From 51f88f2d6294c325cee8b22cc41f7279c832976a Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 17 Oct 2005 04:08:34 +0000 Subject: [PATCH] - Moved rendition of API::do_clean() to ISSO::clean() - Added input_clean_array() and input_clean() --- api.php | 87 +----------------------------------------- kernel.php | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 85 deletions(-) diff --git a/api.php b/api.php index 6343c41..595d08f 100644 --- a/api.php +++ b/api.php @@ -26,43 +26,8 @@ * @package ISSO */ -if (!defined('TYPE_INT')) +if (!defined('REQ_YES')) { - /** - * Integer type - */ - define('TYPE_INT', 1); - - /** - * Unsigned integer - */ - define('TYPE_UINT', 2); - - /** - * Float type - */ - define('TYPE_FLOAT', 4); - - /** - * Boolean type - */ - define('TYPE_BOOL', 8); - - /** - * String - cleaned - */ - define('TYPE_STR', 16); - - /** - * String - deliberate unclean - */ - define('TYPE_STRUN', 32); - - /** - * No cleaning - */ - define('TYPE_NOCLEAN', 64); - /** * Yes, required */ @@ -171,7 +136,7 @@ class API return; } - $this->values["$field"] = ($doclean ? $this->do_clean($value, $this->fields["$field"][0]) : $value); + $this->values["$field"] = ($doclean ? $this->registry->clean($value, $this->fields["$field"][0]) : $value); $this->setfields[] = $field; @@ -387,54 +352,6 @@ class API return true; } - - /** - * Cleans a value based on the field option - * - * @param mixed Uncleaned data - * @param integer Cleaning type - * - * @return mixed Cleaned data - */ - function do_clean($value, $type) - { - if ($type == TYPE_INT) - { - $value = intval($value); - } - else if ($type == TYPE_UINT) - { - $value = abs(intval($value)); - } - else if ($type == TYPE_FLOAT) - { - $value = floatval($value); - } - else if ($type == TYPE_BOOL) - { - $value = (bool)$value; - } - else if ($type == TYPE_STR) - { - if (!$this->registry->escapestrings) - { - $value = $this->registry->escape($value); - } - } - else if ($type == TYPE_STRUN) - { - $value = $this->registry->unsanitize($value); - } - else if ($type == TYPE_NOCLEAN) - { - } - else - { - trigger_error('Invalid clean type `' . $type . '` specified', E_USER_ERROR); - } - - return $value; - } } /*=====================================================================*\ diff --git a/kernel.php b/kernel.php index 5ef8bc3..dbff5f9 100644 --- a/kernel.php +++ b/kernel.php @@ -86,6 +86,41 @@ if ((bool)ini_get('register_globals') === true) } } +/** +* Integer type +*/ +define('TYPE_INT', 1); + +/** +* Unsigned integer +*/ +define('TYPE_UINT', 2); + +/** +* Float type +*/ +define('TYPE_FLOAT', 4); + +/** +* Boolean type +*/ +define('TYPE_BOOL', 8); + +/** +* String - cleaned +*/ +define('TYPE_STR', 16); + +/** +* String - deliberate unclean +*/ +define('TYPE_STRUN', 32); + +/** +* No cleaning - here for use in API +*/ +define('TYPE_NOCLEAN', 64); + /** * Iris Studios Shared Object Framework (ISSO) * @@ -544,6 +579,79 @@ class Shared_Object_Framework } } + /** + * Sanitize function for something other than a string (which everything is sanitized for if you use exec_sanitize_data(). + * Cleaned data is placed back into $isso->in; this makes it so you don't have to constantly intval() [etc.] data + * + * @param array Array of elements to clean as varname => type + */ + function input_clean_array($vars) + { + foreach ($vars AS $varname => $type) + { + $this->input_clean($varname, $type); + } + } + + /** + * Sanitize function that does a single variable as oppoesd to an array (see input_clean_array() for more details) + * + * @param string Variable name in $isso->in[] + * @param integer Sanitization type constant + */ + function input_clean($varname, $type) + { + $this->in["$varname"] = $this->clean($this->in["$varname"], $type); + } + + /** + * Cleaning function that does the work for input_clean(); this is moved here so it can be used to clean things that aren't in $isso->in[] + * + * @param mixed Data + * @param integer Sanitization type constant + * + * @return mixed Cleaned data + */ + function clean($value, $type) + { + if ($type == TYPE_INT) + { + $value = intval($value); + } + else if ($type == TYPE_UINT) + { + $value = abs(intval($value)); + } + else if ($type == TYPE_FLOAT) + { + $value = floatval($value); + } + else if ($type == TYPE_BOOL) + { + $value = (bool)$value; + } + else if ($type == TYPE_STR) + { + if (!$this->escapestrings) + { + $value = $this->escape($value); + } + } + else if ($type == TYPE_STRUN) + { + $value = $this->unsanitize($value); + } + else if ($type == TYPE_NOCLEAN) + { + } + else + { + trigger_error('Invalid clean type `' . $type . '` specified', E_USER_ERROR); + } + + return $value; + } + /** * Checks to see if a POST refer is actually from us */ -- 2.43.5