| [ Index ] |
|
Code source de CakePHP 1.1.13.4450 |
1 <?php 2 /* SVN FILE: $Id: sanitize.php 4409 2007-02-02 13:20:59Z phpnut $ */ 3 /** 4 * Washes strings from unwanted noise. 5 * 6 * Helpful methods to make unsafe strings usable. 7 * 8 * PHP versions 4 and 5 9 * 10 * CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/> 11 * Copyright 2005-2007, Cake Software Foundation, Inc. 12 * 1785 E. Sahara Avenue, Suite 490-204 13 * Las Vegas, Nevada 89104 14 * 15 * Licensed under The MIT License 16 * Redistributions of files must retain the above copyright notice. 17 * 18 * @filesource 19 * @copyright Copyright 2005-2007, Cake Software Foundation, Inc. 20 * @link http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project 21 * @package cake 22 * @subpackage cake.cake.libs 23 * @since CakePHP(tm) v 0.10.0.1076 24 * @version $Revision: 4409 $ 25 * @modifiedby $LastChangedBy: phpnut $ 26 * @lastmodified $Date: 2007-02-02 07:20:59 -0600 (Fri, 02 Feb 2007) $ 27 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 28 */ 29 /** 30 * Data Sanitization. 31 * 32 * Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings, 33 * and all of the above on arrays. 34 * 35 * @package cake 36 * @subpackage cake.cake.libs 37 */ 38 class Sanitize{ 39 /** 40 * Removes any non-alphanumeric characters. 41 * 42 * @param string $string 43 * @return string 44 * @access public 45 */ 46 function paranoid($string, $allowed = array()) { 47 $allow = null; 48 if (!empty($allowed)) { 49 foreach($allowed as $value) { 50 $allow .= "\\$value"; 51 } 52 } 53 54 if (is_array($string)) { 55 foreach($string as $key => $clean) { 56 $cleaned[$key] = preg_replace("/[^{$allow}a-zA-Z0-9]/", "", $clean); 57 } 58 } else { 59 $cleaned = preg_replace("/[^{$allow}a-zA-Z0-9]/", "", $string); 60 } 61 return $cleaned; 62 } 63 /** 64 * Makes a string SQL-safe by adding slashes (if needed). 65 * 66 * @param string $string 67 * @return string 68 * @access public 69 */ 70 function sql($string) { 71 if (!ini_get('magic_quotes_gpc')) { 72 $string = addslashes($string); 73 } 74 return $string; 75 } 76 /** 77 * Returns given string safe for display as HTML. Renders entities. 78 * 79 * @param string $string 80 * @param boolean $remove If true, the string is stripped of all HTML tags 81 * @return string 82 * @access public 83 */ 84 function html($string, $remove = false) { 85 if ($remove) { 86 $string = strip_tags($string); 87 } else { 88 $patterns = array("/\&/", "/%/", "/</", "/>/", '/"/', "/'/", "/\(/", "/\)/", "/\+/", "/-/"); 89 $replacements = array("&", "%", "<", ">", """, "'", "(", ")", "+", "-"); 90 $string = preg_replace($patterns, $replacements, $string); 91 } 92 return $string; 93 } 94 /** 95 * Recursively sanitizes given array of data for safe input. 96 * 97 * @param mixed $toClean 98 * @return mixed 99 * @access public 100 */ 101 function cleanArray(&$toClean) { 102 return $this->cleanArrayR($toClean); 103 } 104 /** 105 * Method used for recursively sanitizing arrays of data 106 * for safe input 107 * 108 * @param array $toClean 109 * @return array The clean array 110 * @access public 111 */ 112 function cleanArrayR(&$toClean) { 113 if (is_array($toClean)) { 114 while(list($k, $v) = each($toClean)) { 115 if (is_array($toClean[$k])) { 116 $this->cleanArray($toClean[$k]); 117 } else { 118 $toClean[$k] = $this->cleanValue($v); 119 } 120 } 121 } else { 122 return null; 123 } 124 } 125 /** 126 * Do we really need to sanitize array keys? If so, we can use this code... 127 function cleanKey($key) { 128 if ($key == "") 129 { 130 return ""; 131 } 132 //URL decode and convert chars to HTML entities 133 $key = htmlspecialchars(urldecode($key)); 134 //Remove .. 135 $key = preg_replace( "/\.\./", "", $key ); 136 //Remove __FILE__, etc. 137 $key = preg_replace( "/\_\_(.+?)\_\_/", "", $key ); 138 //Trim word chars, '.', '-', '_' 139 $key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key ); 140 return $key; 141 } 142 */ 143 144 /** 145 * Method used by cleanArray() to sanitize array nodes. 146 * 147 * @param string $val 148 * @return string 149 * @access public 150 */ 151 function cleanValue($val) { 152 if ($val == "") { 153 return ""; 154 } 155 //Replace odd spaces with safe ones 156 $val = str_replace(" ", " ", $val); 157 $val = str_replace(chr(0xCA), "", $val); 158 //Encode any HTML to entities. 159 $val = $this->html($val); 160 //Double-check special chars and replace carriage returns with new lines 161 $val = preg_replace("/\\\$/", "$", $val); 162 $val = preg_replace("/\r\n/", "\n", $val); 163 $val = str_replace("!", "!", $val); 164 $val = str_replace("'", "'", $val); 165 //Allow unicode (?) 166 $val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val); 167 //Add slashes for SQL 168 $val = $this->sql($val); 169 //Swap user-inputted backslashes (?) 170 $val = preg_replace("/\\\(?!&#|\?#)/", "\\", $val); 171 return $val; 172 } 173 174 /** 175 * Formats column data from definition in DBO's $columns array 176 * 177 * @param Model $model The model containing the data to be formatted 178 * @return void 179 * @access public 180 */ 181 function formatColumns(&$model) { 182 foreach($model->data as $name => $values) { 183 if ($name == $model->name) { 184 $curModel =& $model; 185 } elseif (isset($model->{$name}) && is_object($model->{$name}) && is_subclass_of($model->{$name}, 'Model')) { 186 $curModel =& $model->{$name}; 187 } else { 188 $curModel = null; 189 } 190 191 if ($curModel != null) { 192 foreach($values as $column => $data) { 193 $colType = $curModel->getColumnType($column); 194 195 if ($colType != null) { 196 $db =& ConnectionManager::getDataSource($curModel->useDbConfig); 197 $colData = $db->columns[$colType]; 198 199 if (isset($colData['limit']) && strlen(strval($data)) > $colData['limit']) { 200 $data = substr(strval($data), 0, $colData['limit']); 201 } 202 203 if (isset($colData['formatter']) || isset($colData['format'])) { 204 205 switch(strtolower($colData['formatter'])) { 206 case 'date': 207 $data = date($colData['format'], strtotime($data)); 208 break; 209 case 'sprintf': 210 $data = sprintf($colData['format'], $data); 211 break; 212 case 'intval': 213 $data = intval($data); 214 break; 215 case 'floatval': 216 $data = floatval($data); 217 break; 218 } 219 } 220 $model->data[$name][$column]=$data; 221 /* 222 switch($colType) { 223 case 'integer': 224 case 'int': 225 return $data; 226 break; 227 case 'string': 228 case 'text': 229 case 'binary': 230 case 'date': 231 case 'time': 232 case 'datetime': 233 case 'timestamp': 234 case 'date': 235 return "'" . $data . "'"; 236 break; 237 } 238 */ 239 } 240 } 241 } 242 } 243 } 244 } 245 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 19:27:47 2007 | par Balluche grâce à PHPXref 0.7 |