sanitizeInputValues() public static method

This function is automatically called when {@link getRequestVar()} is called, so you should not normally have to use it. This function should be used when outputting data that isn't escaped and was obtained from the user (for example when using the |raw twig filter on goal names). _NOTE: Sanitized input should not be used directly in an SQL query; SQL placeholders should still be used._ **Implementation Details** - htmlspecialchars is used to escape text. - Single quotes are not escaped so **Piwik's amazing community** will still be **Piwik's amazing community**. - Use of the magic_quotes setting will not break this method. - Boolean, numeric and null values are not modified.
public static sanitizeInputValues ( mixed $value, boolean $alreadyStripslashed = false ) : mixed
$value mixed The variable to be sanitized. If an array is supplied, the contents of the array will be sanitized recursively. The keys of the array will also be sanitized.
$alreadyStripslashed boolean Implementation detail, ignore.
return mixed The sanitized value.
Common Class Documentation
Ejemplo n.º 1
0
 /**
  * Returns the javascript tag for the given idSite.
  * This tag must be included on every page to be tracked by Piwik
  *
  * @param int $idSite
  * @param string $piwikUrl
  * @param bool $mergeSubdomains
  * @param bool $groupPageTitlesByDomain
  * @param bool $mergeAliasUrls
  * @param bool $visitorCustomVariables
  * @param bool $pageCustomVariables
  * @param bool $customCampaignNameQueryParam
  * @param bool $customCampaignKeywordParam
  * @param bool $doNotTrack
  * @param bool $disableCookies
  * @return string The Javascript tag ready to be included on the HTML pages
  */
 public function getJavascriptTag($idSite, $piwikUrl = '', $mergeSubdomains = false, $groupPageTitlesByDomain = false, $mergeAliasUrls = false, $visitorCustomVariables = false, $pageCustomVariables = false, $customCampaignNameQueryParam = false, $customCampaignKeywordParam = false, $doNotTrack = false, $disableCookies = false)
 {
     Piwik::checkUserHasViewAccess($idSite);
     if (empty($piwikUrl)) {
         $piwikUrl = SettingsPiwik::getPiwikUrl();
     }
     $piwikUrl = Common::sanitizeInputValues($piwikUrl);
     $htmlEncoded = Piwik::getJavascriptCode($idSite, $piwikUrl, $mergeSubdomains, $groupPageTitlesByDomain, $mergeAliasUrls, $visitorCustomVariables, $pageCustomVariables, $customCampaignNameQueryParam, $customCampaignKeywordParam, $doNotTrack, $disableCookies);
     $htmlEncoded = str_replace(array('<br>', '<br />', '<br/>'), '', $htmlEncoded);
     return $htmlEncoded;
 }
Ejemplo n.º 2
0
 /**
  * @dataProvider getInputValues
  */
 public function testSanitizeInputValues($input, $output)
 {
     if (version_compare(PHP_VERSION, '5.4') < 0) {
         $this->assertTrue(@set_magic_quotes_runtime(1));
         $this->assertEquals(1, @get_magic_quotes_runtime());
         $this->assertEquals($output, Common::sanitizeInputValues($input));
         $this->assertTrue(@set_magic_quotes_runtime(0));
         $this->assertEquals(0, @get_magic_quotes_runtime());
     }
     $this->assertEquals($output, Common::sanitizeInputValues($input));
 }
Ejemplo n.º 3
0
 public function sendMessage($content, $fromAdmin = false, $idAutoMsg = false)
 {
     $hexVisitorId = Common::convertVisitorIdToBin($this->idvisitor);
     $sanitizeContent = Common::sanitizeInputValues($content);
     $additionnalParams = "";
     $microtime = microtime(true);
     $arguments = array($this->idsite, $hexVisitorId, $sanitizeContent, $microtime);
     if ($idAutoMsg) {
         $additionnalParams .= ", idautomsg = ?";
         $arguments[] = $idAutoMsg;
     }
     if ($fromAdmin) {
         $additionnalParams .= ", answerfrom = ?";
         $arguments[] = $fromAdmin;
     }
     $queryResult = Db::query("INSERT INTO " . Common::prefixTable('chat') . " SET idsite = ?, idvisitor = ?, content = ?, microtime = ?{$additionnalParams}", $arguments);
     if (!$fromAdmin) {
         ChatAcknowledgment::setLastSent($this->idsite, $this->idvisitor, $microtime);
         //ChatMail::sendNotificationToAdmin($this->idsite, $this->idvisitor, $sanitizeContent);
     }
     $insertedRow = Db::fetchRow("SELECT idmessage,microtime FROM " . Common::prefixTable('chat') . " WHERE idvisitor = ? AND microtime = ?", array($hexVisitorId, $microtime));
     return $insertedRow;
 }
Ejemplo n.º 4
0
 /**
  * @todo This method is weird, it's debugging statements but seem to only work for the tracker, maybe it
  * should be moved elsewhere
  */
 public static function printDebug($info = '')
 {
     if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) {
         if (!headers_sent()) {
             // prevent XSS in tracker debug output
             header('Content-type: text/plain');
         }
         if (is_object($info)) {
             $info = var_export($info, true);
         }
         if (is_array($info) || is_object($info)) {
             $info = Common::sanitizeInputValues($info);
             $out = var_export($info, true);
             foreach (explode("\n", $out) as $line) {
                 echo $line . "\n";
             }
         } else {
             foreach (explode("\n", $info) as $line) {
                 echo $line . "\n";
             }
         }
     }
 }
Ejemplo n.º 5
0
 public static function printDebug($info = '')
 {
     if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) {
         if (is_object($info)) {
             $info = var_export($info, true);
         }
         Log::getInstance()->setLogLevel(Log::DEBUG);
         if (is_array($info) || is_object($info)) {
             $info = Common::sanitizeInputValues($info);
             $out = var_export($info, true);
             foreach (explode("\n", $out) as $line) {
                 Log::debug($line);
             }
         } else {
             foreach (explode("\n", $info) as $line) {
                 Log::debug(htmlspecialchars($line, ENT_QUOTES));
             }
         }
     }
 }
Ejemplo n.º 6
0
 public static function printDebug($info = '')
 {
     if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) {
         if (is_object($info)) {
             $info = var_export($info, true);
         }
         if (is_array($info)) {
             print "<pre>";
             $info = Common::sanitizeInputValues($info);
             $out = var_export($info, true);
             echo $out;
             print "</pre>";
         } else {
             print htmlspecialchars($info, ENT_QUOTES) . "<br />\n";
         }
     }
 }
Ejemplo n.º 7
0
 /**
  * @todo This method is weird, it's debugging statements but seem to only work for the tracker, maybe it
  * should be moved elsewhere
  */
 public static function printDebug($info = '')
 {
     if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) {
         if (!headers_sent()) {
             // prevent XSS in tracker debug output
             Common::sendHeader('Content-type: text/plain');
         }
         if (is_object($info)) {
             $info = var_export($info, true);
         }
         $logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
         if (is_array($info) || is_object($info)) {
             $info = Common::sanitizeInputValues($info);
             $out = var_export($info, true);
             foreach (explode("\n", $out) as $line) {
                 $logger->debug($line);
             }
         } else {
             foreach (explode("\n", $info) as $line) {
                 $logger->debug($line);
             }
         }
     }
 }