Overview

Packages

  • CONTENIDO
  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentRssCreator
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
    • ScriptCookieDirective
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob
  • Smarty
    • Cacher
    • Compiler
    • Config
    • Debug
    • PluginsBlock
    • PluginsFilter
    • PluginsFunction
    • PluginsInternal
    • PluginsModifier
    • PluginsModifierCompiler
    • PluginsShared
    • Security
    • Template
    • TemplateResources
  • Swift
    • ByteStream
    • CharacterStream
    • Encoder
    • Events
    • KeyCache
    • Mailer
    • Mime
    • Plugins
    • Transport

Classes

  • cRequestValidator
  • cSecurity
  • cUpdateNotifier
  • Overview
  • Package
  • Class
  • Todo
  • Download

Class cRequestValidator

Class to check get and post variables

Package: Core\Security
Copyright: four for business AG <www.4fb.de>
License: http://www.contenido.org/license/LIZENZ.txt
Author: Mischa Holz, Andreas Kummer
Located at classes/class.requestvalidator.php
Methods summary
private
# __construct( )

The constructor sets up the singleton object and reads the config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.php' It also reads existing local config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.local.php'

The constructor sets up the singleton object and reads the config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.php' It also reads existing local config from 'data/config/' . CON_ENVIRONMENT . '/config.http_check.local.php'

Throws

cFileNotFoundException
if the configuration can not be loaded
public static cRequestValidator
# getInstance( )

Returns the instance of this class.

Returns the instance of this class.

Returns

cRequestValidator
public boolean
# checkParams( )

Checks every given parameter. Parameters which aren't defined in config.http_check.php are considered to be fine

Checks every given parameter. Parameters which aren't defined in config.http_check.php are considered to be fine

Returns

boolean
True if every parameter is fine
public boolean
# checkGetParams( )

Checks GET parameters only.

Checks GET parameters only.

Returns

boolean
True if every parameter is fine

See

cRequestValidator::checkParams()
public boolean
# checkPostParams( )

Checks POST parameters only.

Checks POST parameters only.

Returns

boolean
True if every parameter is fine

See

cRequestValidator::checkParams()
public boolean
# checkParameter( string $type, string $key, mixed $value )

Checks a single parameter.

Checks a single parameter.

Parameters

$type
GET or POST
$key
the key of the parameter
$value
the value of the parameter

Returns

boolean
True if the parameter is fine

See

cRequestValidator::checkParams()
public string
# getBadParameter( )

Returns the first bad parameter

Returns the first bad parameter

Returns

string
the key of the bad parameter
protected
# logHackTrial( )

Writes a log entry containing information about the request which led to the halt of the execution

Writes a log entry containing information about the request which led to the halt of the execution
protected boolean
# checkArray( array $arr, string $type )

Checks an array for validity.

Checks an array for validity.

Parameters

$arr
array which has to be checked
$type
or POST

Returns

boolean
true if everything is fine.
Constants summary
string CHECK_INTEGER

Regexp for integers.

Regexp for integers.
# '/^[0-9]*$/'
string CHECK_PRIMITIVESTRING

Regexp for primitive strings.

Regexp for primitive strings.
# '/^[a-zA-Z0-9 -_]*$/'
string CHECK_STRING

Regexp for strings.

Regexp for strings.
# '/^[\w0-9 -_]*$/'
string CHECK_HASH32

Regexp for 32 character hash.

Regexp for 32 character hash.
# '/^[a-zA-Z0-9]{32}$/'
string CHECK_BELANG

Regexp for valid belang values.

Regexp for valid belang values.
# '/^[a-z]{2}_[A-Z]{2}$/'
string CHECK_AREASTRING

Regexp for valid area values.

Regexp for valid area values.
# '/^[a-zA-Z_]*$/'
string CHECK_PATHSTRING

Regexp for validating file upload paths.

Regexp for validating file upload paths.
# '!([*]*\/)|(dbfs:\/[*]*)|(dbfs:)|(^)$!'
Properties summary
private static cRequestValidator $_instance

Instance of this class

Instance of this class
# NULL
protected string $_logPath

Path and filename of logfile

Path and filename of logfile
#
protected boolean $_log

Flag whether to write log or not.

Flag whether to write log or not.
# true
protected string $_configPath

Path to config file.

Path to config file.
#
protected array $_check

Array with all possible parameters and parameter formats. Structure has to be:

Array with all possible parameters and parameter formats. Structure has to be:

$check['GET']['param1'] = VALIDATE_FORMAT;
$check['POST']['param2'] = VALIDATE_FORMAT;

Possible formats are defined as constants in top of these class file.
# array()
protected array $_blacklist

Array with forbidden parameters. If any of these is set the request will be invalid

Array with forbidden parameters. If any of these is set the request will be invalid
# array()
protected string $_failure

Contains first invalid parameter name.

Contains first invalid parameter name.
# ''
protected string $_mode

Current mode

Current mode
# ''
CMS CONTENIDO 4.9.7 API documentation generated by ApiGen