当前位置: 首页>>代码示例>>PHP>>正文


PHP t3lib_div::removeXSS方法代码示例

本文整理汇总了PHP中t3lib_div::removeXSS方法的典型用法代码示例。如果您正苦于以下问题:PHP t3lib_div::removeXSS方法的具体用法?PHP t3lib_div::removeXSS怎么用?PHP t3lib_div::removeXSS使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在t3lib_div的用法示例。


在下文中一共展示了t3lib_div::removeXSS方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: execute

    /**
     * Provides the values for the markers in the simple form template
     *
     * @return array	an array containing values for markers in the simple form template
     */
    public function execute()
    {
        $searchWord = '';
        $testSearchWord = t3lib_div::_GPmerged('tx_solr');
        if (trim($testSearchWord['q'])) {
            $searchWord = trim($this->parentPlugin->piVars['q']);
            $searchWord = t3lib_div::removeXSS($searchWord);
            $searchWord = htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
        }
        $marker = array('action' => $this->cObj->getTypoLink_URL($this->parentPlugin->conf['search.']['targetPage']), 'action_id' => intval($this->parentPlugin->conf['search.']['targetPage']), 'action_language' => intval($GLOBALS['TSFE']->sys_page->sys_language_uid), 'action_language_parameter' => 'L', 'accept-charset' => $GLOBALS['TSFE']->metaCharset, 'q' => $searchWord);
        // TODO maybe move into a form modifier
        if ($this->parentPlugin->conf['suggest']) {
            $this->addSuggestStylesheets();
            $this->addSuggestJavascript();
            $marker['suggest_url'] = '<script type="text/javascript">
				/*<![CDATA[*/
				var tx_solr_suggestUrl = \'' . $this->getSuggestUrl() . '\';
				/*]]>*/
				</script>
			';
        }
        // hook to modify the search form
        if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['solr']['modifySearchForm'])) {
            foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['solr']['modifySearchForm'] as $classReference) {
                $formModifier = t3lib_div::getUserObj($classReference);
                if ($formModifier instanceof tx_solr_FormModifier) {
                    $marker = $formModifier->modifyForm($marker, $this->parentPlugin->getTemplate());
                } else {
                    throw new InvalidArgumentException('Form modifier "' . $classReference . '" must implement the tx_solr_FormModifier interface.', 1262864703);
                }
            }
        }
        return $marker;
    }
开发者ID:hkremer,项目名称:Publieke-Omroep-Typo3,代码行数:39,代码来源:class.tx_solr_pi_results_formcommand.php

示例2: internalSanitizeLocalUrl

 /**
  * Checks if a given string is a valid frame URL to be loaded in the
  * backend.
  *
  * @param string $url potential URL to check
  *
  * @return string either $url if $url is considered to be harmless, or an
  *                empty string otherwise
  */
 private static function internalSanitizeLocalUrl($url = '')
 {
     $sanitizedUrl = '';
     $decodedUrl = rawurldecode($url);
     if ($decodedUrl !== t3lib_div::removeXSS($decodedUrl)) {
         $decodedUrl = '';
     }
     if (!empty($url) && $decodedUrl !== '') {
         $testAbsoluteUrl = t3lib_div::resolveBackPath($decodedUrl);
         $testRelativeUrl = t3lib_div::resolveBackPath(t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/' . $decodedUrl);
         // That's what's usually carried in TYPO3_SITE_PATH
         $typo3_site_path = substr(t3lib_div::getIndpEnv('TYPO3_SITE_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')));
         // Pass if URL is on the current host:
         if (self::isValidUrl($decodedUrl)) {
             if (self::isOnCurrentHost($decodedUrl) && strpos($decodedUrl, t3lib_div::getIndpEnv('TYPO3_SITE_URL')) === 0) {
                 $sanitizedUrl = $url;
             }
             // Pass if URL is an absolute file path:
         } elseif (t3lib_div::isAbsPath($decodedUrl) && t3lib_div::isAllowedAbsPath($decodedUrl)) {
             $sanitizedUrl = $url;
             // Pass if URL is absolute and below TYPO3 base directory:
         } elseif (strpos($testAbsoluteUrl, $typo3_site_path) === 0 && substr($decodedUrl, 0, 1) === '/') {
             $sanitizedUrl = $url;
             // Pass if URL is relative and below TYPO3 base directory:
         } elseif (strpos($testRelativeUrl, $typo3_site_path) === 0 && substr($decodedUrl, 0, 1) !== '/') {
             $sanitizedUrl = $url;
         }
     }
     if (!empty($url) && empty($sanitizedUrl)) {
         t3lib_div::sysLog('The URL "' . $url . '" is not considered to be local and was denied.', 'Core', t3lib_div::SYSLOG_SEVERITY_NOTICE);
     }
     return $sanitizedUrl;
 }
开发者ID:rod86,项目名称:t3sandbox,代码行数:42,代码来源:class.tx_templavoila_div.php

示例3: execute

 public function execute()
 {
     $searchWord = trim($this->parentPlugin->piVars['q']);
     $searchWord = t3lib_div::removeXSS($searchWord);
     $nothingFound = strtr($this->parentPlugin->pi_getLL('no_results_nothing_found'), array('@searchWord' => htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset)));
     $searchedFor = strtr($this->parentPlugin->pi_getLL('results_searched_for'), array('@searchWord' => htmlentities($searchWord, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset)));
     return array('nothing_found' => $nothingFound, 'searched_for' => $searchedFor);
 }
开发者ID:hkremer,项目名称:Publieke-Omroep-Typo3,代码行数:8,代码来源:class.tx_solr_pi_results_noresultscommand.php

示例4: render

	/**
	 * ViewHelper combines Raw and RemoveXss Methods
	 *
	 * @return string
	 */
	public function render() {
		$string = $this->renderChildren();

		// parse string
		$parseObject = $this->objectManager->create('Tx_Fluid_View_StandaloneView');
		$parseObject->setTemplateSource($string);
		$string = $parseObject->render();

		// remove XSS
		$string = t3lib_div::removeXSS($string);

		return $string;
	}
开发者ID:rafu1987,项目名称:t3bootstrap-project,代码行数:18,代码来源:RawAndRemoveXssViewHelper.php

示例5: processResponse

 /**
  * Processes a query and its response after searching for that query.
  *
  * @param	Tx_Solr_Query	The query that has been searched for.
  * @param	Apache_Solr_Response	The response for the last query.
  */
 public function processResponse(Tx_Solr_Query $query, Apache_Solr_Response $response)
 {
     $urlParameters = t3lib_div::_GP('tx_solr');
     $keywords = $query->getKeywords();
     $filters = isset($urlParameters['filter']) ? $urlParameters['filter'] : array();
     if (empty($keywords)) {
         // do not track empty queries
         return;
     }
     $keywords = t3lib_div::removeXSS($keywords);
     $keywords = htmlentities($keywords, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
     $configuration = Tx_Solr_Util::getSolrConfiguration();
     if ($configuration['search.']['frequentSearches.']['useLowercaseKeywords']) {
         $keywords = strtolower($keywords);
     }
     $ipMaskLength = (int) $configuration['statistics.']['anonymizeIP'];
     $insertFields = array('pid' => $GLOBALS['TSFE']->id, 'root_pid' => $GLOBALS['TSFE']->tmpl->rootLine[0]['uid'], 'tstamp' => $GLOBALS['EXEC_TIME'], 'language' => $GLOBALS['TSFE']->sys_language_uid, 'num_found' => $response->response->numFound, 'suggestions_shown' => (int) get_object_vars($response->spellcheck->suggestions), 'time_total' => $response->debug->timing->time, 'time_preparation' => $response->debug->timing->prepare->time, 'time_processing' => $response->debug->timing->process->time, 'feuser_id' => (int) $GLOBALS['TSFE']->fe_user->user['uid'], 'cookie' => $GLOBALS['TSFE']->fe_user->id, 'ip' => $this->applyIpMask(t3lib_div::getIndpEnv('REMOTE_ADDR'), $ipMaskLength), 'page' => (int) $urlParameters['page'], 'keywords' => $keywords, 'filters' => serialize($filters), 'sorting' => $urlParameters['sort'] ? $urlParameters['sort'] : '', 'parameters' => serialize($response->responseHeader->params));
     $GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_solr_statistics', $insertFields);
 }
开发者ID:raimundlandig,项目名称:winkel.de-DEV,代码行数:25,代码来源:StatisticsWriter.php

示例6: setQueryString

 /**
  * Setter for the search query string.
  *
  * @param string $queryString
  * @return void
  * @see t3lib_div::removeXSS()
  */
 public function setQueryString($queryString)
 {
     $this->queryString = t3lib_div::removeXSS($queryString);
 }
开发者ID:NaveedWebdeveloper,项目名称:Test,代码行数:11,代码来源:class.t3lib_search_livesearch.php

示例7: filter

 /**
  * Function filter() cleans string with any value
  *
  * @param	string		$string: given string
  * @return	string		$string: filtered string
  */
 function filter($string, $method = '')
 {
     switch ($method) {
         case 'addslashes':
             // addslashes
             $string = addslashes($string);
             // disable quotes
             break;
         case 'int':
             // should be integer
             $string = intval($string);
             // change to integer
             break;
         case 'alphanum':
             // only numbers and letters allowed
             $string = preg_replace('/[^\\sa-zA-Z0-9]/', '', $string);
             // replace not allowed letters with nothing (allowed: numbers, letters and space)
             break;
         case strpos(str_replace(' ', '', $method), 'alphanum++') !== false:
             // extended alphanum found
             $signs = t3lib_div::trimExplode('++', $method, 1);
             // split to get signs for extension
             $string = preg_replace('/[^\\sa-zA-Z0-9' . $signs[1] . ']/', '', $string);
             // replace not allowed letters with nothing (allowed: numbers, letters and space)
             break;
         case 'text':
             // should be text
             // 1. disable XSS
             if (method_exists('t3lib_div', 'removeXSS')) {
                 // if removeXSS is available
                 $string = t3lib_div::removeXSS($string);
                 // add removeXSS
             } else {
                 // removeXSS not available (on a very old T3 version maybe)
                 $string = $this->removeXSS->RemoveXSS($string);
                 // use own removeXSS
             }
             // 2. disable slashes
             $string = addslashes($string);
             // use addslashes
             break;
         case 'htmlentities':
             // change string with htmlentities
             $string = htmlentities(trim($string));
             // change signs to ascii code
             break;
         case 'removeXSS':
             // change string with htmlentities
             if (method_exists('t3lib_div', 'removeXSS')) {
                 // if removeXSS is available
                 $string = t3lib_div::removeXSS($string);
                 // add removeXSS
             } else {
                 // removeXSS not available (on a very old T3 version maybe)
                 $string = $this->removeXSS->RemoveXSS($string);
                 // use own removeXSS
             }
             break;
         case strpos($method, '"') !== false:
             // " found (e.g. "value1","value2")
             $set = 0;
             // not found at the beginning
             $tmp_method = t3lib_div::trimExplode(',', $method, 1);
             // split at ,
             for ($i = 0; $i < count($tmp_method); $i++) {
                 // one loop for every method (e.g. "value1")
                 if ($string == str_replace('"', '', $tmp_method[$i])) {
                     // if piVar == current value (without ")
                     $string = str_replace('"', '', $tmp_method[$i]);
                     // take string from current config
                     $set = 1;
                     // string was found
                 }
             }
             if (!$set) {
                 unset($string);
             }
             // delete string
             break;
         default:
             // default
             unset($string);
             // delete string
     }
     return $string;
 }
开发者ID:raimundlandig,项目名称:winkel.de-DEV,代码行数:92,代码来源:class.tx_wtdoorman_security.php

示例8: sanitizeString

 /**
  * Sanitizes a string
  *
  * @param $string String to sanitize
  * @return string Sanitized string
  */
 protected function sanitizeString($string)
 {
     $string = t3lib_div::removeXSS($string);
     $string = htmlentities($string, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
     return $string;
 }
开发者ID:sfsmfc,项目名称:solr,代码行数:12,代码来源:StatisticsWriter.php

示例9: convertUrlsInTextToLinks

 /**
  * macht aus http://www.google.de, https://www.google.de, ftp://www.google.de,
  * ftps://www.google.de, www.google.de, email@domain.tld die passenden HTML Links
  *
  * dabei wird der Text auch XSS geschützt
  *
  * @see http://buildinternet.com/2010/05/how-to-automatically-linkify-text-with-php-regular-expressions/
  *
  * @param string $text
  * @param string $aTagParams
  *
  * @return string
  */
 public static function convertUrlsInTextToLinks($text, $aTagParams = 'target="_blank"')
 {
     $nonebreakingSpaceChar = chr(160);
     $patternPrefix = "/(^|[\n\r\t{$nonebreakingSpaceChar} >\\*({\\-_])";
     $patternSuffix = "[^{$nonebreakingSpaceChar} \\,\"\n\r\t<)}\\*]*";
     $text = preg_replace("{$patternPrefix}([\\w]*?)((ht|f)tp(s)?:\\/\\/[\\w]+{$patternSuffix})/is", "\$1\$2&lt;a {$aTagParams} href=\"\$3\" &gt;\$3&lt;/a&gt;", $text);
     $text = preg_replace("{$patternPrefix}([\\w]*?)((www|ftp)\\.{$patternSuffix})/is", "\$1\$2&lt;a {$aTagParams} href=\"http://\$3\" &gt;\$3&lt;/a&gt;", $text);
     $text = preg_replace("{$patternPrefix}([a-z0-9&\\-_\\.]+?)@([\\w\\-]+\\.([\\w\\-\\.]+)+)/i", "\$1&lt;a href=\"mailto:\$2@\$3\"&gt;\$2@\$3&lt;/a&gt;", $text);
     return t3lib_div::removeXSS(html_entity_decode($text));
 }
开发者ID:RocKordier,项目名称:typo3-mklib,代码行数:23,代码来源:class.tx_mklib_util_String.php

示例10: addToDo

 function addToDo($title, $storagePid)
 {
     // check values
     if (!$this->ticketUid || empty($title)) {
         return false;
     }
     // sanitize values
     $title = t3lib_div::removeXSS($title);
     // add ToDo
     $table = 'tx_ketroubletickets_todo';
     $fields_values = array('tstamp' => time(), 'ticket_uid' => $this->ticketUid, 'title' => $title, 'pid' => intval($storagePid), 'sorting' => $this->getMaxSorting() + 10);
     if ($GLOBALS['TYPO3_DB']->exec_INSERTquery($table, $fields_values)) {
         $result['uid'] = $GLOBALS['TYPO3_DB']->sql_insert_id();
         $result['progress'] = $this->calculateTicketProgress();
         $this->setProgress($this->ticketUid, $result['progress']);
         $this->addHistoryEntry($title, 'new', 0, $this->storagePid);
         return $result;
     } else {
         return false;
     }
 }
开发者ID:tiggr,项目名称:ke_troubletickets,代码行数:21,代码来源:class.tx_ketroubletickets_eid.php

示例11: cleanFormValue

 /**
  * Cleans a form value that needs to be carried over to the next request
  * from potential XSS.
  *
  * @param string $value Possibly malicious form field value
  * @return string Cleaned value
  */
 private function cleanFormValue($value)
 {
     $value = urldecode($value);
     $value = filter_var(strip_tags($value), FILTER_SANITIZE_STRING);
     $value = t3lib_div::removeXSS($value);
     return urlencode($value);
 }
开发者ID:raimundlandig,项目名称:winkel.de-DEV,代码行数:14,代码来源:ParameterKeepingFormModifier.php

示例12: devLog

 /**
  * Developer log
  *
  * $logArr = array('msg'=>$msg, 'extKey'=>$extKey, 'severity'=>$severity, 'dataVar'=>$dataVar);
  * 'msg'		string		Message (in english).
  * 'extKey'		string		Extension key (from which extension you are calling the log)
  * 'severity'	integer		Severity: 0 is info, 1 is notice, 2 is warning, 3 is fatal error, -1 is "OK" message
  * 'dataVar'	array		Additional data you want to pass to the logger.
  *
  * @param	array		$logArr: log data array
  * @return	void
  */
 function devLog($logArr)
 {
     // If the DB object is not yet instantiated or not connected to the DB, abort writing to the log
     if (!isset($GLOBALS['TYPO3_DB']) || !is_object($GLOBALS['TYPO3_DB'])) {
         return;
     }
     if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['nolog']) {
         return;
     }
     // this is a hack to prevent logging while initialization - $TYPO3_CONF_VARS will be reset while init
     if ($GLOBALS['EXTCONF'][$this->extKey]['nolog']) {
         return;
     }
     // If the severity is below the minimum logging level, don't log the entry
     if ($logArr['severity'] < $this->extConf['minLogLevel']) {
         return;
     }
     // If the key is in the list of keys to exclude, don't log the entry
     if (t3lib_div::inList($this->extConf['excludeKeys'], $logArr['extKey'])) {
         return;
     }
     // Check if the maximum number of rows has been exceeded
     if (!empty($this->extConf['maxRows'])) {
         $this->checkRowLimit();
     }
     $insertFields = array();
     // Try to get a pid that makes sense
     $pid = 0;
     // In the FE context, this is obviously the current page, but it may not yet be defined
     if (TYPO3_MODE == 'FE') {
         $pid = empty($GLOBALS['TSFE']->id) ? 0 : $GLOBALS['TSFE']->id;
         // In other contexts, a global variable may be set with a relevant pid
     } elseif (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'])) {
         $pid = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'];
     }
     $insertFields['pid'] = $pid;
     $insertFields['crdate'] = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['tstamp'];
     $insertFields['crmsec'] = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['mstamp'];
     $insertFields['cruser_id'] = empty($GLOBALS['BE_USER']->user['uid']) ? 0 : $GLOBALS['BE_USER']->user['uid'];
     // Clean up the message before insertion into the database
     // If possible use RemoveXSS (TYPO3 4.2+), otherwise strip all tags
     $message = '';
     if (method_exists('t3lib_div', 'removeXSS')) {
         $message = t3lib_div::removeXSS($logArr['msg']);
     } else {
         $message = strip_tags($logArr['msg']);
     }
     $insertFields['msg'] = $message;
     // There's no reason to have any markup in the extension key
     $insertFields['extkey'] = strip_tags($logArr['extKey']);
     // Severity can only be a number
     $insertFields['severity'] = intval($logArr['severity']);
     // Try to get information about the place where this method was called from
     if (function_exists('debug_backtrace')) {
         $callPlaceInfo = $this->getCallPlaceInfo(debug_backtrace());
         $insertFields['location'] = $callPlaceInfo['basename'];
         $insertFields['line'] = $callPlaceInfo['line'];
     }
     if (!empty($logArr['dataVar'])) {
         if (is_array($logArr['dataVar'])) {
             $serializedData = serialize($logArr['dataVar']);
             if (!isset($this->extConf['dumpSize']) || strlen($serializedData) <= $this->extConf['dumpSize']) {
                 $insertFields['data_var'] = $serializedData;
             } else {
                 $insertFields['data_var'] = serialize(array('tx_devlog_error' => 'toolong'));
             }
         } else {
             $insertFields['data_var'] = serialize(array('tx_devlog_error' => 'invalid'));
         }
     }
     $GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_devlog', $insertFields);
     // Increase the (cached) number of rows
     $this->numRows++;
 }
开发者ID:raimundlandig,项目名称:winkel.de-DEV,代码行数:86,代码来源:class.tx_devlog.php

示例13: loginAction

 /**
  * Displays the login form
  * @param string $redirectedFrom
  * @return void
  */
 public function loginAction($redirectedFrom = '')
 {
     $token = $this->getFormToken();
     $this->view->assign('formToken', $token);
     $this->view->assign('redirectedFrom', $redirectedFrom);
     /* pass hidden field from e.g. rsaauth to the view */
     if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
         $_params = array();
         foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
             list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
             $onSubmitAr[] = $onSub;
             $extraHiddenAr[] = $hid;
         }
     }
     $this->view->assign('additionalHiddenFields', implode("\n", $extraHiddenAr));
     $this->view->assign('onSubmitCode', implode(' ', $onSubmitAr));
     $this->response->setHeader('X-Ajaxlogin-formToken', $token);
     // Implement #43791 - Preserve username in login form on login failure
     $username = trim(t3lib_div::removeXSS(t3lib_div::_GP('user')));
     $this->view->assign('username', $username);
 }
开发者ID:frans-beech-it,项目名称:ajaxlogin,代码行数:26,代码来源:UserController.php

示例14: cleanKeywords

 /**
  * Helper method to escape/encode keywords for use in HTML
  *
  * @param string $keywords Keywords to prepare for use in HTML
  * @return string Encoded keywords
  */
 public static function cleanKeywords($keywords)
 {
     $keywords = trim($keywords);
     $keywords = t3lib_div::removeXSS($keywords);
     $keywords = htmlentities($keywords, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
     // escape triple hashes as they are used in the template engine
     // TODO remove after switching to fluid templates
     $keywords = Tx_Solr_Template::escapeMarkers($keywords);
     return $keywords;
 }
开发者ID:sfsmfc,项目名称:solr,代码行数:16,代码来源:Query.php

示例15: removeXSS

 /**
  * Use removeXSS function from t3lib_div / GeneralUtility
  * that function exists in the TYPO3 Core at least since version 4.5,
  * which is the minimum system requirement for ke_search currentliy (07 / 2015)
  * 
  * @param string value
  * @return string XSS safe value
  */
 public function removeXSS($value)
 {
     if (TYPO3_VERSION_INTEGER >= 6002000) {
         $returnValue = TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($value);
     } else {
         $returnValue = t3lib_div::removeXSS($value);
     }
     return $returnValue;
 }
开发者ID:brainformatik,项目名称:ke_search,代码行数:17,代码来源:class.tx_kesearch_lib_div.php


注:本文中的t3lib_div::removeXSS方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。