本文整理汇总了PHP中ESAPI类的典型用法代码示例。如果您正苦于以下问题:PHP ESAPI类的具体用法?PHP ESAPI怎么用?PHP ESAPI使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了ESAPI类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: testGetSanitizedHTML_03
/**
* Test of getSanitizedHTML method of class Sanitizer.
*/
function testGetSanitizedHTML_03()
{
$san = ESAPI::getSanitizer();
$test3 = 'Test.<script>alert(document.cookie)</script>';
$result3 = $san->getSanitizedHTML('test', $test3, 100, false);
$this->assertEquals('Test.', $result3);
}
示例2: __construct
/**
* Instantiates a new intrusion exception.
*
* @param string $userMessage The message displayed to the user
* @param string $logMessage the message logged
*
* @return does not return a value.
*/
public function __construct($userMessage = '', $logMessage = '')
{
parent::__construct($userMessage);
$this->logMessage = $logMessage;
$logger = ESAPI::getAuditor("IntrusionException");
$logger->error(DefaultAuditor::SECURITY, false, "INTRUSION - " . $logMessage);
}
示例3: __construct
function __construct()
{
//The xml file is in its insecure default location.
//We would normally have all referenced libraries outside of the webroot.
$this->esapi = new ESAPI('../owasp-esapi-php-read-only/test/testresources/ESAPI.xml');
ESAPI::setEncoder(new DefaultEncoder());
ESAPI::setValidator(new DefaultValidator());
$this->encoder = ESAPI::getEncoder();
$this->validator = ESAPI::getValidator();
}
示例4: __construct
/**
* Constructor sets-up the validation rule with a descriptive name for this
* validator, an optional Encoder instance (for canonicalization) and an
* optional whitelist regex pattern to validate the input against prior to
* HTML purification.
* An instance of the HTMLPurifier class is created and stored too.
*
* @param string $typeName descriptive name for this validator.
* @param object $encoder providing canonicalize method.
* @param string $whitelistPattern Whitelist regex.
*
* @return does not return a value.
*/
public function __construct($typeName, $encoder = null, $whitelistPattern = null)
{
parent::__construct($typeName, $encoder);
$this->_auditor = ESAPI::getAuditor('HTMLValidationRule');
try {
$this->_purifier = new HTMLPurifier($this->_basicConfig());
} catch (Exception $e) {
throw new ValidationException('Could not initialize HTMLPurifier.', 'Caught ' . gettype($e) . ' attempting to instantiate HTMLPurifier: ' . $e->getMessage, 'HTMLValidationRule->construct');
}
}
示例5: _getCCRule
/**
* Returns an instance of StringValidationRule constructed with a regex
* pattern for validating Credit Card Numbers obtained from the ESAPI
* SecurityConfiguration.
*
* @return object object of type StringValidationRule.
*/
private function _getCCRule()
{
global $ESAPI;
$config = ESAPI::getSecurityConfiguration();
$pattern = $config->getValidationPattern(self::CREDIT_CARD_VALIDATOR_KEY);
$ccr = new StringValidationRule('CreditCardValidator', $this->encoder, $pattern);
$ccr->setMaximumLength(19);
$ccr->setAllowNull(false);
return $ccr;
}
示例6: __construct
/**
* Creates a new instance of EnterpriseSecurityException that includes a
* root cause.
*
* @param string $userMessage The message displayed to the user
* @param string $logMessage the message logged
*/
public function __construct($userMessage = '', $logMessage = '')
{
$cause = 0;
if (empty($userMessage)) {
$userMessage = null;
}
parent::__construct($userMessage);
$this->logMessage = $logMessage;
$this->logger = ESAPI::getAuditor("EnterpriseSecurityException");
if (!ESAPI::getSecurityConfiguration()->getDisableIntrusionDetection()) {
ESAPI::getIntrusionDetector()->addException($this);
}
}
示例7: errorAction
/**
* The errorAction handles errors and exceptions.
*
* @return null
*/
public function errorAction()
{
$this->getResponse()->clearBody();
$errors = $this->_getParam('error_handler');
switch ($errors->type) {
case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ROUTE:
case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
// 404 error -- controller or action not found
$this->getResponse()->setHttpResponseCode(404);
$this->view->message = 'The page requested was not found.';
break;
default:
// Log exceptions. EnterpriseSecurityException were automagically logged
// so they are not logged here.
if ($errors->exception instanceof EnterpriseSecurityException === false) {
ESAPI::getIntrusionDetector()->addException($errors->exception);
}
// application error - if display_errors is off then the client
// is redirected to the index controller error action where a
// generic error message will be rendered.
$bootstrap = $this->getInvokeArg('bootstrap');
if ($bootstrap->hasOption('phpsettings')) {
$o = $bootstrap->getOption('phpsettings');
if (array_key_exists('display_errors', $o) && $o['display_errors'] !== '1') {
if (Zend_Session::sessionExists()) {
$ns = new Zend_Session_Namespace('Contact');
$ns->error = true;
}
$this->_helper->getHelper('redirector')->setCode(303)->gotoSimple('error', 'index', null, $this->_request->getParams());
return;
}
}
$this->getResponse()->setHttpResponseCode(500);
$this->view->message = 'Application error';
}
// conditionally display exceptions
if ($this->getInvokeArg('displayExceptions') == true) {
$this->view->exception = $errors->exception;
}
$this->view->request = $errors->request;
}
示例8: _initialise
/**
* Helper function.
*
* Configures Apache's Log4PHP RootLogger based on values obtained from the
* ESAPI properties file. All instances of Log4PHP Logger will inherit the
* configuration.
*
* @return does not return a value.
*/
private static function _initialise()
{
self::$_initialised = true;
$secConfig = ESAPI::getSecurityConfiguration();
$logLevel = $secConfig->getLogLevel();
// Patterns representing the format of Log entries
// d date, p priority (level), m message, n newline
$dateFormat = $secConfig->getLogFileDateFormat();
$logfileLayoutPattern = "%d{{$dateFormat}} %m %n";
// LogFile properties.
$logFileName = $secConfig->getLogFileName();
$maxLogFileSize = $secConfig->getMaxLogFileSize();
$maxLogFileBackups = $secConfig->getMaxLogFileBackups();
// LogFile layout
$logfileLayout = new LoggerLayoutPattern();
$logfileLayout->setConversionPattern($logfileLayoutPattern);
// LogFile RollingFile Appender
$appenderLogfile = new LoggerAppenderRollingFile('ESAPI LogFile');
$appenderLogfile->setFile($logFileName, true);
$appenderLogfile->setMaxFileSize($maxLogFileSize);
$appenderLogfile->setMaxBackupIndex($maxLogFileBackups);
$appenderLogfile->setLayout($logfileLayout);
if ($logLevel !== 'OFF') {
$appenderLogfile->activateOptions();
}
// Get the RootLogger and reset it, before adding our Appenders and
// setting our Loglevel
$rootLogger = Logger::getRootLogger();
$rootLogger->removeAllAppenders();
$rootLogger->addAppender($appenderLogfile);
$rootLogger->setLevel(self::_convertESAPILeveltoLoggerLevel($logLevel));
}
示例9: testSafeFileLowByteInFileName
/**
* Test constructor of class SafeFile with Invalid path.
*
* @return bool True on Pass.
*/
function testSafeFileLowByteInFileName()
{
$config = ESAPI::getSecurityConfiguration();
$file = $config->getResourceDirectory() . "/ESAPI" . chr(8) . ".xml";
$this->setExpectedException('EnterpriseSecurityException');
$sf = new SafeFile($file);
}
示例10: _queryToMap
/**
* Takes an HTTP query string and parses it into name-value pairs which are
* returned as an associative array. This implementation will ignore
* duplicate paramater names, returning only the first found parameter.
*
* @param string $query The HTTP query string to be parsed.
*
* @return array of name value pairs from the query string.
*/
private function _queryToMap($query)
{
$map = array();
$parts = explode('&', $query);
foreach ($parts as $part) {
try {
$nvpair = explode('=', $part);
$name = ESAPI::getEncoder()->decodeFromURL($nvpair[0]);
$value = ESAPI::getEncoder()->decodeFromURL($nvpair[1]);
if (!array_key_exists($name, $map)) {
$map[$name] = $value;
}
} catch (EncodingException $e) {
// NoOp - skip this pair - exception was logged already.
}
}
return $map;
}
示例11: isValid
/**
* Validates the input string against a whitelist of acceptable characters.
*
* @param string $input The input string to be validated.
*
* @return bool True if input string contains only characters defined in the
* whitelist, otherwise
* False.
*/
public function isValid($input)
{
if (!is_string($input) || empty($input)) {
$this->_error(self::INVALID);
return false;
}
$canonical = ESAPI::getEncoder()->canonicalize($input, false);
$detectedCharEnc = mb_detect_encoding($canonical);
if ($detectedCharEnc != 'UTF-8') {
$canonical = mb_convert_encoding($canonical, 'UTF-8', $detectedCharEnc);
}
$limit = mb_strlen($canonical, 'UTF-8');
for ($i = 0; $i < $limit; $i++) {
$c = mb_substr($canonical, $i, 1, 'UTF-8');
if (in_array($c, $this->_charset, true) !== true) {
$this->_error(self::INPUT_NOT_IN_WHITELIST);
return false;
}
}
return true;
}
示例12: ESAPI
<?php
/* ------------------------------------------
* initialize OWASP ESAPI for PHP
* ------------------------------------------ */
require_once __ROOT__ . '/owasp-esapi-php/src/ESAPI.php';
if (!isset($ESAPI)) {
$ESAPI = new ESAPI(__ROOT__ . '/owasp-esapi-php/src/ESAPI.xml');
$Encoder = $ESAPI->getEncoder();
}
// end if
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)) {
$CustomErrorHandler = new CustomErrorHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
}
// end if
/* ------------------------------------------
* initialize log error handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/LogHandler.php';
$LogHandler = new LogHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
/* ------------------------------------------
* initialize SQL Query Handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler(__ROOT__ . "/owasp-esapi-php/src/", $_SESSION["security-level"]);
示例13: getUniqueRandomReference
/**
* Create a new random reference that is guaranteed to be unique.
*
* @return
* a random reference that is guaranteed to be unique
*/
function getUniqueRandomReference()
{
$candidate = null;
do {
$candidate = ESAPI::getRandomizer()->getRandomString(6, "123456789");
} while ($this->itod->offsetExists($candidate));
return $candidate;
}
示例14: encodeForOS
/**
* @inheritdoc
*/
public function encodeForOS($codec, $input)
{
if ($input === null) {
return null;
}
if ($codec instanceof Codec == false) {
ESAPI::getLogger('Encoder')->error(ESAPILogger::SECURITY, false, 'Invalid Argument, expected an instance of an OS Codec.');
return null;
}
return $codec->encode($this->_immune_os, $input);
}
示例15: error_reporting
<?php
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project.
*
* PHP version 5.2
*
* LICENSE: This source file is subject to the New BSD license. You should read
* and accept the LICENSE before you use, modify, and/or redistribute this
* software.
*
* @category OWASP
* @package ESAPI
* @author Andrew van der Stock <vanderaj@owasp.org>
* @author Mike Boberski <boberski_michael@bah.com>
* @copyright 2009-2011 The OWASP Foundation
* @license http://www.opensource.org/licenses/bsd-license.php New BSD license
* @version SVN: $Id$
* @link http://www.owasp.org/index.php/ESAPI
*/
error_reporting(E_ALL | ~E_STRICT);
require_once __DIR__ . '/../src/ESAPI.php';
ESAPI::getSecurityConfiguration(__DIR__ . '/testresources/ESAPI.xml');
session_start();
// For HTTPUtilities;