2015-03-27 02:00:01 +01:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
|
|
|
class Sanitize {
|
|
|
|
|
|
|
|
// new
|
2015-06-28 01:28:22 +02:00
|
|
|
|
|
|
|
// Convert special characters to HTML entities
|
2015-03-27 02:00:01 +01:00
|
|
|
public static function html($text)
|
|
|
|
{
|
2015-06-27 05:51:43 +02:00
|
|
|
$flags = ENT_COMPAT;
|
|
|
|
|
|
|
|
if(defined('ENT_HTML5')) {
|
|
|
|
$flags = ENT_COMPAT|ENT_HTML5;
|
|
|
|
}
|
|
|
|
|
|
|
|
return htmlspecialchars($text, $flags, CHARSET);
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-06-28 01:28:22 +02:00
|
|
|
// Convert special HTML entities back to characters
|
|
|
|
public static function htmlDecode($text)
|
|
|
|
{
|
|
|
|
$flags = ENT_COMPAT;
|
|
|
|
|
|
|
|
if(defined('ENT_HTML5')) {
|
|
|
|
$flags = ENT_COMPAT|ENT_HTML5;
|
|
|
|
}
|
|
|
|
|
|
|
|
return htmlspecialchars_decode($text, $flags);
|
|
|
|
}
|
|
|
|
|
2015-07-03 22:44:26 +02:00
|
|
|
public static function pathFile($path, $file=false)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
2015-07-03 22:44:26 +02:00
|
|
|
if($file!==false){
|
|
|
|
$fullPath = $path.$file;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$fullPath = $path;
|
|
|
|
}
|
|
|
|
|
2015-06-30 05:23:29 +02:00
|
|
|
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
|
2015-07-03 22:44:26 +02:00
|
|
|
$fullPath = str_replace('/', DS, $fullPath);
|
2015-06-30 05:23:29 +02:00
|
|
|
|
2015-07-03 22:44:26 +02:00
|
|
|
$real = realpath($fullPath);
|
2015-03-27 02:00:01 +01:00
|
|
|
|
|
|
|
// If $real is FALSE the file does not exist.
|
2015-06-30 05:23:29 +02:00
|
|
|
if($real===false) {
|
2015-03-27 02:00:01 +01:00
|
|
|
return false;
|
2015-06-30 05:23:29 +02:00
|
|
|
}
|
2015-03-27 02:00:01 +01:00
|
|
|
|
|
|
|
// If the $real path does not start with the systemPath then this is Path Traversal.
|
2015-07-03 22:44:26 +02:00
|
|
|
if(strpos($fullPath, $real)!==0) {
|
2015-03-27 02:00:01 +01:00
|
|
|
return false;
|
2015-06-30 05:23:29 +02:00
|
|
|
}
|
2015-03-27 02:00:01 +01:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-10-20 05:14:28 +02:00
|
|
|
// Returns the email without illegal characters.
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function email($email)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
2015-08-04 05:10:12 +02:00
|
|
|
return( filter_var($email, FILTER_SANITIZE_EMAIL) );
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function url($url)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
2015-08-04 05:10:12 +02:00
|
|
|
return( filter_var($url, FILTER_SANITIZE_URL) );
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function int($value)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
|
|
|
$value = (int)$value;
|
|
|
|
|
|
|
|
if($value>=0)
|
|
|
|
return $value;
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-11-28 15:47:03 +01:00
|
|
|
}
|