PHP Class PMA\libraries\Sanitize

Afficher le fichier Open project: phpmyadmin/phpmyadmin Class Usage Examples

Méthodes publiques

Méthode Description
checkLink ( string $url, boolean $http = false, boolean $other = false ) : boolean Checks whether given link is valid
escapeJsString ( string $string ) : string escapes a string to be inserted as string a JavaScript block enclosed by
formatJsVal ( string $value ) : string Formats a value for javascript code.
getJsValue ( string $key, mixed $value, boolean $escape = true ) : string Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.
getJsValueForFormValidation ( string $key, string $value, boolean $addOn, boolean $comma ) : string Formats javascript assignment for form validation api with proper escaping of a value.
jsFormat ( string $a_string = '', boolean $add_backquotes = true ) : string Format a string so it can be a string inside JavaScript code inside an eventhandler (onclick, onchange, on.
printJsValue ( string $key, mixed $value ) : void Prints an javascript assignment with proper escaping of a value and support for assigning array of strings.
printJsValueForFormValidation ( string $key, string $value, boolean $addOn = false, boolean $comma = true ) : void Prints javascript assignment for form validation api with proper escaping of a value.
removeRequestVars ( &$whitelist ) : void Removes all variables from request except whitelisted ones.
replaceBBLink ( array $found ) : string Callback function for replacing [a@link@target] links in bb code.
replaceDocLink ( array $found ) : string Callback function for replacing [doc@anchor] links in bb code.
sanitize ( string $message, boolean $escape = false, boolean $safe = false ) : string Sanitizes $message, taking into account our special codes for formatting.
sanitizeFilename ( string $filename, boolean $replaceDots = false ) : string Sanitize a filename by removing anything besides legit characters

Method Details

escapeJsString() public static méthode

.. ]]> this requires only to escape ' with \' and end of script block We also remove NUL byte as some browsers (namely MSIE) ignore it and inserting it anywhere inside
public static escapeJsString ( string $string ) : string
$string string the string to be escaped
Résultat string the escaped string

formatJsVal() public static méthode

Formats a value for javascript code.
public static formatJsVal ( string $value ) : string
$value string String to be formatted.
Résultat string formatted value.

getJsValue() public static méthode

Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.
public static getJsValue ( string $key, mixed $value, boolean $escape = true ) : string
$key string Name of value to set
$value mixed Value to set, can be either string or array of strings
$escape boolean Whether to escape value or keep it as it is (for inclusion of js code)
Résultat string Javascript code.

getJsValueForFormValidation() public static méthode

Formats javascript assignment for form validation api with proper escaping of a value.
public static getJsValueForFormValidation ( string $key, string $value, boolean $addOn, boolean $comma ) : string
$key string Name of value to set
$value string Value to set
$addOn boolean Check if $.validator.format is required or not
$comma boolean Check if comma is required
Résultat string Javascript code.

jsFormat() public static méthode

.., ). This function is used to displays a javascript confirmation box for "DROP/DELETE/ALTER" queries.
public static jsFormat ( string $a_string = '', boolean $add_backquotes = true ) : string
$a_string string the string to format
$add_backquotes boolean whether to add backquotes to the string or not
Résultat string the formatted string

printJsValue() public static méthode

Prints an javascript assignment with proper escaping of a value and support for assigning array of strings.
public static printJsValue ( string $key, mixed $value ) : void
$key string Name of value to set
$value mixed Value to set, can be either string or array of strings
Résultat void

printJsValueForFormValidation() public static méthode

Prints javascript assignment for form validation api with proper escaping of a value.
public static printJsValueForFormValidation ( string $key, string $value, boolean $addOn = false, boolean $comma = true ) : void
$key string Name of value to set
$value string Value to set
$addOn boolean Check if $.validator.format is required or not
$comma boolean Check if comma is required
Résultat void

removeRequestVars() public static méthode

Removes all variables from request except whitelisted ones.
public static removeRequestVars ( &$whitelist ) : void
Résultat void

sanitize() public static méthode

If you want to include result in element attribute, you should escape it. Examples:

bar
public static sanitize ( string $message, boolean $escape = false, boolean $safe = false ) : string
$message string the message
$escape boolean whether to escape html in result
$safe boolean whether string is safe (can keep < and > chars)
Résultat string the sanitized message

sanitizeFilename() public static méthode

Intended usecase: When using a filename in a Content-Disposition header the value should not contain ; or " When exporting, avoiding generation of an unexpected double-extension file
public static sanitizeFilename ( string $filename, boolean $replaceDots = false ) : string
$filename string The filename
$replaceDots boolean Whether to also replace dots
Résultat string the sanitized filename