1 | <?php |
---|
2 | |
---|
3 | /** |
---|
4 | * NanoSanitizer |
---|
5 | * |
---|
6 | * @package NanoAjax |
---|
7 | * |
---|
8 | */ |
---|
9 | class NanoSanitizer |
---|
10 | { |
---|
11 | |
---|
12 | /** |
---|
13 | * Enter description here... |
---|
14 | * |
---|
15 | * @access protected |
---|
16 | * @var array |
---|
17 | */ |
---|
18 | protected $_mArrSignaturePresets = array(); |
---|
19 | |
---|
20 | /** |
---|
21 | * Enter description here... |
---|
22 | * |
---|
23 | * @access protected |
---|
24 | * @var boolean |
---|
25 | */ |
---|
26 | protected $_mBlnMagicQuotes = false; |
---|
27 | |
---|
28 | /** |
---|
29 | * Enter description here... |
---|
30 | * |
---|
31 | * @access protected |
---|
32 | * @var array |
---|
33 | */ |
---|
34 | protected $_mArrUnSecureVariables = array(); |
---|
35 | |
---|
36 | /** |
---|
37 | * Enter description here... |
---|
38 | * |
---|
39 | * @access protected |
---|
40 | * @var array |
---|
41 | */ |
---|
42 | protected $_mArrSignatures = array(); |
---|
43 | |
---|
44 | /** |
---|
45 | * Enter description here... |
---|
46 | * |
---|
47 | * @access protected |
---|
48 | * @var integer |
---|
49 | */ |
---|
50 | protected $_mIntCountUnSecureVariables = 0; |
---|
51 | |
---|
52 | /** |
---|
53 | * Enter description here... |
---|
54 | * |
---|
55 | * @access protected |
---|
56 | * @var integer |
---|
57 | */ |
---|
58 | protected $_mIntCountSignature = 0; |
---|
59 | |
---|
60 | /** |
---|
61 | * Enter description here... |
---|
62 | * |
---|
63 | * @access protected |
---|
64 | * @var array |
---|
65 | */ |
---|
66 | protected $_mArrSanitizedVariables = array(); |
---|
67 | |
---|
68 | /** |
---|
69 | * Enter description here... |
---|
70 | * |
---|
71 | * @access protected |
---|
72 | * @var string |
---|
73 | */ |
---|
74 | protected $_mStrSignaturePreset = ''; |
---|
75 | |
---|
76 | /** |
---|
77 | * Enter description here... |
---|
78 | * |
---|
79 | * @access protected |
---|
80 | * @var boolean |
---|
81 | */ |
---|
82 | protected $_mBlnReportErrors = false; |
---|
83 | |
---|
84 | /** |
---|
85 | * Enter description here... |
---|
86 | * |
---|
87 | * @access protected |
---|
88 | * @var boolean |
---|
89 | */ |
---|
90 | protected $_mBlnStopOnError = false; |
---|
91 | |
---|
92 | protected $logger; |
---|
93 | |
---|
94 | |
---|
95 | /** |
---|
96 | * Constructor, initializes object |
---|
97 | * |
---|
98 | * @access public |
---|
99 | * @return NanoSanitizer |
---|
100 | */ |
---|
101 | public function __construct($logger) |
---|
102 | { |
---|
103 | $this->logger = $logger; |
---|
104 | $this->_mBlnMagicQuotes = (bool) get_magic_quotes_gpc(); |
---|
105 | } |
---|
106 | |
---|
107 | /** |
---|
108 | * Enter description here... |
---|
109 | * |
---|
110 | * @param unknown_type $preset_file |
---|
111 | */ |
---|
112 | public function loadPresets( $preset_file = '' ) |
---|
113 | { |
---|
114 | $this->_mArrSignaturePresets = ( '' != $preset_file && is_file($preset_file) && is_readable($preset_file) ) |
---|
115 | ? include($preset_file) |
---|
116 | : include(dirname(__FILE__).'/include/NanoSanitizer.presets.inc.php'); |
---|
117 | } |
---|
118 | |
---|
119 | /** |
---|
120 | * Enter description here... |
---|
121 | * |
---|
122 | * @param string $signature_preset |
---|
123 | */ |
---|
124 | public function setSignaturePreset( $signature_preset = '' ) |
---|
125 | { |
---|
126 | $this->logger->rawAdd('setting signature preset...'); |
---|
127 | |
---|
128 | if( NanoUtil::isNotEmptyString($signature_preset) && array_key_exists($signature_preset,$this->_mArrSignaturePresets) ) |
---|
129 | { |
---|
130 | $this->_mStrSignaturePreset = $signature_preset; |
---|
131 | $this->logger->add('done.'); |
---|
132 | } |
---|
133 | else |
---|
134 | { |
---|
135 | $this->_throw( __METHOD__, |
---|
136 | ' signatur preset ('.$signature_preset.') {'. |
---|
137 | gettype($signature_preset).'} NOT valid!' ); |
---|
138 | } |
---|
139 | } |
---|
140 | |
---|
141 | |
---|
142 | /** |
---|
143 | * Sets the signature array with paramters for later verification |
---|
144 | * |
---|
145 | * @param array $signature_array |
---|
146 | */ |
---|
147 | public function setSignatures( $signatures_array ) |
---|
148 | { |
---|
149 | $this->logger->rawAdd('setting signatures...'); |
---|
150 | |
---|
151 | if( NanoUtil::isNotEmptyArray($signatures_array) ) |
---|
152 | { |
---|
153 | $this->_mArrSignatures = $signatures_array; |
---|
154 | $this->_mIntCountSignature = count($signatures_array); |
---|
155 | $this->logger->add('done.'); |
---|
156 | } |
---|
157 | else |
---|
158 | { |
---|
159 | $this->_throw( __METHOD__, |
---|
160 | ' signatur array ('.implode('|',$signatures_array). |
---|
161 | 'is NOT valid!' ); |
---|
162 | } |
---|
163 | } |
---|
164 | |
---|
165 | /** |
---|
166 | * Set variables which will be sanitized |
---|
167 | * |
---|
168 | * @param array $variables_array |
---|
169 | */ |
---|
170 | public function setUnSecureData( $unsecure_variables_array ) |
---|
171 | { |
---|
172 | $this->logger->rawAdd('setting unsecure variable array...'); |
---|
173 | |
---|
174 | if( is_array($unsecure_variables_array) && count( $unsecure_variables_array ) > 0 ) |
---|
175 | { |
---|
176 | $this->logger->add('done.'); |
---|
177 | $this->_mArrUnSecureVariables = $unsecure_variables_array; |
---|
178 | $this->_mIntCountUnSecureVariables = count($unsecure_variables_array); |
---|
179 | } |
---|
180 | else |
---|
181 | { |
---|
182 | $this->_throw( __METHOD__, ' unsecure variables array is NOT valid!' ); |
---|
183 | } |
---|
184 | } |
---|
185 | |
---|
186 | /** |
---|
187 | * sets reporting of variable unequality |
---|
188 | * |
---|
189 | * @param boolean $bln_switch |
---|
190 | */ |
---|
191 | public function setErrorReporting( $bln_switch ) |
---|
192 | { |
---|
193 | if( is_bool($bln_switch) ) |
---|
194 | { |
---|
195 | $this->_mBlnReportErrors = $bln_switch; |
---|
196 | } |
---|
197 | } |
---|
198 | |
---|
199 | /** |
---|
200 | * sets reporting of variable unequality |
---|
201 | * |
---|
202 | * @param boolean $bln_switch |
---|
203 | */ |
---|
204 | public function setStopOnError( $bln_switch ) |
---|
205 | { |
---|
206 | if( is_bool($bln_switch) ) |
---|
207 | { |
---|
208 | $this->_mBlnStopOnError = $bln_switch; |
---|
209 | } |
---|
210 | } |
---|
211 | |
---|
212 | |
---|
213 | /** |
---|
214 | * Executes sanitization |
---|
215 | * |
---|
216 | */ |
---|
217 | public function executeSanitization() |
---|
218 | { |
---|
219 | $this->logger->rawAdd('checking all parameters...'); |
---|
220 | if( false == $this->_areParemetersValid() ) |
---|
221 | { |
---|
222 | $this->_throw( __METHOD__, |
---|
223 | 'Signature / Input Variables Error !!! [S:'. |
---|
224 | $this->_mIntCountSignature.'|I:'. |
---|
225 | $this->_mIntCountUnSecureVariables.']' ); |
---|
226 | } |
---|
227 | $this->logger->add('valid!'); |
---|
228 | $this->logger->add('<br/>iterating over all sigantures...'); |
---|
229 | |
---|
230 | foreach ($this->_mArrSignatures as $varname => $signature) |
---|
231 | { |
---|
232 | $this->logger->rawAdd('<br/>checking variable <b>'.$varname.'</b> is required but not present...'); |
---|
233 | |
---|
234 | if( $this->_isRequiredVariableNotPresent($varname,$signature) ) |
---|
235 | { |
---|
236 | $this->_throw( __METHOD__, |
---|
237 | 'Variable ['.$varname.'] is required, but NOT present!' ); |
---|
238 | } |
---|
239 | |
---|
240 | $this->logger->add('OK. {'.(($this->_isVariableRequired($signature))?'required':'NOT required').'}'); |
---|
241 | |
---|
242 | $this->logger->rawAdd('checking variable exists in unsecure array...'); |
---|
243 | |
---|
244 | if( array_key_exists($varname,$this->_mArrUnSecureVariables) ) |
---|
245 | { |
---|
246 | $this->logger->add('exists!'); |
---|
247 | $variable_container = trim($this->_mArrUnSecureVariables[$varname]); |
---|
248 | |
---|
249 | $this->logger->rawAdd('searching for preset in signature...'); |
---|
250 | |
---|
251 | // ------------------------------------------------------------- |
---|
252 | // PRESET: |
---|
253 | // is preset in signature ? |
---|
254 | // set preset data to siganture |
---|
255 | if( true === $this->_isSignaturePresetValid($signature) ) |
---|
256 | { |
---|
257 | $this->logger->add('found! {<b>'.NanoUtil::getParam($signature,'preset').'</b>}'); |
---|
258 | $this->logger->rawAdd('setting signsture preset data to signature...'); |
---|
259 | $signature = $this->_getSignaturePresetData($signature); |
---|
260 | $this->logger->add('done.'); |
---|
261 | } |
---|
262 | else |
---|
263 | { |
---|
264 | $this->logger->add('NOT found, using given signature.'); |
---|
265 | } |
---|
266 | |
---|
267 | $this->logger->rawAdd('checking signature given type...'); |
---|
268 | |
---|
269 | // ------------------------------------------------------------- |
---|
270 | // TYPE: |
---|
271 | // apply type (integer, string, array,...) to variable |
---|
272 | // { brute force mode } |
---|
273 | if( $this->_isSignatureVarTypeValid($signature) ) |
---|
274 | { |
---|
275 | $this->logger->rawAdd('valid. setting type [<b>'.$signature['type'].'</b>]...'); |
---|
276 | settype( $variable_container, $signature['type'] ); |
---|
277 | $this->logger->add('done.'); |
---|
278 | } |
---|
279 | |
---|
280 | $this->logger->rawAdd('searching for (filter) methods in signature...'); |
---|
281 | |
---|
282 | // ------------------------------------------------------------- |
---|
283 | // METHODS: |
---|
284 | // apply method(s) to variable |
---|
285 | if( $this->_isSignatureMethodsValid($signature) ) |
---|
286 | { |
---|
287 | $this->logger->add('found.'); |
---|
288 | |
---|
289 | // check if is not an array |
---|
290 | if( !is_array($signature['methods']) ) |
---|
291 | { |
---|
292 | // put methodname into array for later iteration |
---|
293 | $signature['methods'] = array($signature['methods']); |
---|
294 | } |
---|
295 | |
---|
296 | $this->logger->add('iterating over given filter methods...'); |
---|
297 | |
---|
298 | // iterate over method array |
---|
299 | foreach ( $signature['methods'] as $method_data ) |
---|
300 | { |
---|
301 | $this->logger->rawAdd('executing method <b>'.$method_data['name'].'</b>...'); |
---|
302 | |
---|
303 | if( method_exists( $this, $method_data['name'] ) ) |
---|
304 | { |
---|
305 | // execute method with variable as parameter |
---|
306 | $variable_container = $this->$method_data['name']($variable_container,$method_data['limits']); |
---|
307 | } |
---|
308 | else |
---|
309 | { |
---|
310 | $logger_message = 'method ['.$method_data['name'].'] NOT found!!!'; |
---|
311 | |
---|
312 | if( true == $this->_mBlnStopOnError ) |
---|
313 | { |
---|
314 | $this->_throw( __METHOD__,'method ['.$method_data['name'].'] NOT found!!!'); |
---|
315 | } |
---|
316 | else { $this->logger->add('method ['.$method_data['name'].'] NOT found!!!'); } |
---|
317 | } |
---|
318 | |
---|
319 | $this->logger->add('done.'); |
---|
320 | } |
---|
321 | } |
---|
322 | else |
---|
323 | { |
---|
324 | $this->logger->add('NOT found. (nothing to do)'); |
---|
325 | } |
---|
326 | |
---|
327 | // ------------------------------------------------------------- |
---|
328 | // REPORTING (report variable change / stop if has changed) |
---|
329 | if( true == $this->_mBlnReportErrors) |
---|
330 | { |
---|
331 | // ------------------------------------------------------------- |
---|
332 | // VERIFICATION (is variable changed in value (after sanitization) |
---|
333 | if( $this->_isVariableChanged($varname,$variable_container) ) |
---|
334 | { |
---|
335 | $this->logger->add('NOT equal'); |
---|
336 | |
---|
337 | $message = '~~ Variable <b>'.$varname.'</b> '. /* $logger */ |
---|
338 | /* $logger */ 'seems not to be same after sanitization '. |
---|
339 | /* $logger */ '<div style="border:1px solid #CC0000;'. |
---|
340 | /* $logger */ 'background-color:#EEEEEE"><b>'. |
---|
341 | /* $logger */ htmlentities($this->_mArrUnSecureVariables[$varname]). |
---|
342 | /* $logger */ '</b> </div> {before} != <div style="'. |
---|
343 | /* $logger */ 'border:1px solid #CC0000;background-color:'. |
---|
344 | /* $logger */ '#EEEEEE"><b>'.$variable_container. |
---|
345 | /* $logger */ '</b> </div> {after}'; |
---|
346 | |
---|
347 | if( true == $this->_mBlnStopOnError ) |
---|
348 | { |
---|
349 | $this->_throw( __METHOD__,$message); |
---|
350 | } |
---|
351 | else { $this->logger->add($message); } |
---|
352 | } |
---|
353 | else { $this->logger->add('IS equal'); } |
---|
354 | } |
---|
355 | |
---|
356 | // ------------------------------------------------------------- |
---|
357 | // ASSIGNMENT |
---|
358 | $this->_assignCleanedVariable($varname,$variable_container); |
---|
359 | |
---|
360 | } |
---|
361 | else { $this->logger->add('not found! (continue with next)'); } |
---|
362 | } |
---|
363 | |
---|
364 | return $this->_mArrSanitizedVariables; |
---|
365 | } |
---|
366 | |
---|
367 | /** |
---|
368 | * Enter description here... |
---|
369 | * |
---|
370 | * @param unknown_type $varname |
---|
371 | * @param unknown_type $cleaned_variable |
---|
372 | */ |
---|
373 | protected function _assignCleanedVariable( $varname, $cleaned_variable ) |
---|
374 | { |
---|
375 | // ------------------------------------------------------------- |
---|
376 | // ASSIGNMENT |
---|
377 | // set sanitized variable to new (output) array |
---|
378 | $this->logger->rawAdd('assigning cleaned input variable to output array...'); |
---|
379 | $this->_mArrSanitizedVariables[$varname] = $cleaned_variable; |
---|
380 | $this->logger->add('done.'); |
---|
381 | } |
---|
382 | |
---|
383 | protected function _isVariableChanged( $varname, $new_variable ) |
---|
384 | { |
---|
385 | $this->logger->rawAdd('checking variable has changed while sanitization [<b>'. |
---|
386 | htmlentities($this->_mArrUnSecureVariables[$varname]).'</b>] ?? [<b>'. |
---|
387 | $new_variable.'</b>]...'); |
---|
388 | |
---|
389 | return ( !empty($this->_mArrUnSecureVariables[$varname]) && $this->_mArrUnSecureVariables[$varname] != (string)$new_variable); |
---|
390 | } |
---|
391 | |
---|
392 | protected function _isRequiredVariableNotPresent( $varname, $signature ) |
---|
393 | { |
---|
394 | return ( false == isset($this->_mArrUnSecureVariables[$varname]) |
---|
395 | && |
---|
396 | $this->_isVariableRequired($signature) ); |
---|
397 | } |
---|
398 | |
---|
399 | protected function _isVariableRequired( $signature = array() ) |
---|
400 | { |
---|
401 | return NanoUtil::getParam($signature,'required',false); |
---|
402 | } |
---|
403 | |
---|
404 | /** |
---|
405 | * Enter description here... |
---|
406 | * |
---|
407 | * @param unknown_type $signature |
---|
408 | * @return unknown |
---|
409 | */ |
---|
410 | protected function _isSignaturePresetValid( $signature = array() ) |
---|
411 | { |
---|
412 | return ( '' != NanoUtil::getParam($signature,'preset') && array_key_exists(NanoUtil::getParam($signature,'preset'),$this->_mArrSignaturePresets) ) |
---|
413 | ? true |
---|
414 | : false; |
---|
415 | } |
---|
416 | |
---|
417 | /** |
---|
418 | * Enter description here... |
---|
419 | * |
---|
420 | * @param unknown_type $signature |
---|
421 | * @return unknown |
---|
422 | */ |
---|
423 | protected function _getSignaturePresetData( $signature = array() ) |
---|
424 | { |
---|
425 | $preset_signature = $this->_mArrSignaturePresets[$signature['preset']]; |
---|
426 | |
---|
427 | unset($signature['preset']); |
---|
428 | |
---|
429 | return array_merge($signature,$preset_signature); |
---|
430 | } |
---|
431 | |
---|
432 | /** |
---|
433 | * Enter description here... |
---|
434 | * |
---|
435 | * @param unknown_type $signature |
---|
436 | * @return unknown |
---|
437 | */ |
---|
438 | protected function _isSignatureVarTypeValid( $signature = array() ) |
---|
439 | { |
---|
440 | return ( '' != NanoUtil::getParam($signature,'type') ) |
---|
441 | ? true |
---|
442 | : false; |
---|
443 | } |
---|
444 | |
---|
445 | /** |
---|
446 | * Enter description here... |
---|
447 | * |
---|
448 | * @param unknown_type $signature |
---|
449 | * @return unknown |
---|
450 | */ |
---|
451 | protected function _isSignatureMethodsValid( $signature = array() ) |
---|
452 | { |
---|
453 | return ( '' != NanoUtil::getParam($signature,'methods') ) |
---|
454 | ? true |
---|
455 | : false; |
---|
456 | } |
---|
457 | |
---|
458 | protected function _areParemetersValid() |
---|
459 | { |
---|
460 | // Check all needed parameter (arrays) are loaded, not empty |
---|
461 | // and size of both is equal |
---|
462 | return ( $this->_mIntCountSignature > 0 |
---|
463 | && |
---|
464 | $this->_mIntCountUnSecureVariables > 0 |
---|
465 | && |
---|
466 | $this->_mIntCountSignature == $this->_mIntCountUnSecureVariables ) |
---|
467 | |
---|
468 | // check passed |
---|
469 | ? true |
---|
470 | // check failed |
---|
471 | : true; |
---|
472 | |
---|
473 | } |
---|
474 | |
---|
475 | // addslashes wrapper to check for gpc_magic_quotes |
---|
476 | protected function _addNiceSlashes($string) |
---|
477 | { |
---|
478 | // if magic quotes is on the string is already quoted, just return it |
---|
479 | return (MAGIC_QUOTES) |
---|
480 | |
---|
481 | // return raw string |
---|
482 | ? $string |
---|
483 | |
---|
484 | // add slashes and return new string |
---|
485 | : addslashes($string); |
---|
486 | } |
---|
487 | |
---|
488 | // internal function for utf8 decoding |
---|
489 | // PHP's utf8_decode function is a little |
---|
490 | // screwy |
---|
491 | protected function _decodeUtf8($string) |
---|
492 | { |
---|
493 | return utf8_decode($string); |
---|
494 | /* |
---|
495 | return strtr($string, |
---|
496 | "???????¥µÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿ", |
---|
497 | "SOZsozYYuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy"); |
---|
498 | */ |
---|
499 | } |
---|
500 | |
---|
501 | |
---|
502 | // default string sanitization -- only let the alphanumeric set through |
---|
503 | protected function _sanitizeDefaultAlphaNumericString($string, $limits = array() ) |
---|
504 | { |
---|
505 | return $this->_getLimitedString(preg_replace("/[^a-zA-Z0-9_\-\ ]/", "", $string), $limits); |
---|
506 | } |
---|
507 | |
---|
508 | |
---|
509 | // paranoid sanitization -- only let the alphanumeric set through |
---|
510 | protected function _sanitizeParanoidAlphaNumericString($string, $limits = array() ) |
---|
511 | { |
---|
512 | return $this->_getLimitedString(preg_replace("/[^a-zA-Z0-9]/", "", $string), $limits); |
---|
513 | } |
---|
514 | |
---|
515 | |
---|
516 | // default string sanitization -- only let the alphanumeric set through |
---|
517 | protected function _sanitizeDefaultGermanAlphaNumericString($string, $limits = array() ) |
---|
518 | { |
---|
519 | return $this->_getLimitedString(preg_replace("/[^a-zA-Z0-9_\-\ äöüÄÖÜß]/", "", $string), $limits); |
---|
520 | } |
---|
521 | |
---|
522 | |
---|
523 | // paranoid sanitization -- only let the alphanumeric set through |
---|
524 | protected function _sanitizeParanoidGermanAlphaNumericString($string, $limits = array() ) |
---|
525 | { |
---|
526 | return $this->_getLimitedString(preg_replace("/[^a-zA-Z0-9äöüÄÖÜß]/", "", $string), $limits); |
---|
527 | } |
---|
528 | |
---|
529 | // sanitize a string in prep for passing a single argument to |
---|
530 | // system() or exec() or passthru() |
---|
531 | protected function _sanitizeSystemString($string, $min = null, $max = null ) |
---|
532 | { |
---|
533 | // no piping, passing possible environment variables ($), |
---|
534 | // seperate commands, nested execution, file redirection, |
---|
535 | // background processing, special commands (backspace, etc.), quotes |
---|
536 | // newlines, or some other special characters |
---|
537 | $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; |
---|
538 | |
---|
539 | $string = preg_replace($pattern, '', $string); |
---|
540 | |
---|
541 | //make sure this is only interpretted as ONE argument |
---|
542 | |
---|
543 | return $this->_getLimitedString('"'.preg_replace('/\$/', '\\\$', $string).'"', $min, $max); |
---|
544 | } |
---|
545 | |
---|
546 | |
---|
547 | // sanitize a string for SQL input (simple slash out quotes and slashes) |
---|
548 | protected function _sanitizeDefaultSqlString($string, $min = null, $max = null) |
---|
549 | { |
---|
550 | return $this->_getLimitedString($this->_saveEscapeString($string), $min, $max); |
---|
551 | } |
---|
552 | |
---|
553 | |
---|
554 | // sanitize a string for SQL input (simple slash out quotes and slashes) |
---|
555 | protected function _sanitizeParanoidSqlString($string, $min = null, $max = null) |
---|
556 | { |
---|
557 | return $this->_sanitizeDefaultSqlString(strip_tags($string), $min, $max); |
---|
558 | } |
---|
559 | |
---|
560 | |
---|
561 | // sanitize a string for HTML (make sure nothing gets interpretted!) |
---|
562 | protected function _sanitizeHtmlString($string) |
---|
563 | { |
---|
564 | $pattern = array( '/\&/', // 0 |
---|
565 | '/</', // 1 |
---|
566 | "/>/", // 2 |
---|
567 | '/\n/', // 3 |
---|
568 | '/"/', // 4 |
---|
569 | "/'/", // 5 |
---|
570 | "/%/", // 6 |
---|
571 | '/\(/', // 7 |
---|
572 | '/\)/', // 8 |
---|
573 | '/\+/', // 9 |
---|
574 | '/-/' ); // 10 |
---|
575 | |
---|
576 | $replace = array( '&', // 0 |
---|
577 | '<', // 1 |
---|
578 | '>', // 2 |
---|
579 | '<br/>', // 3 |
---|
580 | '"', // 4 |
---|
581 | ''', // 5 |
---|
582 | '%', // 6 |
---|
583 | '(', // 7 |
---|
584 | ')', // 8 |
---|
585 | '+', // 9 |
---|
586 | '-' );// 10 |
---|
587 | |
---|
588 | return preg_replace($pattern, $replace, $string); |
---|
589 | } |
---|
590 | |
---|
591 | // make float float! |
---|
592 | function _sanitizeFloat($float, $min='', $max='') |
---|
593 | { |
---|
594 | $float = floatval($float); |
---|
595 | if((($min != '') && ($float < $min)) || (($max != '') && ($float > $max))) |
---|
596 | return false; |
---|
597 | return $float; |
---|
598 | } |
---|
599 | |
---|
600 | |
---|
601 | /** |
---|
602 | * Enter description here... |
---|
603 | * |
---|
604 | * @param unknown_type $input |
---|
605 | * @param unknown_type $min |
---|
606 | * @param unknown_type $max |
---|
607 | * @return unknown |
---|
608 | */ |
---|
609 | function check_float($input, $min='', $max='') |
---|
610 | { |
---|
611 | if($input != _sanitizeFloat($input, $min, $max)) |
---|
612 | return false; |
---|
613 | return true; |
---|
614 | } |
---|
615 | |
---|
616 | |
---|
617 | /** |
---|
618 | * Enter description here... |
---|
619 | * |
---|
620 | * @param unknown_type $input |
---|
621 | * @param unknown_type $min |
---|
622 | * @param unknown_type $max |
---|
623 | * @return unknown |
---|
624 | */ |
---|
625 | function check_sql_string($input, $min='', $max='') |
---|
626 | { |
---|
627 | if($input != _sanitizeSqlString($input, $min, $max)) |
---|
628 | return false; |
---|
629 | return true; |
---|
630 | } |
---|
631 | |
---|
632 | /** |
---|
633 | * Enter description here... |
---|
634 | * |
---|
635 | * @param unknown_type $input |
---|
636 | * @param unknown_type $min |
---|
637 | * @param unknown_type $max |
---|
638 | * @return unknown |
---|
639 | */ |
---|
640 | function check_ldap_string($input, $min='', $max='') |
---|
641 | { |
---|
642 | if($input != sanitize_string($input, $min, $max)) |
---|
643 | return false; |
---|
644 | return true; |
---|
645 | } |
---|
646 | |
---|
647 | /** |
---|
648 | * Enter description here... |
---|
649 | * |
---|
650 | * @param unknown_type $input |
---|
651 | * @param unknown_type $min |
---|
652 | * @param unknown_type $max |
---|
653 | * @return unknown |
---|
654 | */ |
---|
655 | function check_system_string($input, $min='', $max='') |
---|
656 | { |
---|
657 | if($input != _sanitizeSystemString($input, $min, $max, true)) |
---|
658 | return false; |
---|
659 | return true; |
---|
660 | } |
---|
661 | |
---|
662 | |
---|
663 | /** |
---|
664 | * Enter description here... |
---|
665 | * |
---|
666 | * @param string $integer |
---|
667 | * @param array $limits |
---|
668 | * @return mixed |
---|
669 | */ |
---|
670 | function _limitIntegerValue($integer, $limits = array() ) |
---|
671 | { |
---|
672 | return ( $this->_isIntegerInRange($integer, $limits) ) |
---|
673 | |
---|
674 | ? (( true == $this->_mBlnReportErrors ) |
---|
675 | |
---|
676 | ? (( true == $this->_mBlnStopOnError ) |
---|
677 | |
---|
678 | ? $this->_throw(__METHOD__,'Length limit applies!!!') |
---|
679 | : $this->logger->add('Length limit applies!!!')) |
---|
680 | |
---|
681 | : false) |
---|
682 | |
---|
683 | : $integer; |
---|
684 | } |
---|
685 | |
---|
686 | |
---|
687 | /** |
---|
688 | * Enter description here... |
---|
689 | * |
---|
690 | * @param string $string |
---|
691 | * @param array $limits |
---|
692 | * @return mixed |
---|
693 | */ |
---|
694 | protected function _getLimitedString( $string, $limits = array() ) |
---|
695 | { |
---|
696 | return ( $this->_isStringInRange($string,$limits) ) |
---|
697 | |
---|
698 | ? (( true == $this->_mBlnReportErrors ) |
---|
699 | |
---|
700 | ? (( true == $this->_mBlnStopOnError ) |
---|
701 | |
---|
702 | ? $this->_throw(__METHOD__,'Length limit applies!!!') |
---|
703 | : $this->logger->add('Length limit applies!!!')) |
---|
704 | |
---|
705 | : false) |
---|
706 | |
---|
707 | : $string; |
---|
708 | } |
---|
709 | |
---|
710 | |
---|
711 | /** |
---|
712 | * Enter description here... |
---|
713 | * |
---|
714 | * @param string $string |
---|
715 | * @param array $limits |
---|
716 | * @return boolean |
---|
717 | */ |
---|
718 | protected function _isStringInRange( $string, $limits = array() ) |
---|
719 | { |
---|
720 | return ( ( isset($limits['min']) && strlen($string) < $limits['min'] ) |
---|
721 | || |
---|
722 | ( isset($limits['max']) && strlen($string) > $limits['max'] ) ); |
---|
723 | } |
---|
724 | |
---|
725 | |
---|
726 | /** |
---|
727 | * Enter description here... |
---|
728 | * |
---|
729 | * @param string $string |
---|
730 | * @param array $limits |
---|
731 | * @return boolean |
---|
732 | */ |
---|
733 | protected function _isIntegerInRange( $integer, $limits = array() ) |
---|
734 | { |
---|
735 | return ( ( isset($limits['min']) && $integer < $limits['min'] ) |
---|
736 | || |
---|
737 | ( isset($limits['max']) && $integer > $limits['max'] ) ); |
---|
738 | } |
---|
739 | |
---|
740 | |
---|
741 | /** |
---|
742 | * Enter description here... |
---|
743 | * |
---|
744 | * @param string $string |
---|
745 | * @return string mysql escaped string |
---|
746 | */ |
---|
747 | private function _saveEscapeString( $string ) |
---|
748 | { |
---|
749 | if( true == $this->_mBlnMagicQuotes ) |
---|
750 | { |
---|
751 | $string = stripslashes($string); |
---|
752 | } |
---|
753 | |
---|
754 | return mysql_real_escape_string($string); |
---|
755 | } |
---|
756 | |
---|
757 | |
---|
758 | /** |
---|
759 | * Enter description here... |
---|
760 | * |
---|
761 | * @param string $method |
---|
762 | * @param string $msg |
---|
763 | */ |
---|
764 | private function _throw( $method, $msg ) |
---|
765 | { |
---|
766 | throw new Exception("[".$method.']: '.$msg); |
---|
767 | } |
---|
768 | } |
---|
769 | |
---|
770 | ?> |
---|