adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 19:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cakephp2-php8/cake/libs/sanitize.php

200 lines
4.7 KiB
PHP
Raw Normal View History

merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
<?php
/* SVN FILE: $Id$ */
/**
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Washes strings from unwanted noise.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Helpful methods to make unsafe strings usable.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
* PHP versions 4 and 5
*
* CakePHP : Rapid Development Framework <http://www.cakephp.org/>
* Copyright (c) 2005, CakePHP Authors/Developers
*
* Author(s): Michal Tatarynowicz aka Pies <tatarynowicz@gmail.com>
* Larry E. Masters aka PhpNut <nut@phpnut.com>
* Kamil Dzielinski aka Brego <brego.dk@gmail.com>
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @filesource
* @author CakePHP Authors/Developers
* @copyright Copyright (c) 2005, CakePHP Authors/Developers
* @link https://trac.cakephp.org/wiki/Authors Authors/Developers
* @package cake
Merging from sandboxes [1079] Merged [1005] committed by nate but not added to core prior to release. Merged [1078] prior to modifying all developers sandboxes. [1081] adding view and template directories [1082] adding base files for view generator [1083] correcting all package and sub package tags for in doc blocks. Making sure every file in the core has doc block in them [1084] renaming working copy of latest release [1093] Added fix for associations using underscores if var $useTable is set in the associated models. This closes ticket #11. [1094] Fix for Ticket #24. The problem was tracked to a variable in View::_render(); $loadedHelpers was being assigned a reference when it when it should not have been. [1096] Initial work on controller components needs testing. Also added a work around for the basics.php uses(). Using the define DS where the files from the original version are now located in deeper libs directories. [1097] committing a few typos in the code I added [1098] reformatting code in component.php [1104] changed the test route and corrected a regex in inflector. [1111] removing the contructor from dispatcher, it is not needed [1112] Changes made for errors when a file is not present in webroot. Fixed the regex used in Router::parse(). Change the error layout template. [1113] Changes to Folder class to allow setting the permissions mode when constructing. This class needs to be refactored and move everything that is in the contructor out. The constructor should set the vars for use in other Folder::"methods"(). Will work on this at a later time. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1114 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-09 01:56:21 +00:00
* @subpackage cake.cake.libs
* @since CakePHP v 0.10.0.1076
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
* @version $Revision$
* @modifiedby $LastChangedBy$
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/
/**
* Data Sanitization.
*
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings,
* and all of the above on arrays.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
* @package cake
Merging from sandboxes [1079] Merged [1005] committed by nate but not added to core prior to release. Merged [1078] prior to modifying all developers sandboxes. [1081] adding view and template directories [1082] adding base files for view generator [1083] correcting all package and sub package tags for in doc blocks. Making sure every file in the core has doc block in them [1084] renaming working copy of latest release [1093] Added fix for associations using underscores if var $useTable is set in the associated models. This closes ticket #11. [1094] Fix for Ticket #24. The problem was tracked to a variable in View::_render(); $loadedHelpers was being assigned a reference when it when it should not have been. [1096] Initial work on controller components needs testing. Also added a work around for the basics.php uses(). Using the define DS where the files from the original version are now located in deeper libs directories. [1097] committing a few typos in the code I added [1098] reformatting code in component.php [1104] changed the test route and corrected a regex in inflector. [1111] removing the contructor from dispatcher, it is not needed [1112] Changes made for errors when a file is not present in webroot. Fixed the regex used in Router::parse(). Change the error layout template. [1113] Changes to Folder class to allow setting the permissions mode when constructing. This class needs to be refactored and move everything that is in the contructor out. The constructor should set the vars for use in other Folder::"methods"(). Will work on this at a later time. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1114 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-09 01:56:21 +00:00
* @subpackage cake.cake.libs
* @since CakePHP v 0.10.0.1076
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
*/
class Sanitize
{
/**
* Removes any non-alphanumeric characters.
*
* @param string $string
* @return string
*/
function paranoid($string)
{
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
return preg_replace( "/[^a-zA-Z0-9]/", "", $string );
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
}
/**
* Makes a string SQL-safe by adding slashes (if needed).
*
* @param string $string
* @return string
*/
function sql($string)
{
if (!ini_get('magic_quotes_gpc'))
{
$string = addslashes($string);
}
return $string;
}
/**
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Returns given string safe for display as HTML. Renders entities and converts newlines to <br/>.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
* @param string $string
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* @param boolean $remove If true, the string is stripped of all HTML tags
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
* @return string
*/
function html($string, $remove = false)
{
if ($remove)
{
$string = strip_tags($string);
}
else
{
$patterns = array("/\&/", "/%/", "/</", "/>/", '/"/', "/'/", "/\(/", "/\)/", "/\+/", "/-/", "/\n/");
$replacements = array("&amp;", "&#37;", "&lt;", "&gt;", "&quot;", "&#39;", "&#40;", "&#41;", "&#43;", "&#45;", "<br/>");
$string = preg_replace($patterns, $replacements, $string);
}
return $string;
}
/**
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Recursively sanitizes given array of data for safe input.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
* @param mixed $toClean
* @return mixed
*/
function cleanArray(&$toClean)
{
return $this->cleanArrayR($toClean);
}
/**
* Private method used for recursion (see cleanArray()).
*
* @param array $toClean
* @return array
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* @see cleanArray
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*/
function cleanArrayR(&$toClean)
{
if (is_array($toClean))
{
while(list($k, $v) = each($toClean))
{
if ( is_array($toClean[$k]) )
{
$this->cleanArray($toClean[$k]);
}
else
{
$toClean[$k] = $this->cleanValue($v);
}
}
}
else
{
return null;
}
}
/**
* Do we really need to sanitize array keys? If so, we can use this code...
function cleanKey($key)
{
if ($key == "")
{
return "";
}
//URL decode and convert chars to HTML entities
$key = htmlspecialchars(urldecode($key));
//Remove ..
$key = preg_replace( "/\.\./", "", $key );
//Remove __FILE__, etc.
$key = preg_replace( "/\_\_(.+?)\_\_/", "", $key );
//Trim word chars, '.', '-', '_'
$key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key );
return $key;
}
*/
/**
[1125] Adding empty directories where overrides for the core views can be placed. Adding an empty directory for elements [1127] Adding directory to hold core inflection files [1128] More work on the new inflector. This still is not completed but should be soon [1130] Documentation strings, du jour. [1131] Docstringed and ready. Inflector lacks one docstring. It is noted in its todo [1132] Incomplete documentation, and some corrections to previous documentation. Gwoo noted that there'll be more changes in the Helpers soon, so I back off here. [1134] Adding before filters back to code. Commented out a regex in Inflector::pluralize(); that os causing problems. Removed a duplicate define in index.php. Removed the bare array being set automatically when using requestAction(). With this change you must use requestAction(); like this. $object->requestAction('/bare/controller/action/param'); Added GOTCHAS file with links to problems people may have with CakePHP. Some more work done on new Inflector. [1135] Added a check when trying to access a private method of a controller. This will now display an error page informing user that this is not allowed. [1137] Fixed a few undefined variable errors in the code Corrected problem with double layout display when an error is returned and caught. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1138 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-18 22:27:39 +00:00
* Method used by cleanArray() to sanitize array nodes.
merging all changes done in sandbox for next release into the trunk git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1057 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-03 04:48:00 +00:00
*
* @param string $val
* @return string
*/
function cleanValue($val)
{
if ($val == "")
{
return "";
}
//Replace odd spaces with safe ones
$val = str_replace(" ", " ", $val);
$val = str_replace(chr(0xCA), "", $val);
//Encode any HTML to entities (including \n --> <br/>)
$val = $this->html($val);
//Double-check special chars and remove carriage returns
//For increased SQL security
$val = preg_replace( "/\\\$/" ,"$" ,$val);
$val = preg_replace( "/\r/" ,"" ,$val);
$val = str_replace ( "!" ,"!" ,$val);
$val = str_replace ( "'" , "'" ,$val);
//Allow unicode (?)
$val = preg_replace("/&amp;#([0-9]+);/s", "&#\\1;", $val );
//Add slashes for SQL
$val = $this->sql($val);
//Swap user-inputted backslashes (?)
$val = preg_replace( "/\\\(?!&amp;#|\?#)/", "\\", $val );
return $val;
}
}
merging from source:whiteboard/sandbox/phpnut/pre_0.9.2 at [404] git-svn-id: https://svn.cakephp.org/repo/trunk/cake@405 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-07-21 04:02:32 +00:00
?>
Reference in a new issue Copy permalink