/** * Sanitize a variable. * * @param string $input * @param string $type * @return string|false */ public static function sanitize($input, $type) { switch ($type) { // Escape HTML special characters. case 'escape': if (!utf8_check($input)) { return false; } return escape($input); // Strip all HTML tags. // Strip all HTML tags. case 'strip': if (!utf8_check($input)) { return false; } return escape(strip_tags($input)); // Clean up HTML content to prevent XSS attacks. // Clean up HTML content to prevent XSS attacks. case 'html': if (!utf8_check($input)) { return false; } return Filters\HTMLFilter::clean($input); // Clean up the input to be used as a safe filename. // Clean up the input to be used as a safe filename. case 'filename': if (!utf8_check($input)) { return false; } return Filters\FilenameFilter::clean($input); // Unknown filters return false. // Unknown filters return false. default: return false; } }
/** * This method encodes a UTF-8 filename for downloading in the current visitor's browser. * * @param string $filename * @param string $ua (optional) * @return string */ public static function encodeFilenameForDownload($filename, $ua = null) { // Get the User-Agent header if the caller did not specify $ua. $ua = $ua ?: (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null); // Get the browser name and version. $browser = self::getBrowserInfo($ua); // Find the best format that this browser supports. if ($browser->browser === 'Chrome' && $browser->version >= 11) { $output_format = 'rfc5987'; } elseif ($browser->browser === 'Firefox' && $browser->version >= 6) { $output_format = 'rfc5987'; } elseif ($browser->browser === 'Safari' && $browser->version >= 6) { $output_format = 'rfc5987'; } elseif ($browser->browser === 'IE' && $browser->version >= 10) { $output_format = 'rfc5987'; } elseif ($browser->browser === 'Edge') { $output_format = 'rfc5987'; } elseif ($browser->browser === 'IE') { $output_format = 'old_ie'; } elseif ($browser->browser === 'Android' || $browser->browser === 'Chrome' || $browser->browser === 'Safari') { $output_format = 'raw'; } else { $output_format = 'old_ie'; } // Clean the filename. $filename = Filters\FilenameFilter::clean($filename); // Apply the format and return. switch ($output_format) { case 'raw': return 'filename="' . $filename . '"'; case 'rfc5987': $filename = rawurlencode($filename); return "filename*=UTF-8''" . $filename . '; filename="' . $filename . '"'; case 'old_ie': default: $filename = rawurlencode($filename); return 'filename="' . preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1) . '"'; } }
/** * Convert a URL to a server-side path. * * This method returns false if the URL cannot be converted to a server-side path, * e.g. if the URL belongs to an external domain. * * @param string $url * @return string */ public static function toServerPath($url) { $url = self::getCanonicalURL($url); if (!self::isInternalURL($url)) { return false; } return Filters\FilenameFilter::cleanPath($_SERVER['DOCUMENT_ROOT'] . parse_url($url, \PHP_URL_PATH)); }