/**
* Sanitize a variable.
*
* @param string $input
* @param string $type
* @return string|false
*/
public static function sanitize($input, $type)
{
switch ($type) {
// Escape HTML special characters.
case 'escape':
if (!utf8_check($input)) {
return false;
}
return escape($input);
// Strip all HTML tags.
// Strip all HTML tags.
case 'strip':
if (!utf8_check($input)) {
return false;
}
return escape(strip_tags($input));
// Clean up HTML content to prevent XSS attacks.
// Clean up HTML content to prevent XSS attacks.
case 'html':
if (!utf8_check($input)) {
return false;
}
return Filters\HTMLFilter::clean($input);
// Clean up the input to be used as a safe filename.
// Clean up the input to be used as a safe filename.
case 'filename':
if (!utf8_check($input)) {
return false;
}
return Filters\FilenameFilter::clean($input);
// Unknown filters return false.
// Unknown filters return false.
default:
return false;
}
}
/**
* This method encodes a UTF-8 filename for downloading in the current visitor's browser.
*
* @param string $filename
* @param string $ua (optional)
* @return string
*/
public static function encodeFilenameForDownload($filename, $ua = null)
{
// Get the User-Agent header if the caller did not specify $ua.
$ua = $ua ?: (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null);
// Get the browser name and version.
$browser = self::getBrowserInfo($ua);
// Find the best format that this browser supports.
if ($browser->browser === 'Chrome' && $browser->version >= 11) {
$output_format = 'rfc5987';
} elseif ($browser->browser === 'Firefox' && $browser->version >= 6) {
$output_format = 'rfc5987';
} elseif ($browser->browser === 'Safari' && $browser->version >= 6) {
$output_format = 'rfc5987';
} elseif ($browser->browser === 'IE' && $browser->version >= 10) {
$output_format = 'rfc5987';
} elseif ($browser->browser === 'Edge') {
$output_format = 'rfc5987';
} elseif ($browser->browser === 'IE') {
$output_format = 'old_ie';
} elseif ($browser->browser === 'Android' || $browser->browser === 'Chrome' || $browser->browser === 'Safari') {
$output_format = 'raw';
} else {
$output_format = 'old_ie';
}
// Clean the filename.
$filename = Filters\FilenameFilter::clean($filename);
// Apply the format and return.
switch ($output_format) {
case 'raw':
return 'filename="' . $filename . '"';
case 'rfc5987':
$filename = rawurlencode($filename);
return "filename*=UTF-8''" . $filename . '; filename="' . $filename . '"';
case 'old_ie':
default:
$filename = rawurlencode($filename);
return 'filename="' . preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1) . '"';
}
}
/**
* Convert a URL to a server-side path.
*
* This method returns false if the URL cannot be converted to a server-side path,
* e.g. if the URL belongs to an external domain.
*
* @param string $url
* @return string
*/
public static function toServerPath($url)
{
$url = self::getCanonicalURL($url);
if (!self::isInternalURL($url)) {
return false;
}
return Filters\FilenameFilter::cleanPath($_SERVER['DOCUMENT_ROOT'] . parse_url($url, \PHP_URL_PATH));
}
