当前位置: 首页>>代码示例>>PHP>>正文


PHP ESAPI类代码示例

本文整理汇总了PHP中ESAPI的典型用法代码示例。如果您正苦于以下问题:PHP ESAPI类的具体用法?PHP ESAPI怎么用?PHP ESAPI使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了ESAPI类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: testGetSanitizedHTML_03

 /**
  * Test of getSanitizedHTML method of class Sanitizer.
  */
 function testGetSanitizedHTML_03()
 {
     $san = ESAPI::getSanitizer();
     $test3 = 'Test.<script>alert(document.cookie)</script>';
     $result3 = $san->getSanitizedHTML('test', $test3, 100, false);
     $this->assertEquals('Test.', $result3);
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:10,代码来源:SanitizerTest.php

示例2: __construct

 /**
  * Instantiates a new intrusion exception.
  *
  * @param string $userMessage The message displayed to the user
  * @param string $logMessage  the message logged
  *
  * @return does not return a value.
  */
 public function __construct($userMessage = '', $logMessage = '')
 {
     parent::__construct($userMessage);
     $this->logMessage = $logMessage;
     $logger = ESAPI::getAuditor("IntrusionException");
     $logger->error(DefaultAuditor::SECURITY, false, "INTRUSION - " . $logMessage);
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:15,代码来源:IntrusionException.php

示例3: __construct

 function __construct()
 {
     //The xml file is in its insecure default location.
     //We would normally have all referenced libraries outside of the webroot.
     $this->esapi = new ESAPI('../owasp-esapi-php-read-only/test/testresources/ESAPI.xml');
     ESAPI::setEncoder(new DefaultEncoder());
     ESAPI::setValidator(new DefaultValidator());
     $this->encoder = ESAPI::getEncoder();
     $this->validator = ESAPI::getValidator();
 }
开发者ID:bradchesney79,项目名称:PHP-OWASP-ESAPI-Canonicalization-Demo,代码行数:10,代码来源:user.php

示例4: __construct

 /**
  * Constructor sets-up the validation rule with a descriptive name for this
  * validator, an optional Encoder instance (for canonicalization) and an
  * optional whitelist regex pattern to validate the input against prior to
  * HTML purification.
  * An instance of the HTMLPurifier class is created and stored too.
  *
  * @param string $typeName         descriptive name for this validator.
  * @param object $encoder          providing canonicalize method.
  * @param string $whitelistPattern Whitelist regex.
  *
  * @return does not return a value.
  */
 public function __construct($typeName, $encoder = null, $whitelistPattern = null)
 {
     parent::__construct($typeName, $encoder);
     $this->_auditor = ESAPI::getAuditor('HTMLValidationRule');
     try {
         $this->_purifier = new HTMLPurifier($this->_basicConfig());
     } catch (Exception $e) {
         throw new ValidationException('Could not initialize HTMLPurifier.', 'Caught ' . gettype($e) . ' attempting to instantiate HTMLPurifier: ' . $e->getMessage, 'HTMLValidationRule->construct');
     }
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:23,代码来源:HTMLValidationRule.php

示例5: _getCCRule

 /**
  * Returns an instance of StringValidationRule constructed with a regex
  * pattern for validating Credit Card Numbers obtained from the ESAPI
  * SecurityConfiguration.
  *
  * @return object object of type StringValidationRule.
  */
 private function _getCCRule()
 {
     global $ESAPI;
     $config = ESAPI::getSecurityConfiguration();
     $pattern = $config->getValidationPattern(self::CREDIT_CARD_VALIDATOR_KEY);
     $ccr = new StringValidationRule('CreditCardValidator', $this->encoder, $pattern);
     $ccr->setMaximumLength(19);
     $ccr->setAllowNull(false);
     return $ccr;
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:17,代码来源:CreditCardValidationRule.php

示例6: __construct

 /**
  * Creates a new instance of EnterpriseSecurityException that includes a
  * root cause.
  *
  * @param string $userMessage The message displayed to the user
  * @param string $logMessage  the message logged
  */
 public function __construct($userMessage = '', $logMessage = '')
 {
     $cause = 0;
     if (empty($userMessage)) {
         $userMessage = null;
     }
     parent::__construct($userMessage);
     $this->logMessage = $logMessage;
     $this->logger = ESAPI::getAuditor("EnterpriseSecurityException");
     if (!ESAPI::getSecurityConfiguration()->getDisableIntrusionDetection()) {
         ESAPI::getIntrusionDetector()->addException($this);
     }
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:20,代码来源:EnterpriseSecurityException.php

示例7: errorAction

 /**
  * The errorAction handles errors and exceptions.
  *
  * @return null
  */
 public function errorAction()
 {
     $this->getResponse()->clearBody();
     $errors = $this->_getParam('error_handler');
     switch ($errors->type) {
         case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ROUTE:
         case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
         case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
             // 404 error -- controller or action not found
             $this->getResponse()->setHttpResponseCode(404);
             $this->view->message = 'The page requested was not found.';
             break;
         default:
             // Log exceptions. EnterpriseSecurityException were automagically logged
             // so they are not logged here.
             if ($errors->exception instanceof EnterpriseSecurityException === false) {
                 ESAPI::getIntrusionDetector()->addException($errors->exception);
             }
             // application error - if display_errors is off then the client
             // is redirected to the index controller error action where a
             // generic error message will be rendered.
             $bootstrap = $this->getInvokeArg('bootstrap');
             if ($bootstrap->hasOption('phpsettings')) {
                 $o = $bootstrap->getOption('phpsettings');
                 if (array_key_exists('display_errors', $o) && $o['display_errors'] !== '1') {
                     if (Zend_Session::sessionExists()) {
                         $ns = new Zend_Session_Namespace('Contact');
                         $ns->error = true;
                     }
                     $this->_helper->getHelper('redirector')->setCode(303)->gotoSimple('error', 'index', null, $this->_request->getParams());
                     return;
                 }
             }
             $this->getResponse()->setHttpResponseCode(500);
             $this->view->message = 'Application error';
     }
     // conditionally display exceptions
     if ($this->getInvokeArg('displayExceptions') == true) {
         $this->view->exception = $errors->exception;
     }
     $this->view->request = $errors->request;
 }
开发者ID:louiesabado,项目名称:simple-php-contact-form,代码行数:47,代码来源:ErrorController.php

示例8: _initialise

 /**
  *  Helper function.
  *
  *  Configures Apache's Log4PHP RootLogger based on values obtained from the
  *  ESAPI properties file.  All instances of Log4PHP Logger will inherit the
  *  configuration.
  *
  *  @return does not return a value.
  */
 private static function _initialise()
 {
     self::$_initialised = true;
     $secConfig = ESAPI::getSecurityConfiguration();
     $logLevel = $secConfig->getLogLevel();
     // Patterns representing the format of Log entries
     // d date, p priority (level), m message, n newline
     $dateFormat = $secConfig->getLogFileDateFormat();
     $logfileLayoutPattern = "%d{{$dateFormat}} %m %n";
     // LogFile properties.
     $logFileName = $secConfig->getLogFileName();
     $maxLogFileSize = $secConfig->getMaxLogFileSize();
     $maxLogFileBackups = $secConfig->getMaxLogFileBackups();
     // LogFile layout
     $logfileLayout = new LoggerLayoutPattern();
     $logfileLayout->setConversionPattern($logfileLayoutPattern);
     // LogFile RollingFile Appender
     $appenderLogfile = new LoggerAppenderRollingFile('ESAPI LogFile');
     $appenderLogfile->setFile($logFileName, true);
     $appenderLogfile->setMaxFileSize($maxLogFileSize);
     $appenderLogfile->setMaxBackupIndex($maxLogFileBackups);
     $appenderLogfile->setLayout($logfileLayout);
     if ($logLevel !== 'OFF') {
         $appenderLogfile->activateOptions();
     }
     // Get the RootLogger and reset it, before adding our Appenders and
     // setting our Loglevel
     $rootLogger = Logger::getRootLogger();
     $rootLogger->removeAllAppenders();
     $rootLogger->addAppender($appenderLogfile);
     $rootLogger->setLevel(self::_convertESAPILeveltoLoggerLevel($logLevel));
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:41,代码来源:DefaultAuditor.php

示例9: testSafeFileLowByteInFileName

 /**
  * Test constructor of class SafeFile with Invalid path.
  *
  * @return bool True on Pass.
  */
 function testSafeFileLowByteInFileName()
 {
     $config = ESAPI::getSecurityConfiguration();
     $file = $config->getResourceDirectory() . "/ESAPI" . chr(8) . ".xml";
     $this->setExpectedException('EnterpriseSecurityException');
     $sf = new SafeFile($file);
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:12,代码来源:SafeFileTest.php

示例10: _queryToMap

 /**
  * Takes an HTTP query string and parses it into name-value pairs which are
  * returned as an associative array.  This implementation will ignore
  * duplicate paramater names, returning only the first found parameter.
  *
  * @param string $query The HTTP query string to be parsed.
  *
  * @return array of name value pairs from the query string.
  */
 private function _queryToMap($query)
 {
     $map = array();
     $parts = explode('&', $query);
     foreach ($parts as $part) {
         try {
             $nvpair = explode('=', $part);
             $name = ESAPI::getEncoder()->decodeFromURL($nvpair[0]);
             $value = ESAPI::getEncoder()->decodeFromURL($nvpair[1]);
             if (!array_key_exists($name, $map)) {
                 $map[$name] = $value;
             }
         } catch (EncodingException $e) {
             // NoOp - skip this pair - exception was logged already.
         }
     }
     return $map;
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:27,代码来源:DefaultHTTPUtilities.php

示例11: isValid

 /**
  * Validates the input string against a whitelist of acceptable characters.
  *
  * @param string $input The input string to be validated.
  *
  * @return bool True if input string contains only characters defined in the
  *              whitelist, otherwise
  *              False.
  */
 public function isValid($input)
 {
     if (!is_string($input) || empty($input)) {
         $this->_error(self::INVALID);
         return false;
     }
     $canonical = ESAPI::getEncoder()->canonicalize($input, false);
     $detectedCharEnc = mb_detect_encoding($canonical);
     if ($detectedCharEnc != 'UTF-8') {
         $canonical = mb_convert_encoding($canonical, 'UTF-8', $detectedCharEnc);
     }
     $limit = mb_strlen($canonical, 'UTF-8');
     for ($i = 0; $i < $limit; $i++) {
         $c = mb_substr($canonical, $i, 1, 'UTF-8');
         if (in_array($c, $this->_charset, true) !== true) {
             $this->_error(self::INPUT_NOT_IN_WHITELIST);
             return false;
         }
     }
     return true;
 }
开发者ID:louiesabado,项目名称:simple-php-contact-form,代码行数:30,代码来源:Charset.php

示例12: ESAPI

<?php

/* ------------------------------------------
 * initialize OWASP ESAPI for PHP
 * ------------------------------------------ */
require_once __ROOT__ . '/owasp-esapi-php/src/ESAPI.php';
if (!isset($ESAPI)) {
    $ESAPI = new ESAPI(__ROOT__ . '/owasp-esapi-php/src/ESAPI.xml');
    $Encoder = $ESAPI->getEncoder();
}
// end if
/* ------------------------------------------
 * initialize custom error handler
 * ------------------------------------------ */
require_once __ROOT__ . '/classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)) {
    $CustomErrorHandler = new CustomErrorHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
}
// end if
/* ------------------------------------------
 * initialize log error handler
 * ------------------------------------------ */
require_once __ROOT__ . '/classes/LogHandler.php';
$LogHandler = new LogHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
/* ------------------------------------------
 * initialize SQL Query Handler
 * ------------------------------------------ */
require_once __ROOT__ . '/classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler(__ROOT__ . "/owasp-esapi-php/src/", $_SESSION["security-level"]);
开发者ID:neelaryan,项目名称:mutillidae,代码行数:29,代码来源:minimum-class-definitions.php

示例13: getUniqueRandomReference

 /**
  * Create a new random reference that is guaranteed to be unique.
  *
  *  @return
  *  	a random reference that is guaranteed to be unique
  */
 function getUniqueRandomReference()
 {
     $candidate = null;
     do {
         $candidate = ESAPI::getRandomizer()->getRandomString(6, "123456789");
     } while ($this->itod->offsetExists($candidate));
     return $candidate;
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:14,代码来源:RandomAccessReferenceMap.php

示例14: encodeForOS

 /**
  * @inheritdoc
  */
 public function encodeForOS($codec, $input)
 {
     if ($input === null) {
         return null;
     }
     if ($codec instanceof Codec == false) {
         ESAPI::getLogger('Encoder')->error(ESAPILogger::SECURITY, false, 'Invalid Argument, expected an instance of an OS Codec.');
         return null;
     }
     return $codec->encode($this->_immune_os, $input);
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:14,代码来源:DefaultEncoder.php

示例15: error_reporting

<?php

/**
 * OWASP Enterprise Security API (ESAPI)
 *
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project.
 *
 * PHP version 5.2
 *
 * LICENSE: This source file is subject to the New BSD license.  You should read
 * and accept the LICENSE before you use, modify, and/or redistribute this
 * software.
 *
 * @category  OWASP
 * @package   ESAPI
 * @author    Andrew van der Stock <vanderaj@owasp.org>
 * @author    Mike Boberski <boberski_michael@bah.com>
 * @copyright 2009-2011 The OWASP Foundation
 * @license   http://www.opensource.org/licenses/bsd-license.php New BSD license
 * @version   SVN: $Id$
 * @link      http://www.owasp.org/index.php/ESAPI
 */
error_reporting(E_ALL | ~E_STRICT);
require_once __DIR__ . '/../src/ESAPI.php';
ESAPI::getSecurityConfiguration(__DIR__ . '/testresources/ESAPI.xml');
session_start();
// For HTTPUtilities;
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:28,代码来源:bootstrap.php


注:本文中的ESAPI类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。