tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-03-12 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* include/functions.php: Added safe_output_xml which makes variables
	clean for output converting html entities into numeric entities understood
	by all XML validators
	
	* operation/events/events_rss.php: Used safe_output_xml where needed.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1531 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2009-03-12 18:44:37 +00:00
parent b647e6cb19
commit a0092ef384
3 changed files with 57 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/ChangeLog
View File

@ -1,3 +1,11 @@
2009-03-12 Evi Vanoost <vanooste@rcbi.rochester.edu>
* include/functions.php: Added safe_output_xml which makes variables
clean for output converting html entities into numeric entities understood
by all XML validators
* operation/events/events_rss.php: Used safe_output_xml where needed.
2009-03-12 Esteban Sanchez <estebans@artica.es> 2009-03-12 Esteban Sanchez <estebans@artica.es>
* reporting/fgraph.php: Fixed interval in combined graphs. Fixed * reporting/fgraph.php: Fixed interval in combined graphs. Fixed

36
pandora_console/include/functions.php
View File

@ -49,6 +49,42 @@ function safe_input ($value) {
} }
} }
/**
* Cleans a string by encoding to UTF-8 and replacing the HTML
* entities to their numeric counterparts (possibly double encoding)
*
* @param mixed String or array of strings to be cleaned.
*
* @return mixed The cleaned string or array.
*/
function safe_output_xml ($string) {
if (is_numeric ($value))
return $value;
if (is_array ($value)) {
array_walk ($value, 'safe_output_xml');
return $value;
}
static $table;
static $replace;
if (empty ($table)) {
$table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);
$replace = array ();
foreach ($table as $key => $value){
$table[$key] = "/".$value."/";
$char = htmlentities ($key, ENT_QUOTES, "UTF-8");
$replace[$char] = "&#".ord ($key).";";
}
}
//now perform a replacement using preg_replace
//each matched value in $table will be replaced with the corresponding value in $replace
return preg_replace ($table, $replace, $value);
}
/** /**
* Cleans an object or an array and casts all values as integers * Cleans an object or an array and casts all values as integers
* *

23
pandora_console/operation/events/events_rss.php
View File

@ -19,6 +19,8 @@
ini_set ('display_errors', 0); //Don't display other errors, messes up XML ini_set ('display_errors', 0); //Don't display other errors, messes up XML
header("Content-Type: application/xml; charset=UTF-8"); //Send header before starting to output header("Content-Type: application/xml; charset=UTF-8"); //Send header before starting to output
require_once "../../include/config.php"; require_once "../../include/config.php";
require_once "../../include/functions.php"; require_once "../../include/functions.php";
require_once "../../include/functions_db.php"; require_once "../../include/functions_db.php";
@ -35,7 +37,7 @@ function rss_error_handler ($errno, $errstr, $errfile, $errline) {
$rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>'; $rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>';
$rss_feed .= '<lastBuildDate>'.date (DATE_RFC822, 0).'</lastBuildDate>'; $rss_feed .= '<lastBuildDate>'.date (DATE_RFC822, 0).'</lastBuildDate>';
$rss_feed .= '<link>'.$url.'</link>'; //Link back to the main Pandora page $rss_feed .= '<link>'.$url.'</link>'; //Link back to the main Pandora page
$rss_feed .= '<atom:link href="'.htmlentities ($selfurl).'" rel="self" type="application/rss+xml" />'; //Alternative for Atom feeds. It's the same. $rss_feed .= '<atom:link href="'.safe_input ($selfurl).'" rel="self" type="application/rss+xml" />'; //Alternative for Atom feeds. It's the same.
$rss_feed .= '<item><guid>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</guid><title>Error creating feed</title>'; $rss_feed .= '<item><guid>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</guid><title>Error creating feed</title>';
$rss_feed .= '<description>There was an error creating the feed: '.$errno.' - '.$errstr.' in '.$errfile.' on line '.$errline.'</description>'; $rss_feed .= '<description>There was an error creating the feed: '.$errno.' - '.$errstr.' in '.$errfile.' on line '.$errline.'</description>';
@ -45,6 +47,7 @@ function rss_error_handler ($errno, $errstr, $errfile, $errline) {
} }
set_error_handler ('rss_error_handler', E_ALL); //Errors output as RSS set_error_handler ('rss_error_handler', E_ALL); //Errors output as RSS
$ev_group = get_parameter ("ev_group", 0); // group $ev_group = get_parameter ("ev_group", 0); // group
$search = get_parameter ("search", ""); // free search $search = get_parameter ("search", ""); // free search
$event_type = get_parameter ("event_type", ''); // 0 all $event_type = get_parameter ("event_type", ''); // 0 all
@ -93,33 +96,33 @@ if (empty ($result)) {
$lastbuild = (int) $result[0]['unix_timestamp']; $lastbuild = (int) $result[0]['unix_timestamp'];
} }
$rss_feed = '<?xml version="1.0" encoding="utf-8" ?>'; //' Fixes certain highlighters freaking out on the PHP closing tag $rss_feed = '<?xml version="1.0" encoding="utf-8" ?>'; // ' <?php ' -- Fixes highlighters thinking that the closing tag is PHP
$rss_feed .= '<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">'; $rss_feed .= '<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">';
$rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>'; $rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>';
$rss_feed .= '<lastBuildDate>'.date (DATE_RFC822, $lastbuild).'</lastBuildDate>'; //Last build date is the last event - that way readers won't mark it as having new posts $rss_feed .= '<lastBuildDate>'.date (DATE_RFC822, $lastbuild).'</lastBuildDate>'; //Last build date is the last event - that way readers won't mark it as having new posts
$rss_feed .= '<link>'.$url.'</link>'; //Link back to the main Pandora page $rss_feed .= '<link>'.$url.'</link>'; //Link back to the main Pandora page
$rss_feed .= '<atom:link href="'.htmlentities ($selfurl).'" rel="self" type="application/rss+xml" />'; //Alternative for Atom feeds. It's the same. $rss_feed .= '<atom:link href="'.safe_input ($selfurl).'" rel="self" type="application/rss+xml" />'; //Alternative for Atom feeds. It's the same.
if (empty ($result)) { if (empty ($result)) {
$result = array(); $result = array();
$rss_feed .= '<item><guid>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</guid><title>No results</title>'; $rss_feed .= '<item><guid>'.safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events').'</guid><title>No results</title>';
$rss_feed .= '<description>There are no results. Click on the link to see all Pending events</description>'; $rss_feed .= '<description>There are no results. Click on the link to see all Pending events</description>';
$rss_feed .= '<link>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</link></item>'; $rss_feed .= '<link>'.safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events').'</link></item>';
} }
foreach ($result as $row) { foreach ($result as $row) {
//This is mandatory //This is mandatory
$rss_feed .= '<item><guid>'; $rss_feed .= '<item><guid>';
$rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['event_id']); $rss_feed .= safe_input ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['event_id']);
$rss_feed .= '</guid><title>'; $rss_feed .= '</guid><title>';
$rss_feed .= htmlentities ($row['agent_name']); $rss_feed .= safe_output_xml ($row['agent_name']);
$rss_feed .= '</title><description>'; $rss_feed .= '</title><description>';
$rss_feed .= htmlentities ($row['event_descr']); $rss_feed .= safe_output_xml ($row['event_descr']);
if($row['validated'] == 1) { if($row['validated'] == 1) {
$rss_feed .= '<br /><br />Validated by ' . $row['validated_by']; $rss_feed .= '<br /><br />Validated by ' . safe_output_xml ($row['validated_by']);
} }
$rss_feed .= '</description><link>'; $rss_feed .= '</description><link>';
$rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["event_id"]); $rss_feed .= safe_input ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["event_id"]);
$rss_feed .= '</link>'; $rss_feed .= '</link>';
//The rest is optional //The rest is optional