bludit/kernel/helpers/sanitize.class.php

103 lines
2.0 KiB
PHP
Raw Normal View History

2015-03-27 02:00:01 +01:00
<?php defined('BLUDIT') or die('Bludit CMS.');
class Sanitize {
// new
2015-06-28 01:28:22 +02:00
// Convert special characters to HTML entities
2015-03-27 02:00:01 +01:00
public static function html($text)
{
2015-06-27 05:51:43 +02:00
$flags = ENT_COMPAT;
if(defined('ENT_HTML5')) {
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars($text, $flags, CHARSET);
2015-03-27 02:00:01 +01:00
}
2015-06-28 01:28:22 +02:00
// Convert special HTML entities back to characters
public static function htmlDecode($text)
{
$flags = ENT_COMPAT;
if(defined('ENT_HTML5')) {
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars_decode($text, $flags);
}
2015-03-27 02:00:01 +01:00
public static function pathFile($path, $file)
{
2015-06-30 05:23:29 +02:00
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
$path = str_replace('/', DS, $path);
2015-03-27 02:00:01 +01:00
$real = realpath($path.$file);
// If $real is FALSE the file does not exist.
2015-06-30 05:23:29 +02:00
if($real===false) {
2015-03-27 02:00:01 +01:00
return false;
2015-06-30 05:23:29 +02:00
}
2015-03-27 02:00:01 +01:00
// If the $real path does not start with the systemPath then this is Path Traversal.
2015-06-30 05:23:29 +02:00
if(strpos($path.$file, $real)!==0) {
2015-03-27 02:00:01 +01:00
return false;
2015-06-30 05:23:29 +02:00
}
2015-03-27 02:00:01 +01:00
return true;
}
// old
public static function ip($ip)
{
return filter_var($ip, FILTER_VALIDATE_IP);
}
public static function mail($mail)
{
return filter_var($mail, FILTER_VALIDATE_EMAIL);
}
public static function int($int)
{
if($int === 0)
return( true );
elseif (filter_var($int, FILTER_VALIDATE_INT) === false )
return( false );
else
return( true );
}
// Remove all characters except digits
public static function sanitize_float($value)
{
return( filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND) );
}
// Valid an integer positive
public static function sanitize_int($value)
{
$value = (int)$value;
if($value>=0)
return $value;
else
return 0;
}
public static function sanitize_email($value)
{
return( filter_var($value, FILTER_SANITIZE_EMAIL) );
}
public static function sanitize_url($value)
{
return( filter_var($value, FILTER_SANITIZE_URL) );
}
// Convert all applicable characters to HTML entities incluye acentos
}