bludit/bl-kernel/helpers/sanitize.class.php

84 lines
1.6 KiB
PHP
Raw Permalink Normal View History

2015-03-27 02:00:01 +01:00
<?php defined('BLUDIT') or die('Bludit CMS.');
class Sanitize {
public static function removeTags($text) {
return strip_tags($text);
}
2015-06-28 01:28:22 +02:00
// Convert special characters to HTML entities
2015-03-27 02:00:01 +01:00
public static function html($text)
{
2015-06-27 05:51:43 +02:00
$flags = ENT_COMPAT;
2018-01-17 15:57:00 +01:00
if (defined('ENT_HTML5')) {
2015-06-27 05:51:43 +02:00
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars($text, $flags, CHARSET);
2015-03-27 02:00:01 +01:00
}
2015-06-28 01:28:22 +02:00
// Convert special HTML entities back to characters
public static function htmlDecode($text)
{
$flags = ENT_COMPAT;
if(defined('ENT_HTML5')) {
$flags = ENT_COMPAT|ENT_HTML5;
}
return htmlspecialchars_decode($text, $flags);
}
2015-07-03 22:44:26 +02:00
public static function pathFile($path, $file=false)
2015-03-27 02:00:01 +01:00
{
2019-03-10 18:27:24 +01:00
if ($file!==false){
2015-07-03 22:44:26 +02:00
$fullPath = $path.$file;
2019-03-10 18:27:24 +01:00
} else {
2015-07-03 22:44:26 +02:00
$fullPath = $path;
}
2015-06-30 05:23:29 +02:00
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
2015-07-03 22:44:26 +02:00
$fullPath = str_replace('/', DS, $fullPath);
2015-06-30 05:23:29 +02:00
2019-03-10 18:27:24 +01:00
if (CHECK_SYMBOLIC_LINKS) {
$real = realpath($fullPath);
2019-03-10 18:27:24 +01:00
} else {
$real = file_exists($fullPath)?$fullPath:false;
}
2015-03-27 02:00:01 +01:00
// If $real is FALSE the file does not exist.
2019-03-10 18:27:24 +01:00
if ($real===false) {
2015-03-27 02:00:01 +01:00
return false;
2015-06-30 05:23:29 +02:00
}
2015-03-27 02:00:01 +01:00
// If the $real path does not start with the systemPath then this is Path Traversal.
2019-03-10 18:27:24 +01:00
if (strpos($fullPath, $real)!==0) {
2015-03-27 02:00:01 +01:00
return false;
2015-06-30 05:23:29 +02:00
}
2015-03-27 02:00:01 +01:00
return true;
}
2015-10-20 05:14:28 +02:00
// Returns the email without illegal characters.
2015-08-04 05:10:12 +02:00
public static function email($email)
2015-03-27 02:00:01 +01:00
{
2015-08-04 05:10:12 +02:00
return( filter_var($email, FILTER_SANITIZE_EMAIL) );
2015-03-27 02:00:01 +01:00
}
2015-08-04 05:10:12 +02:00
public static function url($url)
2015-03-27 02:00:01 +01:00
{
2015-08-04 05:10:12 +02:00
return( filter_var($url, FILTER_SANITIZE_URL) );
2015-03-27 02:00:01 +01:00
}
2015-08-04 05:10:12 +02:00
public static function int($value)
2015-03-27 02:00:01 +01:00
{
$value = (int)$value;
if($value>=0)
return $value;
else
return 0;
}
2017-11-01 19:38:56 +01:00
}