@return: {0/1} 1 if Valid, 0 if Invalid
@param: {STRING} $y_varname: The value to be tested
@param: {BOOLEAN} $y_allow_upper_letters: Default is TRUE; If set to FALSE will dissalow upper case letters
Validate a PHP variable name
public staticfunctionFilterRequestVar (
MIXED$value
) {} :: MIXED
@return: {MIXED} the filtered value (if OBJECT or RESOURCE will return null)
@param: {MIXED} $value: the input variable value
Return the filtered values for GET/POST/REQUEST variables, using the FilterUnsafeString method
It may be used for filtering insecure / untrusted string or array variables
For array variables it also filters the keys
When using the raw values from $_GET, $_POST, $_REQUEST - all the values should be always filtered prior to be used in PHP to avoid insecure characters.
Important: All the REQUEST=GET+POST variables from Smart Framework Registry are already filtered, no need to filter them again, but if you are using any raw value from $_GET, $_POST, $_REQUEST it must be filtered !
public staticfunctionFilterCookieVar (
string$str_val
) {} :: STRING/NULL
@return: {STRING/NULL} the filtered value (if ARRAY or OBJECT or RESOURCE will return null)
@param: {STRING/NULL} $str_val: the input variable value
Return the filtered value for a cookie from a COOKIE variable, using the FilterUnsafeString method
It may be used for filtering the insecure / untrusted raw values from $_COOKIE
public staticfunctionFilterRequestPath (
MIXED$value
) {} :: STRING/NULL
@return: {STRING/NULL} the filtered value (if ARRAY or OBJECT or RESOURCE will return null)
@param: {MIXED} $value: the input variable value
Return the filtered values for PATH_INFO server variable, using the FilterUnsafeString method, and apply trim
It may be used for filtering the insecure / untrusted raw value of $_SERVER['PATH_INFO']
@return: {STRING} the decoded +/- filtered value
@param: {STRING} $url_encoded_str_val: the input variable
@param: {BOOLEAN} $filter: *Optional* Default to TRUE ; if FALSE will only decode but not filter variable ; DO NOT DISABLE FILTERING EXCEPT WHEN YOU CALL IT LATER EXPLICIT !!!
Return the url decoded (+/- filtered) variable from RAWURLENCODE / URLENCODE
It may be used ONLY when working with RAW PATH INFO / RAW QUERY URLS !!!
IMPORTANT: the $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
public staticfunctionPrepareSafeHeaderValue (
string$value
) {} :: STRING
@return: {STRING} the prepared value
@param: {STRING} $value: the input value
Prepare a safe value to be used with the header() function
It will filter out all dangerous characters and will replace some control characters with spaces
It willalso trim the string thus it may return an empty string if the passed value contains only invalid characters
It may be used anywhere inside Smart.Framework or by Plugins and Application Modules.