bludit/kernel/helpers/sanitize.class.php

<?php defined('BLUDIT') or die('Bludit CMS.');

class Sanitize {

	// new

	// Convert special characters to HTML entities
	public static function html($text)
	{
		$flags = ENT_COMPAT;

		if(defined('ENT_HTML5')) {
			$flags = ENT_COMPAT|ENT_HTML5;
		}

		return htmlspecialchars($text, $flags, CHARSET);
	}

	// Convert special HTML entities back to characters
	public static function htmlDecode($text)
	{
		$flags = ENT_COMPAT;

		if(defined('ENT_HTML5')) {
			$flags = ENT_COMPAT|ENT_HTML5;
		}

		return htmlspecialchars_decode($text, $flags);
	}

	public static function pathFile($path, $file=false)
	{
		if($file!==false){
			$fullPath = $path.$file;
		}
		else {
			$fullPath = $path;
		}

		// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
		$fullPath = str_replace('/', DS, $fullPath);

		$real = realpath($fullPath);

		// If $real is FALSE the file does not exist.
		if($real===false) {
			return false;
		}

		// If the $real path does not start with the systemPath then this is Path Traversal.
		if(strpos($fullPath, $real)!==0) {
			return false;
		}

		return true;
	}

	// old
	public static function ip($ip)
	{
		return filter_var($ip, FILTER_VALIDATE_IP);
	}

	public static function mail($mail)
	{
		return filter_var($mail, FILTER_VALIDATE_EMAIL);
	}

	public static function int($int)
	{
		if($int === 0)
			return( true );
		elseif (filter_var($int, FILTER_VALIDATE_INT) === false )
			return( false );
		else
			return( true );
	}

	// Remove all characters except digits
	public static function sanitize_float($value)
	{
		return( filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND) );
	}

	// Valid an integer positive
	public static function sanitize_int($value)
	{
		$value = (int)$value;

		if($value>=0)
			return $value;
		else
			return 0;
	}

	public static function sanitize_email($value)
	{
		return( filter_var($value, FILTER_SANITIZE_EMAIL) );
	}

	public static function sanitize_url($value)
	{
		return( filter_var($value, FILTER_SANITIZE_URL) );
	}

	// Convert all applicable characters to HTML entities incluye acentos


}
New features 2015-03-27 02:00:01 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`

			`class Sanitize {`

			`// new`
Bug fixes 2015-06-28 01:28:22 +02:00
			`// Convert special characters to HTML entities`
New features 2015-03-27 02:00:01 +01:00			`public static function html($text)`
			`{`
Bug fixes 2015-06-27 05:51:43 +02:00			`$flags = ENT_COMPAT;`

			`if(defined('ENT_HTML5')) {`
			`$flags = ENT_COMPAT\|ENT_HTML5;`
			`}`

			`return htmlspecialchars($text, $flags, CHARSET);`
New features 2015-03-27 02:00:01 +01:00			`}`

Bug fixes 2015-06-28 01:28:22 +02:00			`// Convert special HTML entities back to characters`
			`public static function htmlDecode($text)`
			`{`
			`$flags = ENT_COMPAT;`

			`if(defined('ENT_HTML5')) {`
			`$flags = ENT_COMPAT\|ENT_HTML5;`
			`}`

			`return htmlspecialchars_decode($text, $flags);`
			`}`

Languages support 2015-07-03 22:44:26 +02:00			`public static function pathFile($path, $file=false)`
New features 2015-03-27 02:00:01 +01:00			`{`
Languages support 2015-07-03 22:44:26 +02:00			`if($file!==false){`
			`$fullPath = $path.$file;`
			`}`
			`else {`
			`$fullPath = $path;`
			`}`

Bug fixes 2015-06-30 05:23:29 +02:00			`// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages`
Languages support 2015-07-03 22:44:26 +02:00			`$fullPath = str_replace('/', DS, $fullPath);`
Bug fixes 2015-06-30 05:23:29 +02:00
Languages support 2015-07-03 22:44:26 +02:00			`$real = realpath($fullPath);`
New features 2015-03-27 02:00:01 +01:00
			`// If $real is FALSE the file does not exist.`
Bug fixes 2015-06-30 05:23:29 +02:00			`if($real===false) {`
New features 2015-03-27 02:00:01 +01:00			`return false;`
Bug fixes 2015-06-30 05:23:29 +02:00			`}`
New features 2015-03-27 02:00:01 +01:00
			`// If the $real path does not start with the systemPath then this is Path Traversal.`
Languages support 2015-07-03 22:44:26 +02:00			`if(strpos($fullPath, $real)!==0) {`
New features 2015-03-27 02:00:01 +01:00			`return false;`
Bug fixes 2015-06-30 05:23:29 +02:00			`}`
New features 2015-03-27 02:00:01 +01:00
			`return true;`
			`}`

			`// old`
			`public static function ip($ip)`
			`{`
			`return filter_var($ip, FILTER_VALIDATE_IP);`
			`}`

			`public static function mail($mail)`
			`{`
			`return filter_var($mail, FILTER_VALIDATE_EMAIL);`
			`}`

			`public static function int($int)`
			`{`
			`if($int === 0)`
			`return( true );`
			`elseif (filter_var($int, FILTER_VALIDATE_INT) === false )`
			`return( false );`
			`else`
			`return( true );`
			`}`

			`// Remove all characters except digits`
			`public static function sanitize_float($value)`
			`{`
			`return( filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND) );`
			`}`

			`// Valid an integer positive`
			`public static function sanitize_int($value)`
			`{`
			`$value = (int)$value;`

			`if($value>=0)`
			`return $value;`
			`else`
			`return 0;`
			`}`

			`public static function sanitize_email($value)`
			`{`
			`return( filter_var($value, FILTER_SANITIZE_EMAIL) );`
			`}`

			`public static function sanitize_url($value)`
			`{`
			`return( filter_var($value, FILTER_SANITIZE_URL) );`
			`}`

			`// Convert all applicable characters to HTML entities incluye acentos`


			`}`