예제 #1
0
 private function createRegexReplace(&$arrReplace)
 {
   for ($i = 0; $i < count($arrReplace); ++$i) {
     $arrReplace[$i] = CSecure::filterData($arrReplace[$i], 
                                           "encodehtmlentities"); 
   }
 }
  public  function get($paramStr, $filter = NULL)
  {
    $value    = $this->m_cParam->extractValue($paramStr);

    /* Filtere den wert */
    if (isset($filter) == true) {
      CSecure::filterData($value, $filter);
    }

    /* gebe wert zurück */
    return $value;
  }
예제 #3
0
  private function useFilterOnRow(&$arrRow)
  {
    /* use filter over all fields */
    foreach ($arrRow as $key => &$value) {
      /* basics: decode sql inject code */
      CSecure::decodeSqlInject($value);

      /* if it set a filter for this field */
      if (isset($this->m_outPut) == true and 
          array_key_exists($key, $this->m_outPut)) {
        CSecure::filterData($value, $this->m_outPut[$key]);
      }
    }
  }
예제 #4
0
  public  function setPageSession()
  {
    $arrSess    = &$this->m_cPage->getSession();

    if (isset($arrSess) == false) {
      return;
    }

    for ($i = 0; $i <= $arrSess["setsession"]["xmlMulti"]; ++$i) {
      $sess     = &$arrSess["setsession"][$i];
      $getName  = &$sess["xmlAttribute"]["sessname"];
      $value    = $this->m_cParam->extractValue($sess["xmlValue"]);

      /* if filter is set, use it! */
      if (array_key_exists("filter", $sess["xmlAttribute"]) == true) {

        $filter  = &$sess["xmlAttribute"]["filter"];
        CSecure::filterData($value, $filter);
      }

      /*-
       * If you use a key for protect the value */
      $key      = "";
      if (array_key_exists("key", $sess["xmlAttribute"]) == true) {
        $key    = $sess["xmlAttribute"]["key"];

        /* if key is set put without value, use syskey! */
        if (empty($key) == true) {
          $key  = $this->m_cConfig->m_config["systemkey"]["xmlValue"];
        }
      }

      /* set data to session */
      $this->setSessionValue($getName, $value, $key);
    }
  }
예제 #5
0
  public  function extractValue($value, $filter = NULL, $isSql = false)
  {
    $return   = "";

    /*-
     * ist es eine funktion? Erkennt man am OBJ->FUNCT::ARG */
    if (preg_match("/^\w+->.+$/", $value) == 1) {
      /* verwandle es zurück in den Style OBJ::FUNCT::ARG */
      $tmpVal    = preg_replace("/^(\w+)->(.+)$/", "$1::$2", $value);
      $arrParts  = preg_split("/::/", $tmpVal);

      switch(strtoupper($arrParts[0])) {
        case "FORM"   :
          $return = $this->functFromCForm($arrParts);
          break;

        case "MODEL"  :
          $return = $this->functFromCModel($arrParts);
          break;

        case "USER"  :
          $return = $this->functFromCUser($arrParts);
          break;

        case "AUTH"  :
          $return = $this->functFromCAuthentification($arrParts);
          break;

        case "PAGE"               :
          $return = $this->functFromCPage($arrParts);
          break;

        default       :
          throw new CError(ERROR_PARAM_INVALID, array($arrParts[0], $value));
      }
    }
    /*-
     * es ist ein wert. Erkennung: OBJ::ARG1::ARGX */
    else {
      $arrParts = preg_split("/::/", $value);

      switch ($arrParts[0]) {
        case "GET"      : 
          $return = $this->extrFromCGlob($arrParts);
          break;

        case "POST"     :
          $return = $this->extrFromCGlob($arrParts);
          break;

        case "TMP"      :
          $return = $this->extrFromCGlob($arrParts);
          break;

        case "SESSION"  :
          $return = $this->extrFromCSession($arrParts);
          break;

        case "USER"     :
          $return = $this->extrFromCUser($arrParts);
          break;

        case "MODEL"    :
          $return = $this->extrFromCModel($arrParts);
          break;

        case "FORM"     :
          $return = $this->extrFromCForm($arrParts);
          break;

        case "STATIC"   :
          $return = $arrParts[1];
          break;

        case "EVENT"    :
          $return = $this->extrFromCEvent($arrParts);
          break;

        case "ACCESS"   :
          $return = $this->extrFromCAccess($arrParts);
          break;

        default         :
          throw new CError(ERROR_PARAM_INVALID, array($arrParts[0], $value));
      }
    }

    /*- 
     * is the value are a SQL statment, make the string sql incet secure 
     */
    if (isSql == true) {
      CSecure::encodeSqlInject($return);
    }

    /* if a filter is defined, use it! */
    if (isset($filter) == true) {
      CSecure::filterData($return, $filter);
    }

    return $return;
  }
예제 #6
0
  public  function setPageGet()
  {
    if (isset($this->m_getXml) == false) {
      return;
    }

    if (array_key_exists("setget", $this->m_getXml) == false) {
      return;
    }

    for ($i = 0; $i <= $this->m_getXml["setget"]["xmlMulti"]; ++$i) {
      $key      = $this->getKey($this->m_getXml["setget"][$i]["xmlAttribute"]);
      $getName  = &$this->m_getXml["setget"][$i]["xmlAttribute"]["name"];
      $value    = $this->m_cParam->extractValue(
        $this->m_getXml["setget"][$i]["xmlValue"]);

      /* if filter is set, use it! */
      if (array_key_exists("filter", 
        $this->m_getXml["setget"][$i]["xmlAttribute"]) == true) {

        $filter = &$this->m_getXml["setget"][$i]["xmlAttribute"]["filter"];
        CSecure::filterData($value, $filter);
      }

      /* set Get to glob */
      $this->m_cGlob->setGet($getName, $value, $key);
    }
  }