Class vB_Input_Cleaner

Description

Class to handle and sanitize variables from GET, POST and COOKIE etc

  • version: $Revision: 35065 $
  • date: $Date: 2010-01-21 14:01:23 -0600 (Thu, 21 Jan 2010) $

Located in /includes/class_core.php (line 1697)


	
			
Variable Summary
Method Summary
 vB_Input_Cleaner vB_Input_Cleaner (vB_Registry &$registry)
 string add_fragment (string $path, [string $fragment = false])
 string add_query (string $path, [string $query = false])
 mixed &clean (mixed &$var, [integer $vartype = TYPE_NOCLEAN], [boolean $exists = true])
 array &clean_array (array &$source, array $variables)
 array clean_array_gpc (string $source, array $variables)
 mixed &clean_gpc (array $source, string $varname, [integer $vartype = TYPE_NOCLEAN])
 void convert_shortvars (array &$array, [ $setglobals = true])
 mixed &do_clean (mixed &$data, integer $type)
 string fetch_alt_ip ()
 string fetch_basepath ([ $rel_modifier = false])
 string fetch_ip ()
 string fetch_relpath ([ $path = false])
 string fetch_server_value (string $name)
 string fetch_url ()
 string fetch_wolpath ()
 void resolve_request_url ( $registry)
 void stripslashes_deep (array &$value, [ $depth = 0])
 string strip_sessionhash (string $string)
 string utf8_clean_path (string $path, [ $reencode = true])
 string xss_clean (string $var)
 string xss_clean_url (string $url)
Variables
string $alt_ip = '' (line 1774)

System state. An attempt to find a second IP for the current visitor (proxy etc)

array $cleaned_vars = array() (line 1788)

Keep track of variables that have already been cleaned

string $ipaddress = '' (line 1767)

System state. The IP address of the current visitor

vB_Registry $registry = null (line 1781)

A reference to the main registry object

string $reloadurl = '' (line 1746)

Reload URL. Complete URL of the current page including sessionhash

string $scriptpath = '' (line 1739)

System state. The complete URL of the current page, without sessionhash

array $shortvars = array(
'f' => 'forumid',
't' => 'threadid',
'p' => 'postid',
'u' => 'userid',
'a' => 'announcementid',
'c' => 'calendarid',
'e' => 'eventid',
'q' => 'query',
'pp' => 'perpage',
'page' => 'pagenumber',
'sort' => 'sortfield',
'order' => 'sortorder',
)
(line 1704)

Translation table for short name to long name

array $superglobal_lookup = array(
'g' => '_GET',
'p' => '_POST',
'r' => '_REQUEST',
'c' => '_COOKIE',
's' => '_SERVER',
'e' => '_ENV',
'f' => '_FILES'
)
(line 1724)

Translation table for short superglobal name to long superglobal name

string $url = '' (line 1760)

System state. The complete URL of the referring page

string $wolpath = '' (line 1753)

System state. The complete URL of the page for Who's Online purposes

Methods
Constructor vB_Input_Cleaner (line 1799)

Constructor

First, reverses the effects of magic quotes on GPC Second, translates short variable names to long (u --> userid) Third, deals with $_COOKIE[userid] conflicts

vB_Input_Cleaner vB_Input_Cleaner (vB_Registry &$registry)
  • vB_Registry &$registry: The instance of the vB_Registry object
add_fragment (line 2097)

Adds a fragment to a path

  • return: The resulting string
string add_fragment (string $path, [string $fragment = false])
  • string $path: The path to add the fragment to
  • string $fragment: The fragment to add to the path
add_query (line 2074)

Adds a query string to a path, fixing the query characters.

  • return: The resulting string
string add_query (string $path, [string $query = false])
  • string $path: The path to add the query to
  • string $query: The query string to add to the path
clean (line 2193)

Makes a single variable safe to use and returns it

  • return: The cleaned value
mixed &clean (mixed &$var, [integer $vartype = TYPE_NOCLEAN], [boolean $exists = true])
  • mixed &$var: The variable to be cleaned
  • integer $vartype: The type of the variable in which we are interested
  • boolean $exists: Whether or not the variable to be cleaned actually is set
clean_array (line 2116)

Makes data in an array safe to use

array &clean_array (array &$source, array $variables)
  • array &$source: The source array containing the data to be cleaned
  • array $variables: Array of variable names and types we want to extract from the source array
clean_array_gpc (line 2136)

Makes GPC variables safe to use

array clean_array_gpc (string $source, array $variables)
  • string $source: Either, g, p, c, r or f (corresponding to get, post, cookie, request and files)
  • array $variables: Array of variable names and types we want to extract from the source array
clean_gpc (line 2165)

Makes a single GPC variable safe to use and returns it

mixed &clean_gpc (array $source, string $varname, [integer $vartype = TYPE_NOCLEAN])
  • array $source: The source array containing the data to be cleaned
  • string $varname: The name of the variable in which we are interested
  • integer $vartype: The type of the variable in which we are interested
convert_shortvars (line 2488)

Turns $_POST['t'] into $_POST['threadid'] etc.

void convert_shortvars (array &$array, [ $setglobals = true])
  • array &$array: The name of the array
  • $setglobals
do_clean (line 2287)

Does the actual work to make a variable safe

mixed &do_clean (mixed &$data, integer $type)
  • mixed &$data: The data we want to make safe
  • integer $type: The type of the data
fetch_alt_ip (line 2730)

Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.

string fetch_alt_ip ()
fetch_basepath (line 2522)

Fetches the 'basepath' variable that can be used as <base>.

string fetch_basepath ([ $rel_modifier = false])
  • $rel_modifier
fetch_ip (line 2720)

Fetches the IP address of the current visitor

string fetch_ip ()
fetch_relpath (line 2548)

Fetches the path for the current request relative to the basepath.

This is useful for local anchors (<a href="{vb:raw relpath}#post">).

Substracts any overlap between basepath and path with the following results:

base: http://www.example.com/forums/ path: /forums/content.php result: content.php

base: http://www.example.com/forums/admincp path: /forums/content/1-Article result: ../content/1-Article

string fetch_relpath ([ $path = false])
  • $path
fetch_server_value (line 2050)

Fetches a value from $_SERVER or $_ENV

string fetch_server_value (string $name)
  • string $name
fetch_url (line 2678)

Fetches the 'url' variable - usually the URL of the previous page in the history

string fetch_url ()
fetch_wolpath (line 2633)

Fetches the 'wolpath' variable - ie: the same as 'scriptpath' but with a handler for the POST request method

string fetch_wolpath ()
resolve_request_url (line 1947)

Resolves information about the request URL.

void resolve_request_url ( $registry)
  • $registry
stripslashes_deep (line 2465)

Reverses the effects of magic_quotes on an entire array of variables

void stripslashes_deep (array &$value, [ $depth = 0])
  • array &$value: The array on which we want to work
  • $depth
strip_sessionhash (line 2511)

Strips out the s=gobbledygook& rubbish from URLs

string strip_sessionhash (string $string)
  • string $string: The URL string from which to remove the session stuff
utf8_clean_path (line 2444)

Cleans a query string.

Unicode is decoded, url entities are kept encoded, and slashes are preserved.

string utf8_clean_path (string $path, [ $reencode = true])
  • string $path
  • $reencode
xss_clean (line 2408)

Removes HTML characters and potentially unsafe scripting words from a string

string xss_clean (string $var)
  • string $var: The variable we want to make safe
xss_clean_url (line 2424)

Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string is preserved.

string xss_clean_url (string $url)
  • string $url: The url to clean

Documentation generated on Tue, 26 Jan 2010 15:15:05 -0600 by phpDocumentor 1.4.3