Contenido Security class

 Methods

Checks some global variables at frontend like $lang, $client, $changelang, $changeclient, $tmpchangelang.

checkFrontendGlobals() : void
Static

Validates client and language related variables and takes care that their content is really a numeric value.

Logic in this function is taken over from front_content.php (v 4.8.12, line 164 - 192).

TODO : Need a solution for used globals

Checks backend language parameter in request.

checkRequestBelang() : bool | void
Static

Exceptions

\Contenido_Security_Exception if existing backend language parameter is not valid

Returns

boolvoidTrue on success otherwhise nothing.

Checks for forbidden parameters in request.

checkRequestForbiddenParameter() : bool | void
Static

Exceptions

\Contenido_Security_Exception if the request contains one of forbidden parameters.

Returns

boolvoidTrue on success otherwhise nothing.

Checks for parameters in request who must be numeric.

checkRequestMustbeNumericParameter() : bool
Static

Contrary to other request checks, this method don't throws a exception. It just insures that incomming values are really numeric, by type casting them to an integer.

Returns

boolJust true

Checks/Validates existing contenido session request parameter.

checkRequestSession() : bool | void
Static

Exceptions

\Contenido_Security_Exception if contenido parameter in request don't matches the required format

Returns

boolvoidTrue on success otherwhise nothing.

Checks some Contenido core related request parameters against XSS

checkRequests() : bool | void
Static
access public

Exceptions

\Contenido_Security_Exception if one of the checks fails

Returns

boolvoidTrue on success otherwhise nothing.

Checks also contenido-var (session) to ascii, but works as a wrapper to checkRequestSession().

checkSession() : true
Static
access public
deprecated Use checkRequestSession() instead due to better naming conventions
TODO : Should be removed, but later in few years...

Exceptions

\Contenido_Security_Exception if contenido parameter in request don't matches the required format

Returns

true

Escaped an query-string with mysql_real_escape_string

escapeDB(string $sString, \DB_Contenido $oDB, boolean $bUndoAddSlashes) : string
Static
static

Parameters

$sString

string

input string

$oDB

\DB_Contenido

contenido database object

$bUndoAddSlashes

boolean

flag for undo addslashes (optional, default: true)

Returns

stringconverted string

Escaped an query-string with addslashes

escapeString(string $sString) : string
Static
static

Parameters

$sString

string

input string

Returns

stringconverted string

Escapes string using contenido urlencoding method and escapes string for inserting

filter(string $sString, \DB_Contenido $oDb) : string
Static
static

Parameters

$sString

string

input string

$oDb

\DB_Contenido

contenido database object

Returns

stringfiltered string

Returns accepted backend language values

getAcceptedBelangValues() : array
Static

Returns

array

Returns forbidden request parameters

getForbiddenParameters() : array
Static

Returns

array

Returns must be numeric request parameters

getMustbeNumericParameters() : array
Static

Returns

array

Check: Has the variable an boolean value?

isBoolean(string $sVar) : boolean
Static
static

Parameters

$sVar

string

input string

Returns

booleancheck state

Check: Is the variable an integer?

isInteger(string $sVar) : boolean
Static
static

Parameters

$sVar

string

input string

Returns

booleancheck state

Check: Is the variable an string?

isString(string $sVar) : boolean
Static
static

Parameters

$sVar

string

input string

Returns

booleancheck state

Convert an string to an boolean

toBoolean(string $sString) : boolean
Static
static

Parameters

$sString

string

input string

Returns

booleantype casted input string

Convert an string to an integer

toInteger(string $sString) : integer
Static
static

Parameters

$sString

string

input string

Returns

integertype casted input string

Convert an string

toString(string $sString, boolean $bHTML, string $sAllowableTags) : string
Static
static

Parameters

$sString

string

input string

$bHTML

boolean

if true check with strip_tags and stripslashes

$sAllowableTags

string

allowable tags if $bHTML is true

Returns

stringconverted string

Reverts effect of method filter()

unFilter(string $sString) : string
Static
static

Parameters

$sString

string

input string

Returns

stringunfiltered string

Un-quote string quoted with escapeDB()

unescapeDB(string $sString) : string
Static
static

Parameters

$sString

string

input string

Returns

stringconverted string

 Properties

 

$_acceptedBelangValues : array
 

$_forbiddenParameters : array
 

$_mustbeNumericParameters : array