1: <?php
  2: /**
  3:  * Backend for helpers.
  4:  *
  5:  * Internal methods for the Helpers.
  6:  *
  7:  * PHP 5
  8:  *
  9:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 10:  * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
 11:  *
 12:  * Licensed under The MIT License
 13:  * Redistributions of files must retain the above copyright notice.
 14:  *
 15:  * @copyright     Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
 16:  * @link          http://cakephp.org CakePHP(tm) Project
 17:  * @package       Cake.View
 18:  * @since         CakePHP(tm) v 0.2.9
 19:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 20:  */
 21: 
 22: App::uses('Router', 'Routing');
 23: 
 24: /**
 25:  * Abstract base class for all other Helpers in CakePHP.
 26:  * Provides common methods and features.
 27:  *
 28:  * @package       Cake.View
 29:  */
 30: class Helper extends Object {
 31: 
 32: /**
 33:  * List of helpers used by this helper
 34:  *
 35:  * @var array
 36:  */
 37:     public $helpers = array();
 38: 
 39: /**
 40:  * A helper lookup table used to lazy load helper objects.
 41:  *
 42:  * @var array
 43:  */
 44:     protected $_helperMap = array();
 45: 
 46: /**
 47:  * The current theme name if any.
 48:  *
 49:  * @var string
 50:  */
 51:     public $theme = null;
 52: 
 53: /**
 54:  * Request object
 55:  *
 56:  * @var CakeRequest
 57:  */
 58:     public $request = null;
 59: 
 60: /**
 61:  * Plugin path
 62:  *
 63:  * @var string
 64:  */
 65:     public $plugin = null;
 66: 
 67: /**
 68:  * Holds the fields array('field_name' => array('type' => 'string', 'length' => 100),
 69:  * primaryKey and validates array('field_name')
 70:  *
 71:  * @var array
 72:  */
 73:     public $fieldset = array();
 74: 
 75: /**
 76:  * Holds tag templates.
 77:  *
 78:  * @var array
 79:  */
 80:     public $tags = array();
 81: 
 82: /**
 83:  * Holds the content to be cleaned.
 84:  *
 85:  * @var mixed
 86:  */
 87:     protected $_tainted = null;
 88: 
 89: /**
 90:  * Holds the cleaned content.
 91:  *
 92:  * @var mixed
 93:  */
 94:     protected $_cleaned = null;
 95: 
 96: /**
 97:  * The View instance this helper is attached to
 98:  *
 99:  * @var View
100:  */
101:     protected $_View;
102: 
103: /**
104:  * A list of strings that should be treated as suffixes, or
105:  * sub inputs for a parent input.  This is used for date/time
106:  * inputs primarily.
107:  *
108:  * @var array
109:  */
110:     protected $_fieldSuffixes = array(
111:         'year', 'month', 'day', 'hour', 'min', 'second', 'meridian'
112:     );
113: 
114: /**
115:  * The name of the current model entities are in scope of.
116:  *
117:  * @see Helper::setEntity()
118:  * @var string
119:  */
120:     protected $_modelScope;
121: 
122: /**
123:  * The name of the current model association entities are in scope of.
124:  *
125:  * @see Helper::setEntity()
126:  * @var string
127:  */
128:     protected $_association;
129: 
130: /**
131:  * The dot separated list of elements the current field entity is for.
132:  *
133:  * @see Helper::setEntity()
134:  * @var string
135:  */
136:     protected $_entityPath;
137: 
138: /**
139:  * Default Constructor
140:  *
141:  * @param View $View The View this helper is being attached to.
142:  * @param array $settings Configuration settings for the helper.
143:  */
144:     public function __construct(View $View, $settings = array()) {
145:         $this->_View = $View;
146:         $this->request = $View->request;
147:         if (!empty($this->helpers)) {
148:             $this->_helperMap = ObjectCollection::normalizeObjectArray($this->helpers);
149:         }
150:     }
151: 
152: /**
153:  * Provide non fatal errors on missing method calls.
154:  *
155:  * @param string $method Method to invoke
156:  * @param array $params Array of params for the method.
157:  * @return void
158:  */
159:     public function __call($method, $params) {
160:         trigger_error(__d('cake_dev', 'Method %1$s::%2$s does not exist', get_class($this), $method), E_USER_WARNING);
161:     }
162: 
163: /**
164:  * Lazy loads helpers. Provides access to deprecated request properties as well.
165:  *
166:  * @param string $name Name of the property being accessed.
167:  * @return mixed Helper or property found at $name
168:  */
169:     public function __get($name) {
170:         if (isset($this->_helperMap[$name]) && !isset($this->{$name})) {
171:             $settings = array_merge((array)$this->_helperMap[$name]['settings'], array('enabled' => false));
172:             $this->{$name} = $this->_View->loadHelper($this->_helperMap[$name]['class'], $settings);
173:         }
174:         if (isset($this->{$name})) {
175:             return $this->{$name};
176:         }
177:         switch ($name) {
178:             case 'base':
179:             case 'here':
180:             case 'webroot':
181:             case 'data':
182:                 return $this->request->{$name};
183:             case 'action':
184:                 return isset($this->request->params['action']) ? $this->request->params['action'] : '';
185:             case 'params':
186:                 return $this->request;
187:         }
188:     }
189: 
190: /**
191:  * Provides backwards compatibility access for setting values to the request object.
192:  *
193:  * @param string $name Name of the property being accessed.
194:  * @param mixed $value
195:  * @return mixed Return the $value
196:  */
197:     public function __set($name, $value) {
198:         switch ($name) {
199:             case 'base':
200:             case 'here':
201:             case 'webroot':
202:             case 'data':
203:                 return $this->request->{$name} = $value;
204:             case 'action':
205:                 return $this->request->params['action'] = $value;
206:         }
207:         return $this->{$name} = $value;
208:     }
209: 
210: /**
211:  * Finds URL for specified action.
212:  *
213:  * Returns a URL pointing at the provided parameters.
214:  *
215:  * @param mixed $url Either a relative string url like `/products/view/23` or
216:  *    an array of url parameters.  Using an array for urls will allow you to leverage
217:  *    the reverse routing features of CakePHP.
218:  * @param boolean $full If true, the full base URL will be prepended to the result
219:  * @return string  Full translated URL with base path.
220:  * @link http://book.cakephp.org/2.0/en/views/helpers.html
221:  */
222:     public function url($url = null, $full = false) {
223:         return h(Router::url($url, $full));
224:     }
225: 
226: /**
227:  * Checks if a file exists when theme is used, if no file is found default location is returned
228:  *
229:  * @param string $file The file to create a webroot path to.
230:  * @return string Web accessible path to file.
231:  */
232:     public function webroot($file) {
233:         $asset = explode('?', $file);
234:         $asset[1] = isset($asset[1]) ? '?' . $asset[1] : null;
235:         $webPath = "{$this->request->webroot}" . $asset[0];
236:         $file = $asset[0];
237: 
238:         if (!empty($this->theme)) {
239:             $file = trim($file, '/');
240:             $theme = $this->theme . '/';
241: 
242:             if (DS === '\\') {
243:                 $file = str_replace('/', '\\', $file);
244:             }
245: 
246:             if (file_exists(Configure::read('App.www_root') . 'theme' . DS . $this->theme . DS  . $file)) {
247:                 $webPath = "{$this->request->webroot}theme/" . $theme . $asset[0];
248:             } else {
249:                 $themePath = App::themePath($this->theme);
250:                 $path = $themePath . 'webroot' . DS  . $file;
251:                 if (file_exists($path)) {
252:                     $webPath = "{$this->request->webroot}theme/" . $theme . $asset[0];
253:                 }
254:             }
255:         }
256:         if (strpos($webPath, '//') !== false) {
257:             return str_replace('//', '/', $webPath . $asset[1]);
258:         }
259:         return $webPath . $asset[1];
260:     }
261: 
262: /**
263:  * Adds a timestamp to a file based resource based on the value of `Asset.timestamp` in
264:  * Configure.  If Asset.timestamp is true and debug > 0, or Asset.timestamp == 'force'
265:  * a timestamp will be added.
266:  *
267:  * @param string $path The file path to timestamp, the path must be inside WWW_ROOT
268:  * @return string Path with a timestamp added, or not.
269:  */
270:     public function assetTimestamp($path) {
271:         $stamp = Configure::read('Asset.timestamp');
272:         $timestampEnabled = $stamp === 'force' || ($stamp === true && Configure::read('debug') > 0);
273:         if ($timestampEnabled && strpos($path, '?') === false) {
274:             $filepath = preg_replace('/^' . preg_quote($this->request->webroot, '/') . '/', '', $path);
275:             $webrootPath = WWW_ROOT . str_replace('/', DS, $filepath);
276:             if (file_exists($webrootPath)) {
277:                 return $path . '?' . @filemtime($webrootPath);
278:             }
279:             $segments = explode('/', ltrim($filepath, '/'));
280:             if ($segments[0] === 'theme') {
281:                 $theme = $segments[1];
282:                 unset($segments[0], $segments[1]);
283:                 $themePath = App::themePath($theme) . 'webroot' . DS . implode(DS, $segments);
284:                 return $path . '?' . @filemtime($themePath);
285:             } else {
286:                 $plugin = Inflector::camelize($segments[0]);
287:                 if (CakePlugin::loaded($plugin)) {
288:                     unset($segments[0]);
289:                     $pluginPath = CakePlugin::path($plugin) . 'webroot' . DS . implode(DS, $segments);
290:                     return $path . '?' . @filemtime($pluginPath);
291:                 }
292:             }
293:         }
294:         return $path;
295:     }
296: 
297: /**
298:  * Used to remove harmful tags from content.  Removes a number of well known XSS attacks
299:  * from content.  However, is not guaranteed to remove all possibilities.  Escaping
300:  * content is the best way to prevent all possible attacks.
301:  *
302:  * @param mixed $output Either an array of strings to clean or a single string to clean.
303:  * @return string|array cleaned content for output
304:  */
305:     public function clean($output) {
306:         $this->_reset();
307:         if (empty($output)) {
308:             return null;
309:         }
310:         if (is_array($output)) {
311:             foreach ($output as $key => $value) {
312:                 $return[$key] = $this->clean($value);
313:             }
314:             return $return;
315:         }
316:         $this->_tainted = $output;
317:         $this->_clean();
318:         return $this->_cleaned;
319:     }
320: 
321: /**
322:  * Returns a space-delimited string with items of the $options array. If a
323:  * key of $options array happens to be one of:
324:  *
325:  * - 'compact'
326:  * - 'checked'
327:  * - 'declare'
328:  * - 'readonly'
329:  * - 'disabled'
330:  * - 'selected'
331:  * - 'defer'
332:  * - 'ismap'
333:  * - 'nohref'
334:  * - 'noshade'
335:  * - 'nowrap'
336:  * - 'multiple'
337:  * - 'noresize'
338:  *
339:  * And its value is one of:
340:  *
341:  * - '1' (string)
342:  * - 1 (integer)
343:  * - true (boolean)
344:  * - 'true' (string)
345:  *
346:  * Then the value will be reset to be identical with key's name.
347:  * If the value is not one of these 3, the parameter is not output.
348:  *
349:  * 'escape' is a special option in that it controls the conversion of
350:  *  attributes to their html-entity encoded equivalents.  Set to false to disable html-encoding.
351:  *
352:  * If value for any option key is set to `null` or `false`, that option will be excluded from output.
353:  *
354:  * @param array $options Array of options.
355:  * @param array $exclude Array of options to be excluded, the options here will not be part of the return.
356:  * @param string $insertBefore String to be inserted before options.
357:  * @param string $insertAfter String to be inserted after options.
358:  * @return string Composed attributes.
359:  * @deprecated This method will be moved to HtmlHelper in 3.0
360:  */
361:     protected function _parseAttributes($options, $exclude = null, $insertBefore = ' ', $insertAfter = null) {
362:         if (!is_string($options)) {
363:             $options = (array) $options + array('escape' => true);
364: 
365:             if (!is_array($exclude)) {
366:                 $exclude = array();
367:             }
368: 
369:             $exclude =  array('escape' => true) + array_flip($exclude);
370:             $escape = $options['escape'];
371:             $attributes = array();
372: 
373:             foreach ($options as $key => $value) {
374:                 if (!isset($exclude[$key]) && $value !== false && $value !== null) {
375:                     $attributes[] = $this->_formatAttribute($key, $value, $escape);
376:                 }
377:             }
378:             $out = implode(' ', $attributes);
379:         } else {
380:             $out = $options;
381:         }
382:         return $out ? $insertBefore . $out . $insertAfter : '';
383:     }
384: 
385: /**
386:  * Formats an individual attribute, and returns the string value of the composed attribute.
387:  * Works with minimized attributes that have the same value as their name such as 'disabled' and 'checked'
388:  *
389:  * @param string $key The name of the attribute to create
390:  * @param string $value The value of the attribute to create.
391:  * @param boolean $escape Define if the value must be escaped
392:  * @return string The composed attribute.
393:  * @deprecated This method will be moved to HtmlHelper in 3.0
394:  */
395:     protected function _formatAttribute($key, $value, $escape = true) {
396:         $attribute = '';
397:         if (is_array($value)) {
398:             $value = implode(' ' , $value);
399:         }
400: 
401:         if (is_numeric($key)) {
402:             $attribute = sprintf($this->_minimizedAttributeFormat, $value, $value);
403:         } elseif (in_array($key, $this->_minimizedAttributes)) {
404:             if ($value === 1 || $value === true || $value === 'true' || $value === '1' || $value == $key) {
405:                 $attribute = sprintf($this->_minimizedAttributeFormat, $key, $key);
406:             }
407:         } else {
408:             $attribute = sprintf($this->_attributeFormat, $key, ($escape ? h($value) : $value));
409:         }
410:         return $attribute;
411:     }
412: 
413: /**
414:  * Sets this helper's model and field properties to the dot-separated value-pair in $entity.
415:  *
416:  * @param mixed $entity A field name, like "ModelName.fieldName" or "ModelName.ID.fieldName"
417:  * @param boolean $setScope Sets the view scope to the model specified in $tagValue
418:  * @return void
419:  */
420:     public function setEntity($entity, $setScope = false) {
421:         if ($entity === null) {
422:             $this->_modelScope = false;
423:         }
424:         if ($setScope === true) {
425:             $this->_modelScope = $entity;
426:         }
427:         $parts = array_values(Set::filter(explode('.', $entity), true));
428:         if (empty($parts)) {
429:             return;
430:         }
431:         $count = count($parts);
432:         $lastPart = isset($parts[$count - 1]) ? $parts[$count - 1] : null;
433: 
434:         // Either 'body' or 'date.month' type inputs.
435:         if (
436:             ($count === 1 && $this->_modelScope && $setScope == false) ||
437:             (
438:                 $count === 2 &&
439:                 in_array($lastPart, $this->_fieldSuffixes) &&
440:                 $this->_modelScope &&
441:                 $parts[0] !== $this->_modelScope
442:             )
443:         ) {
444:             $entity = $this->_modelScope . '.' . $entity;
445:         }
446: 
447:         // 0.name, 0.created.month style inputs.  Excludes inputs with the modelScope in them.
448:         if (
449:             $count >= 2 && 
450:             is_numeric($parts[0]) && 
451:             !is_numeric($parts[1]) && 
452:             $this->_modelScope && 
453:             strpos($entity, $this->_modelScope) === false
454:         ) {
455:             $entity = $this->_modelScope . '.' . $entity;
456:         }
457: 
458:         $this->_association = null;
459: 
460:         $isHabtm = (
461:             isset($this->fieldset[$this->_modelScope]['fields'][$parts[0]]['type']) &&
462:             $this->fieldset[$this->_modelScope]['fields'][$parts[0]]['type'] === 'multiple' &&
463:             $count == 1
464:         );
465: 
466:         // habtm models are special
467:         if ($count == 1 && $isHabtm) {
468:             $this->_association = $parts[0];
469:             $entity = $parts[0] . '.' . $parts[0];
470:         } else {
471:             // check for associated model.
472:             $reversed = array_reverse($parts);
473:             foreach ($reversed as $i => $part) {
474:                 if ($i > 0 && preg_match('/^[A-Z]/', $part)) {
475:                     $this->_association = $part;
476:                     break;
477:                 }
478:             }
479:         }
480:         $this->_entityPath = $entity;
481:         return;
482:     }
483: 
484: /**
485:  * Returns the entity reference of the current context as an array of identity parts
486:  *
487:  * @return array An array containing the identity elements of an entity
488:  */
489:     public function entity() {
490:         return explode('.', $this->_entityPath);
491:     }
492: 
493: /**
494:  * Gets the currently-used model of the rendering context.
495:  *
496:  * @return string
497:  */
498:     public function model() {
499:         if ($this->_association) {
500:             return $this->_association;
501:         }
502:         return $this->_modelScope;
503:     }
504: 
505: /**
506:  * Gets the currently-used model field of the rendering context.
507:  * Strips off field suffixes such as year, month, day, hour, min, meridian
508:  * when the current entity is longer than 2 elements.
509:  *
510:  * @return string
511:  */
512:     public function field() {
513:         $entity = $this->entity();
514:         $count = count($entity);
515:         $last = $entity[$count - 1];
516:         if ($count > 2 && in_array($last, $this->_fieldSuffixes)) {
517:             $last = isset($entity[$count - 2]) ? $entity[$count - 2] : null;
518:         }
519:         return $last;
520:     }
521: 
522: /**
523:  * Generates a DOM ID for the selected element, if one is not set.
524:  * Uses the current View::entity() settings to generate a CamelCased id attribute.
525:  *
526:  * @param mixed $options Either an array of html attributes to add $id into, or a string
527:  *   with a view entity path to get a domId for.
528:  * @param string $id The name of the 'id' attribute.
529:  * @return mixed If $options was an array, an array will be returned with $id set.  If a string
530:  *   was supplied, a string will be returned.
531:  * @todo Refactor this method to not have as many input/output options.
532:  */
533:     public function domId($options = null, $id = 'id') {
534:         if (is_array($options) && array_key_exists($id, $options) && $options[$id] === null) {
535:             unset($options[$id]);
536:             return $options;
537:         } elseif (!is_array($options) && $options !== null) {
538:             $this->setEntity($options);
539:             return $this->domId();
540:         }
541: 
542:         $entity = $this->entity();
543:         $model = array_shift($entity);
544:         $dom = $model . join('', array_map(array('Inflector', 'camelize'), $entity));
545: 
546:         if (is_array($options) && !array_key_exists($id, $options)) {
547:             $options[$id] = $dom;
548:         } elseif ($options === null) {
549:             return $dom;
550:         }
551:         return $options;
552:     }
553: 
554: /**
555:  * Gets the input field name for the current tag. Creates input name attributes
556:  * using CakePHP's data[Model][field] formatting.
557:  *
558:  * @param mixed $options If an array, should be an array of attributes that $key needs to be added to.
559:  *   If a string or null, will be used as the View entity.
560:  * @param string $field
561:  * @param string $key The name of the attribute to be set, defaults to 'name'
562:  * @return mixed If an array was given for $options, an array with $key set will be returned.
563:  *   If a string was supplied a string will be returned.
564:  * @todo Refactor this method to not have as many input/output options.
565:  */
566:     protected function _name($options = array(), $field = null, $key = 'name') {
567:         if ($options === null) {
568:             $options = array();
569:         } elseif (is_string($options)) {
570:             $field = $options;
571:             $options = 0;
572:         }
573: 
574:         if (!empty($field)) {
575:             $this->setEntity($field);
576:         }
577: 
578:         if (is_array($options) && array_key_exists($key, $options)) {
579:             return $options;
580:         }
581: 
582:         switch ($field) {
583:             case '_method':
584:                 $name = $field;
585:             break;
586:             default:
587:                 $name = 'data[' . implode('][', $this->entity()) . ']';
588:             break;
589:         }
590: 
591:         if (is_array($options)) {
592:             $options[$key] = $name;
593:             return $options;
594:         } else {
595:             return $name;
596:         }
597:     }
598: 
599: /**
600:  * Gets the data for the current tag
601:  *
602:  * @param mixed $options If an array, should be an array of attributes that $key needs to be added to.
603:  *   If a string or null, will be used as the View entity.
604:  * @param string $field
605:  * @param string $key The name of the attribute to be set, defaults to 'value'
606:  * @return mixed If an array was given for $options, an array with $key set will be returned.
607:  *   If a string was supplied a string will be returned.
608:  * @todo Refactor this method to not have as many input/output options.
609:  */
610:     public function value($options = array(), $field = null, $key = 'value') {
611:         if ($options === null) {
612:             $options = array();
613:         } elseif (is_string($options)) {
614:             $field = $options;
615:             $options = 0;
616:         }
617: 
618:         if (is_array($options) && isset($options[$key])) {
619:             return $options;
620:         }
621: 
622:         if (!empty($field)) {
623:             $this->setEntity($field);
624:         }
625:         $result = null;
626:         $data = $this->request->data;
627: 
628:         $entity = $this->entity();
629:         if (!empty($data) && !empty($entity)) {
630:             $result = Set::extract(implode('.', $entity), $data);
631:         }
632: 
633:         $habtmKey = $this->field();
634:         if (empty($result) && isset($data[$habtmKey][$habtmKey]) && is_array($data[$habtmKey])) {
635:             $result = $data[$habtmKey][$habtmKey];
636:         } elseif (empty($result) && isset($data[$habtmKey]) && is_array($data[$habtmKey])) {
637:             if (ClassRegistry::isKeySet($habtmKey)) {
638:                 $model = ClassRegistry::getObject($habtmKey);
639:                 $result = $this->_selectedArray($data[$habtmKey], $model->primaryKey);
640:             }
641:         }
642: 
643:         if (is_array($options)) {
644:             if ($result === null && isset($options['default'])) {
645:                 $result = $options['default'];
646:             }
647:             unset($options['default']);
648:         }
649: 
650:         if (is_array($options)) {
651:             $options[$key] = $result;
652:             return $options;
653:         } else {
654:             return $result;
655:         }
656:     }
657: 
658: /**
659:  * Sets the defaults for an input tag.  Will set the
660:  * name, value, and id attributes for an array of html attributes. Will also
661:  * add a 'form-error' class if the field contains validation errors.
662:  *
663:  * @param string $field The field name to initialize.
664:  * @param array $options Array of options to use while initializing an input field.
665:  * @return array Array options for the form input.
666:  */
667:     protected function _initInputField($field, $options = array()) {
668:         if ($field !== null) {
669:             $this->setEntity($field);
670:         }
671:         $options = (array)$options;
672:         $options = $this->_name($options);
673:         $options = $this->value($options);
674:         $options = $this->domId($options);
675:         return $options;
676:     }
677: 
678: /**
679:  * Adds the given class to the element options
680:  *
681:  * @param array $options Array options/attributes to add a class to
682:  * @param string $class The classname being added.
683:  * @param string $key the key to use for class.
684:  * @return array Array of options with $key set.
685:  */
686:     public function addClass($options = array(), $class = null, $key = 'class') {
687:         if (isset($options[$key]) && trim($options[$key]) != '') {
688:             $options[$key] .= ' ' . $class;
689:         } else {
690:             $options[$key] = $class;
691:         }
692:         return $options;
693:     }
694: 
695: /**
696:  * Returns a string generated by a helper method
697:  *
698:  * This method can be overridden in subclasses to do generalized output post-processing
699:  *
700:  * @param string $str String to be output.
701:  * @return string
702:  * @deprecated This method will be removed in future versions.
703:  */
704:     public function output($str) {
705:         return $str;
706:     }
707: 
708: /**
709:  * Before render callback. beforeRender is called before the view file is rendered.
710:  *
711:  * Overridden in subclasses.
712:  *
713:  * @param string $viewFile The view file that is going to be rendered
714:  * @return void
715:  */
716:     public function beforeRender($viewFile) {
717:     }
718: 
719: /**
720:  * After render callback.  afterRender is called after the view file is rendered
721:  * but before the layout has been rendered.
722:  *
723:  * Overridden in subclasses.
724:  *
725:  * @param string $viewFile The view file that was rendered.
726:  * @return void
727:  */
728:     public function afterRender($viewFile) {
729:     }
730: 
731: /**
732:  * Before layout callback.  beforeLayout is called before the layout is rendered.
733:  *
734:  * Overridden in subclasses.
735:  *
736:  * @param string $layoutFile The layout about to be rendered.
737:  * @return void
738:  */
739:     public function beforeLayout($layoutFile) {
740:     }
741: 
742: /**
743:  * After layout callback.  afterLayout is called after the layout has rendered.
744:  *
745:  * Overridden in subclasses.
746:  *
747:  * @param string $layoutFile The layout file that was rendered.
748:  * @return void
749:  */
750:     public function afterLayout($layoutFile) {
751:     }
752: 
753: /**
754:  * Transforms a recordset from a hasAndBelongsToMany association to a list of selected
755:  * options for a multiple select element
756:  *
757:  * @param mixed $data
758:  * @param string $key
759:  * @return array
760:  */
761:     protected function _selectedArray($data, $key = 'id') {
762:         if (!is_array($data)) {
763:             $model = $data;
764:             if (!empty($this->request->data[$model][$model])) {
765:                 return $this->request->data[$model][$model];
766:             }
767:             if (!empty($this->request->data[$model])) {
768:                 $data = $this->request->data[$model];
769:             }
770:         }
771:         $array = array();
772:         if (!empty($data)) {
773:             foreach ($data as $row) {
774:                 if (isset($row[$key])) {
775:                     $array[$row[$key]] = $row[$key];
776:                 }
777:             }
778:         }
779:         return empty($array) ? null : $array;
780:     }
781: 
782: /**
783:  * Resets the vars used by Helper::clean() to null
784:  *
785:  * @return void
786:  */
787:     protected function _reset() {
788:         $this->_tainted = null;
789:         $this->_cleaned = null;
790:     }
791: 
792: /**
793:  * Removes harmful content from output
794:  *
795:  * @return void
796:  */
797:     protected function _clean() {
798:         if (get_magic_quotes_gpc()) {
799:             $this->_cleaned = stripslashes($this->_tainted);
800:         } else {
801:             $this->_cleaned = $this->_tainted;
802:         }
803: 
804:         $this->_cleaned = str_replace(array("&amp;", "&lt;", "&gt;"), array("&amp;amp;", "&amp;lt;", "&amp;gt;"), $this->_cleaned);
805:         $this->_cleaned = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u', "$1;", $this->_cleaned);
806:         $this->_cleaned = preg_replace('#(&\#x*)([0-9A-F]+);*#iu', "$1$2;", $this->_cleaned);
807:         $this->_cleaned = html_entity_decode($this->_cleaned, ENT_COMPAT, "UTF-8");
808:         $this->_cleaned = preg_replace('#(<[^>]+[\x00-\x20\"\'\/])(on|xmlns)[^>]*>#iUu', "$1>", $this->_cleaned);
809:         $this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu', '$1=$2nojavascript...', $this->_cleaned);
810:         $this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu', '$1=$2novbscript...', $this->_cleaned);
811:         $this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=*([\'\"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#iUu', '$1=$2nomozbinding...', $this->_cleaned);
812:         $this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*data[\x00-\x20]*:#Uu', '$1=$2nodata...', $this->_cleaned);
813:         $this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU', "$1>", $this->_cleaned);
814:         $this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU', "$1>", $this->_cleaned);
815:         $this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu', "$1>", $this->_cleaned);
816:         $this->_cleaned = preg_replace('#</*\w+:\w[^>]*>#i', "", $this->_cleaned);
817:         do {
818:             $oldstring = $this->_cleaned;
819:             $this->_cleaned = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $this->_cleaned);
820:         } while ($oldstring != $this->_cleaned);
821:         $this->_cleaned = str_replace(array("&amp;", "&lt;", "&gt;"), array("&amp;amp;", "&amp;lt;", "&amp;gt;"), $this->_cleaned);
822:     }
823: }
824: