Jeff PHP framework  0.99
Modular, extensible, OOP, MVC, lightweight php framework designed to ease the programmers in the development of web applications.
varFilters.php
Go to the documentation of this file.
00001 <?php
00013 /*
00014  * Input filters
00015  */
00016 
00026 function cleanVar($var, $type, $opts=array()) {
00027         return $var;
00028 }
00029 
00041 function cleanInput($method, $name, $type, $opts=array()) {
00042 
00043         $db = db::instance();
00044 
00045         $flags = array();
00046         $filter_opts = null;
00047 
00048         if($method=='get') $method_string = INPUT_GET;
00049         elseif($method=='post') $method_string = INPUT_POST;
00050         elseif($method=='request') $method_string = INPUT_REQUEST;
00051 
00052         if($type=='date' || $type=='datetime') {
00053                 if($type=='date' && !preg_match("#^\d{4}-\d{2}-\d{2}$#", $_REQUEST[$name])) return null;
00054                 if($type=='datetime' && !preg_match("#^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$#", $_REQUEST[$name])) return null;
00055                 $type = 'string';
00056         }
00057 
00058         if($type=='string' || $type=='email' || $type=='html') {
00059                 if($type=='email' && !preg_match("#^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$#i", $_REQUEST[$name])) return null;
00060 
00061                 if($type=='email') $filter = FILTER_SANITIZE_EMAIL;
00062                 elseif($type=='html') { $filter = FILTER_CALLBACK; $filter_opts = "sanitizeHtml"; }
00063                 else $filter = FILTER_SANITIZE_STRING;
00064 
00065                 $flags[] = FILTER_FLAG_NO_ENCODE_QUOTES;
00066                 $type = 'string';
00067         }
00068         elseif($type=='int') $filter = FILTER_SANITIZE_NUMBER_INT;
00069         elseif($type=='float') {
00070                 $filter = FILTER_SANITIZE_NUMBER_FLOAT;
00071                 $flags[] = FILTER_FLAG_ALLOW_FRACTION;
00072         }
00073 
00074         $f = null;
00075         $tot = count($flags);
00076         if($tot)  
00077                 for($i=0;$i<$tot;$i++) 
00078                         $f = $i ? $f | $flags[$i] : $flags[0];
00079 
00080         $options = array("flags"=>$f);
00081         if($filter_opts) $options["options"] = $filter_opts;
00082 
00083 
00084         $input = filter_input($method_string, $name, $filter, $options);
00085 
00086         if(get_magic_quotes_gpc()) $input = stripslashes($input);       // magic_quotes_gpc = On
00087 
00088         if(is_null($filter)) exit($input);
00089         settype($input, $type);
00090 
00091         if(!(gOpt($opts, 'escape', true)===false)) {
00092                 $input = $db->escapeString($input);
00093         }
00094 
00095         return $input;
00096 
00097 }
00098 
00110 function cleanInputArray($method, $name, $type=null, $opts=array()) {
00111         
00112         $db = db::instance();
00113 
00114         $flags = array(FILTER_REQUIRE_ARRAY);
00115 
00116         if($method=='get') $method_string = INPUT_GET;
00117         elseif($method=='post') $method_string = INPUT_POST;
00118         elseif($method=='request') $method_string = INPUT_REQUEST;
00119 
00120         if($type=='string') {
00121                 $filter = FILTER_SANITIZE_STRING;
00122                 $flags[] = FILTER_FLAG_NO_ENCODE_QUOTES;
00123         }
00124         elseif($type=='int') $filter = FILTER_SANITIZE_NUMBER_INT;
00125         elseif($type=='float') {
00126                 $filter = FILTER_SANITIZE_NUMBER_FLOAT;
00127                 $flags[] = FILTER_FLAG_ALLOW_FRACTION;
00128         }
00129         else $filter = FILTER_SANITIZE_STRING;
00130 
00131         $f = null;
00132         $tot = count($flags);
00133         if($tot)  
00134                 for($i=0;$i<$tot;$i++) 
00135                         $f = $i ? $f | $flags[$i] : $flags[0];
00136 
00137         $options = array("flags"=>$f);
00138 
00139         $input = filter_input($method_string, $name, $filter, $options);
00140 
00141         if(!(gOpt($opts, 'escape', true)===false) && count($input)) 
00142                 foreach($input as $k=>$in) {
00143                         if(get_magic_quotes_gpc()) $input[$k] = stripslashes($in);      // magic_quotes_gpc = On
00144                         $input[$k] = $db->escapeString($in);
00145                 }
00146 
00147         return $input;
00148 
00149 }
00150 
00158 function sanitizeHtml($html) {
00159 
00160         // strip dangerous tags here
00161         return $html;
00162 
00163 }
00164 
00165 /*
00166  * Output filters
00167  */
00168 
00176 function htmlVar($string) {
00177         return $string;
00178 }
00179 
00186 function htmlInput($string) {
00187         $string = preg_replace('#"#', '&#34;', $string);
00188         return $string;
00189 }
00190 
00199 function jsVar($string) {
00200 
00201         $string = preg_replace("#\n|\r|\t#", "", $string);
00202         $string = preg_replace("#'#", "\'", $string);
00203         $string = preg_replace("/&#039;/", "\'", $string);
00204         $string = preg_replace("#\"#", "\'", $string);
00205         
00206         return $string;
00207 }
00208 
00209 ?>