Overview

Packages

  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Datatype
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob

Classes

  • cRequestValidator
  • cSecurity
  • cUpdateNotifier
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo

Class cRequestValidator

Class to check get and post variables

Package: Core\Security
Copyright: four for business AG <www.4fb.de>
License: http://www.contenido.org/license/LIZENZ.txt
Author: Mischa Holz, Andreas Kummer
Located at classes/class.requestvalidator.php
Methods summary
private
# __construct( )

The constructor sets up the singleton object and reads the config from
'data/config/' . CON_ENVIRONMENT . '/config.http_check.php' It also reads existing local config from
'data/config/' . CON_ENVIRONMENT . '/config.http_check.local.php'

The constructor sets up the singleton object and reads the config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.php' It also reads existing local config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.local.php'

Throws

cFileNotFoundException
if the configuration can not be loaded
public static cRequestValidator
# getInstance( )

Returns the instance of this class.

Returns the instance of this class.

Returns

cRequestValidator
public boolean
# checkParams( )

Checks every given parameter. Parameters which aren't defined in config.http_check.php are considered to be fine

Checks every given parameter. Parameters which aren't defined in config.http_check.php are considered to be fine

Returns

boolean
True if every parameter is fine
public boolean
# checkGetParams( )

Checks GET parameters only.

Checks GET parameters only.

Returns

boolean
True if every parameter is fine

See

cRequestValidator::checkParams()
public boolean
# checkPostParams( )

Checks POST parameters only.

Checks POST parameters only.

Returns

boolean
True if every parameter is fine

See

cRequestValidator::checkParams()
public boolean
# checkParameter( string $type, string $key, mixed $value )

Checks a single parameter.

Checks a single parameter.

Parameters

$type
string
$type GET or POST
$key
string
$key the key of the parameter
$value
mixed
$value the value of the parameter

Returns

boolean
True if the parameter is fine

See

cRequestValidator::checkParams()
public string
# getBadParameter( )

Returns the first bad parameter

Returns the first bad parameter

Returns

string
the key of the bad parameter
protected
# logHackTrial( )

Writes a log entry containing information about the request which led to the halt of the execution

Writes a log entry containing information about the request which led to the halt of the execution
protected boolean
# checkArray( array $arr, string $type )

Checks an array for validity.

Checks an array for validity.

Parameters

$arr
array
the array which has to be checked
$type
string
GET or POST

Returns

boolean
true if everything is fine.
Constants summary
string CHECK_INTEGER '/^[0-9]*$/'
#

Regexp for integers.

Regexp for integers.
string CHECK_PRIMITIVESTRING '/^[a-zA-Z0-9 -_]*$/'
#

Regexp for primitive strings.

Regexp for primitive strings.
string CHECK_STRING '/^[\w0-9 -_]*$/'
#

Regexp for strings.

Regexp for strings.
string CHECK_HASH32 '/^[a-zA-Z0-9]{32}$/'
#

Regexp for 32 character hash.

Regexp for 32 character hash.
string CHECK_BELANG '/^[a-z]{2}_[A-Z]{2}$/'
#

Regexp for valid belang values.

Regexp for valid belang values.
string CHECK_AREASTRING '/^[a-zA-Z_]*$/'
#

Regexp for valid area values.

Regexp for valid area values.
string CHECK_PATHSTRING '!([*]*\/)|(dbfs:\/[*]*)|(dbfs:)|(^)$!'
#

Regexp for validating file upload paths.

Regexp for validating file upload paths.
Properties summary
private static cRequestValidator $_instance NULL
#

Instance of this class

Instance of this class
protected string $_logPath
#

Path and filename of logfile

Path and filename of logfile
protected boolean $_log true
#

Flag whether to write log or not.

Flag whether to write log or not.
protected string $_configPath
#

Path to config file.

Path to config file.
protected array $_check array()
#

Array with all possible parameters and parameter formats. Structure has to be:

Array with all possible parameters and parameter formats. Structure has to be:

$check['GET']['param1'] = VALIDATE_FORMAT;
$check['POST']['param2'] = VALIDATE_FORMAT;

Possible formats are defined as constants in top of these class file.
protected array $_blacklist array()
#

Array with forbidden parameters. If any of these is set the request will be invalid

Array with forbidden parameters. If any of these is set the request will be invalid
protected string $_failure ''
#

Contains first invalid parameter name.

Contains first invalid parameter name.
protected string $_mode ''
#

Current mode

Current mode
CMS CONTENIDO 4.9.5 API documentation generated by ApiGen 2.8.0