input[$variable])) {
$var = $CONFIG->input[$variable];
if ($filter_result) {
$var = filter_tags($var);
}
return $var;
}
if (isset($_REQUEST[$variable])) {
if (is_array($_REQUEST[$variable])) {
$var = $_REQUEST[$variable];
} else {
$var = trim($_REQUEST[$variable]);
}
if ($filter_result) {
$var = filter_tags($var);
}
return $var;
}
return $default;
}
/**
* Sets an input value that may later be retrieved by get_input
*
* Note: this function does not handle nested arrays (ex: form input of param[m][n])
*
* @param string $variable The name of the variable
* @param string $value The value of the variable
*
* @return void
*/
function set_input($variable, $value) {
global $CONFIG;
if (!isset($CONFIG->input)) {
$CONFIG->input = array();
}
if (is_array($value)) {
array_walk_recursive($value, create_function('&$v, $k', '$v = trim($v);'));
$CONFIG->input[trim($variable)] = $value;
} else {
$CONFIG->input[trim($variable)] = trim($value);
}
}
/**
* Filter tags from a given string based on registered hooks.
*
* @param mixed $var Anything that does not include an object (strings, ints, arrays)
* This includes multi-dimensional arrays.
*
* @return mixed The filtered result - everything will be strings
*/
function filter_tags($var) {
return elgg_trigger_plugin_hook('validate', 'input', null, $var);
}
/**
* Validates an email address.
*
* @param string $address Email address.
*
* @return bool
*/
function is_email_address($address) {
return filter_var($address, FILTER_VALIDATE_EMAIL) === $address;
}
/**
* Load all the REQUEST variables into the sticky form cache
*
* Call this from an action when you want all your submitted variables
* available if the submission fails validation and is sent back to the form
*
* @param string $form_name Name of the sticky form
*
* @return void
* @link http://docs.elgg.org/Tutorials/UI/StickyForms
* @since 1.8.0
*/
function elgg_make_sticky_form($form_name) {
elgg_clear_sticky_form($form_name);
if (!isset($_SESSION['sticky_forms'])) {
$_SESSION['sticky_forms'] = array();
}
$_SESSION['sticky_forms'][$form_name] = array();
foreach ($_REQUEST as $key => $var) {
// will go through XSS filtering on the get function
$_SESSION['sticky_forms'][$form_name][$key] = $var;
}
}
/**
* Clear the sticky form cache
*
* Call this if validation is successful in the action handler or
* when they sticky values have been used to repopulate the form
* after a validation error.
*
* @param string $form_name Form namespace
*
* @return void
* @link http://docs.elgg.org/Tutorials/UI/StickyForms
* @since 1.8.0
*/
function elgg_clear_sticky_form($form_name) {
unset($_SESSION['sticky_forms'][$form_name]);
}
/**
* Has this form been made sticky?
*
* @param string $form_name Form namespace
*
* @return boolean
* @link http://docs.elgg.org/Tutorials/UI/StickyForms
* @since 1.8.0
*/
function elgg_is_sticky_form($form_name) {
return isset($_SESSION['sticky_forms'][$form_name]);
}
/**
* Get a specific sticky variable
*
* @param string $form_name The name of the form
* @param string $variable The name of the variable
* @param mixed $default Default value if the variable does not exist in sticky cache
* @param boolean $filter_result Filter for bad input if true
*
* @return mixed
*
* @todo should this filter the default value?
* @link http://docs.elgg.org/Tutorials/UI/StickyForms
* @since 1.8.0
*/
function elgg_get_sticky_value($form_name, $variable = '', $default = NULL, $filter_result = true) {
if (isset($_SESSION['sticky_forms'][$form_name][$variable])) {
$value = $_SESSION['sticky_forms'][$form_name][$variable];
if ($filter_result) {
// XSS filter result
$value = filter_tags($value);
}
return $value;
}
return $default;
}
/**
* Clear a specific sticky variable
*
* @param string $form_name The name of the form
* @param string $variable The name of the variable to clear
*
* @return void
* @link http://docs.elgg.org/Tutorials/UI/StickyForms
* @since 1.8.0
*/
function elgg_clear_sticky_value($form_name, $variable) {
unset($_SESSION['sticky_forms'][$form_name][$variable]);
}
/**
* Page handler for autocomplete endpoint.
*
* @param array $page Pages array
*
* @return unknown_type
*/
function input_livesearch_page_handler($page) {
global $CONFIG;
// only return results to logged in users.
if (!$user = elgg_get_logged_in_user_entity()) {
exit;
}
if (!$q = get_input('q')) {
exit;
}
$q = sanitise_string($q);
// replace mysql vars with escaped strings
$q = str_replace(array('_', '%'), array('\_', '\%'), $q);
$match_on = get_input('match_on', 'all');
if ($match_on == 'all' || $match_on[0] == 'all') {
$match_on = array('users', 'groups');
}
if (!is_array($match_on)) {
$match_on = array($match_on);
}
if (get_input('match_owner', false)) {
$owner_guid = $user->getGUID();
$owner_where = 'AND e.owner_guid = ' . $user->getGUID();
} else {
$owner_guid = null;
$owner_where = '';
}
$limit = get_input('limit', 10);
// grab a list of entities and send them in json.
$results = array();
foreach ($match_on as $type) {
switch ($type) {
case 'all':
// only need to pull up title from objects.
$options = array('owner_guid' => $owner_guid, 'limit' => $limit);
if (!$entities = elgg_get_entities($options) AND is_array($entities)) {
$results = array_merge($results, $entities);
}
break;
case 'users':
$query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e
WHERE e.guid = ue.guid
AND e.enabled = 'yes'
AND ue.banned = 'no'
AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
LIMIT $limit
";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
$json = json_encode(array(
'type' => 'user',
'name' => $entity->name,
'desc' => $entity->username,
'icon' => '',
'guid' => $entity->guid
));
$results[$entity->name . rand(1, 100)] = $json;
}
}
break;
case 'groups':
// don't return results if groups aren't enabled.
if (!is_plugin_enabled('groups')) {
continue;
}
$query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e
WHERE e.guid = ge.guid
AND e.enabled = 'yes'
$owner_where
AND (ge.name LIKE '$q%' OR ge.description LIKE '%$q%')
LIMIT $limit
";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
$json = json_encode(array(
'type' => 'group',
'name' => $entity->name,
'desc' => strip_tags($entity->description),
'icon' => '',
'guid' => $entity->guid
));
$results[$entity->name . rand(1, 100)] = $json;
}
}
break;
case 'friends':
$access = get_access_sql_suffix();
$query = "SELECT * FROM
{$CONFIG->dbprefix}users_entity as ue,
{$CONFIG->dbprefix}entity_relationships as er,
{$CONFIG->dbprefix}entities as e
WHERE er.relationship = 'friend'
AND er.guid_one = {$user->getGUID()}
AND er.guid_two = ue.guid
AND e.guid = ue.guid
AND e.enabled = 'yes'
AND ue.banned = 'no'
AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
LIMIT $limit
";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
$json = json_encode(array(
'type' => 'user',
'name' => $entity->name,
'desc' => $entity->username,
'icon' => '',
'guid' => $entity->guid
));
$results[$entity->name . rand(1, 100)] = $json;
}
}
break;
default:
// arbitrary subtype.
//@todo you cannot specify a subtype without a type.
// did this ever work?
elgg_get_entities(array('subtype' => $type, 'owner_guid' => $owner_guid));
break;
}
}
ksort($results);
echo implode($results, "\n");
exit;
}
/**
* Register input functions and sanitize input
*
* @return void
*/
function input_init() {
// register an endpoint for live search / autocomplete.
register_page_handler('livesearch', 'input_livesearch_page_handler');
if (ini_get_bool('magic_quotes_gpc')) {
/**
* do keys as well, cos array_map ignores them
*
* @param array $array Array of values
*
* @return array Sanitized array
*/
function stripslashes_arraykeys($array) {
if (is_array($array)) {
$array2 = array();
foreach ($array as $key => $data) {
if ($key != stripslashes($key)) {
$array2[stripslashes($key)] = $data;
} else {
$array2[$key] = $data;
}
}
return $array2;
} else {
return $array;
}
}
/**
* Strip slashes on everything
*
* @param mixed $value The value to remove slashes from
*
* @return mixed
*/
function stripslashes_deep($value) {
if (is_array($value)) {
$value = stripslashes_arraykeys($value);
$value = array_map('stripslashes_deep', $value);
} else {
$value = stripslashes($value);
}
return $value;
}
$_POST = stripslashes_arraykeys($_POST);
$_GET = stripslashes_arraykeys($_GET);
$_COOKIE = stripslashes_arraykeys($_COOKIE);
$_REQUEST = stripslashes_arraykeys($_REQUEST);
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
if (!empty($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
}
if (!empty($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
}
if (!empty($_SERVER['PATH_INFO'])) {
$_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
}
if (!empty($_SERVER['PHP_SELF'])) {
$_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
$_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
}
}
}
elgg_register_event_handler('init', 'system', 'input_init');