public static function sanitize($value) { if (is_array($value) or is_object($value)) { foreach ($value as $key => $val) { $value[$key] = Kohana::sanitize($val); } } elseif (is_string($value)) { if (Kohana::$magic_quotes === TRUE) { $value = stripslashes($value); } if (strpos($value, "\r") !== FALSE) { $value = str_replace(array("\r\n", "\r"), "\n", $value); } } return $value; }
/** * Pre determine error display logic */ public function before($template = NULL) { parent::before(); // Sub requests only! if (!$this->request->is_initial()) { if ($message = rawurldecode($this->request->param('message'))) { $this->_message = $message; } if ($requested_page = rawurldecode($this->request->param('origuri'))) { $this->_requested_page = $requested_page; } } else { // This one was directly requested, don't allow $this->request->action(404); // Set the requested page accordingly $this->_requested_page = Arr::get($_SERVER, 'REQUEST_URI'); } //sanitize the url.... $this->_requested_page = Kohana::sanitize($this->_requested_page); $this->response->status((int) $this->request->action()); }
/** * Override * Recursively sanitizes an input variable: * * - Strips slashes if magic quotes are enabled * - Normalizes all newlines to LF * * @param mixed $value any variable * @return mixed sanitized variable */ public static function sanitize($value) { if (is_array($value) or is_object($value)) { foreach ($value as $key => $val) { // Recursively clean each value $value[$key] = Kohana::sanitize($val); } } elseif (is_string($value)) { if (Kohana::$magic_quotes === TRUE) { // Remove slashes added by magic quotes $value = stripslashes($value); } if (strpos($value, "\r") !== FALSE) { // Standardize newlines $value = str_replace(array("\r\n", "\r"), "\n", $value); } //Added strip tags $value = strip_tags($value); } return $value; }
/** * Tests Kohana::santize() * * @test * @dataProvider provider_sanitize * @covers Kohana::sanitize * @param boolean $value Input for Kohana::sanitize * @param boolean $result Output for Kohana::sanitize */ public function test_sanitize($value, $result) { $this->setEnvironment(array('Kohana::$magic_quotes' => TRUE)); $this->assertSame($result, Kohana::sanitize($value)); }
public function action_index() { if (!$this->model_name or $this->model_name === 'App') { $services = array(); $models = $this->models; $models[] = 'User'; foreach ($models as $model) { $url = Kohana::$base_url . 'api/' . strtolower($model) . '/'; $services[$model] = $url; } return $this->json($services); } $method = $this->request->post('_method'); $method = $method ? $method : $this->request->method(); if ($method === Request::POST or $method === Request::PUT) { $body_vars = (array) @json_decode($this->request->body()); $body_vars = Kohana::sanitize($body_vars); $values = Arr::merge($this->request->post(), $body_vars); parse_str(file_get_contents('php://input'), $php_vars); $php_vars = Kohana::sanitize($php_vars); $values = Arr::merge($values, $php_vars); if ($this->request->param('id')) { $values['id'] = $this->request->param('id'); } $this->save($values); } else { if ($method === Request::GET) { $this->get(); } else { if ($method === Request::DELETE) { $this->delete(); } } } }
private function eval_search($photos = NULL, $users = NULL, $tags = NULL, $type = 'user') { if (empty($photos) && !empty($users)) { return 'user'; } else { if (empty($photos) && !empty($tags)) { return 'tag'; } else { return Kohana::sanitize($type); } } }