vBulletin 5.6.5 API

vB_Cleaner
in package
Uses vB_Trait_NoSerialize

Class to handle and sanitize variables from GET, POST and COOKIE etc

Tags
version

$Revision: 102963 $

date

$Date: 2019-09-27 16:13:07 -0700 (Fri, 27 Sep 2019) $

Table of Contents

CONVERT_KEYS  = 200
CONVERT_SINGLE  = 100
STR_NOHTML  = self::TYPE_NOHTML
TYPE_ARRAY  = 10
TYPE_ARRAY_ARRAY  = 110
TYPE_ARRAY_BINARY  = 112
TYPE_ARRAY_BOOL  = 101
TYPE_ARRAY_FILE  = self::TYPE_FILE
TYPE_ARRAY_INT  = 102
TYPE_ARRAY_KEYS_INT  = 202
TYPE_ARRAY_KEYS_STR  = 207
TYPE_ARRAY_NOHTML  = 109
TYPE_ARRAY_NOHTMLCOND  = 113
TYPE_ARRAY_NOTRIM  = 108
TYPE_ARRAY_NUM  = 104
TYPE_ARRAY_STR  = 107
TYPE_ARRAY_UINT  = 103
TYPE_ARRAY_UNIXTIME  = 106
TYPE_ARRAY_UNUM  = 105
TYPE_BINARY  = 12
TYPE_BOOL  = 1
TYPE_FILE  = 11
TYPE_INT  = 2
TYPE_NOCLEAN  = 0
TYPE_NOHTML  = 9
TYPE_NOHTMLCOND  = 13
TYPE_NOTRIM  = 8
TYPE_NUM  = 4
TYPE_STR  = 7
TYPE_UINT  = 3
TYPE_UNIXTIME  = 6
TYPE_UNUM  = 5
$superglobalLookup  : array<string|int, mixed>
Translation table for short superglobal name to long superglobal name
__construct()  : mixed
Constructor
__serialize()  : mixed
__sleep()  : mixed
__unserialize()  : mixed
__wakeup()  : mixed
clean()  : mixed
Makes a single variable safe to use and returns it
cleanArray()  : array<string|int, mixed>
Makes data in an array safe to use
xssClean()  : string
Removes HTML characters and potentially unsafe scripting words from a string
xssCleanUrl()  : string
Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.
doClean()  : mixed
Does the actual work to make a variable safe

Constants

CONVERT_KEYS

public mixed CONVERT_KEYS = 200

CONVERT_SINGLE

public mixed CONVERT_SINGLE = 100

STR_NOHTML

public mixed STR_NOHTML = self::TYPE_NOHTML

TYPE_ARRAY

public mixed TYPE_ARRAY = 10

TYPE_ARRAY_ARRAY

public mixed TYPE_ARRAY_ARRAY = 110

TYPE_ARRAY_BINARY

public mixed TYPE_ARRAY_BINARY = 112

TYPE_ARRAY_BOOL

public mixed TYPE_ARRAY_BOOL = 101

TYPE_ARRAY_FILE

public mixed TYPE_ARRAY_FILE = self::TYPE_FILE

TYPE_ARRAY_INT

public mixed TYPE_ARRAY_INT = 102

TYPE_ARRAY_KEYS_INT

public mixed TYPE_ARRAY_KEYS_INT = 202

TYPE_ARRAY_KEYS_STR

public mixed TYPE_ARRAY_KEYS_STR = 207

TYPE_ARRAY_NOHTML

public mixed TYPE_ARRAY_NOHTML = 109

TYPE_ARRAY_NOHTMLCOND

public mixed TYPE_ARRAY_NOHTMLCOND = 113

TYPE_ARRAY_NOTRIM

public mixed TYPE_ARRAY_NOTRIM = 108

TYPE_ARRAY_NUM

public mixed TYPE_ARRAY_NUM = 104

TYPE_ARRAY_STR

public mixed TYPE_ARRAY_STR = 107

TYPE_ARRAY_UINT

public mixed TYPE_ARRAY_UINT = 103

TYPE_ARRAY_UNIXTIME

public mixed TYPE_ARRAY_UNIXTIME = 106

TYPE_ARRAY_UNUM

public mixed TYPE_ARRAY_UNUM = 105

TYPE_BINARY

public mixed TYPE_BINARY = 12

TYPE_BOOL

public mixed TYPE_BOOL = 1

TYPE_FILE

public mixed TYPE_FILE = 11

TYPE_NOCLEAN

public mixed TYPE_NOCLEAN = ""

TYPE_NOHTML

public mixed TYPE_NOHTML = 9

TYPE_NOHTMLCOND

public mixed TYPE_NOHTMLCOND = 13

TYPE_NOTRIM

public mixed TYPE_NOTRIM = 8

TYPE_UINT

public mixed TYPE_UINT = 3

TYPE_UNIXTIME

public mixed TYPE_UNIXTIME = 6

TYPE_UNUM

public mixed TYPE_UNUM = 5

Properties

$superglobalLookup

Translation table for short superglobal name to long superglobal name

protected array<string|int, mixed> $superglobalLookup = array('g' => '_GET', 'p' => '_POST', 'r' => '_REQUEST', 'c' => '_COOKIE', 's' => '_SERVER', 'e' => '_ENV', 'f' => '_FILES')

Methods

__construct()

Constructor

public __construct() : mixed

First, verifies that $GLOBALS has not been modified from the outside. Second, ensures that if REQUEST_METHOD is POST all super globals have the same keys to avoid variable injection. Third, Ensures that register_globals is disabled and unsets all GPC variables from the $GLOBALS array if register_globals is not disabled. Fourth, moves $_COOKIE vars into the REQUEST_METHOD vars and deletes them from the $_REQUEST array.

Return values
mixed

__serialize()

public __serialize() : mixed
Return values
mixed

__sleep()

public __sleep() : mixed
Return values
mixed

__unserialize()

public __unserialize(mixed $serialized) : mixed
Parameters
$serialized : mixed
Return values
mixed

__wakeup()

public __wakeup() : mixed
Return values
mixed

clean()

Makes a single variable safe to use and returns it

public clean(mixed &$var[, mixed $vartype = self::TYPE_NOCLEAN ][, mixed $exists = true ]) : mixed
Parameters
$var : mixed
$vartype : mixed = self::TYPE_NOCLEAN
$exists : mixed = true
Return values
mixed

The cleaned value

cleanArray()

Makes data in an array safe to use

public cleanArray(mixed &$source, mixed $variables) : array<string|int, mixed>
Parameters
$source : mixed
$variables : mixed
Return values
array<string|int, mixed>

xssClean()

Removes HTML characters and potentially unsafe scripting words from a string

public xssClean(mixed $var) : string
Parameters
$var : mixed
Return values
string

xssCleanUrl()

Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.

public xssCleanUrl(mixed $url) : string
Parameters
$url : mixed
Return values
string

doClean()

Does the actual work to make a variable safe

protected doClean(mixed &$data, mixed $type) : mixed
Parameters
$data : mixed
$type : mixed
Return values
mixed

Search results