本文整理匯總了PHP中ESAPI::getEncoder方法的典型用法代碼示例。如果您正苦於以下問題:PHP ESAPI::getEncoder方法的具體用法?PHP ESAPI::getEncoder怎麽用?PHP ESAPI::getEncoder使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類ESAPI
的用法示例。
在下文中一共展示了ESAPI::getEncoder方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: __construct
function __construct()
{
//The xml file is in its insecure default location.
//We would normally have all referenced libraries outside of the webroot.
$this->esapi = new ESAPI('../owasp-esapi-php-read-only/test/testresources/ESAPI.xml');
ESAPI::setEncoder(new DefaultEncoder());
ESAPI::setValidator(new DefaultValidator());
$this->encoder = ESAPI::getEncoder();
$this->validator = ESAPI::getValidator();
}
示例2: isValid
/**
* Validates the input string against a whitelist of acceptable characters.
*
* @param string $input The input string to be validated.
*
* @return bool True if input string contains only characters defined in the
* whitelist, otherwise
* False.
*/
public function isValid($input)
{
if (!is_string($input) || empty($input)) {
$this->_error(self::INVALID);
return false;
}
$canonical = ESAPI::getEncoder()->canonicalize($input, false);
$detectedCharEnc = mb_detect_encoding($canonical);
if ($detectedCharEnc != 'UTF-8') {
$canonical = mb_convert_encoding($canonical, 'UTF-8', $detectedCharEnc);
}
$limit = mb_strlen($canonical, 'UTF-8');
for ($i = 0; $i < $limit; $i++) {
$c = mb_substr($canonical, $i, 1, 'UTF-8');
if (in_array($c, $this->_charset, true) !== true) {
$this->_error(self::INPUT_NOT_IN_WHITELIST);
return false;
}
}
return true;
}
示例3: ESAPI
<?php
/* ------------------------------------------
* initialize OWASP ESAPI for PHP
* ------------------------------------------ */
require_once __ROOT__ . '/owasp-esapi-php/src/ESAPI.php';
if (!isset($ESAPI)) {
$ESAPI = new ESAPI(__ROOT__ . '/owasp-esapi-php/src/ESAPI.xml');
$Encoder = $ESAPI->getEncoder();
}
// end if
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)) {
$CustomErrorHandler = new CustomErrorHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
}
// end if
/* ------------------------------------------
* initialize log error handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/LogHandler.php';
$LogHandler = new LogHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
/* ------------------------------------------
* initialize SQL Query Handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler(__ROOT__ . "/owasp-esapi-php/src/", $_SESSION["security-level"]);
示例4: getRandomAlphaNumString
/**
* Helper method returns a random string of alphanumeric characters of the
* supplied length.
*
* @param int $len Length of the required string.
*
* @return string A string of $len alphanumeric characters.
*/
function getRandomAlphaNumString($len)
{
if (empty($len)) {
return null;
}
ESAPI::getEncoder();
return ESAPI::getRandomizer()->getRandomString($len, Encoder::CHAR_ALPHANUMERICS);
}
示例5: isValid
/**
* Validates the input string against a list of valid recipients.
*
* @param string $input The input to be validated as a recipient.
*
* @return bool True if input string is a valid recipient, otherwise
* False.
*/
public function isValid($input)
{
$auditor = ESAPI::getAuditor('App_Validate_Recipient');
if (!is_string($input)) {
$auditor->warning(Auditor::SECURITY, false, 'isValid expects a string!');
$this->_error(self::INVALID);
return false;
}
if ($this->_recipients instanceof Zend_Config !== true) {
$this->_error(self::INVALID_RECIPIENT);
$auditor->warning(Auditor::SECURITY, false, 'isValid requires an array of recipients!');
return false;
}
$encoder = ESAPI::getEncoder();
// canonicalise the input string.
$canonical = null;
try {
$canonical = $encoder->canonicalize($input, true);
} catch (Exception $e) {
// Process the input no further.
$this->_error(self::INVALID_RECIPIENT);
$auditor->warning(Auditor::SECURITY, false, 'isValid rejected a string in which double or mixed encoding was detected.', $e);
return false;
}
// Convert input to lower case
$charEnc = mb_detect_encoding($canonical);
$canonicalLower = mb_strtolower($canonical, $charEnc);
// Get a whitespace removal filter
$whitespace = new Zend_Filter_PregReplace(array('match' => '/ /', 'replace' => ''));
// for each of our valid recipients use an identical validator
// to determine whether $canonical matches.
$validator = new Zend_Validate_Identical();
foreach ($this->_recipients as $_ => $cfg) {
foreach ($cfg as $key => $validRecipient) {
if ($key !== 'display') {
continue;
}
$charEnc = mb_detect_encoding($validRecipient . '');
$validRecipientL = mb_strtolower($validRecipient, $charEnc);
$validRecipientS = $whitespace->filter($validRecipientL);
$validator->setToken($validRecipientL);
if ($validator->isValid($canonicalLower)) {
return true;
}
$validator->setToken($validRecipientS);
if ($validator->isValid($canonicalLower)) {
return true;
}
}
}
// if that fails, the form has been tampered with or a dummy option has
// been selected - check for the latter of these now:
foreach ($this->_dummyRecipients as $dummy => $value) {
$charEnc = mb_detect_encoding($dummy . '');
$dummyL = mb_strtolower($dummy, $charEnc);
$dummyS = $whitespace->filter($dummyL);
$validator->setToken($dummyL);
if ($validator->isValid($canonicalLower)) {
$this->_error(self::DUMMY_RECIPIENT);
return false;
}
$validator->setToken($dummyS);
if ($validator->isValid($canonicalLower)) {
$this->_error(self::DUMMY_RECIPIENT);
return false;
}
}
$auditor->warning(Auditor::SECURITY, false, "isValid. Input [{$canonicalLower}] is not a valid recipient.");
$this->_error(self::INVALID_RECIPIENT);
return false;
}
示例6: testDecodeSpecialsEqualsCanonicalisedEncodedSpecials
/**
* testDecodeSpecialsEqualsCanonicalisedEncodedSpecials
*/
public function testDecodeSpecialsEqualsCanonicalisedEncodedSpecials()
{
$instance = ESAPI::getEncoder();
$this->assertEquals($instance->canonicalize('!@$%()=+{}[]'), $this->_xmlEntityCodec->decode('!@$%()=+{}[]'));
}
示例7: isValid
/**
* Performs canonicalisation of the input string before calling parent::isValid.
*
* @param string $value The input string to be validated.
*
* @return bool True if the input is of a valid length, otherwise
* False.
*/
public function isValid($value)
{
return parent::isValid(ESAPI::getEncoder()->canonicalize($value, false));
}
示例8: output
/**
* output appends the final output from a codec (either an encoded or
* decoded string) to the contents of $this->_buf and then logs this
* debugging output before resetting the CodecDebug instance ready for
* reuse.
*
* @param string $codecOutput is the final output being returned from Codec.
*
* @return null
*/
public function output($codecOutput)
{
if ($this->_enabled == false || !ESAPI::getAuditor(CD_LOG)->isDebugEnabled() || !$this->_allowRecurse) {
return;
}
if ($this->_buf === null) {
return;
// the codec being tested has not added any normalised inputs.
}
$output = '';
$this->_allowRecurse = false;
$htmlCodecOutput = ESAPI::getEncoder()->encodeForHTML($codecOutput);
if ($htmlCodecOutput == '') {
$output = $this->_buf . $this->_verb . 'ed string was an empty string.';
} else {
$output = $this->_buf . $this->_verb . 'ed: [' . $htmlCodecOutput . ']';
}
ESAPI::getAuditor(CD_LOG)->debug(Auditor::SECURITY, true, $output);
$this->_allowRecurse = true;
$this->_buf = null;
$this->_verb = null;
}
示例9: elseif
if ($sr === true) {
$view .= '<p>Your session was regenerated. ID went from: ';
$view .= ESAPI::getEncoder()->encodeForHTML($oldSessID);
$view .= ' to: ';
$view .= ESAPI::getEncoder()->encodeForHTML(session_id());
$view .= '</p>';
} else {
$view .= '<p>Your session was not regenerated. Is the session started?';
}
$tests['csi'] .= ' - DONE';
$util->killAllCookies($req);
$view .= '<p>The response should have requested your User Agent to delete your cookies. Let us see if it will honour that request.';
$view .= " <a href=\"{$uri}?req=test2\">click me!</a></p>";
} elseif ($req->getParameter('req') == 'test2') {
$view .= '<p>Cookies received in that request: ';
$view .= ESAPI::getEncoder()->encodeForHTML(print_r($req->getCookies(), true));
$view .= '</p>';
$view .= '<p>';
if ($req->getCookie('testcookie') === null) {
$view .= 'It worked! testcookie was not received in that request.';
} else {
$view .= 'It did not work. testcookie was received in that request.';
}
$view .= '</p>';
$tests['cookie'] .= ' - DONE';
$a = ESAPI::getAuditor('HTTPUtilsExtraTests');
$log = $util->logHTTPRequest($req, $a);
$logO = $util->logHTTPRequestObfuscate($req, $a, array('req'));
$view .= '<p>Please check the ESAPI Auditor logfile for two INFO entries which log that request. The second entry will contain the obfuscated "req" parameter.';
$view .= '</p>';
$tests['log'] .= ' - DONE';
示例10: __construct
function __construct()
{
ESAPI::getEncoder();
$this->logFileLoc = getLogFileLoc();
}
示例11: testUnixCodec
/**
* Test of UnixCodec
*/
public function testUnixCodec()
{
$instance = ESAPI::getEncoder();
$codec_unix = new UnixCodec();
$this->assertEquals(null, $instance->encodeForOS($codec_unix, null));
$decoded = $codec_unix->decodeCharacter(Codec::normalizeEncoding("n"));
$this->assertEquals(null, $decoded['decodedCharacter']);
$decoded = $codec_unix->decodeCharacter(Codec::normalizeEncoding(""));
$this->assertEquals(null, $decoded['decodedCharacter']);
$immune = array("");
// not that it matters, but the java test would encode alphanums with such an immune param.
$encoded = $codec_unix->encodeCharacter($immune, "<");
$decoded = $codec_unix->decode($encoded);
$this->assertEquals("<", $decoded);
$orig = "/etc/passwd";
$this->assertEquals($orig, $codec_unix->decode($orig));
$immune = array();
$orig = "/etc/passwd";
$encoded = $codec_unix->encode($immune, $orig);
$this->assertEquals($orig, $codec_unix->decode($encoded));
// TODO: Check that this is acceptable for Unix hosts
$this->assertEquals("c\\:\\\\jeff", $instance->encodeForOS($codec_unix, "c:\\jeff"));
$this->assertEquals("c\\:\\\\jeff", $codec_unix->encode($immune, "c:\\jeff"));
$this->assertEquals("dir\\ \\&\\ foo", $instance->encodeForOS($codec_unix, "dir & foo"));
$this->assertEquals("dir\\ \\&\\ foo", $codec_unix->encode($immune, "dir & foo"));
// Unix paths (that must be encoded safely)
// TODO: Check that this is acceptable for Unix
$this->assertEquals("\\/etc\\/hosts", $instance->encodeForOS($codec_unix, "/etc/hosts"));
$this->assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", $instance->encodeForOS($codec_unix, "/etc/hosts; ls -l"));
// these tests check that mixed character encoding is handled properly when encoding.
$expected = '/^[a-zA-Z0-9\\/+]*={0,2}$/';
for ($i = 0; $i < 256; $i++) {
$input = chr($i);
$output = $instance->encodeForBase64($input);
$this->assertRegExp($expected, $output, "Input was character with ordinal: {$i} - %s");
$this->assertEquals($input, $instance->decodeFromBase64($output));
}
for ($i = 0; $i < 256; $i++) {
$input = 'a' . chr($i);
$output = $instance->encodeForBase64($input);
$this->assertRegExp($expected, $output, "Input was 'a' concat with character with ordinal: {$i} - %s");
$this->assertEquals($input, $instance->decodeFromBase64($output));
}
for ($i = 0; $i < 256; $i++) {
$input = 'ϑ' . chr($i);
$output = $instance->encodeForBase64($input);
$this->assertRegExp($expected, $output, "Input was char known as 'ϑ' concat with character with ordinal: {$i} - %s");
$this->assertEquals($input, $instance->decodeFromBase64($output));
}
}
示例12: __construct
public function __construct()
{
$this->encoder = ESAPI::getEncoder();
}
示例13: isValid
/**
* Validates the POST half of a double submit cookie against the COOKIE half
* and both against string length and character set constraints.
*
* @param string $value The POST half of a double submit cookie from, for
* example a hidden HTML form field.
*
* @return null
*/
public function isValid($value)
{
$auditor = ESAPI::getAuditor('App_Validate_Token');
$canonicalPostToken = ESAPI::getEncoder()->canonicalize($value, false);
$this->_setValue($canonicalPostToken);
$isValid = false;
$v_len = new Zend_Validate_StringLength($this->_expectedLen, $this->_expectedLen);
if ($v_len->isValid($canonicalPostToken) !== true) {
$this->_error(self::POST_BAD_LENGTH);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_LENGTH]);
return false;
}
$v_regex = new Custom_Validate_Charset($this->_expectedCharset);
if ($v_regex->isValid($canonicalPostToken) !== true) {
$this->_error(self::POST_BAD_CHARSET);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_CHARSET]);
return false;
}
$controller = Zend_Controller_Front::getInstance();
$req = $controller->getRequest();
$cookieVal = $req->getCookie($this->_cookieName);
$canonicalCookie = ESAPI::getEncoder()->canonicalize($cookieVal, false);
if ($canonicalCookie === null) {
$this->_error(self::MISSING_COOKIE);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::MISSING_COOKIE]);
return false;
}
if ($v_len->isValid($canonicalCookie) !== true) {
$this->_error(self::COOKIE_BAD_LENGTH);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_LENGTH]);
return false;
}
if ($v_regex->isValid($canonicalCookie) !== true) {
$this->_error(self::COOKIE_BAD_CHARSET);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_CHARSET]);
return false;
}
$v_identical = new Zend_Validate_Identical($this->_value);
if ($v_identical->isValid($canonicalCookie) !== true) {
$this->_error(self::TOKENS_DIFFER);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::TOKENS_DIFFER]);
return false;
}
return true;
}
示例14: _queryToMap
/**
* Takes an HTTP query string and parses it into name-value pairs which are
* returned as an associative array. This implementation will ignore
* duplicate paramater names, returning only the first found parameter.
*
* @param string $query The HTTP query string to be parsed.
*
* @return array of name value pairs from the query string.
*/
private function _queryToMap($query)
{
$map = array();
$parts = explode('&', $query);
foreach ($parts as $part) {
try {
$nvpair = explode('=', $part);
$name = ESAPI::getEncoder()->decodeFromURL($nvpair[0]);
$value = ESAPI::getEncoder()->decodeFromURL($nvpair[1]);
if (!array_key_exists($name, $map)) {
$map[$name] = $value;
}
} catch (EncodingException $e) {
// NoOp - skip this pair - exception was logged already.
}
}
return $map;
}
示例15: _matchDomainName
/**
* Helper which takes a domain name and checks whether the host header is
* the same as, or a subdomain of, the supplied name. If the host header
* is a localhost IP or localhost name then it is considered a match
* regardless of the supplied name.
*
* @param string $domain A domain name.
*
* @return bool True if the host header is the same name as the supplied
* name or a subdomain of it, otherwise
* False.
*/
private function _matchDomainName($domain)
{
$charEnc = mb_detect_encoding($domain);
if ($charEnc !== 'ASCII' && $charEnc !== 'UTF-8') {
$domain = mb_convert_encoding($domain, 'UTF-8', $charEnc);
}
$host = ESAPI::getEncoder()->canonicalize($_SERVER['HTTP_HOST'], false);
$charEnc = mb_detect_encoding($host);
if ($charEnc !== 'ASCII' && $charEnc !== 'UTF-8') {
$host = mb_convert_encoding($host, 'UTF-8', $charEnc);
}
$host = mb_strtolower($host, 'UTF-8');
$domain = mb_strtolower($domain, 'UTF-8');
$pos = mb_strpos($host, $domain, 0, 'UTF-8');
if ($pos === false) {
return false;
}
if ($pos !== 0 && mb_substr($host, $pos - 1, 1, 'UTF-8') !== '.') {
return false;
}
return true;
}