[ Index ]
 

Code source de PHPonTrax 2.6.6-svn
Accédez au Source d'autres logiciels libresSoutenez Angelica Josefina !

title

Body

[fermer]

/vendor/trax/ -> input_filter.php (sommaire)

[Code source] [Imprimer] [Statistiques]

File containing the InputFilter class (PHP 5)

Author: Daniel Morris
Copyright: Daniel Morris <dan@rootcube.com>
License: http://opensource.org/licenses/gpl-license.php GNU Public License
Version: $Id: input_filter.php 245 2006-08-23 06:15:06Z john $
Poids: 553 lignes (22 kb)
Inclus ou requis: 1 fois
Référencé: 0 fois
Nécessite: 0 fichiers

Définit 1 class

InputFilter:: (9 méthodes):
  init()
  add_field_exception()
  clear_field_exceptions()
  process_all()
  process()
  remove()
  filterTags()
  filterAttr()
  decode()


Classe: InputFilter  - X-Ref

Filter user input to remove potential security threats

InputFilter has three public methods that are useful in protecting
a web site from potential security threats from user input.
<ul>
<li>{@link safeSQL()} protects SQL from the user.</li>
<li>{@link process()} protects HTML tags and attributes from the
user.</li>
<li>{@link process_all()} applies {@link process()} to all
possible sources of user input</li>
</ul>
For usage instructions see
{@tutorial PHPonTrax/InputFilter.cls the class tutorial}.
init($tagsArray = array()   X-Ref
Initializer for InputFilter class.

param: string[] $tagsArray  User-provided list of tags to
param: string[] $attrArray  User-provided list of attributes to
param: boolean $tagsMethod How to apply the list of tags in $tagsArray:
param: boolean $attrMethod How to apply the list of attributess in $attrArray:
param: boolean $xssAuto Behavior of {@link filterTags()}:

add_field_exception($field)   X-Ref
Adds a field to exclude from filtering


clear_field_exceptions()   X-Ref
Clears all previous field exceptions


process_all($tagsArray = array()   X-Ref
Remove forbidden tags and attributes from user input

Construct an InputFilter object.  Then apply the
{@link process()} method to each of the user input arrays
{@link http://www.php.net/reserved.variables#reserved.variables.post $_POST},
{@link http://www.php.net/reserved.variables#reserved.variables.get $_GET} and
{@link http://www.php.net/reserved.variables#reserved.variables.request $_REQUEST}.
<b>FIXME:</b> isn't it partly redundant to do this to $_REQUEST?
Shouldn't we do it to $_COOKIE instead?
author: John Peterson
param: string[] $tagsArray  User-provided list of tags to
param: string[] $attrArray  User-provided list of attributes to
param: boolean $tagsMethod How to apply the list of tags in $tagsArray:
param: boolean $attrMethod How to apply the list of attributess in $attrArray:
param: boolean $xssAuto Behavior of {@link filterTags()}:

process($source, $extra_key = null)   X-Ref
Remove forbidden tags and attributes from array of strings

Accept a string or array of strings.  For each string in the
source, remove the forbidden tags and attributes from the string.
param: mixed $source - input string/array-of-string to be 'cleaned'
return: mixed 'cleaned' version of input parameter

remove($source)   X-Ref
Remove forbidden tags and attributes from a string iteratively

Call {@link filterTags()} repeatedly until no change in the
input is produced.
param: string $source Input string to be 'cleaned'
return: string 'cleaned' version of $source

filterTags($source)   X-Ref
Remove forbidden tags and attributes from a string

Inspect the input for tags "<tagname ...>" and check the tag
name against a list of forbidden tag names.  Delete all tags
with forbidden names.  If {@link $xssAuto} is true, delete all
tags in {@link $tagBlacklist}.  If there is a user-defined tag
list in {@link $tagsArray}, process according to the value of
{@link $tagsMethod}.

If the tag name is OK, then call {@link filterAttr()} to check
all attributes of the tag and delete forbidden attributes.
param: string $source Input string to be 'cleaned'
return: string Cleaned version of input parameter

filterAttr($attrSet)   X-Ref
Internal method to strip a tag of certain attributes

Remove potentially dangerous attributes from a set of
"attr=value" strings.  Attributes considered dangerous are:
<ul>
<li>Any attribute name containing any non-alphabetic
character</li>
<li>Any attribute name beginning "on..."</li>
<li>If {@link $xssAuto} is true, any attribute name in
{@link $attrBlacklist}</li>
<li>Any attribute with a value containing the strings
'javascript:', 'behaviour:', 'vbscript:', 'mocha:',
'livescript:'</li>
<li>Any attribute whose name contains 'style' and whose
value contains 'expression'.</li>
<li>If there is a user-provided list of attributes in
{@link $attrArray}, process according to the value of
{@link $attrMethod}.</li>
</ul>
param: string[] $attrSet Array of strings "attr=value" parsed
return: string[] Input with potentially dangerous attributes

decode($source)   X-Ref
Convert HTML entities to characters

Convert input string containing HTML entities to the
corresponding character (&amp; => &).  ISO 8859-1 character
set is assumed.
param: string $source Character string containing HTML entities
return: string Input string, with entities converted to characters


Généré le : Sun Feb 25 20:04:38 2007 par Balluche grâce à PHPXref 0.7