From 6854cb3f4d8219cf1829e32122eb2502a916eae9 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 1 Feb 2020 09:05:48 +0100 Subject: initial checkin --- includes/class.gpc.php | 257 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 257 insertions(+) create mode 100644 includes/class.gpc.php (limited to 'includes/class.gpc.php') diff --git a/includes/class.gpc.php b/includes/class.gpc.php new file mode 100644 index 0000000..88235ef --- /dev/null +++ b/includes/class.gpc.php @@ -0,0 +1,257 @@ + + * @license BSD + * @notes this intented to be used by Flyspray internals functions/methods + * please DO NOT use this in templates , if the code processing the input there + * is not safe, please fix the underlying problem. + */ +abstract class Filters { + /** + * give me a number only please? + * @param mixed $data + * @return int + * @access public static + * @notes changed before 0.9.9 to avoid strange results + * with arrays and objects + */ + public static function num($data) + { + return intval($data); // no further checks here please + } + + /** + * Give user input free from potentially mailicious html + * @param mixed $data + * @return string htmlspecialchar'ed + * @access public static + */ + public static function noXSS($data) + { + if(empty($data) || is_numeric($data)) { + return $data; + } elseif(is_string($data)) { + return htmlspecialchars($data, ENT_QUOTES, 'utf-8'); + } + return ''; + } + + /** + * Give user input free from potentially mailicious html and JS insertions + * @param mixed $data + * @return string + * @access public static + */ + public static function noJsXSS($data) + { + if(empty($data) || is_numeric($data)) { + return $data; + } elseif(is_string($data)) { + return Filters::noXSS(preg_replace("/[\x01-\x1F\x7F]|\xC2[\x80-\x9F]/", "", addcslashes($data, "\t\"'\\"))); + } + return ''; + } + + /** + * is $data alphanumeric eh ? + * @param string $data string value to check + * @return bool + * @access public static + * @notes unfortunately due to a bug in PHP < 5.1 + * http://bugs.php.net/bug.php?id=30945 ctype_alnum + * returned true on empty string, that's the reason why + * we have to use strlen too. + * + * Be aware: $data MUST be an string, integers or any other + * type is evaluated to FALSE + */ + public static function isAlnum($data) + { + return ctype_alnum($data) && strlen($data); + } + + /** + * Checks if $data is a value of $options and returns the first element of + * $options if it is not (for input validation if all possible values are known) + * @param mixed $data + * @param array $options + * @return mixed + * @access public static + */ + public static function enum($data, $options) + { + if (!in_array($data, $options) && isset($options[0])) { + return $options[0]; + } + + return $data; + } + + public static function escapeqs($qs) + { + parse_str($qs, $clean_qs); + return http_build_query($clean_qs); + } +} + +/** + * A basic function which works like the GPC classes above for any array + * @param array $array + * @param mixed $key + * @param mixed $default + * @return mixed + * @version 1.0 + * @since 0.9.9 + * @see Backend::get_task_list() + */ +function array_get(&$array, $key, $default = null) +{ + return (isset($array[$key])) ? $array[$key] : $default; +} -- cgit v1.2.3-70-g09d2