/** * @param string $context * @param string $value * @param string $name * @return string */ protected function filterVar($context, $value, $name) { if (preg_match('#^[A-Za-z0-9_.,-]*$#D', $value)) { return $value; } self::adjustPcreBacktrackLimit($value); $filteredValue = \CSecurityHtmlEntity::decodeString($value); $isValueChanged = false; foreach ($this->auditors as $auditName => $auditor) { if ($auditor->process($filteredValue)) { $this->isAuditorsTriggered = true; if ($this->isLogNeeded()) { $this->logVariable($value, $name, $auditName); } if ($this->isFilterAction()) { $isValueChanged = true; $filteredValue = $auditor->getFilteredValue(); } elseif ($this->isClearAction()) { $isValueChanged = true; $filteredValue = ''; break; } } } if ($isValueChanged) { $this->pushChangedVar($context, $value, $name); return $filteredValue; } else { return $value; } }
/** * @param $pValue * @param $pName * @return string */ protected function safeizeVar($pValue, $pName) { if (preg_match("/^[A-Za-z0-9_.,-]*\$/", $pValue)) { return $pValue; } self::AdjustPcreBacktrackLimit($pValue); $checkedValue = CSecurityHtmlEntity::decodeString($pValue); $bFound = false; foreach ($this->auditors as $auditName => $auditor) { if ($auditor->process($checkedValue)) { $bFound = true; $this->pushFoundVar($pValue, $pName); if ($this->isBlockNeeded()) { $this->blockCurrentUser(); } if ($this->isLogNeeded()) { $this->logVariable($pValue, $pName, $auditName); } if ($this->isFilterAction()) { $checkedValue = $auditor->getValidString(); } elseif ($this->isClearAction()) { $checkedValue = ""; break; } } } if ($bFound) { return $checkedValue; } else { return $pValue; } }