class vB_Input_Cleaner

Class to handle and sanitize variables from GET, POST and COOKIE etc

Properties

array $shortvars Translation table for short name to long name
array $superglobal_lookup Translation table for short superglobal name to long superglobal name
string $scriptpath System state. The complete URL of the current page, without sessionhash
string $reloadurl Reload URL. Complete URL of the current page including sessionhash
string $wolpath System state. The complete URL of the page for Who's Online purposes
string $url System state. The complete URL of the referring page
string $ipaddress System state. The IP address of the current visitor
string $alt_ip System state. An attempt to find a second IP for the current visitor (proxy etc)
vB_Registry $registry A reference to the main registry object
array $cleaned_vars Keep track of variables that have already been cleaned

Methods

__construct(vB_Registry $registry)

Constructor

string
fetch_server_value(string $name)

Fetches a value from $_SERVER or $_ENV

string
add_query(string $path, string $query = false)

Adds a query string to a path, fixing the query characters.

string
add_fragment(string $path, string $fragment = false)

Adds a fragment to a path

array
clean_array_gpc(string $source, array $variables)

Makes GPC variables safe to use

mixed
clean_gpc(array $source, string $varname, integer $vartype = vB_Cleaner::TYPE_NOCLEAN)

Makes a single GPC variable safe to use and returns it

string
utf8_clean_path($path, $reencode = true)

Cleans a query string.

convert_shortvars($array, $setglobals = true)

Turns $_POST['t'] into $_POST['threadid'] etc.

string
strip_sessionhash(string $string)

Strips out the s=gobbledygook& rubbish from URLs

string
fetch_basepath($rel_modifier = false)

Fetches the 'basepath' variable that can be used as .

string
fetch_relpath($path = false)

Fetches the path for the current request relative to the basepath.

string
fetch_wolpath()

Fetches the 'wolpath' variable - ie: the same as 'scriptpath' but with a handler for the POST request method

string
fetch_url()

Fetches the 'url' variable - usually the URL of the previous page in the history

string
fetch_ip()

Fetches the IP address of the current visitor

string
fetch_alt_ip()

Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.

Details

at line 170
__construct(vB_Registry $registry)

Constructor

First, reverses the effects of magic quotes on GPC Second, translates short variable names to long (u --> userid) Third, deals with $_COOKIE[userid] conflicts

Parameters

vB_Registry $registry The instance of the vB_Registry object

at line 241
string fetch_server_value(string $name)

Fetches a value from $_SERVER or $_ENV

Parameters

string $name

Return Value

string

at line 265
string add_query(string $path, string $query = false)

Adds a query string to a path, fixing the query characters.

Parameters

string $path The path to add the query to
string $query The query string to add to the path

Return Value

string The resulting string

at line 288
string add_fragment(string $path, string $fragment = false)

Adds a fragment to a path

Parameters

string $path The path to add the fragment to
string $fragment The fragment to add to the path

Return Value

string The resulting string

at line 306
array clean_array_gpc(string $source, array $variables)

Makes GPC variables safe to use

Parameters

string $source Either, g, p, c, r or f (corresponding to get, post, cookie, request and files)
array $variables Array of variable names and types we want to extract from the source array

Return Value

array

at line 364
mixed clean_gpc(array $source, string $varname, integer $vartype = vB_Cleaner::TYPE_NOCLEAN)

Makes a single GPC variable safe to use and returns it

Parameters

array $source The source array containing the data to be cleaned
string $varname The name of the variable in which we are interested
integer $vartype The type of the variable in which we are interested

Return Value

mixed

at line 390
string utf8_clean_path($path, $reencode = true)

Cleans a query string.

Unicode is decoded, url entities are kept encoded, and slashes are preserved.

Parameters

$path
$reencode

Return Value

string

at line 410
convert_shortvars($array, $setglobals = true)

Turns $_POST['t'] into $_POST['threadid'] etc.

Parameters

$array
$setglobals

at line 433
string strip_sessionhash(string $string)

Strips out the s=gobbledygook& rubbish from URLs

Parameters

string $string The URL string from which to remove the session stuff

Return Value

string

at line 444
string fetch_basepath($rel_modifier = false)

Fetches the 'basepath' variable that can be used as .

Parameters

$rel_modifier

Return Value

string

at line 566
string fetch_wolpath()

Fetches the 'wolpath' variable - ie: the same as 'scriptpath' but with a handler for the POST request method

Return Value

string

at line 622
string fetch_url()

Fetches the 'url' variable - usually the URL of the previous page in the history

Return Value

string

at line 673
string fetch_ip()

Fetches the IP address of the current visitor

Return Value

string

at line 683
string fetch_alt_ip()

Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.

Return Value

string