Inherited by HttpRequest.

Public Member Functions
	__construct ($logger, $gpcCharset, $fatal=true)

	initHttpData ($funkyAlias)

	getServerValue ($name)

	getCookie ($name)

	getRequestParam ($key)

	getRequestData ()

	getFunkyRequestData ($alias=null, $uriParam=null)

	noMagicQuotesGpc ($data)

	validateGpc ($data, $cookies=false, $context='')

	validateCookieName ($name)

	validateParamName ($name)

	sanitizeGpc ($key, $value)

	validateGpcValue ($name, $value)

	validateForNullChar ($name, $value)

	validateSessionId ($name, $value)

	validateServerVars ($serverData)

	validateServerVarName ($name)

	sanitizePhpAuth ($name, $value)

	validatePhpAuth ($name, $value)

	sanitizeServerValue ($name, $value)

	validateServerValue ($name, $value)

	validateMinMaxValue ($name, $value)

	getCpPattern ($classPiece)

	pregValidate ($description, $value, $pattern, $minLength, $maxLength, $expected=0)

	logValidationWarning ($key, $value, $errorMessage)

Data Fields
	$serverVarValidationFatal

	$gpcValidationFatal

	$pcre_backtrack_limit = 100000

	$tooShort = 'too short'

	$tooLong = 'too long'

	$tooLow = 'too low'

	$tooHigh = 'too high'

	$invalid = 'invalid'

	$serverVarValidationFailed = 'Server variable validation failed for'

	$gpcValidationFailed = 'Gpc validation failed for'

	$serverVars

	$cookies

	$get

	$post

	$serverPatterns

	$ipV4Pattern = '~^(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)$~D'

	$httpCookieNamePat = '_'

	$headerNameCp = '\\-_'

	$headerValueCp = '!"#$%&\'()*+,\\-./\\\\;:<=>?@[\\]\\^_`{\|}\\~ '

	$serverCps

	$filePathCp = ' !#$%&\'()+,-./=@[\\]\\^_`{}\\~\\\\'

	$integerPattern = '/^(\\+\|\\-)?[0-9]+$/'

	$minLengths

	$maxLengths

	$maxValues

	$sessionIdCp = ',\-'

Constructor & Destructor Documentation

__construct	(	$logger,
		$gpcCharset,
		$fatal = `true`
	)

Parameters

PntErrorHandler	$logger	error logger
String	$gpcCharset	the encoding of GET, POST, COOKIE (and Authentication?) data
boolean	$fatal	wheater to throw a PntValidationException if validation fails (value set on subclass overrides this param)

Member Function Documentation

getCookie ( $name )

Returns: validated or eventually sanitized value from $_COOKIE or null if not present or sanitation failed

Parameters

string $name key in $_COOKIE

See Also: HttpValidator and pnt.web.PntHttpValidator

getCpPattern ( $classPiece )

Returns: string preg character class pattern

getFunkyRequestData	(	$alias = `null`,
		$uriParam = `null`
	)

Returns: array requestdata all components from '/$this->getDir()/$alias' up to one slash before the ? are interpreted as pntType/id/key/value/key/value etc. For normal urls while an alias is passed, this method returns the script name as parameter key, so one should not use the script name as the name of a parameter in the query string since phpPeanuts 2.1 no longer includes params from $_POST if Funky Urls are used, either the server root must be equal to the phpPeanuts base folder, or $this->baseUrl must be set (for example from classes/scriptMakeSettings.php) or $this->getBaseUrl() must be overridden to properly initialize $this->baseUrl

adds slashes if magic_quotes_gpc

getRequestData ( )

getRequestParam ( $key )

Returns: value of request parameter as if magic_quotes_gpc is OFF, validated or eventually sanitized with respect to character encoding or null if the parameter does not exist or sanitation failed.

Parameters

string $name key in $_REQUEST (without cookies)

getServerValue ( $name )

Returns: validated or eventually sanitized value from $_SERVER or null if not present or sanitation failed

Parameters

string $name key in $_SERVER

See Also: HttpValidator and pnt.web.PntHttpValidator

initHttpData ( $funkyAlias )

Parameters

string $funkyAlias or null if no funkyUrls

logValidationWarning	(	$key,
		$value,
		$errorMessage
	)

noMagicQuotesGpc ( $data )

pregValidate	(	$description,
		$value,
		$pattern,
		$minLength,
		$maxLength,
		$expected = `0`
	)

sanitizeGpc	(	$key,
		$value
	)

Sanitizes value for Get, Post and Cookie must call ::logValidationWarning if replacing some character(s) that raise security suspicion default implementation is no sanitization. May be overridden on HttpValidator to do actual sanitization with respect to character encoding and browser issues. Type-specific sanitization is to be done on StringConverter

Returns: string sanitized value

Parameters

string value

sanitizePhpAuth	(	$name,
		$value
	)

Sanitizes invalid value for PHP_AUTH_USER and PHP_AUTH_PW must call ::logValidationWarning if replacing some character(s) that raise security suspicion default implementation is no sanitization. May be overridden on HttpValidator to do actual sanitization.

Returns: string sanitized and validated value or null

Parameters

string value to sanitize

sanitizeServerValue	(	$name,
		$value
	)

Sanitizes invalid server var value, except PHP_AUTH_USER and PHP_AUTH_PW must call ::logValidationWarning if replacing some character(s) that raise security suspicion default implementation is no sanitization. May be overridden on HttpValidator to do actual sanitization.

Returns: mixed sanitized and validated value or null

Parameters

string value that has failed validation PntValidationException if validation fails after sanitization

validateCookieName ( $name )

validateForNullChar	(	$name,
		$value
	)

validateGpc	(	$data,
		$cookies = `false`,
		$context = `''`
	)

Main method for validating GET, POST and COOKIE data. To be called AFTER validateServerVars so that $this->validServerVars can be used as a context (like for browser specific sanitization)

Parameters

array $data,if magic_quotes_gpc slashes must be stripped beforehand

Exceptions

PntValidationException if $this->gpcValidationFatal with message about the last validation that failed

Returns: array with valid data

validateGpcValue	(	$name,
		$value
	)

In case invalid character encoding is possible, this method shoud be overridden to validate the character encodings of $value.

Parameters

string	$name	properly encoded in $this->gpcCharset, or 'param name'
string	$value	to be checked to be valid for $this->gpcCharset

Returns: string validation error message or null if valid

validateMinMaxValue	(	$name,
		$value
	)

validateParamName ( $name )

Parameters

string $value to be checked to be valid for $this->gpcCharset

Returns: string validation error message or null if valid

validatePhpAuth	(	$name,
		$value
	)

Validates 'PHP_AUTH_USER' and 'PHP_AUTH_PW'

Returns: string error message or null if valid Default implementation is for single byte character encodings, all characters are expected to be valid (like with ISO-8859-1). Should be overridden for UTF-8 and other character encodings for which invalid characters can occur.

validateServerValue	(	$name,
		$value
	)

Validates values from $_SERVER

Returns: string error message or null if valid

! remaining values are NOT VALIDATED!

validateServerVarName ( $name )

validateServerVars ( $serverData )

Main method for validating $_SERVER data

Parameters

array $serverData

Exceptions

PntValidationException if $this->serverVarValidationFatal with message about the last validation that failed

Returns: array with valid server data

validateSessionId	(	$name,
		$value
	)

To be overridden if non-standard session ids are used

Field Documentation

$cookies

$filePathCp = ' !#$%&\'()+,-./=@[\\]\\^_`{}\\~\\\\'

$get

$gpcValidationFailed = 'Gpc validation failed for'

$gpcValidationFatal

$headerNameCp = '\\-_'

$headerValueCp = '!"#$%&\'()*+,\\-./\\\\;:<=>?@[\\]\\^_`{|}\\~ '

$httpCookieNamePat = '_'

$integerPattern = '/^(\\+|\\-)?[0-9]+$/'

$invalid = 'invalid'

$ipV4Pattern = '~^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$~D'

$maxLengths

Initial value:

= array(
            'AUTH_TYPE' => 6
        ,   'CONTENT_TYPE' => 4096
        ,   'PATH_INFO' => 4096
        ,   'PATH_TRANSLATED' => 4096
        ,   'QUERY_STRING' => 4096
        ,   'REMOTE_HOST' => 255
        ,   'REMOTE_USER' => 255
        ,   'REQUEST_METHOD' => 7
        ,   'SERVER_NAME' => 255
        ,   'REMOTE_ADDR' => 15
        ,   'SERVER_ADDR' => 15
        ,   'SERVER_PROTOCOL' => 8
        )

$maxValues

Initial value:

= array(
            'CONTENT_LENGTH' => 2147483647 
        ,   'SERVER_PORT' => 65535
    )

$minLengths

Initial value:

= array(
            'REQUEST_METHOD' => 3
        ,   'SCRIPT_NAME' => 1
        )

$pcre_backtrack_limit = 100000

$post

$serverCps

Initial value:

= array(
            'QUERY_STRING' => ' &()*+,\\-./;:=?_%!' 
                
                
        ,   'REMOTE_USER'  => '!#$%&\'*+\\-.\\^_`|\\~'
        ,   'SCRIPT_NAME' => '!$%&\'()*+\\-,./:=@_\\~' 
        )

$serverPatterns

Initial value:

= array(
            'REQUEST_METHOD' => '~^(GET|HEAD|POST|TRACE|OPTIONS|PUT|DELETE)$~D' 
        ,   'AUTH_TYPE' => '~^([dD][iI][gG][eE][sS][tT]|[bB][aA][sS][iI][cC])$~D'
        ,   'REMOTE_HOST' => '~^((?:(?:[0-9a-zA-Z][0-9a-zA-Z\-]{0,61}[0-9a-zA-Z])\.)*[a-zA-Z]{2,4}|[0-9a-zA-Z][0-9a-zA-Z\-]{0,61}[0-9a-zA-Z])$~D'
        )

$serverVars

result of ::validateServerVars kept as a context for ::validateGpc

$serverVarValidationFailed = 'Server variable validation failed for'

$serverVarValidationFatal

$sessionIdCp = ',\-'

$tooHigh = 'too high'

$tooLong = 'too long'

$tooLow = 'too low'

$tooShort = 'too short'

The documentation for this class was generated from the following file:

upload/classes/pnt/web/classPntHttpRequest.php

Public Member Functions

Data Fields

Constructor & Destructor Documentation

Member Function Documentation

Field Documentation