This function is automatically called when {@link getRequestVar()} is called,
so you should not normally have to use it.
This function should be used when outputting data that isn't escaped and was
obtained from the user (for example when using the |raw twig filter on goal names).
_NOTE: Sanitized input should not be used directly in an SQL query; SQL placeholders
should still be used._
**Implementation Details**
- htmlspecialchars is used to escape text.
- Single quotes are not escaped so **Piwik's amazing community** will still be
**Piwik's amazing community**.
- Use of the magic_quotes setting will not break this method.
- Boolean, numeric and null values are not modified.
public static sanitizeInputValues ( mixed $value, boolean $alreadyStripslashed = false ) : mixed | ||
$value | mixed | The variable to be sanitized. If an array is supplied, the contents of the array will be sanitized recursively. The keys of the array will also be sanitized. |
$alreadyStripslashed | boolean | Implementation detail, ignore. |
Résultat | mixed | The sanitized value. |
/** * Returns the javascript tag for the given idSite. * This tag must be included on every page to be tracked by Piwik * * @param int $idSite * @param string $piwikUrl * @param bool $mergeSubdomains * @param bool $groupPageTitlesByDomain * @param bool $mergeAliasUrls * @param bool $visitorCustomVariables * @param bool $pageCustomVariables * @param bool $customCampaignNameQueryParam * @param bool $customCampaignKeywordParam * @param bool $doNotTrack * @param bool $disableCookies * @return string The Javascript tag ready to be included on the HTML pages */ public function getJavascriptTag($idSite, $piwikUrl = '', $mergeSubdomains = false, $groupPageTitlesByDomain = false, $mergeAliasUrls = false, $visitorCustomVariables = false, $pageCustomVariables = false, $customCampaignNameQueryParam = false, $customCampaignKeywordParam = false, $doNotTrack = false, $disableCookies = false) { Piwik::checkUserHasViewAccess($idSite); if (empty($piwikUrl)) { $piwikUrl = SettingsPiwik::getPiwikUrl(); } $piwikUrl = Common::sanitizeInputValues($piwikUrl); $htmlEncoded = Piwik::getJavascriptCode($idSite, $piwikUrl, $mergeSubdomains, $groupPageTitlesByDomain, $mergeAliasUrls, $visitorCustomVariables, $pageCustomVariables, $customCampaignNameQueryParam, $customCampaignKeywordParam, $doNotTrack, $disableCookies); $htmlEncoded = str_replace(array('<br>', '<br />', '<br/>'), '', $htmlEncoded); return $htmlEncoded; }
/** * @dataProvider getInputValues */ public function testSanitizeInputValues($input, $output) { if (version_compare(PHP_VERSION, '5.4') < 0) { $this->assertTrue(@set_magic_quotes_runtime(1)); $this->assertEquals(1, @get_magic_quotes_runtime()); $this->assertEquals($output, Common::sanitizeInputValues($input)); $this->assertTrue(@set_magic_quotes_runtime(0)); $this->assertEquals(0, @get_magic_quotes_runtime()); } $this->assertEquals($output, Common::sanitizeInputValues($input)); }
public function sendMessage($content, $fromAdmin = false, $idAutoMsg = false) { $hexVisitorId = Common::convertVisitorIdToBin($this->idvisitor); $sanitizeContent = Common::sanitizeInputValues($content); $additionnalParams = ""; $microtime = microtime(true); $arguments = array($this->idsite, $hexVisitorId, $sanitizeContent, $microtime); if ($idAutoMsg) { $additionnalParams .= ", idautomsg = ?"; $arguments[] = $idAutoMsg; } if ($fromAdmin) { $additionnalParams .= ", answerfrom = ?"; $arguments[] = $fromAdmin; } $queryResult = Db::query("INSERT INTO " . Common::prefixTable('chat') . " SET idsite = ?, idvisitor = ?, content = ?, microtime = ?{$additionnalParams}", $arguments); if (!$fromAdmin) { ChatAcknowledgment::setLastSent($this->idsite, $this->idvisitor, $microtime); //ChatMail::sendNotificationToAdmin($this->idsite, $this->idvisitor, $sanitizeContent); } $insertedRow = Db::fetchRow("SELECT idmessage,microtime FROM " . Common::prefixTable('chat') . " WHERE idvisitor = ? AND microtime = ?", array($hexVisitorId, $microtime)); return $insertedRow; }
/** * @todo This method is weird, it's debugging statements but seem to only work for the tracker, maybe it * should be moved elsewhere */ public static function printDebug($info = '') { if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) { if (!headers_sent()) { // prevent XSS in tracker debug output header('Content-type: text/plain'); } if (is_object($info)) { $info = var_export($info, true); } if (is_array($info) || is_object($info)) { $info = Common::sanitizeInputValues($info); $out = var_export($info, true); foreach (explode("\n", $out) as $line) { echo $line . "\n"; } } else { foreach (explode("\n", $info) as $line) { echo $line . "\n"; } } } }
public static function printDebug($info = '') { if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) { if (is_object($info)) { $info = var_export($info, true); } Log::getInstance()->setLogLevel(Log::DEBUG); if (is_array($info) || is_object($info)) { $info = Common::sanitizeInputValues($info); $out = var_export($info, true); foreach (explode("\n", $out) as $line) { Log::debug($line); } } else { foreach (explode("\n", $info) as $line) { Log::debug(htmlspecialchars($line, ENT_QUOTES)); } } } }
public static function printDebug($info = '') { if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) { if (is_object($info)) { $info = var_export($info, true); } if (is_array($info)) { print "<pre>"; $info = Common::sanitizeInputValues($info); $out = var_export($info, true); echo $out; print "</pre>"; } else { print htmlspecialchars($info, ENT_QUOTES) . "<br />\n"; } } }
/** * @todo This method is weird, it's debugging statements but seem to only work for the tracker, maybe it * should be moved elsewhere */ public static function printDebug($info = '') { if (isset($GLOBALS['PIWIK_TRACKER_DEBUG']) && $GLOBALS['PIWIK_TRACKER_DEBUG']) { if (!headers_sent()) { // prevent XSS in tracker debug output Common::sendHeader('Content-type: text/plain'); } if (is_object($info)) { $info = var_export($info, true); } $logger = StaticContainer::get('Psr\\Log\\LoggerInterface'); if (is_array($info) || is_object($info)) { $info = Common::sanitizeInputValues($info); $out = var_export($info, true); foreach (explode("\n", $out) as $line) { $logger->debug($line); } } else { foreach (explode("\n", $info) as $line) { $logger->debug($line); } } } }