/**
* Takes an array and wraps it inside an object. If $strict is not set to
* FALSE, the original array will be destroyed, and the data can only be
* accessed via the object's accessor methods
*
* @param array $source
* @param boolean $strict
* @return Inspekt_Cage
*
* @static
*/
public static function Factory(&$source, $strict = TRUE)
{
if (!is_array($source)) {
Inspekt_Error::raiseError('$source is not an array', E_USER_ERROR);
}
$cage = new Inspekt_Cage();
$cage->_setSource($source);
if ($strict) {
$source = NULL;
}
return $cage;
}
/**
* Takes an array and wraps it inside an object. If $strict is not set to
* FALSE, the original array will be destroyed, and the data can only be
* accessed via the object's accessor methods
*
* @param array $source
* @param string $conf_file
* @param string $conf_section
* @param boolean $strict
* @return Inspekt_Cage
*
* @static
*/
function Factory(&$source, $conf_file = NULL, $conf_section = NULL, $strict = TRUE)
{
if (!is_array($source)) {
user_error('$source ' . $source . ' is not an array', E_USER_NOTICE);
}
$cage = new Inspekt_Cage();
$cage->_setSource($source);
$cage->_parseAndApplyAutoFilters($conf_file, $conf_section);
if ($strict) {
$source = NULL;
}
return $cage;
}
/**
* Takes an array and wraps it inside an object. If $strict is not set to
* FALSE, the original array will be destroyed, and the data can only be
* accessed via the object's accessor methods
*
* @param array $source
* @param string $conf_file
* @param string $conf_section
* @param boolean $strict
* @return Inspekt_Cage
*
* @static
*/
public static function Factory(&$source, $conf_file = NULL, $conf_section = NULL, $strict = TRUE)
{
if (!is_array($source)) {
Inspekt_Error::raiseError('$source ' . $source . ' is not an array', E_USER_WARNING);
}
$cage = new Inspekt_Cage();
$cage->_setSource($source);
$cage->_parseAndApplyAutoFilters($conf_file, $conf_section);
if ($strict) {
$source = NULL;
}
return $cage;
}
/**
* This function validates the form. if simple calls
* Zend_Filter_Input::isValid(), but capture the result. if the result is
* success, it creates the Inspekt cage around the input before returning
* true.
*/
public function isValid()
{
if (!parent::isValid()) {
return false;
} else {
$this->_clean = Inspekt_Cage::Factory($this->_validFields);
return true;
}
}
public function addAccessor($name)
{
$this->get->addAccessor($name);
$this->post->addAccessor($name);
$this->cookie->addAccessor($name);
$this->env->addAccessor($name);
$this->files->addAccessor($name);
// $this->session->addAccessor($name);
$this->server->addAccessor($name);
}
/**
* Returns the $_SESSION data wrapped in an Inspekt_Cage object
*
* This utilizes a singleton pattern to get around scoping issues
*
* @param boolean $strict whether or not to nullify the superglobal array
* @return Inspekt_Cage
* @static
*/
public static function makeSessionCage($strict = TRUE)
{
/**
* @staticvar $_instance
*/
static $_instance;
if (!isset($_instance)) {
$_instance = Inspekt_Cage::Factory($_SESSION, $strict);
}
$GLOBALS['HTTP_SESSION_VARS'] = NULL;
return $_instance;
}
/**
* Returns the $_FILES data wrapped in an Inspekt_Cage object
*
* This utilizes a singleton pattern to get around scoping issues
*
* @param string $config_file
* @param boolean $strict whether or not to nullify the superglobal array
* @return Inspekt_Cage
* @static
*/
public static function makeFilesCage($config_file = NULL, $strict = TRUE)
{
/**
* @staticvar $_instance
*/
static $_instance;
if (!isset($_instance)) {
$_instance = Inspekt_Cage::Factory($_FILES, $config_file, '_FILES', $strict);
}
$GLOBALS['HTTP_POST_FILES'] = NULL;
return $_instance;
}
/**
* missing
*/
public function testTestZip4()
{
$this->assertFalse($this->cage->testZip('non-existant'));
}
echo "</pre>\n";
?>
<h2>Inspekt::getROT13($d)</h2>
<?php
$newd = Inspekt::getROT13($d);
echo "<pre>";
echo var_dump($newd);
echo "</pre>\n";
?>
<h2>Create a cage for the array</h2>
<?php
$d_cage = Inspekt_Cage::Factory($d);
?>
<h2>$d_cage->getAlpha('/x/woot/ultimate')</h2>
<?php
echo "<pre>";
echo var_dump($d_cage->getAlpha('/x/woot/ultimate'));
echo "</pre>\n";
?>
<h2>$d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0')</h2>
<?php
echo "<pre>";
echo var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));
/**
* Sets up the fixture, for example, opens a network connection.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
$inputarray['html'] = '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
$this->cage = Inspekt_Cage::Factory($array);
}
* @return string|array
* @author Ed Finkler
*/
protected function inspekt($val)
{
return preg_replace("/\\s+/", '', $val);
}
}
$superCage = Inspekt::makeSuperCage();
$superCage->addAccessor('testUsername');
$superCage->addAccessor('noWhitespace');
$rs = $superCage->server->testUsername('GIT_EDITOR');
var_dump($rs);
$rs = $superCage->server->noWhitespace('MANPATH');
var_dump($rs);
/*
Now let's take an arbitrary cage
*/
$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = ' ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>');
$dc = Inspekt_Cage::Factory($d);
/*
Sad that we have to re-add, but it's done on a cage-by-cage basis
*/
$dc->addAccessor('testUsername');
$dc->addAccessor('noWhitespace');
$rs = $dc->noWhitespace('x');
var_dump($rs);
/**
*
*/
public function testGetRaw2()
{
//test that found key returns matching value
$this->assertEquals($this->cage->getRaw('html'), '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">');
}
<?php
require_once '../Inspekt.php';
$inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>', 'arstechnica' => file_get_contents('./htmlpurifier_example_ars.html'), 'google' => file_get_contents('./htmlpurifier_example_google.html'), 'imorecords' => file_get_contents('./htmlpurifier_example_imorecords.html'), 'soup' => file_get_contents('./htmlpurifier_example_soup.html'));
var_dump($inputarray);
/*
* build our cage
*/
$cage = Inspekt_Cage::Factory($inputarray);
/*
* set options to disable caching. This will slow down HTMLPurifer, but for the
* sake of this example, we'll turn it off. You should set the cache path with
* 'Cache.SerializerPath' in a production situation to a server-writable folder
*/
$opts['Cache.DefinitionImpl'] = null;
/*
* because we don't assume you have HTMLPurifer installed, you have to load it
* manually. we pass NULL as the first param because we don't need to point to
* where HTMLPurifier is installed -- it's already in our include path via PEAR.
* If you don't have it in your include path, give the full path to the file
* you want to include
*/
$cage->loadHTMLPurifier(null, $opts);
$cleanHTML = $cage->getPurifiedHTML('html');
echo "<hr>";
echo "<h2>xss</h2>";
var_dump($cleanHTML['xss']);
echo "<h2>bad_nesting</h2>";
var_dump($cleanHTML['bad_nesting']);
echo "<h2>arstechnica</h2>";
echo "<pre>";
