adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding comments for Sanitize and Security

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5194 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
mariano.iglesias 2007-05-26 06:35:44 +00:00
parent 61a3d09dbc
commit 24dd6ddb0a
2 changed files with 65 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
cake/libs/sanitize.php
View file

@ -39,8 +39,10 @@ class Sanitize{
/** /**
* Removes any non-alphanumeric characters. * Removes any non-alphanumeric characters.
* *
* @param string $string * @param string $string String to sanitize
* @return string * @return string Sanitized string
* @access public
* @static
*/ */
function paranoid($string, $allowed = array()) { function paranoid($string, $allowed = array()) {
$allow = null; $allow = null;
@ -62,9 +64,11 @@ class Sanitize{
/** /**
* Makes a string SQL-safe. * Makes a string SQL-safe.
* *
* @param string $string * @param string $string String to sanitize
* @param string $connection * @param string $connection Database connection being used
* @return string * @return string SQL safe string
* @access public
* @static
*/ */
function escape($string, $connection = 'default') { function escape($string, $connection = 'default') {
$db = ConnectionManager::getDataSource($connection); $db = ConnectionManager::getDataSource($connection);
@ -74,9 +78,11 @@ class Sanitize{
/** /**
* Returns given string safe for display as HTML. Renders entities. * Returns given string safe for display as HTML. Renders entities.
* *
* @param string $string * @param string $string String from where to strip tags
* @param boolean $remove If true, the string is stripped of all HTML tags * @param boolean $remove If true, the string is stripped of all HTML tags
* @return string * @return string Sanitized string
* @access public
* @static
*/ */
function html($string, $remove = false) { function html($string, $remove = false) {
if ($remove) { if ($remove) {
@ -91,7 +97,9 @@ class Sanitize{
/** /**
* Strips extra whitespace from output * Strips extra whitespace from output
* *
* @param string $str * @param string $str String to sanitize
* @access public
* @static
*/ */
function stripWhitespace($str) { function stripWhitespace($str) {
$r = preg_replace('/[\n\r\t]+/', '', $str); $r = preg_replace('/[\n\r\t]+/', '', $str);
@ -100,7 +108,9 @@ class Sanitize{
/** /**
* Strips image tags from output * Strips image tags from output
* *
* @param string $str * @param string $str String to sanitize
* @access public
* @static
*/ */
function stripImages($str) { function stripImages($str) {
$str = preg_replace('/(<a[^>]*>)(<img[^>]+alt=")([^"]*)("[^>]*>)(<\/a>)/i', '$1$3$5<br />', $str); $str = preg_replace('/(<a[^>]*>)(<img[^>]+alt=")([^"]*)("[^>]*>)(<\/a>)/i', '$1$3$5<br />', $str);
@ -111,7 +121,9 @@ class Sanitize{
/** /**
* Strips scripts and stylesheets from output * Strips scripts and stylesheets from output
* *
* @param string $str * @param string $str String to sanitize
* @access public
* @static
*/ */
function stripScripts($str) { function stripScripts($str) {
return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/i', '', $str); return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/i', '', $str);
@ -119,7 +131,8 @@ class Sanitize{
/** /**
* Strips extra whitespace, images, scripts and stylesheets from output * Strips extra whitespace, images, scripts and stylesheets from output
* *
* @param string $str * @param string $str String to sanitize
* @access public
*/ */
function stripAll($str) { function stripAll($str) {
$str = $this->stripWhitespace($str); $str = $this->stripWhitespace($str);
@ -128,12 +141,13 @@ class Sanitize{
return $str; return $str;
} }
/** /**
* Strips the specified tags from output * Strips the specified tags from output. First parameter is string from
* where to remove tags. All subsequent parameters are tags.
* *
* @param string $str * @param string $str String to sanitize
* @param string $tag * @param string $tag Tag to remove (add more parameters as needed)
* @param string $tag * @access public
* @param string ... * @static
*/ */
function stripTags() { function stripTags() {
$params = params(func_get_args()); $params = params(func_get_args());
@ -148,9 +162,11 @@ class Sanitize{
/** /**
* Sanitizes given array or value for safe input. * Sanitizes given array or value for safe input.
* *
* @param mixed $data * @param mixed $data Data to sanitize
* @param string $connection * @param string $connection DB connection being used
* @return mixed * @return mixed Sanitized data
* @access public
* @static
*/ */
function clean($data, $connection = 'default') { function clean($data, $connection = 'default') {
if (empty($data)) { if (empty($data)) {
@ -189,8 +205,8 @@ class Sanitize{
* Formats column data from definition in DBO's $columns array * Formats column data from definition in DBO's $columns array
* *
* @param Model $model The model containing the data to be formatted * @param Model $model The model containing the data to be formatted
* @return void
* @access public * @access public
* @static
*/ */
function formatColumns(&$model) { function formatColumns(&$model) {
foreach($model->data as $name => $values) { foreach($model->data as $name => $values) {

46
cake/libs/security.php
View file

@ -36,9 +36,11 @@
*/ */
class Security extends Object{ class Security extends Object{
/** /**
* Enter description here... * Singleton implementation to get object instance.
* *
* @return unknown * @return object
* @access public
* @static
*/ */
function &getInstance() { function &getInstance() {
static $instance = array(); static $instance = array();
@ -48,9 +50,11 @@ class Security extends Object{
return $instance[0]; return $instance[0];
} }
/** /**
* Enter description here... * Get allowed minutes of inactivity based on security level.
* *
* @return unknown * @return int Allowed inactivity in minutes
* @access public
* @static
*/ */
function inactiveMins() { function inactiveMins() {
$_this =& Security::getInstance(); $_this =& Security::getInstance();
@ -68,30 +72,36 @@ class Security extends Object{
} }
} }
/** /**
* Enter description here... * Generate authorization hash.
* *
* @return unknown * @return string Hash
* @access public
* @static
*/ */
function generateAuthKey() { function generateAuthKey() {
$_this =& Security::getInstance(); $_this =& Security::getInstance();
return $_this->hash(uniqid(rand(), true)); return $_this->hash(uniqid(rand(), true));
} }
/** /**
* Enter description here... * Validate authorization hash.
* *
* @param unknown_type $authKey * @param string $authKey Authorization hash
* @return unknown * @return boolean Success
* @access public
* @static
*/ */
function validateAuthKey($authKey) { function validateAuthKey($authKey) {
$_this =& Security::getInstance(); $_this =& Security::getInstance();
return true; return true;
} }
/** /**
* Enter description here... * Create a hash from string using given method.
* *
* @param unknown_type $string * @param string $string String to hash
* @param unknown_type $type * @param string $type Method to use (sha1/sha256/md5)
* @return unknown * @return string Hash
* @access public
* @static
*/ */
function hash($string, $type = 'sha1') { function hash($string, $type = 'sha1') {
$_this =& Security::getInstance(); $_this =& Security::getInstance();
@ -120,11 +130,13 @@ class Security extends Object{
} }
} }
/** /**
* Enter description here... * Encripts/Decrypts a text using the given key.
* *
* @param unknown_type $text * @param string $text Encrypted string to decrypt, normal string to encrypt
* @param unknown_type $key * @param string $key Key to use
* @return unknown * @return string Encrypted/Decrypted string
* @access public
* @static
*/ */
function cipher($text, $key) { function cipher($text, $key) {
$_this =& Security::getInstance(); $_this =& Security::getInstance();