Smart.Framework Logo

final class \SmartFrameworkSecurity
{ } ::

Class Smart.Framework Security
It may be used anywhere inside Smart.Framework or by Plugins and Application Modules.


class Methods

public static function ValidateUrlVariableName ( string $var_name ) {} :: 0/1
@return: {0/1} 1 if Valid, 0 if Invalid
@param: {STRING} $var_name: The value to be tested
Validate an URL variable name
public static function ValidateVariableName ( string $y_varname, bool $y_allow_upper_letters = true ) {} :: 0/1
@return: {0/1} 1 if Valid, 0 if Invalid
@param: {STRING} $y_varname: The value to be tested
@param: {BOOLEAN} $y_allow_upper_letters: Default is TRUE; If set to FALSE will dissalow upper case letters
Validate a PHP variable name
public static function FilterRequestVar ( MIXED $value ) {} :: MIXED
@return: {MIXED} the filtered value (if OBJECT or RESOURCE will return null)
@param: {MIXED} $value: the input variable value
Return the filtered values for GET/POST/REQUEST variables, using the FilterUnsafeString method
It may be used for filtering insecure / untrusted string or array variables
For array variables it also filters the keys
When using the raw values from $_GET, $_POST, $_REQUEST - all the values should be always filtered prior to be used in PHP to avoid insecure characters.
Important: All the REQUEST=GET+POST variables from Smart Framework Registry are already filtered, no need to filter them again, but if you are using any raw value from $_GET, $_POST, $_REQUEST it must be filtered !
public static function FilterCookieVar ( string $str_val ) {} :: STRING/NULL
@return: {STRING/NULL} the filtered value (if ARRAY or OBJECT or RESOURCE will return null)
@param: {STRING/NULL} $str_val: the input variable value
Return the filtered value for a cookie from a COOKIE variable, using the FilterUnsafeString method
It may be used for filtering the insecure / untrusted raw values from $_COOKIE
public static function FilterRequestPath ( MIXED $value ) {} :: STRING/NULL
@return: {STRING/NULL} the filtered value (if ARRAY or OBJECT or RESOURCE will return null)
@param: {MIXED} $value: the input variable value
Return the filtered values for PATH_INFO server variable, using the FilterUnsafeString method, and apply trim
It may be used for filtering the insecure / untrusted raw value of $_SERVER['PATH_INFO']
public static function DecodeAndFilterUrlVarString ( string $url_encoded_str_val, bool $filter = true ) {} :: STRING
@return: {STRING} the decoded +/- filtered value
@param: {STRING} $url_encoded_str_val: the input variable
@param: {BOOLEAN} $filter: *Optional* Default to TRUE ; if FALSE will only decode but not filter variable ; DO NOT DISABLE FILTERING EXCEPT WHEN YOU CALL IT LATER EXPLICIT !!!
Return the url decoded (+/- filtered) variable from RAWURLENCODE / URLENCODE
It may be used ONLY when working with RAW PATH INFO / RAW QUERY URLS !!!
IMPORTANT: the $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
public static function PrepareSafeHeaderValue ( string $value ) {} :: STRING
@return: {STRING} the prepared value
@param: {STRING} $value: the input value
Prepare a safe value to be used with the header() function
It will filter out all dangerous characters and will replace some control characters with spaces
It willalso trim the string thus it may return an empty string if the passed value contains only invalid characters

class Properties


class Constants


Sample code: PHP

<?php

// Usage example:
 SmartFrameworkSecurity::some_method_of_this_class(...);

// #end php code

documentation generated on: 2023-10-19 23:15:42 +0000


Smart.Framework © 2009-2023 unix-world.org