private function createRegexReplace(&$arrReplace)
{
for ($i = 0; $i < count($arrReplace); ++$i) {
$arrReplace[$i] = CSecure::filterData($arrReplace[$i],
"encodehtmlentities");
}
}
public function get($paramStr, $filter = NULL)
{
$value = $this->m_cParam->extractValue($paramStr);
/* Filtere den wert */
if (isset($filter) == true) {
CSecure::filterData($value, $filter);
}
/* gebe wert zurück */
return $value;
}
private function useFilterOnRow(&$arrRow)
{
/* use filter over all fields */
foreach ($arrRow as $key => &$value) {
/* basics: decode sql inject code */
CSecure::decodeSqlInject($value);
/* if it set a filter for this field */
if (isset($this->m_outPut) == true and
array_key_exists($key, $this->m_outPut)) {
CSecure::filterData($value, $this->m_outPut[$key]);
}
}
}
public function setPageSession()
{
$arrSess = &$this->m_cPage->getSession();
if (isset($arrSess) == false) {
return;
}
for ($i = 0; $i <= $arrSess["setsession"]["xmlMulti"]; ++$i) {
$sess = &$arrSess["setsession"][$i];
$getName = &$sess["xmlAttribute"]["sessname"];
$value = $this->m_cParam->extractValue($sess["xmlValue"]);
/* if filter is set, use it! */
if (array_key_exists("filter", $sess["xmlAttribute"]) == true) {
$filter = &$sess["xmlAttribute"]["filter"];
CSecure::filterData($value, $filter);
}
/*-
* If you use a key for protect the value */
$key = "";
if (array_key_exists("key", $sess["xmlAttribute"]) == true) {
$key = $sess["xmlAttribute"]["key"];
/* if key is set put without value, use syskey! */
if (empty($key) == true) {
$key = $this->m_cConfig->m_config["systemkey"]["xmlValue"];
}
}
/* set data to session */
$this->setSessionValue($getName, $value, $key);
}
}
private function updateActiveEvent()
{
foreach ($this->m_eventParam as $event => &$param) {
try {
$value = $this->m_cParam->extractValue($param["value"]);
/* soll es mit valid geprüft werden? */
if (array_key_exists("valid", $param) == true) {
CSecure::validData($value, $param["valid"]);
$this->m_activeEvent[$event] = true;
}
/*-
* sonst, event ist aktive wenn wert nicht empty() */
else {
if (empty($value) == false) {
$this->m_activeEvent[$event] = true;
}
}
}
catch(CError $error) {
/* mache nichts, warscheindlich sind daten noch nicht abrufbar
* Zeige nur den ERROR_PARAM_INVALID, da dort wohl ein fehler ist,
* und nie erfolgreich sein wird */
if ($error->m_errCode == ERROR_PARAM_INVALID) {
throw $error;
}
}
}
}
public function extractValue($value, $filter = NULL, $isSql = false)
{
$return = "";
/*-
* ist es eine funktion? Erkennt man am OBJ->FUNCT::ARG */
if (preg_match("/^\w+->.+$/", $value) == 1) {
/* verwandle es zurück in den Style OBJ::FUNCT::ARG */
$tmpVal = preg_replace("/^(\w+)->(.+)$/", "$1::$2", $value);
$arrParts = preg_split("/::/", $tmpVal);
switch(strtoupper($arrParts[0])) {
case "FORM" :
$return = $this->functFromCForm($arrParts);
break;
case "MODEL" :
$return = $this->functFromCModel($arrParts);
break;
case "USER" :
$return = $this->functFromCUser($arrParts);
break;
case "AUTH" :
$return = $this->functFromCAuthentification($arrParts);
break;
case "PAGE" :
$return = $this->functFromCPage($arrParts);
break;
default :
throw new CError(ERROR_PARAM_INVALID, array($arrParts[0], $value));
}
}
/*-
* es ist ein wert. Erkennung: OBJ::ARG1::ARGX */
else {
$arrParts = preg_split("/::/", $value);
switch ($arrParts[0]) {
case "GET" :
$return = $this->extrFromCGlob($arrParts);
break;
case "POST" :
$return = $this->extrFromCGlob($arrParts);
break;
case "TMP" :
$return = $this->extrFromCGlob($arrParts);
break;
case "SESSION" :
$return = $this->extrFromCSession($arrParts);
break;
case "USER" :
$return = $this->extrFromCUser($arrParts);
break;
case "MODEL" :
$return = $this->extrFromCModel($arrParts);
break;
case "FORM" :
$return = $this->extrFromCForm($arrParts);
break;
case "STATIC" :
$return = $arrParts[1];
break;
case "EVENT" :
$return = $this->extrFromCEvent($arrParts);
break;
case "ACCESS" :
$return = $this->extrFromCAccess($arrParts);
break;
default :
throw new CError(ERROR_PARAM_INVALID, array($arrParts[0], $value));
}
}
/*-
* is the value are a SQL statment, make the string sql incet secure
*/
if (isSql == true) {
CSecure::encodeSqlInject($return);
}
/* if a filter is defined, use it! */
if (isset($filter) == true) {
CSecure::filterData($return, $filter);
}
return $return;
}
public function setPageGet()
{
if (isset($this->m_getXml) == false) {
return;
}
if (array_key_exists("setget", $this->m_getXml) == false) {
return;
}
for ($i = 0; $i <= $this->m_getXml["setget"]["xmlMulti"]; ++$i) {
$key = $this->getKey($this->m_getXml["setget"][$i]["xmlAttribute"]);
$getName = &$this->m_getXml["setget"][$i]["xmlAttribute"]["name"];
$value = $this->m_cParam->extractValue(
$this->m_getXml["setget"][$i]["xmlValue"]);
/* if filter is set, use it! */
if (array_key_exists("filter",
$this->m_getXml["setget"][$i]["xmlAttribute"]) == true) {
$filter = &$this->m_getXml["setget"][$i]["xmlAttribute"]["filter"];
CSecure::filterData($value, $filter);
}
/* set Get to glob */
$this->m_cGlob->setGet($getName, $value, $key);
}
}
