2015-03-27 02:00:01 +01:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
|
|
|
class Sanitize {
|
|
|
|
|
2019-10-12 11:35:35 +02:00
|
|
|
public static function removeTags($text) {
|
|
|
|
return strip_tags($text);
|
|
|
|
}
|
2015-06-28 01:28:22 +02:00
|
|
|
|
|
|
|
// Convert special characters to HTML entities
|
2015-03-27 02:00:01 +01:00
|
|
|
public static function html($text)
|
|
|
|
{
|
2015-06-27 05:51:43 +02:00
|
|
|
$flags = ENT_COMPAT;
|
|
|
|
|
2018-01-17 15:57:00 +01:00
|
|
|
if (defined('ENT_HTML5')) {
|
2015-06-27 05:51:43 +02:00
|
|
|
$flags = ENT_COMPAT|ENT_HTML5;
|
|
|
|
}
|
|
|
|
|
|
|
|
return htmlspecialchars($text, $flags, CHARSET);
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-06-28 01:28:22 +02:00
|
|
|
// Convert special HTML entities back to characters
|
|
|
|
public static function htmlDecode($text)
|
|
|
|
{
|
|
|
|
$flags = ENT_COMPAT;
|
|
|
|
|
|
|
|
if(defined('ENT_HTML5')) {
|
|
|
|
$flags = ENT_COMPAT|ENT_HTML5;
|
|
|
|
}
|
|
|
|
|
|
|
|
return htmlspecialchars_decode($text, $flags);
|
|
|
|
}
|
|
|
|
|
2020-12-29 14:39:47 +01:00
|
|
|
/*
|
|
|
|
Check if the path exists, also check for path traversal.
|
2015-07-03 22:44:26 +02:00
|
|
|
|
2020-12-29 14:39:47 +01:00
|
|
|
@path string The path to check, could be a path with a file
|
|
|
|
|
2021-01-23 22:19:47 +01:00
|
|
|
@return boolean Returns TRUE if the path exists and is not path traversal, FALSE otherwise
|
2020-12-29 14:39:47 +01:00
|
|
|
*/
|
|
|
|
public static function pathFile($path)
|
|
|
|
{
|
2015-06-30 05:23:29 +02:00
|
|
|
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
|
2020-12-29 14:39:47 +01:00
|
|
|
$fullPath = str_replace('/', DS, $path);
|
2015-06-30 05:23:29 +02:00
|
|
|
|
2019-03-10 18:27:24 +01:00
|
|
|
if (CHECK_SYMBOLIC_LINKS) {
|
2016-02-06 21:35:12 +01:00
|
|
|
$real = realpath($fullPath);
|
2019-03-10 18:27:24 +01:00
|
|
|
} else {
|
2016-02-06 21:35:12 +01:00
|
|
|
$real = file_exists($fullPath)?$fullPath:false;
|
|
|
|
}
|
2015-03-27 02:00:01 +01:00
|
|
|
|
2020-12-29 14:39:47 +01:00
|
|
|
// If $real is FALSE the path doesn't exist
|
2019-03-10 18:27:24 +01:00
|
|
|
if ($real===false) {
|
2015-03-27 02:00:01 +01:00
|
|
|
return false;
|
2015-06-30 05:23:29 +02:00
|
|
|
}
|
2015-03-27 02:00:01 +01:00
|
|
|
|
2020-12-29 14:39:47 +01:00
|
|
|
// If the $real path doesn't start with the systemPath then this is Path Traversal
|
2019-03-10 18:27:24 +01:00
|
|
|
if (strpos($fullPath, $real)!==0) {
|
2015-03-27 02:00:01 +01:00
|
|
|
return false;
|
2015-06-30 05:23:29 +02:00
|
|
|
}
|
2015-03-27 02:00:01 +01:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-10-20 05:14:28 +02:00
|
|
|
// Returns the email without illegal characters.
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function email($email)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
2015-08-04 05:10:12 +02:00
|
|
|
return( filter_var($email, FILTER_SANITIZE_EMAIL) );
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function url($url)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
2015-08-04 05:10:12 +02:00
|
|
|
return( filter_var($url, FILTER_SANITIZE_URL) );
|
2015-03-27 02:00:01 +01:00
|
|
|
}
|
|
|
|
|
2015-08-04 05:10:12 +02:00
|
|
|
public static function int($value)
|
2015-03-27 02:00:01 +01:00
|
|
|
{
|
|
|
|
$value = (int)$value;
|
|
|
|
|
|
|
|
if($value>=0)
|
|
|
|
return $value;
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-11-01 19:38:56 +01:00
|
|
|
}
|