CONTENIDO_API 4.8.16 CL
Back to top  

Contenido Security class

 Methods

Checks some global variables at frontend like $lang, $client, $changelang, $changeclient, $tmpchangelang.

checkFrontendGlobals() : void

Validates client and language related variables and takes care that their content is really a numeric value.

Logic in this function is taken over from front_content.php (v 4.8.12, line 164 - 192).

TODO : Need a solution for used globals

Checks backend language parameter in request.

checkRequestBelang() : bool | void

Exceptions

\Contenido_Security_Exception if existing backend language parameter is not valid

Returns

boolvoidTrue on success otherwhise nothing.

Checks for forbidden parameters in request.

checkRequestForbiddenParameter() : bool | void

Exceptions

\Contenido_Security_Exception if the request contains one of forbidden parameters.

Returns

boolvoidTrue on success otherwhise nothing.

Checks for parameters in request who must be numeric.

checkRequestMustbeNumericParameter() : bool

Contrary to other request checks, this method don't throws a exception. It just insures that incomming values are really numeric, by type casting them to an integer.

Returns

boolJust true

Checks/Validates existing contenido session request parameter.

checkRequestSession() : bool | void

Exceptions

\Contenido_Security_Exception if contenido parameter in request don't matches the required format

Returns

boolvoidTrue on success otherwhise nothing.

Checks some Contenido core related request parameters against XSS

checkRequests() : bool | void

access public

Exceptions

\Contenido_Security_Exception if one of the checks fails

Returns

boolvoidTrue on success otherwhise nothing.

Checks also contenido-var (session) to ascii, but works as a wrapper to checkRequestSession().

checkSession() : true

access public
deprecated Use checkRequestSession() instead due to better naming conventions
TODO : Should be removed, but later in few years...

Exceptions

\Contenido_Security_Exception if contenido parameter in request don't matches the required format

Returns

true

Escaped an query-string with mysql_real_escape_string

escapeDB(string $sString, \DB_Contenido $oDB, boolean $bUndoAddSlashes) : string

static

Parameters

$sString

string

Input string

$oDB

\DB_Contenido

Contenido database object

$bUndoAddSlashes

boolean

Flag for undo addslashes (optional, default: true)

Returns

stringConverted string

Escaped an query-string with addslashes

escapeString(string $sString) : string

static

Parameters

$sString

string

Input string

Returns

stringConverted string

Escapes string using contenido urlencoding method and escapes string for inserting

filter(string $sString, \DB_Contenido $oDb) : string

static

Parameters

$sString

string

Input string

$oDb

\DB_Contenido

Contenido database object

Returns

stringFiltered string

Returns accepted backend language values

getAcceptedBelangValues() : array

Returns

array

Returns forbidden request parameters

getForbiddenParameters() : array

Returns

array

Returns must be numeric request parameters

getMustbeNumericParameters() : array

Returns

array

Check: Has the variable an boolean value?

isBoolean(string $sVar) : boolean

static

Parameters

$sVar

string

Input string

Returns

booleanCheck state

Check: Is the variable an integer?

isInteger(string $sVar) : boolean

static

Parameters

$sVar

string

Input string

Returns

booleanCheck state

Check: Is the variable formatted as MySQL DATE 'YYYY-MM-DD'

isMySQLDate(string $sVar, boolean $bCheckValid) : boolean

static
author Ortwin Pinke
since ConLite 0.1.0

Parameters

$sVar

string

given date/string

$bCheckValid

boolean

additional use of checkdate for validation

Returns

booleantrue|false

Check: Is the variable formatted as MySQL DATETIME 'YYYY-MM-DD HH:MM:SS'

isMySQLDateTime($sVar, boolean $bCheckValid) : boolean

static
author Ortwin Pinke
since ConLite 0.1.0

Parameters

$sVar

$bCheckValid

boolean

additional use of checkdate for validation

Returns

booleantrue|false

Check: Is the variable an string?

isString(string $sVar) : boolean

static

Parameters

$sVar

string

Input string

Returns

booleanCheck state

Convert an string to an boolean

toBoolean(string $sString) : boolean

static
deprecated since ConLite 0.1.0, this function will be deleted in future versions, use buildin PHP-functions

Parameters

$sString

string

Input string

Returns

booleanType casted input string

Convert an string to an integer

toInteger(string $sString) : integer

static
deprecated since ConLite 0.1.0, this function will be deleted in future versions, use buildin PHP-functions

Parameters

$sString

string

Input string

Returns

integerType casted input string

Convert an string

toString(string $sString, boolean $bHTML, string $sAllowableTags) : string

static

Parameters

$sString

string

Input string

$bHTML

boolean

If true check with strip_tags and stripslashes

$sAllowableTags

string

Allowable tags if $bHTML is true

Returns

stringConverted string

Reverts effect of method filter()

unFilter(string $sString) : string

static

Parameters

$sString

string

Input string

Returns

stringUnfiltered string

Un-quote string quoted with escapeDB()

unescapeDB(string $sString) : string

static

Parameters

$sString

string

Input string

Returns

stringConverted string

 Properties

 

Accepted backend languages

$_acceptedBelangValues : array

 

Request paramaters, which are strictly forbidden

$_forbiddenParameters : array

 

Request paramaters, which must be numeric

$_mustbeNumericParameters : array