PHP Sanitize::variable方法代碼示例

    public static function openGraph($title, $image, $url, $desc = "", $type = "article")
    {
        $tag = "";
        if ($title) {
            $tag .= '
			<meta property="og:title" content="' . Sanitize::variable($title) . '" />';
        }
        if ($image) {
            $tag .= '
			<meta property="og:image" content="' . urlencode($image) . '" />';
        }
        if ($url) {
            $tag .= '
			<meta property="og:url" content="' . urlencode($url) . '" />';
        }
        if ($desc) {
            $tag .= '
			<meta property="og:description" content="' . Sanitize::variable($desc) . '" />';
        }
        if ($type) {
            $tag .= '
			<meta property="og:type" content="' . Sanitize::variable($type) . '" />';
        }
        // Add the tag to the header
        array_push(self::$headerData, $tag);
    }

 public static function getDataByHandle($handle, $columns = "uni_id")
 {
     if ($uniID = self::getIDByHandle($handle)) {
         return Database::selectOne("SELECT " . Sanitize::variable($columns, " ,-*`") . " FROM users WHERE uni_id=? LIMIT 1", array($uniID));
     }
     return array();
 }

 public static function copy($sourceTable, $destinationTable, $sqlWhere = "", $sqlArray = array(), $limit = 1000, $move = false)
 {
     // Protect Tables
     if (!IsSanitized::variable($destinationTable) or !IsSanitized::variable($sourceTable)) {
         return false;
     }
     // Make sure the backup table exists
     Database::exec("CREATE TABLE IF NOT EXISTS " . $destinationTable . " LIKE " . $sourceTable);
     // Begin the Database_Transfer
     Database::startTransaction();
     // Insert Rows into Database_Transfer Table
     Database::query("INSERT INTO " . $destinationTable . " SELECT * FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : "") . ($limit ? ' LIMIT ' . (int) $limit : ''), $sqlArray);
     $newCount = Database::$rowsAffected;
     if ($move === true) {
         // Delete Rows from Original Table (if applicable)
         Database::query("DELETE FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : ""), $sqlArray);
         // If the number of inserts matches the number of deletions, commit the transaction
         return Database::endTransaction($newCount == Database::$rowsAffected);
     }
     return Database::endTransaction();
 }

 public static function load($cacheName, $refresh = 0, $output = false)
 {
     $cacheName = Sanitize::variable($cacheName, ".-");
     $filename = "/" . ltrim($cacheName, "/") . '.html';
     $path = APP_PATH . self::$cacheDirectory . $filename;
     if (file_exists($path)) {
         // Check if the cache has gone stale
         if ($refresh > 0) {
             $timePassed = time() - filemtime($path);
             if ($timePassed > $refresh) {
                 return false;
             }
         }
         // Load the cache and return successful
         if ($output) {
             echo file_get_contents($path);
             return "";
         }
         return file_get_contents($path);
     }
     return false;
 }

 public function allowMimeTypes()
 {
     $args = func_get_args();
     for ($a = 0, $len = count($args); $a < $len; $a++) {
         $mimeType = Sanitize::variable($args[$a], "./-");
         if (!in_array($mimeType, $this->allowedMimes)) {
             $this->allowedMimes[] = $mimeType;
         }
     }
 }

 public static function delete($keyGroup, $keyName = "", $table = "")
 {
     $table = $table == "" ? "site_variables" : Sanitize::variable($table);
     if ($keyName == "") {
         return Database::query("DELETE FROM " . $table . " WHERE key_group=?", array($keyGroup));
     }
     return Database::query("DELETE FROM " . $table . " WHERE key_group=? AND key_name=? LIMIT 1", array($keyGroup, $keyName));
 }

 public static function createHashColumn($table, $columnName)
 {
     // Sanitize
     $table = Sanitize::variable($table);
     $columnName = Sanitize::variable($columnName);
     $prefix = Sanitize::word(substr($table, 0, 4) . ucfirst(substr($columnName, 0, 6)));
     // Make sure table exists
     if (Database::tableExists($table)) {
         $colExists = false;
         // Add the hash column if it doesn't exist
         if (!Database::columnExists($table, $columnName)) {
             $colExists = Database::addColumn($table, $columnName . '_crc', "int(10) unsigned not null", 0);
         }
         if ($colExists) {
             // Create a Trigger
             self::exec('CREATE TRIGGER ' . $prefix . '_ins BEFORE INSERT ON ' . $table . ' FOR EACH ROW BEGIN SET NEW.' . $columnName . '_crc=crc32(NEW.' . $columnName . '); END;');
             return self::exec('CREATE TRIGGER ' . $prefix . '_upd BEFORE UPDATE ON ' . $table . ' FOR EACH ROW BEGIN SET NEW.' . $columnName . '_crc=crc32(NEW.' . $columnName . '); END; ');
         }
     }
     return false;
 }

<?php

// Run Permissions
require SYS_PATH . "/controller/includes/admin_perm.php";
// If you're loading a specific plugin
if (isset($url[3])) {
    $class = Sanitize::variable($url[3]);
    $classAdmin = Classes_Meta::getConfig($class);
    // If this plugin doesn't exist, return to the standard admin plugin page
    if ($classAdmin === false) {
        header("Location: /admin/Class");
        exit;
    }
}
// Run Header
require SYS_PATH . "/controller/includes/admin_header.php";
echo '
<style>
.tesla-documentation pre { font-family:Courier; -moz-tab-size:4; -o-tab-size:4; tab-size:4; color:blue; margin-top:22px; margin-bottom:22px; white-space: pre-wrap; }
.tesla-documentation textarea { width:100%; min-height:300px; -moz-tab-size:4; -o-tab-size:4; tab-size:4; font-size:1.0em; color:green; margin-bottom:12px; }
.tesla-documentation ol li { margin-bottom:22px; }
.describe-plugin { margin-bottom:22px; }
.describe-plugin p { margin-bottom:0px; }
</style>';
// Load a plugin page
if (isset($classAdmin)) {
    // Display details about the plugins
    echo '
	<h3>' . $classAdmin->title . ' (v ' . $classAdmin->version . ')</h3>
	<div class="describe-plugin">
		<p>Author: ' . $classAdmin->author . '</p>

 public static function runBehavior($class, $behavior, $params)
 {
     // The name of the Class to run
     $class = Sanitize::variable($class);
     // The name of the Class's Behavior to run
     $behavior = Sanitize::variable($behavior);
     // Make sure the behavior exists
     if (method_exists($class, $behavior . "_TeslaBehavior")) {
         // Run the class's behavior
         return call_user_func_array(array($class, $behavior . "_TeslaBehavior"), $params);
     }
 }

<?php

/*
	This page runs the API system.
	
	The API that gets loaded is equal to $url[1].
	
	http://example.com/api/API_NAME
*/
// The name of the API to run
$api = Sanitize::variable($url[1]);
// Make sure the runAPI method exists.
if (!method_exists($api, "runAPI")) {
    exit;
}
// Output the API's response
new $api();

            }
        }
    }
    // If there are no defaults
    if (!isset($_POST['run_cycle'])) {
        $_POST['run_cycle'] = 3600;
    }
    if (!isset($_POST['date_start'])) {
        $_POST['date_start'] = time();
    }
    if (!isset($_POST['date_end'])) {
        $_POST['date_end'] = 10;
    }
    // Sanitize Values
    $_POST['title'] = Sanitize::safeword($_POST['title']);
    $_POST['method'] = Sanitize::variable($_POST['method']);
    $_POST['run_cycle'] = Sanitize::number($_POST['run_cycle'], 0);
    $_POST['date_start'] = Sanitize::number($_POST['date_start'], 0);
    $_POST['date_end'] = Sanitize::number($_POST['date_end'], 0);
    // Sanitize Parameters
    for ($a = 0; $a <= 3; $a++) {
        $_POST['args'][$a] = isset($_POST['args'][$a]) ? Sanitize::text($_POST['args'][$a]) : "";
    }
}
// Run Header
require SYS_PATH . "/controller/includes/admin_header.php";
// Get Navigation Entry
echo '
<h2 style="margin-top:20px;">' . ($editID ? 'Edit' : 'Create New') . ' Cron Task</h2>

<form class="uniform" action="/admin/cron/custom-task" method="post">' . Form::prepare("cron-custom") . '

<?php

// Prepare Values
$userAccess = true;
$dbName = Sanitize::variable(DATABASE_NAME);
// Installation Header
require dirname(ROUTE_SECOND_PATH) . "/includes/install_header.php";
// Attempt to cheat
if (Database::initRoot('mysql')) {
    Database::exec("CREATE DATABASE IF NOT EXISTS `" . $dbName . '`');
}
// Check if the standard user is properly configured after POST values were used
if (Database::initialize($dbName)) {
    Alert::success("DB User", "The database user has access to the `" . $dbName . "` database!");
} else {
    Alert::error("DB User", "The `" . $dbName . "` database does not exist, or the user does not have access to it.");
    $userAccess = false;
}
// Check if the admin user is properly configured after POST values were used
if (Database::initRoot($dbName)) {
    Alert::success("DB Admin", "The administrative database user has access to the `" . $dbName . "` database!");
} else {
    if ($userAccess) {
        Alert::error("DB Admin", "The `" . $dbName . "` database exists, but you do not have administrative privileges.");
    } else {
        Alert::error("DB Admin", "The `" . $dbName . "` database does not exist, or you do not have administrative privileges.");
    }
}
// If everything is successful:
if (Validate::pass()) {
    // Check if the form was submitted (to continue to the next page)

    // Check if all of the input you sent is valid:
    $_POST['handle'] = str_replace("@", "", $_POST['handle']);
    Validate::variable("UniFaction Handle", $_POST['handle'], 1, 22);
    if (Validate::pass()) {
        // Make sure the handle is registered
        if ($response = API_Connect::call(URL::unifaction_com() . "/api/UserRegistered", $_POST['handle'])) {
            Cookie_Server::set("admin-handle", $_POST['handle'], "", 3);
            Alert::saveSuccess("Admin Chosen", "You have designated @" . $_POST['handle'] . " as the admin of your site.");
            header("Location: /install/config-app");
            exit;
        } else {
            Alert::error("Handle Invalid", "That user handle does not exist on UniFaction.");
        }
    }
} else {
    $_POST['handle'] = isset($_POST['handle']) ? Sanitize::variable($_POST['handle']) : "";
}
// Run Global Script
require PARENT_APP_PATH . "/includes/install_global.php";
// Display the Header
require HEADER_PATH;
echo '
<form class="uniform" action="/install/connect-handle" method="post">' . Form::prepare("install-connect-handle");
// Display the Page
echo '
<h1>Installation: Site Admin</h1>

<h3>Step #1 - Connect Your UniFaction Handle</h3>
<p>Your desired UniFaction handle (one of your profiles) will be set as the administrator of this site, allowing that handle to access the admin functions. Note: you will need to verify that you own the handle.</p>

<p>If you don\'t have a UniFaction handle, you can set up a UniFaction account <a href="http://unifaction.com/sign-up">here</a>. The sign-up will prompt you to create a handle once you\'ve logged in for the first time.</p>

	<h1>Installation: Site Configuration</h1>
	
	<h3>Step #1 - Update Configuration</h3>
	<p>This configuration file applies to the application that you\'re currently installing.</p>
	
	<p>You can locate the config.php file here: ' . SITE_PATH . '/config.php</p>
	
	<h4>Option #1a: Automatic Update</h4>
	<p>If you want the engine to automatically update the configuration file for your application, just press the "Update Automatically" button. Standard users that don\'t need any server-specific customization should use this option.</p>
	<p><input type="submit" name="asd-submit" value="Update Automatically" /></p>
	
	<h4>Option #1b: Manual Update</h4>
	<p>Advanced users might want to set the configuration file for the application manually. To do this, open the config.php file for the application. You can base your configurations off of the values provided in the textbox below.</p>
	<p>
		<textarea style="width:100%; height:250px; tab-size:4; -moz-tab-size:4; -ms-tab-size:4; -webkit-tab-size:4;">' . $buildApp . '</textarea>
	</p>
	<p>You can find the config.php file in : ' . SITE_PATH . '/config.php</p>
	<p><input type="submit" name="manual-submit" value="I have updated the file manually" /></p>
	';
    // Provide hidden post values
    $pList = array('site-salt', 'site-handle', 'site-url', 'site-name', 'site-domain', 'site-database-name');
    foreach ($pList as $pName) {
        $pName = Sanitize::variable($pName, "-");
        echo '
		<input type="hidden" name="' . $pName . '" value="' . htmlspecialchars(Sanitize::text($_POST[$pName])) . '" />';
    }
}
echo '
</form>';
// Display the Footer
require FOOTER_PATH;

------ About the Admin Panel ------
-----------------------------------

This control panel is for administrators of the site, which include all staff members.

This panel will list all of the available functionality and administrative pages available to the system, but some of them may be locked to staff members that do not have high enough clearance levels.

This page will pull all of the functionality from the plugins available to the site in two ways:

	1. Any .php file saved in the /admin directory of a plugin will be loaded as an admin page here.
*/
// Run Permissions
require SYS_PATH . "/controller/includes/admin_perm.php";
// Retrieve the URL segments to determine what to load
$class = isset($url[1]) ? Sanitize::variable($url[1]) : '';
$page = isset($url[2]) ? Sanitize::variable($url[2], " -") : '';
// Attempt to load the Admin Pages
if ($class and $page) {
    // Load the Class Config
    $classConfig = Classes_Meta::getConfig($class);
    // Attempt to load an admin file
    $adminFile = $classConfig->data['path'] . "/admin/" . $page . ".php";
    if (is_file($adminFile)) {
        require $adminFile;
        exit;
    }
}
// Scan through the plugins directory
$classList = Classes_Meta::getClassList();
// Prepare Values
$linkList = array();