/** * Takes an array and wraps it inside an object. If $strict is not set to * FALSE, the original array will be destroyed, and the data can only be * accessed via the object's accessor methods * * @param array $source * @param boolean $strict * @return Inspekt_Cage * * @static */ public static function Factory(&$source, $strict = TRUE) { if (!is_array($source)) { Inspekt_Error::raiseError('$source is not an array', E_USER_ERROR); } $cage = new Inspekt_Cage(); $cage->_setSource($source); if ($strict) { $source = NULL; } return $cage; }
/** * Takes an array and wraps it inside an object. If $strict is not set to * FALSE, the original array will be destroyed, and the data can only be * accessed via the object's accessor methods * * @param array $source * @param string $conf_file * @param string $conf_section * @param boolean $strict * @return Inspekt_Cage * * @static */ function Factory(&$source, $conf_file = NULL, $conf_section = NULL, $strict = TRUE) { if (!is_array($source)) { user_error('$source ' . $source . ' is not an array', E_USER_NOTICE); } $cage = new Inspekt_Cage(); $cage->_setSource($source); $cage->_parseAndApplyAutoFilters($conf_file, $conf_section); if ($strict) { $source = NULL; } return $cage; }
/** * Takes an array and wraps it inside an object. If $strict is not set to * FALSE, the original array will be destroyed, and the data can only be * accessed via the object's accessor methods * * @param array $source * @param string $conf_file * @param string $conf_section * @param boolean $strict * @return Inspekt_Cage * * @static */ public static function Factory(&$source, $conf_file = NULL, $conf_section = NULL, $strict = TRUE) { if (!is_array($source)) { Inspekt_Error::raiseError('$source ' . $source . ' is not an array', E_USER_WARNING); } $cage = new Inspekt_Cage(); $cage->_setSource($source); $cage->_parseAndApplyAutoFilters($conf_file, $conf_section); if ($strict) { $source = NULL; } return $cage; }
/** * This function validates the form. if simple calls * Zend_Filter_Input::isValid(), but capture the result. if the result is * success, it creates the Inspekt cage around the input before returning * true. */ public function isValid() { if (!parent::isValid()) { return false; } else { $this->_clean = Inspekt_Cage::Factory($this->_validFields); return true; } }
public function addAccessor($name) { $this->get->addAccessor($name); $this->post->addAccessor($name); $this->cookie->addAccessor($name); $this->env->addAccessor($name); $this->files->addAccessor($name); // $this->session->addAccessor($name); $this->server->addAccessor($name); }
/** * Returns the $_SESSION data wrapped in an Inspekt_Cage object * * This utilizes a singleton pattern to get around scoping issues * * @param boolean $strict whether or not to nullify the superglobal array * @return Inspekt_Cage * @static */ public static function makeSessionCage($strict = TRUE) { /** * @staticvar $_instance */ static $_instance; if (!isset($_instance)) { $_instance = Inspekt_Cage::Factory($_SESSION, $strict); } $GLOBALS['HTTP_SESSION_VARS'] = NULL; return $_instance; }
/** * Returns the $_FILES data wrapped in an Inspekt_Cage object * * This utilizes a singleton pattern to get around scoping issues * * @param string $config_file * @param boolean $strict whether or not to nullify the superglobal array * @return Inspekt_Cage * @static */ public static function makeFilesCage($config_file = NULL, $strict = TRUE) { /** * @staticvar $_instance */ static $_instance; if (!isset($_instance)) { $_instance = Inspekt_Cage::Factory($_FILES, $config_file, '_FILES', $strict); } $GLOBALS['HTTP_POST_FILES'] = NULL; return $_instance; }
/** * missing */ public function testTestZip4() { $this->assertFalse($this->cage->testZip('non-existant')); }
echo "</pre>\n"; ?> <h2>Inspekt::getROT13($d)</h2> <?php $newd = Inspekt::getROT13($d); echo "<pre>"; echo var_dump($newd); echo "</pre>\n"; ?> <h2>Create a cage for the array</h2> <?php $d_cage = Inspekt_Cage::Factory($d); ?> <h2>$d_cage->getAlpha('/x/woot/ultimate')</h2> <?php echo "<pre>"; echo var_dump($d_cage->getAlpha('/x/woot/ultimate')); echo "</pre>\n"; ?> <h2>$d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0')</h2> <?php echo "<pre>"; echo var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));
/** * Sets up the fixture, for example, opens a network connection. * This method is called before a test is executed. * * @access protected */ protected function setUp() { $inputarray['html'] = '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">'; $this->cage = Inspekt_Cage::Factory($array); }
* @return string|array * @author Ed Finkler */ protected function inspekt($val) { return preg_replace("/\\s+/", '', $val); } } $superCage = Inspekt::makeSuperCage(); $superCage->addAccessor('testUsername'); $superCage->addAccessor('noWhitespace'); $rs = $superCage->server->testUsername('GIT_EDITOR'); var_dump($rs); $rs = $superCage->server->noWhitespace('MANPATH'); var_dump($rs); /* Now let's take an arbitrary cage */ $d = array(); $d['input'] = '<img id="475">yes</img>'; $d['lowascii'] = ' '; $d[] = array('foo', 'bar<br />', 'yes<P>', 1776); $d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>'); $dc = Inspekt_Cage::Factory($d); /* Sad that we have to re-add, but it's done on a cage-by-cage basis */ $dc->addAccessor('testUsername'); $dc->addAccessor('noWhitespace'); $rs = $dc->noWhitespace('x'); var_dump($rs);
/** * */ public function testGetRaw2() { //test that found key returns matching value $this->assertEquals($this->cage->getRaw('html'), '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">'); }
<?php require_once '../Inspekt.php'; $inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>', 'arstechnica' => file_get_contents('./htmlpurifier_example_ars.html'), 'google' => file_get_contents('./htmlpurifier_example_google.html'), 'imorecords' => file_get_contents('./htmlpurifier_example_imorecords.html'), 'soup' => file_get_contents('./htmlpurifier_example_soup.html')); var_dump($inputarray); /* * build our cage */ $cage = Inspekt_Cage::Factory($inputarray); /* * set options to disable caching. This will slow down HTMLPurifer, but for the * sake of this example, we'll turn it off. You should set the cache path with * 'Cache.SerializerPath' in a production situation to a server-writable folder */ $opts['Cache.DefinitionImpl'] = null; /* * because we don't assume you have HTMLPurifer installed, you have to load it * manually. we pass NULL as the first param because we don't need to point to * where HTMLPurifier is installed -- it's already in our include path via PEAR. * If you don't have it in your include path, give the full path to the file * you want to include */ $cage->loadHTMLPurifier(null, $opts); $cleanHTML = $cage->getPurifiedHTML('html'); echo "<hr>"; echo "<h2>xss</h2>"; var_dump($cleanHTML['xss']); echo "<h2>bad_nesting</h2>"; var_dump($cleanHTML['bad_nesting']); echo "<h2>arstechnica</h2>"; echo "<pre>";