Documentation

FWValidator
in package

Framework Validator

Tags
copyright

CLOUDREXX CMS - CLOUDREXX AG

version
1.0.1
subpackage

lib_framework

author

Cloudrexx Development Team info@cloudrexx.com

author

Reto Kohli reto.kohli@comvation.com

todo

Edit PHP DocBlocks!

todo

Most, if not all, should be static

Table of Contents

Constants

REGEX_EMAIL  = \VALIDATOR_REGEX_EMAIL
Regular Expression for e-mail addresses
REGEX_EMAIL_JS  = \VALIDATOR_REGEX_EMAIL_JS
Regular Expression in javascript for e-mail addresses
REGEX_URI  = \VALIDATOR_REGEX_URI
Regular Expression for URIs
REGEX_URI_JS  = \VALIDATOR_REGEX_URI_JS
REGEX_URI_PROTO  = \VALIDATOR_REGEX_URI_PROTO
Regular Expression for URI protocols

Properties

$evilFileExtensions  : array<string|int, mixed>
Array of harmful file extensions
$potentialEvilFileExtensions  : array<string|int, mixed>
Array of potential harmful file extensions (client script containers)

Methods

cutHtmlByDisplayLength()  : mixed
Cut HTML-code in length by a specific amount of visiable characters
fix_flash_transparency()  : mixed
This function fixes the given HTML so that any embedded flash objects will get the "wmode=transprent" set.
getCleanFileName()  : mixed
Get a file name that is allowed on all file systems.
getEmailAsArray()  : array<string|int, mixed>
Find all e-mail addresses in a string
getUrl()  : string
Adds a leading protocol ("http://") prefix to the string, if there is none.
hasProto()  : bool
Returns true if the given string starts with a protocol
is_file_ending_harmless()  : mixed
Returns true if the ending of the given file name is harmless.
is_serialized()  : bool
Tests if an input is valid PHP serialized string.
isEmail()  : bool
Validate an E-mail address
isEmpty()  : bool
Check whether the given value is empty or not
isUri()  : bool
Returns true if the given string is a valid URI
__fix_flash()  : mixed

Constants

REGEX_EMAIL

Regular Expression for e-mail addresses

public mixed REGEX_EMAIL = \VALIDATOR_REGEX_EMAIL
Tags
author

Kevin Riesen

since
3.1.1

REGEX_EMAIL_JS

Regular Expression in javascript for e-mail addresses

public mixed REGEX_EMAIL_JS = \VALIDATOR_REGEX_EMAIL_JS
Tags
author

Kevin Riesen

since
3.1.1

REGEX_URI

Regular Expression for URIs

public mixed REGEX_URI = \VALIDATOR_REGEX_URI
Tags
author

Kevin Riesen

since
3.1.1

REGEX_URI_PROTO

Regular Expression for URI protocols

public mixed REGEX_URI_PROTO = \VALIDATOR_REGEX_URI_PROTO

Known protocols include HTTP, HTTPS, FTP, and FTPS

Tags
author

Kevin Riesen

since
3.1.1

Properties

$evilFileExtensions

Array of harmful file extensions

protected static array<string|int, mixed> $evilFileExtensions = array( # windows executables: 'exe', 'bat', 'pif', 'com', # client scripts: 'vs', 'vbs', # server scripts: 'php', 'php4', 'php5', 'phps', 'cgi', 'pl', 'jsp', 'jspx', 'asp', 'aspx', 'jsp', 'jspx', 'jhtml', 'phtml', 'cfm', 'htaccess', 'py', )

File uploads having those extensions are denied.

$potentialEvilFileExtensions

Array of potential harmful file extensions (client script containers)

protected static array<string|int, mixed> $potentialEvilFileExtensions = array( # client script containers: 'xhtml', 'xml', 'svg', 'shtml', )

File uploads having those extensions may be allowed by config

Methods

cutHtmlByDisplayLength()

Cut HTML-code in length by a specific amount of visiable characters

public static cutHtmlByDisplayLength(string &$html[, int $maxLength = 250 ][, string $suffix = '' ]) : mixed
Parameters
$html : string

HTML code to cut

$maxLength : int = 250

Visual length (in characters) to cut the HTML code to

$suffix : string = ''

Text to append at the end of the cut HTML code

fix_flash_transparency()

This function fixes the given HTML so that any embedded flash objects will get the "wmode=transprent" set.

public static fix_flash_transparency(mixed $html_code) : mixed

This is neccessary for the frontend login box for example, when a flash object is on the page. Takes un-escaped HTML code as parameter, returns the fixed HTML.

Parameters
$html_code : mixed

getCleanFileName()

Get a file name that is allowed on all file systems.

public static getCleanFileName(mixed $fileName) : mixed
Parameters
$fileName : mixed

getEmailAsArray()

Find all e-mail addresses in a string

public static getEmailAsArray(string $string) : array<string|int, mixed>
Parameters
$string : string

String potentially containing email addresses

Tags
access

public

todo

This function does not belong in here

Return values
array<string|int, mixed>

Array with all e-mail addresses found

getUrl()

Adds a leading protocol ("http://") prefix to the string, if there is none.

public static getUrl(string $string) : string

Note: This accepts any known and unknown protocol already present. Mind your step!

Parameters
$string : string

The URL with possibly missing protocol

Tags
access

public

todo

This function does not belong in here

Return values
string

The complete URL with protocol

hasProto()

Returns true if the given string starts with a protocol

public static hasProto(string $string) : bool

See VALIDATOR_REGEX_URI_PROTO for known protocols.

Parameters
$string : string

The string to be tested

Tags
author

Reto Kohli reto.kohli@comvation.com

Return values
bool

True if the string starts with an URI, false otherwise

is_file_ending_harmless()

Returns true if the ending of the given file name is harmless.

public static is_file_ending_harmless(string $file[, bool $yieldWarning = false ]) : mixed

We consider all executable as well as all scripts (server and client side) as harmful. You should NOT allow to upload these. This function returns true if the given filename is safe to upload.

Parameters
$file : string

The file name

$yieldWarning : bool = false

Set to true to yield a warning message (using Message::warning()) if the file extension is not harmless.

is_serialized()

Tests if an input is valid PHP serialized string.

public static is_serialized(string $value[, mixed &$result = null ]) : bool

Checks if a string is serialized using quick string manipulation to throw out obviously incorrect strings. Unserialize is then run on the string to perform the final verification.

Valid serialized forms are the following:

  • boolean: b:1;
  • integer: i:1;
  • double: d:0.2;
  • string: s:4:"test";
  • array: a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}
  • object: O:8:"stdClass":0:}
  • null: N;
Parameters
$value : string

Value to test for serialized form

$result : mixed = null

Result of unserialize() of the $value

Tags
author

Chris Smith code+php@chris.cs278.org

author

Frank Bültge frank@bueltge.de

copyright

Copyright (c) 2009 Chris Smith (http://www.cs278.org/), 2011 Frank Bültge (http://bueltge.de)

license

http://sam.zoy.org/wtfpl/ WTFPL

Return values
bool

True if $value is serialized data, otherwise FALSE

isEmail()

Validate an E-mail address

public static isEmail(string $string) : bool

Note: This used to have a stripslashes() around the string. This is bollocks. If you want to match a string, you match the string, not transformed version. Strip whatever you want, but do it before you call this function.

Parameters
$string : string
Tags
access

public

Return values
bool

True if it's an e-mail address, false otherwise

isEmpty()

Check whether the given value is empty or not

public static isEmpty(mixed $value) : bool
Parameters
$value : mixed
Return values
bool

true if the value is empty, false otherwise

isUri()

Returns true if the given string is a valid URI

public static isUri(string $string) : bool
Parameters
$string : string

The string to be tested

Tags
author

Reto Kohli reto.kohli@comvation.com

Return values
bool

True if the string represents an URI, false otherwise

__fix_flash()

private static __fix_flash(mixed $html) : mixed
Parameters
$html : mixed 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results