\Pydio\Core\Utils\VarsInputFilter

Tools to clean inputs

Summary

Methods
Properties
Constants
securePath()
safeExplode()
detectXSS()
sanitize()
decodeSecureMagic()
parseFileDataErrors()
parseCSL()
magicDequote()
fromPostedFileName()
No public properties found
SANITIZE_HTML
SANITIZE_HTML_STRICT
SANITIZE_ALPHANUM
SANITIZE_EMAILCHARS
SANITIZE_FILENAME
SANITIZE_DIRNAME
No protected methods found
No protected properties found
N/A
No private methods found
No private properties found
N/A

Constants

SANITIZE_HTML

SANITIZE_HTML

SANITIZE_HTML_STRICT

SANITIZE_HTML_STRICT

SANITIZE_ALPHANUM

SANITIZE_ALPHANUM

SANITIZE_EMAILCHARS

SANITIZE_EMAILCHARS

SANITIZE_FILENAME

SANITIZE_FILENAME

SANITIZE_DIRNAME

SANITIZE_DIRNAME

Methods

securePath()

securePath(string  $path) : string

Remove all ".

./../" tentatives, replace double slashes

Parameters

string $path

Returns

string

safeExplode()

safeExplode(  $path) : array

Parameters

$path

Returns

array

detectXSS()

detectXSS(string  $string) : boolean

Given a string, this function will determine if it potentially an XSS attack and return boolean.

Parameters

string $string

The string to run XSS detection logic on

Returns

boolean —

True if the given $string contains XSS, false otherwise.

sanitize()

sanitize(string  $s, integer  $level = \Pydio\Core\Utils\Vars\InputFilter::SANITIZE_HTML, boolean  $throwException = false, string  $expand = 'script|style|noframes|select|option') : mixed|string

Function to clean a string from specific characters

Parameters

string $s
integer $level

Can be InputFilter::SANITIZE_ALPHANUM, InputFilter::SANITIZE_EMAILCHARS, InputFilter::SANITIZE_HTML, InputFilter::SANITIZE_HTML_STRICT

boolean $throwException
string $expand

Throws

\Pydio\Core\Exception\ForbiddenCharacterException

Returns

mixed|string

decodeSecureMagic()

decodeSecureMagic(  $data, integer  $sanitizeLevel = \Pydio\Core\Utils\Vars\InputFilter::SANITIZE_DIRNAME) : string

Perform standard urldecode, sanitization and securepath

Parameters

$data
integer $sanitizeLevel

Throws

\Pydio\Core\Exception\ForbiddenCharacterException

Returns

string

parseFileDataErrors()

parseFileDataErrors(array|\Psr\Http\Message\UploadedFileInterface  $boxData, boolean  $throwException = false) : array|null

Parse the $fileVars[] PHP errors

Parameters

array|\Psr\Http\Message\UploadedFileInterface $boxData
boolean $throwException

Throws

\Exception

Returns

array|null

parseCSL()

parseCSL(  $string, boolean  $hash = false) : array

Parse a Comma-Separated-Line value

Parameters

$string
boolean $hash

Returns

array

magicDequote()

magicDequote(string  $text) : string

This function is used when the server's PHP configuration is using magic quote

Parameters

string $text

Returns

string

fromPostedFileName()

fromPostedFileName(string  $filesystemElement) : string

call fromUTF8

Parameters

string $filesystemElement

Returns

string