contenido\classes\class.httpinputvalidator.php

Show: PublicProtectedPrivateinherited
Table of Contents
Project: Contenido Content Management System

Description: This class provides validation methods for HTTP parameters (GET and POST). Originally based on work of kummer and started by discussion in contenido forum this class is a little bit "re-writed" for better interaction with contenido. Thanks to Andreas Kummer (aka kummer) for this great idea!

Requirements:

Author
Andreas Kummer, Holger Librenz  
Con_notice
ToDo: Error page re-direction?  
Con_php_req
5.0  
Copyright
atelierQ Kummer, four for business AG  
License
http://www.contenido.org/license/LIZENZ.txt  
Link
http://www.4fb.de  
Link
http://www.contenido.org  
Package
Contenido Backend classes  
Since
file available since contenido release <= 4.6  
TODO
: Some features are the same as in Contenido_Security (see contenido/classes/class.security.php), merge them... {@internal created 2008-02-06 modified 2008-06-10, I. van Peeren, initially set $this->bLog as $bLog in config file modified 2008-07-02, Frederic Schneider, add security fix $Id: class.httpinputvalidator.php 1157 2010-05-20 14:10:43Z xmurrix $: }}  
Version
1.1.2  

Constants

>VConstant  CON_CHECK_INTEGER = '/^[0-9]*$/'
>VConstant  CON_CHECK_PRIMITIVESTRING = '/^[a-zA-Z0-9 -_]*$/'
>VConstant  CON_CHECK_STRING = '/^[\w0-9 -_]*$/'
>VConstant  CON_CHECK_HASH32 = '/^[a-zA-Z0-9]{32}$/'

\HttpInputValidator

Package: Default
This class is the extended version of excelent code made by kummer.
See
\global\http://contenido.org/forum/viewtopic.php?p=113492#113492  
Version
1.0.1  

Properties

>VPropertypublicarray $aCheck = array()
Array with all possible parameters and parameter formats.

Structure has to be:

$check['GET']['param1']  = VALIDATE_FORMAT;
$check['POST']['param2']    = VALIDATE_FORMAT;

Possible formats are defined as constants in top of these class file.

Default valuearray()Details
Type
array
>VPropertypublicarray $aPostVariables = array()
Associative array with available POST parameter name as key and flag whether this parameter is "clean" or not.
Default valuearray()Details
Type
array
>VPropertypublicboolean $bLog = false
Flag whether to write log or not.
Default valuefalseDetails
Type
boolean
>VPropertypublicstring $sConfigPath = ''
Path to config file.
Default value''Details
Type
string
>VPropertypublicstring $sFailure = ''
Contains first invalid parameter name.
Default value''Details
Type
string
>VPropertypublicstring $sLogPath = ''
Path and filename of logfile
Default value''Details
Type
string
>VPropertypublicstring $sMode = 'training'
Current mode
Default value'training'Details
Type
string

Methods

methodpublicHttpInputValidator(string $sConfigPath) : \HttpInputValidator

Constructor

Configuration path $sConfigPath is mandatory and has to contain the complete path to configuration file with defined parameters.

The class provides two modes: training and arcade. Training mode only logs violations - if log path is given into log file otherwise as comment into HTML output. Arcade mode is made for killing - every violation will cause an hard exit!

Parameters
NameTypeDescription
$sConfigPathstring
Returns
TypeDescription
\HttpInputValidator
methodpubliccheckGetParams() : bool

Checks all GET params and returns true in case of a violation, otherwise false.

Returns
TypeDescription
bool
methodpubliccheckParameter(string $sType, string $sKey, mixed $mValue) : bool

This method checks parameter of type $sType (currently GET and POST are supported) and name $sKey has valid value $mValue.

In this case or in case of unknown but empty params, the method will also return true.

Parameters
NameTypeDescription
$sTypestring
$sKeystring
$mValuemixed
Returns
TypeDescription
bool
methodpubliccheckPostParams() : void

Fills status-array $aPostVariables.

Is POST-param known and valid mapped value is true.

methodpublicisRegularPost(string $sKey) : mixed

Checks POST param $sKey is unknown (result is null), known but invalid (result is false) or it is known and valid (result is true).

Parameters
NameTypeDescription
$sKeystring
Returns
TypeDescription
mixed
methodpubliclogHackTrial() : void

Tries to log date, remote ip and the requested URI into log file.

methodpublicshowPosts( $bReturn = false) : string

Print html comment or returns (depending on flag $bReturn) all POST params.

Parameters
NameTypeDescription
$bReturn
Returns
TypeDescription
string
Documentation was generated by phpDocumentor 2.0.0a12.