PHP sanitize_string函數代碼示例

function log_to_db($db)
{
    $ERROR_MSG = "usage logger.php?s=subject&p=predicate&v=value&k=key";
    // #1 - grab values from query string
    $subject = array_key_exists('s', $_GET) ? sanitize_string($_GET['s']) : die($ERROR_MSG);
    $predicate = array_key_exists('p', $_GET) ? sanitize_string($_GET['p']) : die($ERROR_MSG);
    $value = array_key_exists('v', $_GET) ? sanitize_string($_GET['v']) : die($ERROR_MSG);
    $key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG);
    $timestamp = time();
    // #2 - Check to see if user is authorized
    // if they are, we should get one match from the table
    $queryString = "SELECT * FROM AuthKey WHERE username = '{$subject}' AND key='{$key}'";
    // log the query string for debugging purposes
    echo "\$queryString={$queryString}<br>";
    $result = $db->query($queryString);
    $numRows = count($result->fetchAll());
    // #3 - no match? Exit program!
    if ($numRows == 0) {
        die("Bad username or key!");
    }
    // #4 - INSERT values into Triple table
    $queryString = "INSERT INTO Triple (id, subject, predicate, value, timestamp) VALUES (NULL, '{$subject}', '{$predicate}', '{$value}', '{$timestamp}')";
    // log the query string for debugging purposes
    echo "\$queryString={$queryString}<br>";
    $result = $db->query($queryString);
}

 /**
  * {@inheritDoc}
  */
 public function destroy($session_id)
 {
     global $CONFIG;
     $id = sanitize_string($session_id);
     $query = "DELETE FROM {$CONFIG->dbprefix}users_sessions WHERE session='{$id}'";
     return (bool) $this->db->deleteData($query);
 }

/**
 * Check if a invitation code results in a group
 *
 * @param string $invite_code the invite code
 * @param int    $group_guid  (optional) the group to check
 *
 * @return false|ElggGroup
 */
function group_tools_check_group_email_invitation($invite_code, $group_guid = 0)
{
    if (empty($invite_code)) {
        return false;
    }
    $group_guid = sanitize_int($group_guid, false);
    // note not using elgg_get_entities_from_annotations
    // due to performance issues with LIKE wildcard search
    // prefetch metastring ids for use in lighter joins instead
    $name_id = elgg_get_metastring_id('email_invitation');
    $code_id = elgg_get_metastring_id($invite_code);
    $sanitized_invite_code = sanitize_string($invite_code);
    $options = ['limit' => 1, 'wheres' => ["n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')"]];
    if (!empty($group_guid)) {
        $options['annotation_owner_guids'] = [$group_guid];
    }
    // find hidden groups
    $ia = elgg_set_ignore_access(true);
    $annotations = elgg_get_annotations($options);
    if (empty($annotations)) {
        // restore access
        elgg_set_ignore_access($ia);
        return false;
    }
    $group = $annotations[0]->getEntity();
    if ($group instanceof ElggGroup) {
        // restore access
        elgg_set_ignore_access($ia);
        return $group;
    }
    // restore access
    elgg_set_ignore_access($ia);
    return false;
}

/**
 * Clean up operations on calendar delete
 *
 * @param string     $event  "delete"
 * @param string     $type   "object"
 * @param ElggEntity $entity Entity being deleted
 */
function delete_event_handler($event, $type, $entity)
{
    if ($entity instanceof Calendar) {
        // Do not allow users to delete publi calendars
        if ($entity->isPublicCalendar() && !elgg_is_admin_logged_in()) {
            register_error(elgg_echo('events:error:public_calendar_delete'));
            return false;
        }
        // Move all orphaned events to the public calendar
        $owner = $entity->getContainerEntity();
        $public_calendar = Calendar::getPublicCalendar($owner);
        if (!$public_calendar) {
            register_error(elgg_echo('events:error:no_public_for_orphans'));
            return false;
        }
        $dbprefix = elgg_get_config('dbprefix');
        $relationship_name = sanitize_string(Calendar::EVENT_CALENDAR_RELATIONSHIP);
        $calendar_subtype_id = (int) get_subtype_id('object', Calendar::SUBTYPE);
        // Get all events that do not appear on container's other calendars
        $events = new ElggBatch('elgg_get_entities_from_relationship', array('types' => 'object', 'subtypes' => Event::SUBTYPE, 'relationship' => Calendar::EVENT_CALENDAR_RELATIONSHIP, 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, 'limit' => 0, 'wheres' => array("NOT EXISTS(SELECT * FROM {$dbprefix}entity_relationships er2\n\t\t\t\t\tJOIN {$dbprefix}entities e2 ON er2.guid_two = e2.guid\n\t\t\t\t\tWHERE er2.relationship = '{$relationship_name}'\n\t\t\t\t\t\tAND er2.guid_one = e.guid\n\t\t\t\t\t\tAND er2.guid_two != {$entity->guid}\n\t\t\t\t\t\tAND e2.container_guid = {$entity->container_guid}\n\t\t\t\t\t\tAND e2.type = 'object' AND e2.subtype = {$calendar_subtype_id})")));
        foreach ($events as $event) {
            /* @var Event $event */
            $public_calendar->addEvent($event);
        }
    }
    return true;
}

/**
 * Check if a invitation code results in a group
 *
 * @param string $invite_code the invite code
 * @param int    $group_guid  (optional) the group to check
 *
 * @return boolean|ElggGroup a group for the invitation or false
 */
function group_tools_check_group_email_invitation($invite_code, $group_guid = 0)
{
    $result = false;
    if (!empty($invite_code)) {
        // note not using elgg_get_entities_from_annotations
        // due to performance issues with LIKE wildcard search
        // prefetch metastring ids for use in lighter joins instead
        $name_id = add_metastring('email_invitation');
        $code_id = add_metastring($invite_code);
        $sanitized_invite_code = sanitize_string($invite_code);
        $options = array('limit' => 1, 'wheres' => array("n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')"));
        if (!empty($group_guid)) {
            $options["annotation_owner_guids"] = array($group_guid);
        }
        $annotations = elgg_get_annotations($options);
        if (!$annotations) {
            return $result;
        }
        // find hidden groups
        $ia = elgg_set_ignore_access(true);
        $group = $annotations[0]->getEntity();
        if ($group) {
            $result = $group;
        }
        // restore access
        elgg_set_ignore_access($ia);
    }
    return $result;
}

 /**
  * Get access collection by its name from database
  * 
  * @param string $name Collection name
  * @return stdClass
  */
 public function getCollectionIdByName($name)
 {
     $name = sanitize_string($name);
     $query = "SELECT * FROM {$this->dbprefix}access_collections\n\t\t\t\t\tWHERE name = '{$name}'";
     $collection = get_data_row($query);
     return $collection ? $collection->id : 0;
 }

 protected function getOptions()
 {
     $options = parent::getOptions();
     if ($this->banned === true) {
         $options['wheres'][] = "u.banned = 'yes'";
     } elseif ($this->banned === false) {
         $options['wheres'][] = "u.banned = 'no'";
     }
     if ($this->admin === true) {
         $options['wheres'][] = "u.admin = 'yes'";
     } elseif ($this->admin === false) {
         $options['wheres'][] = "u.admin = 'no'";
     }
     if ($this->search) {
         $q = sanitize_string($this->search);
         $where = "u.name LIKE \"%{$q}%\" OR u.username LIKE \"%{$q}%\"";
         if (\elgg_is_admin_logged_in()) {
             $where .= " u.email LIKE \"%{$q}%\"";
         }
         $options['wheres'][] = "({$where})";
     }
     /*
      * "Unvalidated" means metadata of validated is not set or not truthy.
      * We can't use elgg_get_entities_from_metadata() because you can't say
      * "where the entity has metadata set OR it's not equal to 1".
      */
     if ($this->validated === false) {
         $validated_id = \elgg_get_metastring_id('validated');
         $one_id = \elgg_get_metastring_id('1');
         $options['wheres'][] = "NOT EXISTS (\n\t\t\t\tSELECT 1 FROM {$this->getDB()->getPrefix()}metadata validated_md\n\t\t\t\tWHERE validated_md.entity_guid = e.guid\n\t\t\t\t\tAND validated_md.name_id = {$validated_id}\n\t\t\t\t\tAND validated_md.value_id = {$one_id})";
     }
     return $options;
 }

function log_to_db($db)
{
    $ERROR_MSG = "usage logger.php?u=user&n=name&t=startTime&a=address&e=email&la=latitude&ln=longitude&k=key";
    //Grab the values from the original query string
    $user = array_key_exists('u', $_GET) ? sanitize_string($_GET['u']) : die($ERROR_MSG);
    $name = array_key_exists('n', $_GET) ? sanitize_string($_GET['n']) : die($ERROR_MSG);
    $startTime = array_key_exists('t', $_GET) ? sanitize_string($_GET['t']) : die($ERROR_MSG);
    $address = array_key_exists('a', $_GET) ? sanitize_string($_GET['a']) : die($ERROR_MSG);
    $email = array_key_exists('e', $_GET) ? sanitize_string($_GET['e']) : die($ERROR_MSG);
    $latitude = array_key_exists('la', $_GET) ? sanitize_string($_GET['la']) : die($ERROR_MSG);
    $longitude = array_key_exists('ln', $_GET) ? sanitize_string($_GET['ln']) : die($ERROR_MSG);
    $key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG);
    //authenticate the user
    $queryString = "SELECT * FROM AuthKey WHERE username = '{$user}' AND password='{$key}'";
    echo "\$queryString={$queryString}<br>";
    $result = $db->query($queryString);
    $numRows = count($result->fetchAll());
    echo $numRows;
    // #3 - no match? Exit program!
    if ($numRows == 0) {
        die("Bad username or key!");
    }
    echo "user is correct";
    //insert data into the table!
    $queryString = "INSERT INTO Events (ID, EventName, Location, Emails, DateTime, Creator, Lat, Long, Reminder) VALUES (NULL, '{$name}', '{$address}', '{$email}', '{$startTime}', '{$email}', '{$latitude}', '{$longitude}', 'False')";
    echo "\$queryString={$queryString}<br>";
    $result = $db->query($queryString);
    echo "did a thing";
}

 /**
  * Callback function for token input search
  *
  * @param string $term    Search term
  * @param array  $options Options
  * @return array
  */
 public function search($term, $options = array())
 {
     $term = sanitize_string($term);
     $query = str_replace(array('_', '%'), array('\\_', '\\%'), $term);
     $options['metadata_names'] = array('location', 'temp_location');
     $options['group_by'] = "v.string";
     $options['wheres'] = array("v.string LIKE '%{$query}%'");
     return elgg_get_metadata($options);
 }

function getArguments($request)
{
    // Override if request arguments are not proper
    $arguments = array();
    // Defaults for below
    $arguments['limit'] = 50;
    if (array_key_exists('limit', $request)) {
        $limit = sanitize_numeric($request['limit']);
        // Ignore if it doesn't seem numeric
        if (is_numeric($limit)) {
            $arguments['limit'] = max(min($limit, 50), 1);
        }
    }
    $arguments['maxdistance'] = 10000;
    if (array_key_exists('maxdistance', $request)) {
        $maxdistance = sanitize_numeric($request['maxdistance']);
        if (is_numeric($maxdistance)) {
            // We expect miles from user, convert to meters here for API
            $arguments['maxdistance'] = max(min($maxdistance * 1609.344, 50000), 1000);
        }
    }
    $arguments['minprice'] = null;
    if (array_key_exists('minprice', $request)) {
        $minprice = sanitize_numeric($request['minprice']);
        if (is_numeric($minprice)) {
            $arguments['minprice'] = max(min($minprice, 4), 0);
        }
    }
    $arguments['maxprice'] = null;
    if (array_key_exists('maxprice', $request)) {
        $maxprice = sanitize_numeric($request['maxprice']);
        if (is_numeric($maxprice)) {
            $arguments['maxprice'] = max(min($maxprice, 4), 0);
        }
    }
    // No defaults for below
    if (array_key_exists('zip', $request)) {
        $zip = sanitize_numeric($request['zip']);
        if (is_numeric($zip)) {
            // Remove leading zeros
            $arguments['zip'] = ltrim($zip, "0");
        }
    }
    if (array_key_exists('latitude', $request) && array_key_exists('longitude', $_REQUEST)) {
        $latitude = sanitize_numeric($request['latitude']);
        $longitude = sanitize_numeric($request['longitude']);
        if (is_numeric($latitude) && is_numeric($longitude)) {
            $arguments['latitude'] = $latitude;
            $arguments['longitude'] = $longitude;
        }
    }
    if (array_key_exists('pagetoken', $request)) {
        $pagetoken = sanitize_string($request['pagetoken']);
        $arguments['pagetoken'] = $pagetoken;
    }
    return $arguments;
}

 protected function renderTable($limit, $offset = 0)
 {
     static $count;
     static $iterator;
     $options = ['query' => sanitize_string($this->option('keyword')), 'guids' => $this->option('guid') ?: ELGG_ENTITIES_ANY_VALUE, 'types' => $this->option('type') ?: 'object', 'subtypes' => $this->option('subtype') ?: ELGG_ENTITIES_ANY_VALUE, 'limit' => $limit, 'offset' => (int) $offset, 'order_by' => 'e.guid ASC'];
     if ($this->option('keyword')) {
         $results = elgg_trigger_plugin_hook('search', $this->option('type') ?: 'object', $options, []);
         $count = $results['count'];
         $batch = $results['entities'];
     } else {
         $options['count'] = true;
         if (!$count) {
             $count = elgg_get_entities($options);
         }
         unset($options['count']);
         $batch = new ElggBatch('elgg_get_entities', $options);
     }
     if (!$count) {
         $this->write('<comment>No entities to display</comment>');
         return;
     }
     $headers = ['#', 'GUID', 'Type', 'Title/name', 'Description', 'Owner', 'Container', 'Access'];
     if ($this->option('full-view')) {
         $headers[] = 'Metadata';
     }
     $table = new Table($this->output);
     $table->setHeaders($headers);
     foreach ($batch as $entity) {
         /* @var $entity \ElggEntity */
         $row = [$iterator, $entity->guid, ($subtype = $entity->getSubtype()) ? elgg_echo("item:{$entity->type}:{$subtype}") : elgg_echo("item:{$entity->type}"), elgg_get_excerpt($entity->getDisplayName(), 25), elgg_get_excerpt($entity->description, 25), ($owner = $entity->getOwnerEntity()) ? '[' . $owner->guid . '] ' . elgg_get_excerpt($owner->getDisplayName(), 25) : '', ($container = $entity->getContainerEntity()) ? '[' . $container->guid . '] ' . elgg_get_excerpt($container->getDisplayName(), 25) : '', '[' . $entity->access_id . '] ' . elgg_get_excerpt(get_readable_access_level($entity->access_id), 25)];
         if ($this->option('full-view')) {
             $metadata = new \ElggBatch('elgg_get_metadata', ['guids' => $entity->guid, 'limit' => 0]);
             $metatable = [];
             foreach ($metadata as $md) {
                 $name = $md->name;
                 $values = (array) $md->value;
                 foreach ($values as $value) {
                     $metatable[] = "{$name}: {$value}";
                 }
             }
             $row[] = implode("\n", $metatable);
         }
         $table->addRow($row);
         $table->addRow(new TableSeparator());
         $iterator++;
     }
     $table->render();
     if ($count > $limit + $offset) {
         $helper = $this->getHelper('question');
         $question = new ConfirmationQuestion('Load next batch [y,n]?', true);
         if (!$helper->ask($this->input, $this->output, $question)) {
             return;
         }
         $this->renderTable($limit, $limit + $offset);
     }
 }

 /**
  * Loads a token from the DB
  * 
  * @param string $token Token
  * @return UserToken|false
  */
 public static function load($token)
 {
     $dbprefix = elgg_get_config('dbprefix');
     $token = sanitize_string($token);
     $row = get_data_row("SELECT * FROM {$dbprefix}users_apisessions WHERE token='{$token}'");
     if (!$row) {
         return false;
     }
     return new UserToken($row);
 }

 /**
  * Constructor
  * @param array $policy An array of policy clauses
  */
 public function __construct(array $policy = array())
 {
     $this->dbprefix = elgg_get_config('dbprefix');
     $policy = $this->normalizePolicy($policy);
     $this->setSenderType($policy['sender']);
     $this->setRecipientType($policy['recipient']);
     $this->relationship = sanitize_string($policy['relationship']);
     $this->inverse_relationship = (bool) $policy['inverse_relationship'];
     $this->group_relationship = sanitize_string($policy['group_relationship']);
 }

/**
 * Sanitize message body and make it a safe HTML string.
 *
 * @param array $msg Message object
 * @return array Message object with sanitized body.
 */
function sanitize_message($msg)
{
    $message_body = $msg['message'];
    // Messages entered by user or operator cannot contain any markup
    if ($msg['kind'] == Thread::KIND_USER || $msg['kind'] == Thread::KIND_AGENT) {
        $message_body = safe_htmlspecialchars($message_body);
    }
    $msg['message'] = sanitize_string($message_body, 'low', 'moderate');
    return $msg;
}

function tokeninput_search($query, $options = array())
{
    $query = sanitize_string($query);
    // replace mysql vars with escaped strings
    $q = str_replace(array('_', '%'), array('\\_', '\\%'), $query);
    $dbprefix = elgg_get_config('dbprefix');
    $options['types'] = array('user', 'group');
    $options['joins'] = array("LEFT JOIN {$dbprefix}users_entity ue ON ue.guid = e.guid", "LEFT JOIN {$dbprefix}groups_entity ge ON ge.guid = e.guid");
    $options['wheres'] = array("(ue.name LIKE '%{$q}%' OR ue.username LIKE '%{$q}%' OR ge.name LIKE '%{$q}%')");
    return elgg_get_entities($options);
}