PHP Class PMA\libraries\Sanitize

Mostrar archivo Open project: phpmyadmin/phpmyadmin Class Usage Examples

Public Methods

Method Description
checkLink ( string $url, boolean $http = false, boolean $other = false ) : boolean Checks whether given link is valid
escapeJsString ( string $string ) : string escapes a string to be inserted as string a JavaScript block enclosed by
formatJsVal ( string $value ) : string Formats a value for javascript code.
getJsValue ( string $key, mixed $value, boolean $escape = true ) : string Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.
getJsValueForFormValidation ( string $key, string $value, boolean $addOn, boolean $comma ) : string Formats javascript assignment for form validation api with proper escaping of a value.
jsFormat ( string $a_string = '', boolean $add_backquotes = true ) : string Format a string so it can be a string inside JavaScript code inside an eventhandler (onclick, onchange, on.
printJsValue ( string $key, mixed $value ) : void Prints an javascript assignment with proper escaping of a value and support for assigning array of strings.
printJsValueForFormValidation ( string $key, string $value, boolean $addOn = false, boolean $comma = true ) : void Prints javascript assignment for form validation api with proper escaping of a value.
removeRequestVars ( &$whitelist ) : void Removes all variables from request except whitelisted ones.
replaceBBLink ( array $found ) : string Callback function for replacing [a@link@target] links in bb code.
replaceDocLink ( array $found ) : string Callback function for replacing [doc@anchor] links in bb code.
sanitize ( string $message, boolean $escape = false, boolean $safe = false ) : string Sanitizes $message, taking into account our special codes for formatting.
sanitizeFilename ( string $filename, boolean $replaceDots = false ) : string Sanitize a filename by removing anything besides legit characters

Method Details

escapeJsString() public static method

.. ]]> this requires only to escape ' with \' and end of script block We also remove NUL byte as some browsers (namely MSIE) ignore it and inserting it anywhere inside
public static escapeJsString ( string $string ) : string
$string string the string to be escaped
return string the escaped string

formatJsVal() public static method

Formats a value for javascript code.
public static formatJsVal ( string $value ) : string
$value string String to be formatted.
return string formatted value.

getJsValue() public static method

Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.
public static getJsValue ( string $key, mixed $value, boolean $escape = true ) : string
$key string Name of value to set
$value mixed Value to set, can be either string or array of strings
$escape boolean Whether to escape value or keep it as it is (for inclusion of js code)
return string Javascript code.

getJsValueForFormValidation() public static method

Formats javascript assignment for form validation api with proper escaping of a value.
public static getJsValueForFormValidation ( string $key, string $value, boolean $addOn, boolean $comma ) : string
$key string Name of value to set
$value string Value to set
$addOn boolean Check if $.validator.format is required or not
$comma boolean Check if comma is required
return string Javascript code.

jsFormat() public static method

.., ). This function is used to displays a javascript confirmation box for "DROP/DELETE/ALTER" queries.
public static jsFormat ( string $a_string = '', boolean $add_backquotes = true ) : string
$a_string string the string to format
$add_backquotes boolean whether to add backquotes to the string or not
return string the formatted string

printJsValue() public static method

Prints an javascript assignment with proper escaping of a value and support for assigning array of strings.
public static printJsValue ( string $key, mixed $value ) : void
$key string Name of value to set
$value mixed Value to set, can be either string or array of strings
return void

printJsValueForFormValidation() public static method

Prints javascript assignment for form validation api with proper escaping of a value.
public static printJsValueForFormValidation ( string $key, string $value, boolean $addOn = false, boolean $comma = true ) : void
$key string Name of value to set
$value string Value to set
$addOn boolean Check if $.validator.format is required or not
$comma boolean Check if comma is required
return void

removeRequestVars() public static method

Removes all variables from request except whitelisted ones.
public static removeRequestVars ( &$whitelist ) : void
return void

sanitize() public static method

If you want to include result in element attribute, you should escape it. Examples:

bar
public static sanitize ( string $message, boolean $escape = false, boolean $safe = false ) : string
$message string the message
$escape boolean whether to escape html in result
$safe boolean whether string is safe (can keep < and > chars)
return string the sanitized message

sanitizeFilename() public static method

Intended usecase: When using a filename in a Content-Disposition header the value should not contain ; or " When exporting, avoiding generation of an unexpected double-extension file
public static sanitizeFilename ( string $filename, boolean $replaceDots = false ) : string
$filename string The filename
$replaceDots boolean Whether to also replace dots
return string the sanitized filename