<?php
/**
* Sanitizes an element based on the provided type
* @param $value what to sanitize
* @param $as what to sanitize the value as
* @return mixed
**/
$as = strtolower($this->as);
$value = $this->value;
// universal cleaning
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// standardize newlines if needed
if (strpos($value, "\r") !== FALSE) {
$value = str_replace(array("\r\n", "\r"), "\n", $value);
}
// standardize spaces if needed
if (strpos($value, "\t") !== FALSE) {
$value = str_replace(array("\t"), " ", $value);
}
switch ($as) {
case 'raw':
return $value;
case 'string':
$value = str_replace(array("\r\n", "\r"), "\n", $value);
$value = preg_replace('/\0+/', '', $value);
$value = preg_replace('/(\\\\0)+/', '', $value);
return chip('Chippino/Util/Request/_XSS')->with(array(
'value' => $value,
));
case 'float':
$is_negative = (strpos($value, '-') === 0) ? TRUE : FALSE;
$value = trim($value, '-');
// get the fractional part of the number and convert it to a floatval
// friendly usable part
if (strpos($value, '.') !== FALSE) {
$f_part = preg_replace('/(.*?)[^0-9]([0-9]+).*$/iu', '\2', $value);
$f_part = preg_replace('/[^0-9]/iu', '', $f_part);
}
else {
$f_part = 0;
}
// capture the interger part
// see getAsInt preg
$value = preg_replace('/([0-9]+)(.*)$/iu', '\1', $value);
$value = preg_replace('/[^0-9]/iu', '', $value);
// we can use the significant bit calc here, but for now, just return the
// proper floatval of the safer number
return ($is_negative) ? -1 * floatval($value.'.'.$f_part) : floatval($value.'.'.$f_part);
case 'int':
// setups
$has_bc_math = (function_exists('bccomp')) ? TRUE : FALSE;
$has_bc_math = (chipi('Chippino/Util/Config')->with()->core['force_bc_math'] !== NULL) ? chipi('Chippino/Util/Config')->with()->core['force_bc_math'] : $has_bc_math;
if (chipi('Chippino/Util/Config')->with()->core['max_bit_size'] != 64) {
$max_int = '2147483647';
$min_int = '-2147483648';
}
else {
$max_int = '9223372036854775807';
$min_int = '-9223372036854775808';
}
// detect negative and trim
$is_negative = (strpos($value, '-') === 0) ? TRUE : FALSE;
$value = trim($value, '-');
// consider the last non-numeric a decimal place, and truncate
// this is a cheap way of reducing the dependancy on i18n
// we can then consider what's left to be the interger part and strip
// all non numerics
$value = preg_replace('/(.*)([^0-9][0-9]*?)$/iu', '\1', $value);
$value = preg_replace('/[^0-9]/iu', '', $value);
// if there is nothing left, then there was no int provided
if (strlen($value) === 0) {
return 0;
}
// if the incoming string is shorter than our max size, we can
// safely intval it. (#7)
if (strlen($value) < strlen($max_int)) {
return ($is_negative) ? -1 * intval($value) : intval($value);
}
// if it's longer than maxint, we also know it is no good
if (strlen($value) > strlen($max_int)) {
return 0;
}
// return with intval if we can't do a proper comparisson
// using bcmath. We'd really prefer BCMATH if it's loaded.
if (!$has_bc_math) {
// compare each item to 2147483647 left to right
// zero pad value as a string
$compare = str_split($max_int);
$value_compare = str_split(str_pad($value, strlen($max_int), '0', STR_PAD_LEFT));
$prev_place = FALSE;
foreach ($value_compare as $idx => $place) {
if ($place > $compare[$idx]) {
if ($prev_place >= $compare[$idx-1]) {
// overflow reached
return 0;
}
$prev_place = $place;
}
else {
// in the clear
$prev_place = FALSE;
}
}
return ($is_negative) ? -1 * intval($value) : intval($value);
}
// do bcmath to protect the value as an int
if (bccomp($value, $max_int) > 0) return 0;
if (bccomp($value, $min_int) < 0) return 0;
// all that's left is something that should come back an INT
return ($is_negative) ? -1 * intval($value) : intval($value);
default:
return NULL;
}
) is private.
