Orion PHP  0.11.12
The PHP5.3 framework
Orion\Core\Security Class Reference

List of all members.

Static Public Member Functions

static csrfCheck ($key, $origin, $forceExit=false)
static csrfGenerate ($key)
static genPassword ($length, $custom='')
static htmLawed ($input, $safemode=true, $config=null)
static preventInjection ($string)
static md5Hash ($data)
static saltedHash ($data, $extrasalt)
static sanitizePath ($path)
static validateExtension ($string, $ext)
static validateJSON ($data)

Public Attributes

const E_INVALID_JSON = 81
const E_INVALID_EXT = 82
const E_CSRF_FAIL = 83
const E_HTMLAWED_FAIL = 84

Detailed Description

Orion security class.

Contains security-related methods, like password generator, Injection escape, hashing, validation, etc.

Author:
Thibaut Despoulain BSD 4-clauses
Version:
0.11.12

Definition at line 20 of file security.php.


Member Function Documentation

static Orion\Core\Security::csrfCheck ( key,
origin,
forceExit = false 
) [static]

Check CSRF token validity. Throws a Security if a CSRF attack is detected.

Parameters:
String$keyThe token identifier used in csrfGenerate, also the key of the token inside $origin
Mixed$originThe origin of the token to test (mostly $_POST or $_GET), but can also be a custom associative array. This array must contain the token under the key $key.
Boolean$forceExitSet this to TRUE to force the script to exit(1) if the CSRF check fails.

Definition at line 33 of file security.php.

static Orion\Core\Security::csrfGenerate ( key) [static]

Generates a new anti-CSRF token and stores it in session for future check.

Parameters:
String$keyThe token identifier
Returns:
Hash The token

Definition at line 67 of file security.php.

static Orion\Core\Security::genPassword ( length,
custom = '' 
) [static]

Generates a random alphanumeric password

Parameters:
Integer$lengthPassword length
String$customString containing custom chars
Returns:
string

Definition at line 83 of file security.php.

static Orion\Core\Security::htmLawed ( input,
safemode = true,
config = null 
) [static]

Process given string using the htmLawed algorithm. Deny risky HTML content.

See also:
<http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/>
Parameters:
String$inputThe text to process
Boolean$safemodeUse builtin 'safe' configuration
Mixed$configCustom configuration array (extends default configuration)
Returns:
String The processed text

Definition at line 104 of file security.php.

static Orion\Core\Security::md5Hash ( data) [static]

Definition at line 144 of file security.php.

static Orion\Core\Security::preventInjection ( string) [static]

Escapes a string to be put into htML to prevent SQL/JS injections

Parameters:
string$string
Returns:
string

Definition at line 135 of file security.php.

static Orion\Core\Security::saltedHash ( data,
extrasalt 
) [static]

An elaborated split/double-salted hash method to hash passwords for example. Uses sha1 as final hashing algorithm

Parameters:
string$data
string$extrasalt
Returns:
hash

Definition at line 158 of file security.php.

static Orion\Core\Security::sanitizePath ( path) [static]

Removes risky parts from a standard file path (., .., empty) and normalise directory separators

Parameters:
string$path
Returns:
string

Definition at line 170 of file security.php.

static Orion\Core\Security::validateExtension ( string,
ext 
) [static]

Test if given filename uses on of the given extentions.

Parameters:
string$stringThe file name
string|string[]$ext The extention(s) (without the .)
Returns:
boolean

Definition at line 191 of file security.php.

static Orion\Core\Security::validateJSON ( data) [static]

Validates a JSON string.

Parameters:
string$dataThe json-encoded data
Returns:
boolean

Definition at line 204 of file security.php.


Member Data Documentation

const Orion::Core\Security::E_CSRF_FAIL = 83

Definition at line 24 of file security.php.

const Orion::Core\Security::E_HTMLAWED_FAIL = 84

Definition at line 25 of file security.php.

const Orion::Core\Security::E_INVALID_EXT = 82

Definition at line 23 of file security.php.

const Orion::Core\Security::E_INVALID_JSON = 81

Definition at line 22 of file security.php.


The documentation for this class was generated from the following file: