mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
9560f78884
Revision: [1638] removing php short tags Revision: [1637] Remove renderElememnts loading of helpers also, forgot it in the last commit Revision: [1636] Refactoring after profiling code. Session was creating a new instance of Dispatcher removed the need for it. Added a check to the Component class to pass the base to the SessionComponent class, will refactor that at a later time. Changed View class so it would not load helpers when rending a layout, no need for that. A great performance boost after the change. Change the loadModels method call in app/webroot/index.php. Will only attempt the loadModels call if the AppModel class is not in memory, and the Database class is in memory. Removed all unnecessary calls to basics uses(). Again another big performance increase. Added fix to the Html::guiListTree() after discussing the output that is expected. A ticket was closed on this already. Revision: [1635] Removing calls to basic uses() Revision: [1634] Removing calls to basics uses() that are not needed. Revision: [1633] Removing calls to basics uses() that are not needed. Moved Object class further up in the loading order Revision: [1632] adding fix for Ticket #132 Revision: [1631] Added fix from Ticket #122 Revision: [1630] Scaffold views can now be placed in a view directory. These will override the core. Example (Must have the scaffold dot name): app/views/posts/scaffold.list.thtml app/views/posts/scaffold.new.thtml app/views/posts/scaffold.edit.thtml app/views/posts/scaffold.show.thtml Revision: [1629] Think I fixed the issue with scaffold showing proper dates prior to January 1 1970 00:00:00. Revision: [1628] Added a few more change to allow saving dates prior to January 1 1970 00:00:00. Still a few issues with this, but will get them figured out soon. Changed scaffold to use only one form view. Revision: [1627] Added fix for Ticket #189 Revision: [1626] Added fix for Ticket #120. Revision: [1625] left justified doc blocks Revision: [1624] remove files from uses() that are loaded by default in app/webroot/index.php no reason to attempt to load them again in the classes Revision: [1623] adding check to the loadModels and loadController that will only attempt to load files if the classes are not already in memory Revision: [1622] Adding fix to time helper that was lost in a previous merge Removing all tabs from code Revision: [1621] Addtional model validation fixes Revision: [1620] fixed parse error Revision: [1619] Fixing ticket #102 Revision: [1618] correcting mime types and keywords Revision: [1617] correcting mime types and keywords Revision: [1616] fixed link in footer Revision: [1615] Fixing ticket #207 git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1639 3807eeeb-6ff5-0310-8944-8be069107fe0
197 lines
No EOL
4.7 KiB
PHP
197 lines
No EOL
4.7 KiB
PHP
<?php
|
|
/* SVN FILE: $Id$ */
|
|
|
|
/**
|
|
* Washes strings from unwanted noise.
|
|
*
|
|
* Helpful methods to make unsafe strings usable.
|
|
*
|
|
* PHP versions 4 and 5
|
|
*
|
|
* CakePHP : Rapid Development Framework <http://www.cakephp.org/>
|
|
* Copyright (c) 2005, Cake Software Foundation, Inc.
|
|
* 1785 E. Sahara Avenue, Suite 490-204
|
|
* Las Vegas, Nevada 89104
|
|
*
|
|
* Licensed under The MIT License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @filesource
|
|
* @copyright Copyright (c) 2005, Cake Software Foundation, Inc.
|
|
* @link http://www.cakefoundation.org/projects/info/cakephp CakePHP Project
|
|
* @package cake
|
|
* @subpackage cake.cake.libs
|
|
* @since CakePHP v 0.10.0.1076
|
|
* @version $Revision$
|
|
* @modifiedby $LastChangedBy$
|
|
* @lastmodified $Date$
|
|
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
|
|
*/
|
|
|
|
/**
|
|
* Data Sanitization.
|
|
*
|
|
* Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings,
|
|
* and all of the above on arrays.
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.cake.libs
|
|
* @since CakePHP v 0.10.0.1076
|
|
*
|
|
*/
|
|
class Sanitize
|
|
{
|
|
|
|
/**
|
|
* Removes any non-alphanumeric characters.
|
|
*
|
|
* @param string $string
|
|
* @return string
|
|
*/
|
|
function paranoid($string)
|
|
{
|
|
return preg_replace( "/[^a-zA-Z0-9]/", "", $string );
|
|
}
|
|
|
|
/**
|
|
* Makes a string SQL-safe by adding slashes (if needed).
|
|
*
|
|
* @param string $string
|
|
* @return string
|
|
*/
|
|
function sql($string)
|
|
{
|
|
if (!ini_get('magic_quotes_gpc'))
|
|
{
|
|
$string = addslashes($string);
|
|
}
|
|
|
|
return $string;
|
|
}
|
|
|
|
/**
|
|
* Returns given string safe for display as HTML. Renders entities and converts newlines to <br/>.
|
|
*
|
|
* @param string $string
|
|
* @param boolean $remove If true, the string is stripped of all HTML tags
|
|
* @return string
|
|
*/
|
|
function html($string, $remove = false)
|
|
{
|
|
if ($remove)
|
|
{
|
|
$string = strip_tags($string);
|
|
}
|
|
else
|
|
{
|
|
$patterns = array("/\&/", "/%/", "/</", "/>/", '/"/', "/'/", "/\(/", "/\)/", "/\+/", "/-/", "/\n/");
|
|
$replacements = array("&", "%", "<", ">", """, "'", "(", ")", "+", "-", "<br/>");
|
|
$string = preg_replace($patterns, $replacements, $string);
|
|
}
|
|
|
|
return $string;
|
|
}
|
|
|
|
/**
|
|
* Recursively sanitizes given array of data for safe input.
|
|
*
|
|
* @param mixed $toClean
|
|
* @return mixed
|
|
*/
|
|
function cleanArray(&$toClean)
|
|
{
|
|
return $this->cleanArrayR($toClean);
|
|
}
|
|
|
|
/**
|
|
* Private method used for recursion (see cleanArray()).
|
|
*
|
|
* @param array $toClean
|
|
* @return array
|
|
* @see cleanArray
|
|
*/
|
|
function cleanArrayR(&$toClean)
|
|
{
|
|
if (is_array($toClean))
|
|
{
|
|
while(list($k, $v) = each($toClean))
|
|
{
|
|
if ( is_array($toClean[$k]) )
|
|
{
|
|
$this->cleanArray($toClean[$k]);
|
|
}
|
|
else
|
|
{
|
|
$toClean[$k] = $this->cleanValue($v);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Do we really need to sanitize array keys? If so, we can use this code...
|
|
|
|
function cleanKey($key)
|
|
{
|
|
if ($key == "")
|
|
{
|
|
return "";
|
|
}
|
|
|
|
//URL decode and convert chars to HTML entities
|
|
$key = htmlspecialchars(urldecode($key));
|
|
//Remove ..
|
|
$key = preg_replace( "/\.\./", "", $key );
|
|
//Remove __FILE__, etc.
|
|
$key = preg_replace( "/\_\_(.+?)\_\_/", "", $key );
|
|
//Trim word chars, '.', '-', '_'
|
|
$key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key );
|
|
|
|
return $key;
|
|
}
|
|
*/
|
|
|
|
/**
|
|
* Method used by cleanArray() to sanitize array nodes.
|
|
*
|
|
* @param string $val
|
|
* @return string
|
|
*/
|
|
function cleanValue($val)
|
|
{
|
|
if ($val == "")
|
|
{
|
|
return "";
|
|
}
|
|
|
|
//Replace odd spaces with safe ones
|
|
$val = str_replace(" ", " ", $val);
|
|
$val = str_replace(chr(0xCA), "", $val);
|
|
|
|
//Encode any HTML to entities (including \n --> <br/>)
|
|
$val = $this->html($val);
|
|
|
|
//Double-check special chars and remove carriage returns
|
|
//For increased SQL security
|
|
$val = preg_replace( "/\\\$/" ,"$" ,$val);
|
|
$val = preg_replace( "/\r/" ,"" ,$val);
|
|
$val = str_replace ( "!" ,"!" ,$val);
|
|
$val = str_replace ( "'" , "'" ,$val);
|
|
|
|
//Allow unicode (?)
|
|
$val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val );
|
|
|
|
//Add slashes for SQL
|
|
$val = $this->sql($val);
|
|
|
|
//Swap user-inputted backslashes (?)
|
|
$val = preg_replace( "/\\\(?!&#|\?#)/", "\\", $val );
|
|
|
|
return $val;
|
|
}
|
|
}
|
|
?>
|