When i Input.:
<script>alert("XSS")</script>Cleaning Test
My output should be
Cleaning Test
but i get same as input <script>alert("XSS")</script>Cleaning Test
can someone help me to solve this problem
and tried a lot but doesn't works i need to check my htmlpurifie is working
this is my code
<?php
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
ini_set("display_errors", 1);
error_reporting(E_ALL);
define('DB_SERVER', "localhost");
define('DB_USER', "sanoj");
define('DB_PASSWORD', "123456");
define('DB_DATABASE', "test");
define('DB_DRIVER', "mysql");
$country = filter_input(INPUT_POST, 'title');
$dirty_html = filter_input(INPUT_POST, 'wysiwyg');
$purifier = new HTMLPurifier();
$clean_html = $purifier->purify($dirty_html);
try {
$db = new PDO(DB_DRIVER . ":dbname=" . DB_DATABASE . ";host=" . DB_SERVER, DB_USER, DB_PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $db->prepare("INSERT INTO final(title, wysiwyg) VALUES (:title, :wysiwyg)");
$stmt->bindParam(':title', $country, PDO::PARAM_STR, 100);
$stmt->bindParam(':wysiwyg', $clean_html, PDO::PARAM_STR, 100);
if ($stmt->execute()) {
echo '1 row has been inserted';
}
$db = null;
} catch (PDOException $e) {
trigger_error('Error occured while trying to insert into the DB:' . $e->getMessage(), E_USER_ERROR);
}
?>
Related
create custom form with email file jpg attached successfully sent to server. but the problem is, there's no email attached when receive email. try looking for all this forum no result. still get no email attached on receiving email. here's my code on indexcontroller.
upload server controlling
$fileName = '';
if (isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '') {
try {
$fileName = $_FILES['attachment']['name'];
$fileExt = strtolower(substr(strrchr($fileName, ".") ,1));
$fileNamewoe = rtrim($fileName, $fileExt);
$fileName = preg_replace('/\s+', '', $fileNamewoe) . time() . '.' . $fileExt;
$uploader = new Varien_File_Uploader('attachment');
$uploader->setAllowedExtensions(array('doc', 'docx','pdf', 'jpg'));
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
$path = Mage::getBaseDir('media') . DS . 'confirm' . DS ;
if(!is_dir($path)){
mkdir($path, 0777, true);
}
$uploader->save($path, $_FILES['attachment']['confirm'] );
$newFilename = $uploader->getUploadedFileName();
} catch (Exception $e) {
$error = true;
}
}
code to call email file attached
$attachmentFilePath = Mage::getBaseDir('media'). DS . 'confirm' . DS . $fileName;
if(file_exists($attachmentFilePath)){
$fileContents = file_get_contents($attachmentFilePath);
$attachment = $mail->getMail()->createAttachment($fileContents);
$attachment->filename = $fileName;
}
hope someone can help my problem thanks
Try this code
//upload code
$fileName = '';
if (isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '') {
try {
$fileName = $_FILES['attachment']['name'];
$fileExt = strtolower(substr(strrchr($fileName, ".") ,1));
$fileNamewoe = rtrim($fileName, $fileExt);
$fileName = preg_replace('/\s+', '', $fileNamewoe) . time() . '.' . $fileExt;
$uploader = new Varien_File_Uploader('attachment');
$uploader->setAllowedExtensions(array('doc', 'docx','pdf', 'jpg'));
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
$path = Mage::getBaseDir('media') . DS . 'confirm' . DS ;
if(!is_dir($path)){
mkdir($path, 0777, true);
}
$uploader->save($path, $_FILES['attachment']['confirm'] );
$newFilename = $uploader->getUploadedFileName();
$mailTemplate = Mage::getModel('core/email_template');
$mailTemplate->setSenderName('Sender Name');
$mailTemplate->setSenderEmail('sender#sender.email');
$mailTemplate->setTemplateSubject('Subject Title');
$mailTemplate->setTemplateText('Body Text');
// add attachment
$mailTemplate->getMail()->createAttachment(
file_get_contents($path.$newFilename), //location of file
Zend_Mime::TYPE_OCTETSTREAM,
Zend_Mime::DISPOSITION_ATTACHMENT,
Zend_Mime::ENCODING_BASE64,
basename( $newFilename )
);
$mailTemplate->send('toemail#email.com','subject','set message');
} catch (Exception $e) {
$error = true;
}
}
I'm missing a column in my exchangeArray. It is the column with the filename, here a snippet of my controller add action:
if ($form->isValid()) {
$data = $form->getData();
// Upload path
$location = "public/files/";
// A bit validation of uploaded file
$allowedExtension = array('xls', 'xlsx');
$extension = explode('.', $data['DCL_Path']['name']);
$extension = end($extension);
$import['DCL_Path']=$data['DCL_Path']['name'];
//$fileName = time() . '.' . $extension;
$fileName = $data['DCL_Path']['name'];
// Check if everything is OK!
//echo $fileName;
if (0 === $data['DCL_Path']['error'] && in_array($extension, $allowedExtension)) {
move_uploaded_file($data['DCL_Path']['tmp_name'], $location . $fileName);
} else {
echo 'Something went wrong!';
}
//$namen = explode(",", $import ); //Konvertierung des Strings in ein Array
//echo "<pre>"; var_dump($namen); echo "</pre>"; //Formartierte Ausgabe des Arrays
$this->table->saveImport($import);
Everything will be saved, but DCL_path is missing.
Here my exchangearray also:
public function exchangeArray(array $data)
{
$this->DCLID= !empty($data['DCLID']) ? $data['DCLID'] : null;
$this->UnitID= !empty($data['UnitID']) ? $data['UnitID'] : null;
$this->DCL_Path= !empty($data['DCL_Path']) ? $data['DCL_Path'] : null;
$this->Importdate= !empty($data['Importdate']) ? $data['Importdate'] : null;
$this->Importuser= !empty($data['Importuser']) ? $data['Importuser'] : null;
$this->Importok= !empty($data['Importok']) ? $data['Importok'] : null;
$this->DCL_Type= !empty($data['DCL_Type']) ? $data['DCL_Type'] : null;
$this->Changed_per_User= !empty($data['Changed_per_User']) ? $data['Changed_per_User'] : null;
$this->Description_Changes= !empty($data['Description_Changes']) ? $data['Description_Changes'] : null;
}
I added this statement: $import['DCL_Path']=$data['DCL_Path']['name']; to force it, but it didn't help. So my question would be how to add data in datafields of my exchangeArray.
EDIT1: Here is the start off my addAction.
$import = new Import(); //Neue Instanz von Import
$form->setInputFilter($import->getInputFilter()); //Filter an Form binden
$form->setData($request->getPost()); //Daten abholen
//echo $form->isValid();
if (! $form->isValid()) {
return ['form' => $form]; //Wenn die Daten nicht valide sind
// return $this->redirect()->toRoute('import'); //Routing
// Zend_Debug::dump("nicht valide");
//echo "nicht valide";
}
else{ //aus Tableadapter
$import->exchangeArray($form->getData());
// echo "valide";
//echo $import["DCL_Path"];
// Merge data thus
$data = array_merge_recursive(
$this->getRequest()->getPost()->toArray(),
$this->getRequest()->getFiles()->toArray()
);
$form->setData($data);
I also find another solution which is working, I post it additional perhaps it might help somebody else. Of course I still would prefer the way via exchangeArray.
$this->table->saveImport($import); //Daten speichern
$letzter = $this->table->getlastImport($fileName);
echo ($letzter->DCLID);
$this->table->updateoneRow($letzter->DCLID, 'DCL_Path', $fileName);
I have been developing templates for Joomla 1.5 (obsolete one, yes I knew it. Unfortunately, I've been spending some time working with it and move on to newer version will be like starting from zero).
I tried to understand how Joomla 1.5 components work, especially for those using MVC principle, and somehow I managed to make things work, except now I have been stuck with the layout of a customized view. For unknown reason, Joomla could not read or find the layout (default.php) inside the folder com_hello2/views/viewed/tmpl and give '500 error Layout default not found'.
I tried to move the default.php file from folder to folder, looking if I could figure out where Joomla want me to put the default.php. It DOES work for the default view, located on com_hello2/views/hello2/tmpl.
Could anyone please help me with this problem?
Here are the codes from the controllers:
<?php
defined( '_JEXEC' ) or die( 'Restricted access' );
jimport('joomla.application.component.controller');
class Hello2Controller extends JController
{
function display($tpl = null)
{
$task = JRequest::getVar('task', null, 'default', 'cmd');
switch ($task){
case 'view':
$model = &$this->getModel('Viewed');
$view = &$this->getView('viewed','html');
$mylayout = 'default';
break;
case 'newstatus':
break;
default:
$view = &$this->getView('hello2','html');
$model = &$this->getModel();
$mylayout = 'default';
break;
}
$view->setModel($model,true);
$view->setLayout($mylayout);
$view->display();
}
}
?>
I created two models, one is the default Hello2ModelHello2, the new one is Hello2ModelViewed. I seperated the two models based on the tasks in the controllers.
the Hello2ModelHello2:
<?php
// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die( 'Restricted access' );
jimport('joomla.application.component.model');
class Hello2ModelHello2 extends JModel
{
//add CC
function getComments()
{
global $mainframe;
$db = JFactory::getDBO();
$id = JRequest::getVar('id', 0, '', 'int');
$query = 'SELECT a.*'.
' FROM #__hello1 AS a '.
' LEFT JOIN #__content AS b ON a.article_id = b.id'.
' WHERE a.state = 1';
$db->setQuery( $query );
$comments = $db->loadObjectList();
return $comments;
}
}
?>
now the Hello2ModelViewed
<?php
// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die( 'Restricted access' );
jimport('joomla.application.component.model');
class Hello2ModelViewed extends JModel
{
function __construct()
{
parent::__construct();
$id = JRequest::getVar('id', 0, '', 'int');
$this->setId((int)$id);
}
function setId($id)
{
// Set new article ID and wipe data
$this->_id = $id;
$this->_article = null;
}
//get certain comment only.
function getSingle()
{
global $mainframe;
$db = JFactory::getDBO();
$id = JRequest::getVar('id', 0, '', 'int');
$query = 'SELECT a.*'.
' FROM #__hello1 AS a' .
' LEFT JOIN #__content AS b ON a.article_id = b.id'.
' WHERE a.id = '.$id.
' AND a.state = 1';
$db->setQuery( $query );
$comments = $db->loadObjectList();
return $comments;
}
}
?>
the view.html of Viewed View is
<?php
defined('_JEXEC') or die( 'Restricted access' );
jimport( 'joomla.application.component.view');
jimport('joomla.environment.request');
class Hello2View extends JView
{
function __construct($config = array())
{
parent::__construct($config);
}
}
class Hello2ViewViewed extends Hello2View{
function display($tpl = null)
{
$model = &$this->getModel();
$id = JRequest::getVar('id', 0, '', 'int');
$comments = $model->getSingle();
JRequest::setVar('row',$comments);
parent::display($tpl);
}
}
?>
and view.html of Hello2 View is
<?php
defined('_JEXEC') or die( 'Restricted access' );
jimport( 'joomla.application.component.view');
jimport('joomla.environment.request');
class Hello2ViewHello2 extends JView{
function display($tpl = null)
{
$model = &$this->getModel();
$comments = $model->getComments();
JRequest::setVar('rows',$comments);
parent::display($tpl);
if($this->getLayout() == 'view') {
$this->view($tpl);
return;
}
}
}
?>
It works for me to execute index.php?option=com_hello2&task=display
but gets error when execute index.php?option=com_hello2&task=view
eventhough the default.php is already inside the directory views/viewed/
any input appreciated! :)
Is it possible to use the ZF2 forms a as standalone component? This was possible with ZF1, but I can't figure it out with ZF2.
I can create a form and a validator, but can't figure out how to render the form:
$form = new AddressBookForm('address_book'); \\ extends Zend\Form\Form
if ($this->input->isPost()) {
$validator = new AddressBookValidator(); \\ implements Zend\InputFilter\InputFilterAwareInterface
$form->setInputFilter($validator->getInputFilter());
$form->setData($this->input->getPost());
if ($form->isValid()) {
echo 'valid'; exit;
}
}
// Render form somehow here???
I tried creating a view, but couldn't figure out how to give it the view helpers. Thanks.
I have a basic solution, that seems to do the job
$zfView = new \Zend\View\Renderer\PhpRenderer();
$plugins = $zfView->getHelperPluginManager();
$config = new Zend\Form\View\HelperConfig;
$config->configureServiceManager($plugins);
and then render the form
echo $zfView->form()->openTag($form);
echo $zfView->formRow($form->get('name'));
echo $zfView->formSubmit( $form->get('submit'));
echo $zfView->form()->closeTag();
Checkout this blog.
Form Render in View file
you can do simply by zend framework form view helper.
$form = $this->form;
$form->prepare();
$this->form()->render($form);
#CodeMonkey's method is a good one but the code is incomplete. I cobbled together a working example from his and other answers I found with partial code.
<?php
/*
* #author Carl McDade
*
* #since 2012-06-11
* #version 0.2
*
*/
namespace zftest;
$path = DOCROOT .'/_frameworks/zf/ZendFramework-2.2.2/library';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
require_once($path . '/Zend/Loader/StandardAutoloader.php');
use Zend\Loader;
use Zend\Http\Request;
use Zend\Http\Client;
use Zend\Captcha;
use Zend\Form\Element;
use Zend\Form\Fieldset;
use Zend\Form\Form;
use Zend\Form\FormInterface;
use Zend\InputFilter\Input;
use Zend\InputFilter\InputFilter;
use Zend\Form\View\Helper;
use \Common;
class zftest{
function __construct()
{
spl_autoload_register(array($this, '_zftest_autoload'));
}
function _zftest_autoload($class)
{
//
$loader = new \Zend\Loader\StandardAutoloader(array('autoregister_zf' => true));
$loader->registerNamespaces(array('Zend'));
// finally send namespaces and prefixes to the autoloader SPL
$loader->register();
return;
}
function zftest()
{
$uri = 'http://maps.google.com/maps/api/geocode/json';
$address = urlencode('berlin');
$sensor = 'false';
$request = new Request();
$request->setUri($uri);
$request->setMethod('GET');
$client = new Client($uri);
$client->setRequest($request);
$client->setParameterGet(array('sensor'=>$sensor,'address'=>$address));
$response = $client->dispatch($request);
if ($response->isSuccess()) {
print 'Your Request for:<pre>' . print_r($address, 1) . '</pre>';
print '<pre>' . print_r($response->getBody(), 1) . '</pre>';
}
}
function zfform()
{
// Zend Framework 2 form example
$name = new Element('name');
$name->setLabel('Your name');
$name->setAttributes(array(
'type' => 'text'
));
$email = new Element\Email('email');
$email->setLabel('Your email address');
$subject = new Element('subject');
$subject->setLabel('Subject');
$subject->setAttributes(array(
'type' => 'text'
));
$message = new Element\Textarea('message');
$message->setLabel('Message');
$captcha = new Element\Captcha('captcha');
$captcha->setCaptcha(new Captcha\Dumb());
$captcha->setLabel('Please verify you are human');
$csrf = new Element\Csrf('security');
$send = new Element('send');
$send->setValue('Submit');
$send->setAttributes(array(
'type' => 'submit'
));
$form = new Form('contact');
$form->add($name);
$form->add($email);
$form->add($subject);
$form->add($message);
$form->add($captcha);
$form->add($csrf);
$form->add($send);
$nameInput = new Input('name');
// configure input... and all others
$inputFilter = new InputFilter();
// attach all inputs
$form->setInputFilter($inputFilter);
$zfView = new \Zend\View\Renderer\PhpRenderer();
$plugins = $zfView->getHelperPluginManager();
$config = new \Zend\Form\View\HelperConfig;
$config->configureServiceManager($plugins);
$output = $zfView->form()->openTag($form) . "\n";
$output .= $zfView->formRow($form->get('name')) . "<br />\n";
$output .= $zfView->formRow($form->get('captcha')) . "<br />\n";
$output .= $zfView->formSubmit( $form->get('send')) . "<br />\n";
$output .= $zfView->form()->closeTag() . "\n";
echo $output;
}
}
?>
You can use the Zend\Form\View\Helper view helpers to render the form inside a view.
Example: (view context)
My Form:
<?php echo $this->form()->openTag($this->form); ?>
<?php echo $this->formCollection($this->form); ?>
<?php echo $this->form()->closeTag($this->form); ?>
Note that $this->form is the $form variable assigned to the view. Also, view helpers are always available in views as far as they are registered as invokables (this is always true for built-in helpers).
This would render all elements inside a <form ...> ... </form> tag.
Check the other view helpers for further information.
Also, see the example docs: http://zf2.readthedocs.org/en/latest/modules/zend.form.quick-start.html
There's a lot more you can do with this.
None of the simpler answers helped me since I did not have Service Manager set up nor the View Helper methods.
But in a hurry this worked for me:
$checkbox = new Element\Checkbox('checkbox');
$checkbox->setLabel('Label');
$checkbox->setCheckedValue("good");
$checkbox->setUncheckedValue("bad");
$form = new FormCheckbox();
echo $form->render($checkbox);
I am using the following code to list all the manufacturers and it works like a charm:
$attribute = Mage::getModel('eav/entity_attribute')
->loadByCode('catalog_product', 'manufacturer');
$valuesCollection = Mage::getResourceModel('eav/entity_attribute_option_collection')
->setAttributeFilter($attribute->getData('attribute_id'))
->setStoreFilter(0, false);
$preparedManufacturers = array();
foreach($valuesCollection as $value) {
$preparedManufacturers[$value->getOptionId()] = $value->getValue();
}
if (count($preparedManufacturers)) {
echo "<h2>Manufacturers</h2><ul>";
foreach($preparedManufacturers as $optionId => $value) {
echo "<li>" . $value . " - (" . $optionId . ")</li>";
}
echo "</ul>";
}
What I am looking for is a way to display the number of products associated with each of the manufacturers. Can someone please tell me the way of doing this?
Many thanks
Not all mine, but works for me in 1.6+?
<?php
include_once 'app/Mage.php';
Mage::app();
$attribute = Mage::getModel('eav/entity_attribute')
->loadByCode('catalog_product', 'manufacturer');
$valuesCollection = Mage::getResourceModel('eav/entity_attribute_option_collection')
->setAttributeFilter($attribute->getData('attribute_id'))
->setStoreFilter(0, false);
$preparedManufacturers = array();
foreach ($valuesCollection as $value) {
$preparedManufacturers[$value->getOptionId()] = $value->getValue();
}
if (count($preparedManufacturers)) {
echo "<h2>Manufacturers</h2><ul>";
foreach ($preparedManufacturers as $optionId => $value) {
$collection = Mage::getModel('catalog/product')->getCollection();
$collection->addFieldToFilter(array(array('attribute' => 'manufacturer', 'eq' => $optionId)));
$mumberOfProducrt = count($collection);
echo "<li>" . $value . " - (" . $mumberOfProducrt . ")</li>";
}
echo "</ul>";
}
?>
This would work but won't be the most efficient:
foreach($valuesCollection as $value) {
$preparedManufacturers[$value->getOptionId()] = $value->getValue();
$collection = Mage::getModel('catalog/product')->getCollection();
$collection
->addAttributeToSelect('*') // '*' not efficient though
->addAttributeToFilter('manufacturer', array('eq' => $value->getOptionId()))
//->addAttributeToFilter('manufacturer', $value->getOptionId())
;
$count = $collection->->getSize();
}
It's an extra query for each manufacturer so it's not great, if you have some caching etc it won't be too bad though.
Working code should do it
$collection = Mage::getModel('catalog/product')->getCollection()->groupByAttribute('manufacturer')
->addFieldToFilter('status',Mage_Catalog_Model_Product_Status::STATUS_ENABLED)
->addExpressionAttributeToSelect("count",'COUNT({{entity_id}})', 'entity_id');
Mage::getSingleton('cataloginventory/stock')->addInStockFilterToCollection($collection);