本文整理汇总了PHP中t3lib_div::removeXSS方法的典型用法代码示例。如果您正苦于以下问题:PHP t3lib_div::removeXSS方法的具体用法?PHP t3lib_div::removeXSS怎么用?PHP t3lib_div::removeXSS使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类t3lib_div的用法示例。
在下文中一共展示了t3lib_div::removeXSS方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: execute
/**
* Provides the values for the markers in the simple form template
*
* @return array an array containing values for markers in the simple form template
*/
public function execute()
{
$searchWord = '';
$testSearchWord = t3lib_div::_GPmerged('tx_solr');
if (trim($testSearchWord['q'])) {
$searchWord = trim($this->parentPlugin->piVars['q']);
$searchWord = t3lib_div::removeXSS($searchWord);
$searchWord = htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
}
$marker = array('action' => $this->cObj->getTypoLink_URL($this->parentPlugin->conf['search.']['targetPage']), 'action_id' => intval($this->parentPlugin->conf['search.']['targetPage']), 'action_language' => intval($GLOBALS['TSFE']->sys_page->sys_language_uid), 'action_language_parameter' => 'L', 'accept-charset' => $GLOBALS['TSFE']->metaCharset, 'q' => $searchWord);
// TODO maybe move into a form modifier
if ($this->parentPlugin->conf['suggest']) {
$this->addSuggestStylesheets();
$this->addSuggestJavascript();
$marker['suggest_url'] = '<script type="text/javascript">
/*<![CDATA[*/
var tx_solr_suggestUrl = \'' . $this->getSuggestUrl() . '\';
/*]]>*/
</script>
';
}
// hook to modify the search form
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['solr']['modifySearchForm'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['solr']['modifySearchForm'] as $classReference) {
$formModifier = t3lib_div::getUserObj($classReference);
if ($formModifier instanceof tx_solr_FormModifier) {
$marker = $formModifier->modifyForm($marker, $this->parentPlugin->getTemplate());
} else {
throw new InvalidArgumentException('Form modifier "' . $classReference . '" must implement the tx_solr_FormModifier interface.', 1262864703);
}
}
}
return $marker;
}示例2: internalSanitizeLocalUrl
/**
* Checks if a given string is a valid frame URL to be loaded in the
* backend.
*
* @param string $url potential URL to check
*
* @return string either $url if $url is considered to be harmless, or an
* empty string otherwise
*/
private static function internalSanitizeLocalUrl($url = '')
{
$sanitizedUrl = '';
$decodedUrl = rawurldecode($url);
if ($decodedUrl !== t3lib_div::removeXSS($decodedUrl)) {
$decodedUrl = '';
}
if (!empty($url) && $decodedUrl !== '') {
$testAbsoluteUrl = t3lib_div::resolveBackPath($decodedUrl);
$testRelativeUrl = t3lib_div::resolveBackPath(t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/' . $decodedUrl);
// That's what's usually carried in TYPO3_SITE_PATH
$typo3_site_path = substr(t3lib_div::getIndpEnv('TYPO3_SITE_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')));
// Pass if URL is on the current host:
if (self::isValidUrl($decodedUrl)) {
if (self::isOnCurrentHost($decodedUrl) && strpos($decodedUrl, t3lib_div::getIndpEnv('TYPO3_SITE_URL')) === 0) {
$sanitizedUrl = $url;
}
// Pass if URL is an absolute file path:
} elseif (t3lib_div::isAbsPath($decodedUrl) && t3lib_div::isAllowedAbsPath($decodedUrl)) {
$sanitizedUrl = $url;
// Pass if URL is absolute and below TYPO3 base directory:
} elseif (strpos($testAbsoluteUrl, $typo3_site_path) === 0 && substr($decodedUrl, 0, 1) === '/') {
$sanitizedUrl = $url;
// Pass if URL is relative and below TYPO3 base directory:
} elseif (strpos($testRelativeUrl, $typo3_site_path) === 0 && substr($decodedUrl, 0, 1) !== '/') {
$sanitizedUrl = $url;
}
}
if (!empty($url) && empty($sanitizedUrl)) {
t3lib_div::sysLog('The URL "' . $url . '" is not considered to be local and was denied.', 'Core', t3lib_div::SYSLOG_SEVERITY_NOTICE);
}
return $sanitizedUrl;
}示例3: execute
public function execute()
{
$searchWord = trim($this->parentPlugin->piVars['q']);
$searchWord = t3lib_div::removeXSS($searchWord);
$nothingFound = strtr($this->parentPlugin->pi_getLL('no_results_nothing_found'), array('@searchWord' => htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset)));
$searchedFor = strtr($this->parentPlugin->pi_getLL('results_searched_for'), array('@searchWord' => htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset)));
return array('nothing_found' => $nothingFound, 'searched_for' => $searchedFor);
}示例4: render
/**
* ViewHelper combines Raw and RemoveXss Methods
*
* @return string
*/
public function render() {
$string = $this->renderChildren();
// parse string
$parseObject = $this->objectManager->create('Tx_Fluid_View_StandaloneView');
$parseObject->setTemplateSource($string);
$string = $parseObject->render();
// remove XSS
$string = t3lib_div::removeXSS($string);
return $string;
}示例5: processResponse
/**
* Processes a query and its response after searching for that query.
*
* @param Tx_Solr_Query The query that has been searched for.
* @param Apache_Solr_Response The response for the last query.
*/
public function processResponse(Tx_Solr_Query $query, Apache_Solr_Response $response)
{
$urlParameters = t3lib_div::_GP('tx_solr');
$keywords = $query->getKeywords();
$filters = isset($urlParameters['filter']) ? $urlParameters['filter'] : array();
if (empty($keywords)) {
// do not track empty queries
return;
}
$keywords = t3lib_div::removeXSS($keywords);
$keywords = htmlentities($keywords, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
$configuration = Tx_Solr_Util::getSolrConfiguration();
if ($configuration['search.']['frequentSearches.']['useLowercaseKeywords']) {
$keywords = strtolower($keywords);
}
$ipMaskLength = (int) $configuration['statistics.']['anonymizeIP'];
$insertFields = array('pid' => $GLOBALS['TSFE']->id, 'root_pid' => $GLOBALS['TSFE']->tmpl->rootLine[0]['uid'], 'tstamp' => $GLOBALS['EXEC_TIME'], 'language' => $GLOBALS['TSFE']->sys_language_uid, 'num_found' => $response->response->numFound, 'suggestions_shown' => (int) get_object_vars($response->spellcheck->suggestions), 'time_total' => $response->debug->timing->time, 'time_preparation' => $response->debug->timing->prepare->time, 'time_processing' => $response->debug->timing->process->time, 'feuser_id' => (int) $GLOBALS['TSFE']->fe_user->user['uid'], 'cookie' => $GLOBALS['TSFE']->fe_user->id, 'ip' => $this->applyIpMask(t3lib_div::getIndpEnv('REMOTE_ADDR'), $ipMaskLength), 'page' => (int) $urlParameters['page'], 'keywords' => $keywords, 'filters' => serialize($filters), 'sorting' => $urlParameters['sort'] ? $urlParameters['sort'] : '', 'parameters' => serialize($response->responseHeader->params));
$GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_solr_statistics', $insertFields);
}示例6: setQueryString
/**
* Setter for the search query string.
*
* @param string $queryString
* @return void
* @see t3lib_div::removeXSS()
*/
public function setQueryString($queryString)
{
$this->queryString = t3lib_div::removeXSS($queryString);
}示例7: filter
/**
* Function filter() cleans string with any value
*
* @param string $string: given string
* @return string $string: filtered string
*/
function filter($string, $method = '')
{
switch ($method) {
case 'addslashes':
// addslashes
$string = addslashes($string);
// disable quotes
break;
case 'int':
// should be integer
$string = intval($string);
// change to integer
break;
case 'alphanum':
// only numbers and letters allowed
$string = preg_replace('/[^\\sa-zA-Z0-9]/', '', $string);
// replace not allowed letters with nothing (allowed: numbers, letters and space)
break;
case strpos(str_replace(' ', '', $method), 'alphanum++') !== false:
// extended alphanum found
$signs = t3lib_div::trimExplode('++', $method, 1);
// split to get signs for extension
$string = preg_replace('/[^\\sa-zA-Z0-9' . $signs[1] . ']/', '', $string);
// replace not allowed letters with nothing (allowed: numbers, letters and space)
break;
case 'text':
// should be text
// 1. disable XSS
if (method_exists('t3lib_div', 'removeXSS')) {
// if removeXSS is available
$string = t3lib_div::removeXSS($string);
// add removeXSS
} else {
// removeXSS not available (on a very old T3 version maybe)
$string = $this->removeXSS->RemoveXSS($string);
// use own removeXSS
}
// 2. disable slashes
$string = addslashes($string);
// use addslashes
break;
case 'htmlentities':
// change string with htmlentities
$string = htmlentities(trim($string));
// change signs to ascii code
break;
case 'removeXSS':
// change string with htmlentities
if (method_exists('t3lib_div', 'removeXSS')) {
// if removeXSS is available
$string = t3lib_div::removeXSS($string);
// add removeXSS
} else {
// removeXSS not available (on a very old T3 version maybe)
$string = $this->removeXSS->RemoveXSS($string);
// use own removeXSS
}
break;
case strpos($method, '"') !== false:
// " found (e.g. "value1","value2")
$set = 0;
// not found at the beginning
$tmp_method = t3lib_div::trimExplode(',', $method, 1);
// split at ,
for ($i = 0; $i < count($tmp_method); $i++) {
// one loop for every method (e.g. "value1")
if ($string == str_replace('"', '', $tmp_method[$i])) {
// if piVar == current value (without ")
$string = str_replace('"', '', $tmp_method[$i]);
// take string from current config
$set = 1;
// string was found
}
}
if (!$set) {
unset($string);
}
// delete string
break;
default:
// default
unset($string);
// delete string
}
return $string;
}示例8: sanitizeString
/**
* Sanitizes a string
*
* @param $string String to sanitize
* @return string Sanitized string
*/
protected function sanitizeString($string)
{
$string = t3lib_div::removeXSS($string);
$string = htmlentities($string, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
return $string;
}示例9: convertUrlsInTextToLinks
/**
* macht aus http://www.google.de, https://www.google.de, ftp://www.google.de,
* ftps://www.google.de, www.google.de, email@domain.tld die passenden HTML Links
*
* dabei wird der Text auch XSS geschützt
*
* @see http://buildinternet.com/2010/05/how-to-automatically-linkify-text-with-php-regular-expressions/
*
* @param string $text
* @param string $aTagParams
*
* @return string
*/
public static function convertUrlsInTextToLinks($text, $aTagParams = 'target="_blank"')
{
$nonebreakingSpaceChar = chr(160);
$patternPrefix = "/(^|[\n\r\t{$nonebreakingSpaceChar} >\\*({\\-_])";
$patternSuffix = "[^{$nonebreakingSpaceChar} \\,\"\n\r\t<)}\\*]*";
$text = preg_replace("{$patternPrefix}([\\w]*?)((ht|f)tp(s)?:\\/\\/[\\w]+{$patternSuffix})/is", "\$1\$2<a {$aTagParams} href=\"\$3\" >\$3</a>", $text);
$text = preg_replace("{$patternPrefix}([\\w]*?)((www|ftp)\\.{$patternSuffix})/is", "\$1\$2<a {$aTagParams} href=\"http://\$3\" >\$3</a>", $text);
$text = preg_replace("{$patternPrefix}([a-z0-9&\\-_\\.]+?)@([\\w\\-]+\\.([\\w\\-\\.]+)+)/i", "\$1<a href=\"mailto:\$2@\$3\">\$2@\$3</a>", $text);
return t3lib_div::removeXSS(html_entity_decode($text));
}示例10: addToDo
function addToDo($title, $storagePid)
{
// check values
if (!$this->ticketUid || empty($title)) {
return false;
}
// sanitize values
$title = t3lib_div::removeXSS($title);
// add ToDo
$table = 'tx_ketroubletickets_todo';
$fields_values = array('tstamp' => time(), 'ticket_uid' => $this->ticketUid, 'title' => $title, 'pid' => intval($storagePid), 'sorting' => $this->getMaxSorting() + 10);
if ($GLOBALS['TYPO3_DB']->exec_INSERTquery($table, $fields_values)) {
$result['uid'] = $GLOBALS['TYPO3_DB']->sql_insert_id();
$result['progress'] = $this->calculateTicketProgress();
$this->setProgress($this->ticketUid, $result['progress']);
$this->addHistoryEntry($title, 'new', 0, $this->storagePid);
return $result;
} else {
return false;
}
}示例11: cleanFormValue
/**
* Cleans a form value that needs to be carried over to the next request
* from potential XSS.
*
* @param string $value Possibly malicious form field value
* @return string Cleaned value
*/
private function cleanFormValue($value)
{
$value = urldecode($value);
$value = filter_var(strip_tags($value), FILTER_SANITIZE_STRING);
$value = t3lib_div::removeXSS($value);
return urlencode($value);
}示例12: devLog
/**
* Developer log
*
* $logArr = array('msg'=>$msg, 'extKey'=>$extKey, 'severity'=>$severity, 'dataVar'=>$dataVar);
* 'msg' string Message (in english).
* 'extKey' string Extension key (from which extension you are calling the log)
* 'severity' integer Severity: 0 is info, 1 is notice, 2 is warning, 3 is fatal error, -1 is "OK" message
* 'dataVar' array Additional data you want to pass to the logger.
*
* @param array $logArr: log data array
* @return void
*/
function devLog($logArr)
{
// If the DB object is not yet instantiated or not connected to the DB, abort writing to the log
if (!isset($GLOBALS['TYPO3_DB']) || !is_object($GLOBALS['TYPO3_DB'])) {
return;
}
if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['nolog']) {
return;
}
// this is a hack to prevent logging while initialization - $TYPO3_CONF_VARS will be reset while init
if ($GLOBALS['EXTCONF'][$this->extKey]['nolog']) {
return;
}
// If the severity is below the minimum logging level, don't log the entry
if ($logArr['severity'] < $this->extConf['minLogLevel']) {
return;
}
// If the key is in the list of keys to exclude, don't log the entry
if (t3lib_div::inList($this->extConf['excludeKeys'], $logArr['extKey'])) {
return;
}
// Check if the maximum number of rows has been exceeded
if (!empty($this->extConf['maxRows'])) {
$this->checkRowLimit();
}
$insertFields = array();
// Try to get a pid that makes sense
$pid = 0;
// In the FE context, this is obviously the current page, but it may not yet be defined
if (TYPO3_MODE == 'FE') {
$pid = empty($GLOBALS['TSFE']->id) ? 0 : $GLOBALS['TSFE']->id;
// In other contexts, a global variable may be set with a relevant pid
} elseif (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'])) {
$pid = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'];
}
$insertFields['pid'] = $pid;
$insertFields['crdate'] = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['tstamp'];
$insertFields['crmsec'] = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['mstamp'];
$insertFields['cruser_id'] = empty($GLOBALS['BE_USER']->user['uid']) ? 0 : $GLOBALS['BE_USER']->user['uid'];
// Clean up the message before insertion into the database
// If possible use RemoveXSS (TYPO3 4.2+), otherwise strip all tags
$message = '';
if (method_exists('t3lib_div', 'removeXSS')) {
$message = t3lib_div::removeXSS($logArr['msg']);
} else {
$message = strip_tags($logArr['msg']);
}
$insertFields['msg'] = $message;
// There's no reason to have any markup in the extension key
$insertFields['extkey'] = strip_tags($logArr['extKey']);
// Severity can only be a number
$insertFields['severity'] = intval($logArr['severity']);
// Try to get information about the place where this method was called from
if (function_exists('debug_backtrace')) {
$callPlaceInfo = $this->getCallPlaceInfo(debug_backtrace());
$insertFields['location'] = $callPlaceInfo['basename'];
$insertFields['line'] = $callPlaceInfo['line'];
}
if (!empty($logArr['dataVar'])) {
if (is_array($logArr['dataVar'])) {
$serializedData = serialize($logArr['dataVar']);
if (!isset($this->extConf['dumpSize']) || strlen($serializedData) <= $this->extConf['dumpSize']) {
$insertFields['data_var'] = $serializedData;
} else {
$insertFields['data_var'] = serialize(array('tx_devlog_error' => 'toolong'));
}
} else {
$insertFields['data_var'] = serialize(array('tx_devlog_error' => 'invalid'));
}
}
$GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_devlog', $insertFields);
// Increase the (cached) number of rows
$this->numRows++;
}示例13: loginAction
/**
* Displays the login form
* @param string $redirectedFrom
* @return void
*/
public function loginAction($redirectedFrom = '')
{
$token = $this->getFormToken();
$this->view->assign('formToken', $token);
$this->view->assign('redirectedFrom', $redirectedFrom);
/* pass hidden field from e.g. rsaauth to the view */
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
$_params = array();
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
$onSubmitAr[] = $onSub;
$extraHiddenAr[] = $hid;
}
}
$this->view->assign('additionalHiddenFields', implode("\n", $extraHiddenAr));
$this->view->assign('onSubmitCode', implode(' ', $onSubmitAr));
$this->response->setHeader('X-Ajaxlogin-formToken', $token);
// Implement #43791 - Preserve username in login form on login failure
$username = trim(t3lib_div::removeXSS(t3lib_div::_GP('user')));
$this->view->assign('username', $username);
}示例14: cleanKeywords
/**
* Helper method to escape/encode keywords for use in HTML
*
* @param string $keywords Keywords to prepare for use in HTML
* @return string Encoded keywords
*/
public static function cleanKeywords($keywords)
{
$keywords = trim($keywords);
$keywords = t3lib_div::removeXSS($keywords);
$keywords = htmlentities($keywords, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
// escape triple hashes as they are used in the template engine
// TODO remove after switching to fluid templates
$keywords = Tx_Solr_Template::escapeMarkers($keywords);
return $keywords;
}示例15: removeXSS
/**
* Use removeXSS function from t3lib_div / GeneralUtility
* that function exists in the TYPO3 Core at least since version 4.5,
* which is the minimum system requirement for ke_search currentliy (07 / 2015)
*
* @param string value
* @return string XSS safe value
*/
public function removeXSS($value)
{
if (TYPO3_VERSION_INTEGER >= 6002000) {
$returnValue = TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($value);
} else {
$returnValue = t3lib_div::removeXSS($value);
}
return $returnValue;
}