/**
* gets/returns the value of a specific key of the session
*
* @param mixed $key Usually a string, right ?
* @return mixed the key's value or nothing
*/
public static function get($key)
{
if (isset($_SESSION[$key])) {
$value = $_SESSION[$key];
// filter the value for XSS vulnerabilities
return Filter::XSSFilter($value);
}
}
/**
* gets/returns the value of a specific key of the session
*
* @param mixed $key Usually a string, right ?
* @return mixed the key's value or nothing
*/
public static function get($key)
{
if (isset($_SESSION[$key])) {
if (is_string($_SESSION[$key])) {
// filter the value for XSS vulnerabilities
Filter::XSSFilter($_SESSION[$key]);
return $_SESSION[$key];
} else {
return $_SESSION[$key];
}
}
}
/**
* gets/returns the value of a specific key of the session
*
* @param mixed $key Usually a string, right ?
* @return mixed the key's value or nothing
*/
public static function get($key)
{
if (isset($_SESSION[$key])) {
if (is_string($_SESSION[$key])) {
// filter the value for XSS vulnerabilities
if ($key == "Error-text") {
// Error-text is formatted, but set by the server. It is exempt from processing, which mangles it.
return $_SESSION[$key];
}
Filter::XSSFilter($_SESSION[$key]);
return $_SESSION[$key];
} else {
return $_SESSION[$key];
}
}
}
/**
* When argument contains bad code the encoded (and therefore un-dangerous) string should be returned
*/
public function testXSSFilterWithBadCode()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$this->assertEquals($codeAfter, Filter::XSSFilter($codeBefore));
}
