adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cakephp2-php8/cake/libs/sanitize.php
phpnut d62b9ec65e Merging from sandboxes 
[1079]
Merged [1005] committed by nate but not added to core prior to release.
Merged [1078] prior to modifying all developers sandboxes.

[1081]
adding view and template directories

[1082]
adding base files for view generator 

[1083]
correcting all package and sub package tags for in doc blocks.
Making sure every file in the core has doc block in them

[1084]
renaming working copy of latest release

[1093]
Added fix for associations using underscores if var $useTable is set in the associated models.
This closes ticket #11.

[1094]
Fix for Ticket #24.
The problem was tracked to a variable in View::_render();
$loadedHelpers was being assigned a reference when it when it should not have been.

[1096]
Initial work on controller components needs testing.
Also added a work around for the basics.php uses().
Using the define DS where the files from the original version are now located in deeper libs directories.

[1097]
committing a few typos in the code I added

[1098]
reformatting code in component.php

[1104]
changed the test route and corrected a regex in inflector.

[1111]
removing the contructor from dispatcher, it is not needed

[1112]
Changes made for errors when a file is not present in webroot.
Fixed the regex used in Router::parse().
Change the error layout template.

[1113]
Changes to Folder class to allow setting the permissions mode when constructing.
This class needs to be refactored and move everything that is in the contructor out.
The constructor should set the vars for use in other Folder::"methods"().
Will work on this at a later time.

git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1114 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-09 01:56:21 +00:00

198 lines
No EOL
4.5 KiB
PHP
Raw Blame History

<?php
/* SVN FILE: $Id$ */
/**
* Short description for file.
*
* Long description for file
*
* PHP versions 4 and 5
*
* CakePHP : Rapid Development Framework <http://www.cakephp.org/>
* Copyright (c) 2005, CakePHP Authors/Developers
*
* Author(s): Michal Tatarynowicz aka Pies <tatarynowicz@gmail.com>
* Larry E. Masters aka PhpNut <nut@phpnut.com>
* Kamil Dzielinski aka Brego <brego.dk@gmail.com>
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @filesource
* @author CakePHP Authors/Developers
* @copyright Copyright (c) 2005, CakePHP Authors/Developers
* @link https://trac.cakephp.org/wiki/Authors Authors/Developers
* @package cake
* @subpackage cake.cake.libs
* @since CakePHP v 0.10.0.1076
* @version $Revision$
* @modifiedby $LastChangedBy$
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/
/**
* Data Sanitization.
*
* Long description for class
*
* @package cake
* @subpackage cake.cake.libs
* @since CakePHP v 0.10.0.1076
*
*/
class Sanitize
{
/**
* Removes any non-alphanumeric characters.
*
* @param string $string
* @return string
*/
function paranoid($string)
{
return preg_replace("/[^a-zA-Z0-9]/", "", $string);
}
/**
* Makes a string SQL-safe by adding slashes (if needed).
*
* @param string $string
* @return string
*/
function sql($string)
{
if (!ini_get('magic_quotes_gpc'))
{
$string = addslashes($string);
}
return $string;
}
/**
* Makes the string safe for display as HTML. Renders entities and converts newlines to <br/>.
*
* @param string $string
* @param boolean $remove
* @return string
*/
function html($string, $remove = false)
{
if ($remove)
{
$string = strip_tags($string);
}
else
{
$patterns = array("/\&/", "/%/", "/</", "/>/", '/"/', "/'/", "/\(/", "/\)/", "/\+/", "/-/", "/\n/");
$replacements = array("&amp;", "&#37;", "&lt;", "&gt;", "&quot;", "&#39;", "&#40;", "&#41;", "&#43;", "&#45;", "<br/>");
$string = preg_replace($patterns, $replacements, $string);
}
return $string;
}
/**
* Recursively sanitizes an array of data for safe input.
*
* @param mixed $toClean
* @return mixed
*/
function cleanArray(&$toClean)
{
return $this->cleanArrayR($toClean);
}
/**
* Private method used for recursion (see cleanArray()).
*
* @param array $toClean
* @return array
*/
function cleanArrayR(&$toClean)
{
if (is_array($toClean))
{
while(list($k, $v) = each($toClean))
{
if ( is_array($toClean[$k]) )
{
$this->cleanArray($toClean[$k]);
}
else
{
$toClean[$k] = $this->cleanValue($v);
}
}
}
else
{
return null;
}
}
/**
* Do we really need to sanitize array keys? If so, we can use this code...
function cleanKey($key)
{
if ($key == "")
{
return "";
}
//URL decode and convert chars to HTML entities
$key = htmlspecialchars(urldecode($key));
//Remove ..
$key = preg_replace( "/\.\./", "", $key );
//Remove __FILE__, etc.
$key = preg_replace( "/\_\_(.+?)\_\_/", "", $key );
//Trim word chars, '.', '-', '_'
$key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key );
return $key;
}
*/
/**
* Method used by cleanArray() to sanitized array nodes.
*
* @param string $val
* @return string
*/
function cleanValue($val)
{
if ($val == "")
{
return "";
}
//Replace odd spaces with safe ones
$val = str_replace(" ", " ", $val);
$val = str_replace(chr(0xCA), "", $val);
//Encode any HTML to entities (including \n --> <br/>)
$val = $this->html($val);
//Double-check special chars and remove carriage returns
//For increased SQL security
$val = preg_replace( "/\\\$/" ,"$" ,$val);
$val = preg_replace( "/\r/" ,"" ,$val);
$val = str_replace ( "!" ,"!" ,$val);
$val = str_replace ( "'" , "'" ,$val);
//Allow unicode (?)
$val = preg_replace("/&amp;#([0-9]+);/s", "&#\\1;", $val );
//Add slashes for SQL
$val = $this->sql($val);
//Swap user-inputted backslashes (?)
$val = preg_replace( "/\\\(?!&amp;#|\?#)/", "\\", $val );
return $val;
}
}
?>
Reference in a new issue View git blame Copy permalink