bludit/bl-kernel/helpers/sanitize.class.php

<?php defined('BLUDIT') or die('Bludit CMS.');

class Sanitize {

	// new

	// Convert special characters to HTML entities
	public static function html($text)
	{
		$flags = ENT_COMPAT;

		if (defined('ENT_HTML5')) {
			$flags = ENT_COMPAT|ENT_HTML5;
		}

		return htmlspecialchars($text, $flags, CHARSET);
	}

	// Convert special HTML entities back to characters
	public static function htmlDecode($text)
	{
		$flags = ENT_COMPAT;

		if(defined('ENT_HTML5')) {
			$flags = ENT_COMPAT|ENT_HTML5;
		}

		return htmlspecialchars_decode($text, $flags);
	}

	public static function pathFile($path, $file=false)
	{
		if ($file!==false){
			$fullPath = $path.$file;
		} else {
			$fullPath = $path;
		}

		// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
		$fullPath = str_replace('/', DS, $fullPath);

		if (CHECK_SYMBOLIC_LINKS) {
			$real = realpath($fullPath);
		} else {
			$real = file_exists($fullPath)?$fullPath:false;
		}

		// If $real is FALSE the file does not exist.
		if ($real===false) {
			return false;
		}

		// If the $real path does not start with the systemPath then this is Path Traversal.
		if (strpos($fullPath, $real)!==0) {
			return false;
		}

		return true;
	}

	// Returns the email without illegal characters.
	public static function email($email)
	{
		return( filter_var($email, FILTER_SANITIZE_EMAIL) );
	}

	public static function url($url)
	{
		return( filter_var($url, FILTER_SANITIZE_URL) );
	}

	public static function int($value)
	{
		$value = (int)$value;

		if($value>=0)
			return $value;
		else
			return 0;
	}

}
New features 2015-03-27 02:00:01 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`

			`class Sanitize {`

			`// new`
Bug fixes 2015-06-28 01:28:22 +02:00
			`// Convert special characters to HTML entities`
New features 2015-03-27 02:00:01 +01:00			`public static function html($text)`
			`{`
Bug fixes 2015-06-27 05:51:43 +02:00			`$flags = ENT_COMPAT;`

Improves on add / edit a page 2018-01-17 15:57:00 +01:00			`if (defined('ENT_HTML5')) {`
Bug fixes 2015-06-27 05:51:43 +02:00			`$flags = ENT_COMPAT\|ENT_HTML5;`
			`}`

			`return htmlspecialchars($text, $flags, CHARSET);`
New features 2015-03-27 02:00:01 +01:00			`}`

Bug fixes 2015-06-28 01:28:22 +02:00			`// Convert special HTML entities back to characters`
			`public static function htmlDecode($text)`
			`{`
			`$flags = ENT_COMPAT;`

			`if(defined('ENT_HTML5')) {`
			`$flags = ENT_COMPAT\|ENT_HTML5;`
			`}`

			`return htmlspecialchars_decode($text, $flags);`
			`}`

Languages support 2015-07-03 22:44:26 +02:00			`public static function pathFile($path, $file=false)`
New features 2015-03-27 02:00:01 +01:00			`{`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`if ($file!==false){`
Languages support 2015-07-03 22:44:26 +02:00			`$fullPath = $path.$file;`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`} else {`
Languages support 2015-07-03 22:44:26 +02:00			`$fullPath = $path;`
			`}`

Bug fixes 2015-06-30 05:23:29 +02:00			`// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages`
Languages support 2015-07-03 22:44:26 +02:00			`$fullPath = str_replace('/', DS, $fullPath);`
Bug fixes 2015-06-30 05:23:29 +02:00
check extension and path traversal 2019-03-10 18:27:24 +01:00			`if (CHECK_SYMBOLIC_LINKS) {`
Bug fixes, plugins databases - Improves, Disqus plugin 2016-02-06 21:35:12 +01:00			`$real = realpath($fullPath);`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`} else {`
Bug fixes, plugins databases - Improves, Disqus plugin 2016-02-06 21:35:12 +01:00			`$real = file_exists($fullPath)?$fullPath:false;`
			`}`
New features 2015-03-27 02:00:01 +01:00
			`// If $real is FALSE the file does not exist.`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`if ($real===false) {`
New features 2015-03-27 02:00:01 +01:00			`return false;`
Bug fixes 2015-06-30 05:23:29 +02:00			`}`
New features 2015-03-27 02:00:01 +01:00
			`// If the $real path does not start with the systemPath then this is Path Traversal.`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`if (strpos($fullPath, $real)!==0) {`
New features 2015-03-27 02:00:01 +01:00			`return false;`
Bug fixes 2015-06-30 05:23:29 +02:00			`}`
New features 2015-03-27 02:00:01 +01:00
			`return true;`
			`}`

Login access code via email 2015-10-20 05:14:28 +02:00			`// Returns the email without illegal characters.`
Installer minor changes 2015-08-04 05:10:12 +02:00			`public static function email($email)`
New features 2015-03-27 02:00:01 +01:00			`{`
Installer minor changes 2015-08-04 05:10:12 +02:00			`return( filter_var($email, FILTER_SANITIZE_EMAIL) );`
New features 2015-03-27 02:00:01 +01:00			`}`

Installer minor changes 2015-08-04 05:10:12 +02:00			`public static function url($url)`
New features 2015-03-27 02:00:01 +01:00			`{`
Installer minor changes 2015-08-04 05:10:12 +02:00			`return( filter_var($url, FILTER_SANITIZE_URL) );`
New features 2015-03-27 02:00:01 +01:00			`}`

Installer minor changes 2015-08-04 05:10:12 +02:00			`public static function int($value)`
New features 2015-03-27 02:00:01 +01:00			`{`
			`$value = (int)$value;`

			`if($value>=0)`
			`return $value;`
			`else`
			`return 0;`
			`}`

Sanitize categories and tags 2017-11-01 19:38:56 +01:00			`}`