bludit/kernel/helpers/sanitize.class.php

79 lines
1.5 KiB
PHP
Raw Normal View History

2015-03-27 01:00:01 +00:00
<?php defined('BLUDIT') or die('Bludit CMS.');
class Sanitize {
// new
2015-06-27 20:28:22 -03:00
// Convert special characters to HTML entities
2015-03-27 01:00:01 +00:00
public static function html($text)
{
2015-06-27 00:51:43 -03:00
$flags = ENT_COMPAT;
if(defined('ENT_HTML5')) {
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars($text, $flags, CHARSET);
2015-03-27 01:00:01 +00:00
}
2015-06-27 20:28:22 -03:00
// Convert special HTML entities back to characters
public static function htmlDecode($text)
{
$flags = ENT_COMPAT;
if(defined('ENT_HTML5')) {
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars_decode($text, $flags);
}
2015-07-03 17:44:26 -03:00
public static function pathFile($path, $file=false)
2015-03-27 01:00:01 +00:00
{
2015-07-03 17:44:26 -03:00
if($file!==false){
$fullPath = $path.$file;
}
else {
$fullPath = $path;
}
2015-06-30 00:23:29 -03:00
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
2015-07-03 17:44:26 -03:00
$fullPath = str_replace('/', DS, $fullPath);
2015-06-30 00:23:29 -03:00
2015-07-03 17:44:26 -03:00
$real = realpath($fullPath);
2015-03-27 01:00:01 +00:00
// If $real is FALSE the file does not exist.
2015-06-30 00:23:29 -03:00
if($real===false) {
2015-03-27 01:00:01 +00:00
return false;
2015-06-30 00:23:29 -03:00
}
2015-03-27 01:00:01 +00:00
// If the $real path does not start with the systemPath then this is Path Traversal.
2015-07-03 17:44:26 -03:00
if(strpos($fullPath, $real)!==0) {
2015-03-27 01:00:01 +00:00
return false;
2015-06-30 00:23:29 -03:00
}
2015-03-27 01:00:01 +00:00
return true;
}
2015-10-20 00:14:28 -03:00
// Returns the email without illegal characters.
2015-08-04 00:10:12 -03:00
public static function email($email)
2015-03-27 01:00:01 +00:00
{
2015-08-04 00:10:12 -03:00
return( filter_var($email, FILTER_SANITIZE_EMAIL) );
2015-03-27 01:00:01 +00:00
}
2015-08-04 00:10:12 -03:00
public static function url($url)
2015-03-27 01:00:01 +00:00
{
2015-08-04 00:10:12 -03:00
return( filter_var($url, FILTER_SANITIZE_URL) );
2015-03-27 01:00:01 +00:00
}
2015-08-04 00:10:12 -03:00
public static function int($value)
2015-03-27 01:00:01 +00:00
{
$value = (int)$value;
if($value>=0)
return $value;
else
return 0;
}
2015-08-04 00:10:12 -03:00
}