本文整理汇总了PHP中Input::sanitize方法的典型用法代码示例。如果您正苦于以下问题:PHP Input::sanitize方法的具体用法?PHP Input::sanitize怎么用?PHP Input::sanitize使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Input的用法示例。
在下文中一共展示了Input::sanitize方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: sanitize
/**
* sanitize() - clean input for known injection vulnerabilities
*
* Remove anything that could be dangerous from user input.
* Our organization names should contain only [a-z][0-9], like the nren
* names, like the states. So all inputs can be limited to [a-z][0-9]
*
* TODO: This function spphould be accessible for all forms taking data
* TODO: Make sure it accepts all legal characters in the \DN
*/
static function sanitize($input)
{
if (!isset($input) || $input === "") {
return null;
}
if (is_array($input)) {
foreach ($input as $var => $val) {
$output[$var] = Input::sanitize($val);
}
}
$output = preg_replace('/[^a-z0-9_.@ ]+/i', '', $input);
return $output;
}示例2: header
$xml->addAttribute("elementCount", $element_count);
Logger::log_event(LOG_DEBUG, "Returning list with {$element_count} entries.");
header("content-type: text/xml");
echo $xml->asXML();
}
/* Safe environment? */
assertEnvironment();
/* Is the certificate a legit cert? */
$admin = createAdminPerson();
if (!isset($admin) || !$admin->isAuth()) {
echo "Not authenticated! Cannot continue<br />\n";
exit(0);
}
/* Get list of issued certiticates */
if (isset($_POST['action'])) {
$action = Input::sanitize($_POST['action']);
} else {
/* if no action provided, assume the client wants a list of issued certificates. */
$action = 'cert_list';
}
switch ($action) {
case 'cert_list':
Logger::log_event(LOG_NOTICE, "[RI] " . $admin->getEPPN() . " cert-list request.");
$res = Robot::createCertList($admin);
printXMLRes($res, 'userList');
break;
case 'revoke_list':
if (!isset($_POST['list'])) {
echo "No data provided.\n";
exit(0);
}示例3: substr
<?php
require_once 'confusa_include.php';
require_once 'Config.php';
require_once 'Input.php';
require_once 'confusa_constants.php';
/*
* Get the custom NREN logo from the filesystem and return it as an image
*/
if (isset($_GET['nren'])) {
$nren = Input::sanitize($_GET['nren']);
$position = Input::sanitize($_GET['pos']);
$suffix = Input::sanitize($_GET['suffix']);
$logo_path = Config::get_config('custom_logo') . $nren . '/custom_' . $position . '.';
$logo_path .= $suffix;
} else {
if (isset($_GET['op'])) {
$logo_path = Config::get_config('operator_logo');
$suffix = substr($logo_path, strlen($logo_path) - 3, strlen($logo_path) - 1);
} else {
exit(1);
}
}
/*
* Search if there is one custom.png, custom.jpg or custom.any_other_
* allowed_suffix file in the custom-logo folder.
*
* If there isn't return null
*/
if (file_exists($logo_path)) {
$fp = fopen($logo_path, "r");示例4: process
public function process()
{
if (!$this->person->isNRENAdmin()) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the NREN-area", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
}
$this->tpl->assign('nrenName', $this->person->getNREN());
$this->tpl->assign('org_states', ConfusaConstants::$ORG_STATES);
/* Export the NREN UID key */
$map = $this->person->getNREN()->getMap();
$this->tpl->assign('nren_eppn_key', $map['eppn']);
if (isset($_GET['target'])) {
switch (Input::sanitize($_GET['target'])) {
case 'list':
/* get all info from database and publish to template */
$this->tpl->assign('subscriber_list', $this->getSubscribers());
$this->tpl->assign('self_subscriber', $this->person->getSubscriber()->getIdPName());
$this->tpl->assign('list_subscribers', true);
break;
case 'add':
$am = AuthHandler::getAuthManager($this->person);
$attributes = $am->getAttributes();
$nren = $this->person->getNREN();
if (isset($attributes[$map['epodn']])) {
$this->tpl->assign('foundUniqueName', $attributes[$map['epodn']][0]);
$this->tpl->assign('nrenOrgAttr', $map['epodn']);
}
if (isset($attributes[$map['eppn']])) {
$this->form_data['eppnAttr'] = $map['eppn'];
}
$this->tpl->assign('form_data', $this->form_data);
$this->tpl->assign('add_subscriber', true);
break;
default:
break;
}
} else {
/* get all info from database and publish to template */
$this->tpl->assign('subscriber_list', $this->getSubscribers());
$subscriber = $this->person->getSubscriber();
if (isset($subscriber)) {
$this->tpl->assign('self_subscriber', $subscriber);
} else {
$this->tpl->assign('self_subscriber', '');
Framework::error_output($this->translateTag('l10n_error_illegalattributemap', 'nrenadmin') . '<a href="attributes.php">' . $this->translateTag('item_attributes', 'menu') . '</a>.');
}
$this->tpl->assign('list_subscribers', true);
}
/* render page */
$this->tpl->assign('content', $this->tpl->fetch('nren_admin.tpl'));
}示例5: process
public function process()
{
if (!$this->person->isSubscriberAdmin()) {
/* not authorized */
return false;
}
/* get menu-flags and assign to the framework */
$this->tpl->assign('rv_list', false);
$this->tpl->assign('rv_upload', false);
$this->tpl->assign('rv_info', false);
if (isset($_GET['robot_view'])) {
switch (Input::sanitize($_GET['robot_view'])) {
case 'list':
$this->tpl->assign('rv_list', true);
$this->tpl->assign('robotCerts', $this->getRobotCertList());
break;
case 'upload':
$this->tpl->assign('rv_upload', true);
break;
case 'info':
$this->tpl->assign('rv_info', true);
$this->tpl->assign('ri_path', Config::get_config('server_url') . "ri.php");
break;
default:
break;
}
} else {
/* We default to listing the certificates */
$this->tpl->assign('robotCerts', $this->getRobotCertList());
$this->tpl->assign('rv_list', true);
}
$this->tpl->assign('content', $this->tpl->fetch('robot.tpl'));
}示例6: getCertFromDB
/**
* getCertFromDB() take the registred Certificate and find a match in
* the DB
*
* Robot_Certificates are used for authenticating remote
* clients. Therefore, we will *always* start the object with a
* certificate.
*
* The authN-mechanism lies in whether or not the certicate is also
* present in the database.
*
* @param Boolean $db_authoriative the values in the database is
* authorative (overwrite local values if
* present).
* @return Boolean flag indicating if the certificate was found and
* it matches the current
@access private
*/
private function getCertFromDB($db_authorative = false)
{
$fp = $this->getFingerprint();
if (!$fp) {
return false;
}
try {
$query = "SELECT * FROM robot_certs WHERE fingerprint=?";
$res = MDB2Wrapper::execute($query, array('text'), array($fp));
if (count($res) == 1) {
if ($res[0]['cert'] == $this->getPEMContent()) {
if ($db_authorative) {
$this->db_id = Input::sanitize($res[0]['id']);
$this->owner = Input::sanitize($res[0]['uploaded_by']);
$this->subscriber = Input::sanitize($res[0]['subscriber_id']);
$this->lwsent = Input::sanitize($res[0]['last_warning_sent']);
$this->uploaded_date = Input::sanitize($res[0]['uploaded_date']);
}
return true;
}
}
return false;
} catch (DBStatementException $dbse) {
Logger::log_event(LOG_NOTICE, "Corrupted statement in query (" . __FILE__ . ":" . __LINE__ . " " . $dbse->getMessage());
} catch (DBQueryException $dbqe) {
Logger::log_event(LOG_NOTICE, "Corrupted content in query (" . __FILE__ . ":" . __LINE__ . " " . $dbqe->getMessage());
}
return false;
}示例7: pre_process
public function pre_process($person)
{
parent::pre_process($person);
/* if $person is not a NREN admin we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
if (isset($_POST['stylist_operation'])) {
switch (htmlentities($_POST['stylist_operation'])) {
case 'change_help_text':
$new_text = Input::sanitizeText($_POST['help_text']);
$this->updateNRENHelpText($this->person->getNREN(), $new_text);
break;
case 'change_about_text':
$new_text = Input::sanitizeText($_POST['about_text']);
$this->updateNRENAboutText($this->person->getNREN(), $new_text);
break;
case 'change_privnotice_text':
$new_text = Input::sanitizeText($_POST['privnotice_text']);
$this->updateNRENPrivacyNotice($this->person->getNREN(), $new_text);
break;
case 'change_css':
if (isset($_POST['reset'])) {
$this->resetNRENCSS($this->person->getNREN());
} else {
if (isset($_POST['download'])) {
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->downloadNRENCSS($new_css);
} else {
if (isset($_POST['change'])) {
/* the CSS will not be inserted into the DB or executed in another way.
* Hence do not sanitize it. It will contain 'dangerous' string portions,
* such as { : ' anyways, so it would be hard to insert it into the DB properly*/
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->updateNRENCSS($this->person->getNREN(), $new_css);
}
}
}
break;
case 'change_mail':
if (isset($_POST['reset'])) {
$this->resetNRENMailTpl($this->person->getNREN());
} else {
if (isset($_POST['change'])) {
$new_template = strip_tags($_POST['mail_content']);
$this->updateNRENMailTpl($this->person->getNREN(), $new_template);
} else {
if (isset($_POST['test'])) {
/* see where mail_content is set in
* process() for how the current
* template is kept. */
$this->sendNRENTestMail($this->person, strip_tags($_POST['mail_content']));
}
}
}
break;
case 'upload_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output("The specified position " . htmlentities($position) . " is not a legal logo position!");
return;
}
if (isset($_FILES['nren_logo']['name'])) {
/* only allow image uploads */
if (strpos($_FILES['nren_logo']['type'], 'image/') !== false) {
$this->uploadLogo('nren_logo', $position, $this->person->getNREN());
} else {
Framework::error_output($this->translateTag('l10n_error_upload_logo_invalid', 'stylist'));
}
}
break;
case 'delete_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output($this->translateTag('l10n_error_upload_logo_position', 'stylist'));
return;
}
$this->deleteLogo($position, $this->person->getNREN());
break;
case 'change_title':
if (isset($_POST['portalTitle'])) {
$titleValue = Input::sanitize($_POST['portalTitle']);
} else {
$titleValue = "";
}
if (isset($_POST['changeButton'])) {
$showTitle = isset($_POST['showPortalTitle']);
$this->updateNRENTitle($this->person->getNREN(), $titleValue, $showTitle);
}
break;
default:
Framework::error_output("Unknown operation chosen in the stylist!");
break;
}
}
}