveIO::isValidEmail($data)) {
            CMS_grandFather::raiseError('$data must be a valid email : ' . $data);
            return array();
        }
        $aUsers = array();
        //create the request to look for the data
        $sql = 'select `id_cd` 
			from `contactDatas`
			where `email_cd` = "' . sensitiveIO::sanitizeSQLString($data) . '"';
        //launching the request
        $q = new CMS_query($sql);
        //checking if ok and looping on results
        if (!$q->hasError()) {
            while (($oTmpUserId = $q->getValue("id_cd")) !== false) {
                //creating the user and filling the data
                $oTmpUser = CMS_profile_usersCatalog::getByID($oTmpUserId);
                if (!$oTmpUser->hasError()) {
                    $oTmpUser->getContactData();
                    if (!$oTmpUser->hasError()) {
                        $aUsers[] = $oTmpUser;
                    }
                }
            }
            unset($oTmpUser, $oTmpUserId);
        }
        return $aUsers;
    }
开发者ID:davidmottet,项目名称:automne,代码行数:36,代码来源:contactdatascatalog.php

示例2: setParameters

 /**
  * Set the script informations.
  *
  * @return boolean true on success, false on failure
  * @access public
  */
 function setParameters($module, $parameters)
 {
     if (!$this->_scriptName) {
         return false;
     }
     $sql = "\n\t\t\tupdate\n\t\t\t\tscriptsStatuses\n\t\t\tset\n\t\t\t\tmodule_ss='" . sensitiveIO::sanitizeSQLString($module) . "',\n\t\t\t\tparameters_ss='" . sensitiveIO::sanitizeSQLString($parameters) . "'\n\t\t\twhere\n\t\t\t\tscriptName_ss='" . $this->_scriptName . "'";
     $q = new CMS_query($sql);
     return true;
 }
开发者ID:davidmottet,项目名称:automne,代码行数:15,代码来源:processmanager.php

示例3: exists

 /**
  * Check if website currently exists
  * Static function.
  *
  * @param integer $id The DB ID of the CMS_website to check
  * @return boolean
  * @access public
  */
 static function exists($id)
 {
     static $websites;
     if (!isset($websites[$id])) {
         $websites[$id] = false;
         $sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_web\n\t\t\t\tfrom\n\t\t\t\t\twebsites\n\t\t\t\twhere\n\t\t\t\t\tid_web = " . sensitiveIO::sanitizeSQLString($id) . "\n\t\t\t";
         $q = new CMS_query($sql);
         if ($q->getNumRows()) {
             $websites[$id] = true;
         }
     }
     return $websites[$id];
 }
开发者ID:davidmottet,项目名称:automne,代码行数:21,代码来源:websitescatalog.php

示例4: getSearch

 /**
  * Get the search.
  *
  * @param integer $searchType : the type of the search (see constants)
  * @return array of CMS_page the result pages
  * @access public
  */
 function getSearch($keywords, $user, $public = false, $withPageContent = false)
 {
     if (is_a($user, 'CMS_profile_user')) {
         $cms_language = $user->getLanguage();
     } else {
         $cms_language = new CMS_language('fr');
     }
     $results = array();
     $count = 0;
     /*$messages = array();
     		$message = '';*/
     $where = $order = '';
     $foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array();
     // Clean keywords
     $keywords = SensitiveIO::sanitizeSQLString($keywords);
     $keywords = strtr($keywords, ",;", "  ");
     $blocks = array();
     $blocks = array_map("trim", array_unique(explode(" ", $keywords)));
     $cleanedBlocks = array();
     foreach ($blocks as $block) {
         if ($block !== '' || sensitiveIO::isPositiveInteger($block)) {
             $block = str_replace(array('%', '_'), array('\\%', '\\_'), $block);
             $cleanedBlocks[] = $block;
         }
     }
     // Separate block codes
     if ($cleanedBlocks) {
         $allDatas = array();
         $allCodes = CMS_search::getAllCodes();
         foreach ($allCodes as $code) {
             $datas = array();
             foreach (array_keys($cleanedBlocks) as $key) {
                 if (strstr($cleanedBlocks[$key], $code . ':')) {
                     $datas[] = $cleanedBlocks[$key];
                     unset($cleanedBlocks[$key]);
                 }
             }
             if ($datas) {
                 $allDatas[$code] = $datas;
             }
         }
         $allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks;
         // Get IDs from all specific codes
         $foundIDs = array();
         $allLinksNumber = 0;
         foreach ($allCodes as $code) {
             switch ($code) {
                 case self::SEARCH_TYPE_LINKTO:
                     if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) {
                         $foundLinkToIDs = array();
                         $where = '';
                         $count = 0;
                         foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $where .= $count ? ' or ' : '';
                                 $count++;
                                 $where .= " start_lre = '" . $tabValues[1] . "' ";
                             }
                         }
                         if ($where) {
                             $select = ' stop_lre ';
                             $from = 'linx_real_public';
                             $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
                             $q = new CMS_query($sql);
                             $arr = array();
                             while ($arr = $q->getArray()) {
                                 $foundLinkToIDs[] = $arr["stop_lre"];
                             }
                             // Count links number
                             $allLinksNumber += count($foundLinkToIDs);
                             $where = $select = '';
                         }
                     }
                     break;
                 case self::SEARCH_TYPE_LINKFROM:
                     if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) {
                         $foundLinkFromIDs = array();
                         $where = '';
                         $count = 0;
                         /*$messagesIDs = array();*/
                         foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $where .= $count ? ' or ' : '';
                                 $count++;
                                 $where .= " stop_lre = '" . $tabValues[1] . "' ";
                             }
                         }
                         if ($where) {
                             $select = ' start_lre ';
                             $from = 'linx_real_public';
                             $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
//.........这里部分代码省略.........
开发者ID:davidmottet,项目名称:automne,代码行数:101,代码来源:search.php

示例5: searchMessages

 /**
  * Search messages
  * Static function.
  *
  * @param string module : module to search messages
  * @param string search : search message by value
  * @param array languagesOnly : limit search to given languages codes
  * @param array options : search options
  * @param string direction : search is ordered by results id. Specify order direction (asc or desc). Default : asc
  * @param integer start : search start offset
  * @param integer limit : search limit (default : 0 : unlimited)
  * @param integer resultsnb : return results count by reference
  * @return array(id => msg)
  * @access public
  */
 static function searchMessages($module, $search = '', $languagesOnly = array(), $options = array(), $direction = 'asc', $start = 0, $limit = 0, &$resultsnb)
 {
     $start = (int) $start;
     $limit = (int) $limit;
     $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
     $emptyOnly = $idsOnly = false;
     if (is_array($options)) {
         $emptyOnly = isset($options['empty']) && $options['empty'] ? true : false;
         $idsOnly = isset($options['ids']) && is_array($options['ids']) ? $options['ids'] : false;
     }
     $keywordsWhere = $languagesWhere = $emptyWhere = $orderBy = $orderClause = $idsWhere = '';
     //get ids for which one message is missing
     if ($emptyOnly) {
         $qLanguages = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct language_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
         $qIds = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct id_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
         $allIds = $qIds->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
         $missingIds = array();
         while ($language = $qLanguages->getValue('language_mes')) {
             $qLang = new CMS_query("\n\t\t\t\t\tselect \n\t\t\t\t\t\tdistinct id_mes\n\t\t\t\t\tfrom \n\t\t\t\t\t\tmessages\n\t\t\t\t\twhere\n\t\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\t\t\tand language_mes='" . $language . "'\n\t\t\t\t\t\tand message_mes != ''\n\t\t\t\t");
             $ids = $qLang->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
             $missingIds = array_merge($missingIds, array_diff($allIds, $ids));
         }
         if (!$missingIds) {
             $resultsnb = 0;
             return array();
         }
         $emptyWhere = ' and id_mes in (' . implode($missingIds, ',') . ')';
     }
     if ($idsOnly) {
         $idsWhere = ' and id_mes in (' . io::sanitizeSQLString(implode($idsOnly, ',')) . ')';
     }
     if ($search) {
         //clean user keywords (never trust user input, user is evil)
         $search = strtr($search, ",;", "  ");
         if (isset($options['phrase']) && $options['phrase']) {
             $search = str_replace(array('%', '_'), array('\\%', '\\_'), $search);
             if (htmlentities($search) != $search) {
                 $keywordsWhere .= " and (\n\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($search)) . "%'\n\t\t\t\t\t)";
             } else {
                 $keywordsWhere .= " and message_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%'";
             }
         } else {
             $words = array();
             $words = array_map("trim", array_unique(explode(" ", io::strtolower($search))));
             $cleanedWords = array();
             foreach ($words as $aWord) {
                 if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                     $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                     $cleanedWords[] = $aWord;
                 }
             }
             if (!$cleanedWords) {
                 //if no words after cleaning, return
                 return array();
             }
             foreach ($cleanedWords as $cleanedWord) {
                 $keywordsWhere .= $keywordsWhere ? " and " : '';
                 if (htmlentities($aWord) != $aWord) {
                     $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($cleanedWord)) . "%'\n\t\t\t\t\t\t)";
                 } else {
                     $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\t)";
                 }
             }
             $keywordsWhere = ' and (' . $keywordsWhere . ')';
         }
     }
     if (is_array($languagesOnly) && $languagesOnly) {
         $languagesWhere = ' and language_mes in (\'' . implode($languagesOnly, '\',\'') . '\')';
     }
     $orderClause = "order by\n\t\t\tid_mes\n\t\t\t" . $direction;
     $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $languagesWhere . "\n\t\t\t" . $emptyWhere . "\n\t\t\t" . $idsWhere . "\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         $resultsnb = 0;
         return array();
     }
     $messageIds = array();
     $messageIds = $q->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
     $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id,\n\t\t\t\tmodule_mes as module,\n\t\t\t\tlanguage_mes as language,\n\t\t\t\tmessage_mes as message\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\tand id_mes in (" . implode($messageIds, ',') . ")\n\t\t\t\t" . $orderClause . "\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         $resultsnb = 0;
         return array();
     }
     $messageGroups = array();
//.........这里部分代码省略.........
开发者ID:davidmottet,项目名称:automne,代码行数:101,代码来源:languagescatalog.php

示例6: addWhereCondition

 /**
  * Builds where statement with a key and its value
  * The key can be a known string, this class will create statements in consequence
  * or it can be a field id
  *
  * @access public
  * @param string $key name of statement to set
  * @param string $value , the value to give
  * @param string $operator, additional optional search operator
  * @return void or false if an error occured
  */
 function addWhereCondition($type, $value, $operator = false)
 {
     if (!$type || !$value && !$operator) {
         return;
     }
     //clean value
     if (!is_object($value) && !is_array($value)) {
         $value = sensitiveIO::sanitizeSQLString($value);
     } elseif (is_array($value)) {
         $value = array_map(array('sensitiveIO', 'sanitizeSQLString'), $value);
     }
     $operator = $operator ? io::decodeEntities($operator) : false;
     $statusSuffix = $this->_public ? "_public" : "_edited";
     switch ($type) {
         case "object":
             if ($value && !is_a($value, 'CMS_poly_object_definition')) {
                 $this->raiseError('Value must be a valid CMS_poly_object_definition.');
                 return false;
             }
             $this->_object = $value;
             $this->_whereConditions['object'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "item":
             if (!sensitiveIO::isPositiveInteger($value)) {
                 $this->raiseError("Value must be a positive Integer.");
                 return false;
             }
             $this->_whereConditions['item'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "items":
             if (!$value) {
                 $this->raiseError('Value must be a populated array.');
                 return false;
             }
             $this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
             break;
         case 'archives':
             if ($this->_public && $this->_object->isPrimaryResource() && ($value == 1 || $value == 'true' || $value == true)) {
                 unset($this->_whereConditions['publication date before']);
                 unset($this->_whereConditions['publication date end']);
             }
             break;
         case "itemsOrdered":
             if (!$value) {
                 $this->raiseError('Value must be a populated array.');
                 return false;
             }
             $this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
             $this->_orderConditions['itemsOrdered']['order'] = $value;
             break;
         case "profile":
             if (!is_a($value, 'CMS_profile_user')) {
                 $this->raiseError('Value must be a valid CMS_profile_user.');
                 return false;
             }
             $this->_whereConditions['profile'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "category":
             //this search type is deprecated, keep it for compatibility but now it is replaced by direct field id access
             //get field of categories for searched object type (assume it uses categories)
             $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId());
             $this->_whereConditions[$categoriesFields[0]][] = array('value' => $value, 'operator' => $operator);
             break;
         case "keywords":
             if ($value) {
                 $this->_whereConditions['keywords'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date after":
             // Date start
             if ($this->_object->isPrimaryResource()) {
                 if (!is_a($value, 'CMS_date')) {
                     $this->raiseError('Value must be a valid CMS_date.');
                     return false;
                 }
                 $this->_whereConditions['publication date after'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date before":
             // Date End
             if ($this->_object->isPrimaryResource()) {
                 if (!is_a($value, 'CMS_date')) {
                     $this->raiseError('Value must be a valid CMS_date.');
                     return false;
                 }
                 $this->_whereConditions['publication date before'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date end":
//.........这里部分代码省略.........
开发者ID:davidmottet,项目名称:automne,代码行数:101,代码来源:object_search.php

示例7: runQueuedScripts

 /**
  * Run queued scripts.
  * This method is used when background scripts are not used.
  * It process a number of scripts defined by REGENERATION_THREADS constant
  *
  * @return void
  * @access public
  * @static
  */
 static function runQueuedScripts()
 {
     //the sql which selects scripts to regenerate at a time
     $sql_select = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tregenerator\n\t\t\tlimit\n\t\t\t\t" . sensitiveIO::sanitizeSQLString(REGENERATION_THREADS) . "\n\t\t";
     $q = new CMS_query($sql_select);
     $modules = array();
     while ($data = $q->getArray()) {
         //instanciate script module
         if (!isset($modules[$data['module_reg']])) {
             $modules[$data['module_reg']] = CMS_modulesCatalog::getByCodename($data['module_reg']);
         }
         //then send script task to module (return task title by reference)
         $task = $modules[$data['module_reg']]->scriptTask(unserialize($data['parameters_reg']));
         //delete the current script task
         $sql_delete = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tregenerator\n\t\t\t\twhere\n\t\t\t\t\tid_reg='" . $data['id_reg'] . "'";
         $q_delete = new CMS_query($sql_delete);
     }
 }
开发者ID:davidmottet,项目名称:automne,代码行数:27,代码来源:scriptsmanager.php

示例8: isPolymod

 /**
  * Is given module is a poly module ?
  *
  * @param string $codename the codename of the module to check
  * @return boolean true if yes, false otherwise
  * @access public
  */
 static function isPolymod($codename)
 {
     $sql = "select\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmodules\n\t\t\t\twhere\n\t\t\t\t\tcodename_mod='" . sensitiveIO::sanitizeSQLString($codename) . "'\n\t\t\t\t\tand isPolymod_mod='1'\n\t\t\t\t";
     $q = new CMS_query($sql);
     return $q->getNumRows() ? true : false;
 }
开发者ID:davidmottet,项目名称:automne,代码行数:13,代码来源:modulescatalog.php

示例9: getByResourceAction

 /**
  * Get by resource
  *
  * @param CMS_
  * @return array(CMS_log)
  * @access public
  */
 static function getByResourceAction($moduleCodename, $resourceId, $action, $limit = false)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tlog\n\t\t\twhere\n\t\t\t\tmodule_log='" . sensitiveIO::sanitizeSQLString($moduleCodename) . "'\n\t\t\t\tand resource_log='" . sensitiveIO::sanitizeSQLString($resourceId) . "'";
     if (is_array($action)) {
         $sql .= " and action_log in (" . sensitiveIO::sanitizeSQLString(implode(',', $action)) . ")";
     } else {
         $sql .= " and action_log='" . sensitiveIO::sanitizeSQLString($action) . "'";
     }
     $sql .= "\n\t\t\torder by\n\t\t\t\tdatetime_log desc\n\t\t";
     if ($limit && sensitiveIO::isPositiveInteger($limit)) {
         $sql .= " limit 0, " . $limit;
     }
     $logs = array();
     $q = new CMS_query($sql);
     if ($q->getNumRows()) {
         $users = array();
         while ($r = $q->getArray()) {
             if (!isset($users[$r["user_log"]])) {
                 $users[$r["user_log"]] = CMS_profile_usersCatalog::getByID($r["user_log"]);
             }
             $lg = new CMS_log($r, $users[$r["user_log"]]);
             if (!$lg->hasError()) {
                 $logs[] = $lg;
             }
         }
     }
     return $logs;
 }
开发者ID:davidmottet,项目名称:automne,代码行数:35,代码来源:logcatalog.php

示例10: search

 /**
  * Search users
  * Static function.
  *
  * @param string search : search user by lastname, firstname or login
  * @param string letter : search user by first lastname letter
  * @param integer group : search user by group ID
  * @param string order : order by fieldname (without suffix). default : lastname, firstname
  * @param integer start : search start offset
  * @param integer limit : search limit (default : 0 : unlimited)
  * @param boolean activeOnly : return only active users (default : false)
  * @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
  * @return array(CMS_profile_user)
  * @access public
  */
 static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
 {
     $start = (int) $start;
     $limit = (int) $limit;
     $group = (int) $group;
     $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
     $keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
     $select = 'id_pru';
     if (io::strpos($search, ':noroot:') !== false) {
         $idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
         $search = trim(str_replace(':noroot:', '', $search));
     }
     if (io::substr($search, 0, 5) == 'user:' && sensitiveIO::isPositiveInteger(io::substr($search, 5))) {
         $idWhere = " and id_pru = '" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
         $search = '';
     }
     if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
         $group = io::substr($search, 6);
         $search = '';
     }
     if ($search) {
         //clean user keywords (never trust user input, user is evil)
         $keyword = strtr($search, ",;", "  ");
         $words = array();
         $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
         $cleanedWords = array();
         foreach ($words as $aWord) {
             if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                 $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                 if (htmlentities($aWord) != $aWord) {
                     $cleanedWords[] = htmlentities($aWord);
                 }
                 $cleanedWords[] = $aWord;
             }
         }
         if (!$cleanedWords) {
             //if no words after cleaning, return
             return array();
         }
         foreach ($cleanedWords as $cleanedWord) {
             $keywordsWhere .= $keywordsWhere ? " and " : '';
             $keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
         }
         $keywordsWhere = ' and ((' . $keywordsWhere . ')';
         $select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
         $keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
     }
     if ($letter && io::strlen($letter) === 1) {
         $letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
     }
     if ($group) {
         $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
         if (!$groupUsers) {
             return array();
         }
         $groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
     }
     if ($order != 'score') {
         if ($order) {
             $found = false;
             $sql = "DESCRIBE profilesUsers";
             $q = new CMS_query($sql);
             while ($field = $q->getValue('Field')) {
                 if ($field == $order . '_pru') {
                     $found = true;
                 }
             }
             if ($found) {
                 $orderBy = $order . '_pru';
             } else {
                 $orderBy = 'lastName_pru,firstName_pru';
             }
         } else {
             $orderBy = 'lastName_pru,firstName_pru';
         }
         if ($orderBy) {
             $orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
         }
     } elseif ($search) {
         $orderClause = " order by m " . $direction;
     }
     $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and  active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
     if ($limit) {
         $sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
     }
//.........这里部分代码省略.........
开发者ID:davidmottet,项目名称:automne,代码行数:101,代码来源:profileuserscatalog.php

示例11: getAll

 /**
  * Return all the rows available
  *
  * @param CMS_profile_user $cms_user : restrict to user rights on modules (default : false)
  * @param integer $tplId : restrict to rows usable in given template (default : false)
  * @param string $csId : restrict to rows usable in given clientspace (default : false)
  * @param integer $start : start position
  * @param integer $limit : limit position
  * @param integer $count : number of rows found (passed by reference)
  * @access public
  */
 static function getAll($includeInactive = false, $keyword = '', $groups = array(), $rowIds = array(), $user = false, $tplId = false, $csId = false, $start = 0, $limit = 0, $returnObjects = true, &$score = array())
 {
     $select = 'id_row';
     $where = '';
     //keywords
     if ($keyword) {
         //clean user keywords (never trust user input, user is evil)
         $keyword = strtr($keyword, ",;", "  ");
         $words = array();
         $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
         $cleanedWords = array();
         foreach ($words as $aWord) {
             if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                 $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                 $cleanedWords[] = $aWord;
             }
         }
         if (!$cleanedWords) {
             //if no words after cleaning, return
             return array();
         }
         $keywordWhere = '';
         foreach ($cleanedWords as $cleanedWord) {
             $keywordWhere .= $keywordWhere ? ' and ' : '';
             $keywordWhere .= " (\n\t\t\t\t\tdescription_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor label_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
         }
         $where .= $where ? ' and ' : '';
         $where .= " ((" . $keywordWhere . ") or MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') )";
         $select .= " , MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') as m ";
     }
     $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tmod_standard_rows\n\t\t";
     //groups
     if ($groups) {
         foreach ($groups as $group) {
             $where .= $where ? ' and ' : '';
             $where .= " (\n\t\t\t\t\tgroupsStack_row='" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t)";
         }
     }
     //useable
     if (!$includeInactive) {
         $where .= $where ? ' and ' : '';
         $where .= " useable_row=1 ";
     }
     //rowIds
     if ($rowIds) {
         $where .= $where ? ' and ' : '';
         $where .= " id_row in (" . implode(',', $rowIds) . ") ";
     }
     if ($tplId) {
         $where .= $where ? ' and ' : '';
         $where .= " (\n\t\t\t\ttplfilter_row=''\n\t\t\t\tor tplfilter_row='" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t) ";
     }
     //user
     if (is_object($user) && !$user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
         $groupsDenied = $user->getRowGroupsDenied();
         $groupsDenied = $groupsDenied->getElements();
         if ($groupsDenied) {
             $where .= $where ? ' and (' : '(';
             foreach ($groupsDenied as $group) {
                 $where .= " (\n\t\t\t\t\t\tgroupsStack_row != '" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t) and";
             }
             //remove last "or" and append )
             $where = io::substr($where, 0, -3) . ')';
         }
     }
     $sql = $sql . ($where ? ' where ' . $where : '');
     //order
     if (io::strpos($sql, 'MATCH') === false) {
         $sql .= " order by label_row ";
     } else {
         $sql .= " order by m desc ";
     }
     //limit
     if ($start || $limit) {
         $sql .= " limit " . sensitiveIO::sanitizeSQLString($start) . "," . sensitiveIO::sanitizeSQLString($limit);
     }
     //pr($sql);
     $q = new CMS_query($sql);
     $rows = array();
     while ($r = $q->getArray()) {
         $id = $r['id_row'];
         //set match score if exists
         if (isset($r['m'])) {
             $score[$id] = $r['m'];
         }
         if ($returnObjects) {
             $row = new CMS_row($id);
             if (!$row->hasError()) {
                 $rows[$row->getID()] = $row;
//.........这里部分代码省略.........
开发者ID:davidmottet,项目名称:automne,代码行数:101,代码来源:rowscatalog.php

示例12: getByCode

 /**
  * Get toolbar by code
  *
  * @param string $code the toolbar code to get
  * @param CMS_profile_user $user the toolbar elements to set
  * @return array the toolbars
  * @access public
  * @static
  */
 function getByCode($code, &$user)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\tid_tool\n\t\t\tfrom\n\t\t\t\ttoolbars\n\t\t\twhere\n\t\t\t\tcode_tool = '" . sensitiveIO::sanitizeSQLString($code) . "'\n\t\t";
     $q = new CMS_query($sql);
     return $q->getNumRows() ? new CMS_wysiwyg_toolbar($q->getValue("id_tool"), $user) : false;
 }
开发者ID:davidmottet,项目名称:automne,代码行数:15,代码来源:toolbar.php

示例13: CMS_query

 if ($cms_action == "finalisation") {
     //Application Label
     if (!isset($_POST["label"]) || !$_POST["label"]) {
         $error .= $error_step8_label . '<br />';
     } else {
         //set values in standard_rc.xml file
         $module = CMS_modulesCatalog::getByCodename('standard');
         $moduleParameters = $module->getParameters(false, true);
         $moduleParameters['APPLICATION_LABEL'][0] = $_POST["label"];
         $module->setAndWriteParameters($moduleParameters);
         //change root page Name
         //in edited table
         $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited \n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
         $q = new CMS_query($sql);
         //in public table
         $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_public\n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
         $q = new CMS_query($sql);
     }
     //No application email
     if (isset($_POST["no_application_email"]) && $_POST["no_application_email"] == 1) {
         //set values in standard_rc.xml file
         $module = CMS_modulesCatalog::getByCodename('standard');
         $moduleParameters = $module->getParameters(false, true);
         $moduleParameters['NO_APPLICATION_MAIL'][0] = 1;
         $module->setAndWriteParameters($moduleParameters);
     }
     //Change resources creation date to force all regenerations at first launch
     $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresourceStatuses\n\t\t\t\tset\n\t\t\t\t\tpublicationDateStart_rs = NOW(),\n\t\t\t\t\tpublication_rs = '1'\n\t\t\t\twhere\n\t\t\t\t\tpublication_rs = '2'\n\t\t\t";
     $q = new CMS_query($sql);
     //change default user language
     if ($install_language == 'en') {
开发者ID:davidmottet,项目名称:automne,代码行数:31,代码来源:install.php

示例14: getTemplateIDForCloneID

 /**
  * Return a template ID corresponding of a given clone ID
  *
  * @param integer cloneID : the clone ID to get template ID
  * @return integer : the template ID or false if none found
  * @access public
  */
 static function getTemplateIDForCloneID($cloneID)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\tdefinitionFile_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tid_pt = '" . sensitiveIO::sanitizeSQLString($cloneID) . "'\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         return false;
     } else {
         $definition = $q->getValue('definitionFile_pt');
     }
     if (!$definition) {
         return false;
     }
     $sql = "\n\t\t\tselect\n\t\t\t\tid_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tprivate_pt='0'\n\t\t\t\tand definitionFile_pt = '" . $definition . "'\n\t\t";
     $q = new CMS_query($sql);
     if ($q->getNumRows()) {
         return $q->getValue('id_pt');
     } else {
         return false;
     }
 }
开发者ID:davidmottet,项目名称:automne,代码行数:27,代码来源:pagetemplatescatalog.php

示例15: labelExists

 /**
  * Returns boolean depending on wheather label exists or not
  * Static function.
  * 
  * @param string $label
  * @param integer $groupId
  * @access public
  */
 static function labelExists($label, $groupId = 0)
 {
     if ((SensitiveIO::isPositiveInteger($groupId) || $groupId == 0) && $label) {
         $sqlWhere = '';
         if ($groupId) {
             $sqlWhere = "\n\t\t\t\t\tid_prg  != '" . $groupId . "' \n\t\t\t\t and ";
         }
         $sql = "\n\t\t\t\tselect distinct\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\twhere\n\t\t\t\t\t" . $sqlWhere . "\n\t\t\t\t\tlabel_prg='" . trim(sensitiveIO::sanitizeSQLString($label)) . "'\n\t\t\t";
         $q = new CMS_query($sql);
         return $q->getNumRows();
     }
     // As label may exist
     return true;
 }
开发者ID:davidmottet,项目名称:automne,代码行数:22,代码来源:profileusersgroupscatalog.php


注:本文中的sensitiveIO::sanitizeSQLString方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。