Skip to content
This repository has been archived by the owner on Dec 30, 2023. It is now read-only.

Commit

Permalink
Merge pull request #563 from dogstarTest/master
Browse files Browse the repository at this point in the history 
filter done
  • Loading branch information
Phalcon committed May 9, 2015
2 parents c1325ad + 08460a2 commit 0aef184
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 70 deletions.
76 changes: 37 additions & 39 deletions zh/reference/filter.rst
View file
@@ -1,43 +1,43 @@
过滤与清理(Filtering and Sanitizing)
========================
Sanitizing user input is a critical part of software development. Trusting or neglecting to sanitize user input could lead to unauthorized
access to the content of your application, mainly user data, or even the server your application is hosted on.
清理用户输入是软件开发中很重要的一个环节。信任或者忽略对用户输入数据作清理可能会导致
对应用内容(主要是用户数据),甚至你应用所处在的服务器的非法访问。

.. figure:: ../_static/img/sql.png
:align: center

`Full image (from xkcd)`_

The :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` component provides a set of commonly used filters and data sanitizing helpers. It provides object-oriented wrappers around the PHP filter extension.
:doc:`Phalcon\\Filter <../api/Phalcon_Filter>` 组件提供了一系列通用可用的过滤器和数据清理助手。它提供了围绕于PHP过滤扩展的面向对象包装。

清理数据(Sanitizing data)
---------------
Sanitizing is the process which removes specific characters from a value, that are not required or desired by the user or application.
By sanitizing input we ensure that application integrity will be intact.
清理是指从一个值中移除特定字符的过程,此过程对用户和应用不是必须,也不是他们想得到的。
通过清理输入,我们确保了应用的完整性和正确性。

.. code-block:: php
<?php
$filter = new \Phalcon\Filter();
// returns "someone@example.com"
// 返回 "someone@example.com"
$filter->sanitize("some(one)@exa\mple.com", "email");
// returns "hello"
// 返回 "hello"
$filter->sanitize("hello<<", "string");
// returns "100019"
// 返回 "100019"
$filter->sanitize("!100a019", "int");
// returns "100019.01"
// 返回 "100019.01"
$filter->sanitize("!100a019.01a", "float");
在控制器中使用清理(Sanitizing from Controllers)
---------------------------
You can access a :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` object from your controllers when accessing GET or POST input data
(through the request object). The first parameter is the name of the variable to be obtained; the second is the filter to be applied on it.
当接收到GET或POST的数据时(通过请求对象),你可以在控制器中访问一个 :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` 对象。
第一个参数是等待获得变量的名字,第二个参数是将应用在此变量的过滤器。

.. code-block:: php
Expand All @@ -54,10 +54,10 @@ You can access a :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` object from your
public function saveAction()
{
// Sanitizing price from input
// 从输入中清理price
$price = $this->request->getPost("price", "double");
// Sanitizing email from input
// 从输入中清理email
$email = $this->request->getPost("customerEmail", "email");
}
Expand All @@ -66,7 +66,7 @@ You can access a :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` object from your
过滤动作参数(Filtering Action Parameters)
---------------------------
The next example shows you how to sanitize the action parameters within a controller action:
接下来的示例演示了在一个控制器的动作中如何清理动作的参数:

.. code-block:: php
Expand All @@ -89,67 +89,66 @@ The next example shows you how to sanitize the action parameters within a contro
过滤数据(Filtering data)
--------------
In addition to sanitizing, :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` also provides filtering by removing or modifying input data to
the format we expect.
此外, :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` 也提供了可以进行删除或者修改输入数据以满足我们需要的格式的过滤器。

.. code-block:: php
<?php
$filter = new \Phalcon\Filter();
// returns "Hello"
// 返回 "Hello"
$filter->sanitize("<h1>Hello</h1>", "striptags");
// returns "Hello"
// 返回 "Hello"
$filter->sanitize(" Hello ", "trim");
内置过滤器类型(Types of Built-in Filters)
-------------------------
The following are the built-in filters provided by this component:
以下是该容器提供的内置过滤器:

+-----------+---------------------------------------------------------------------------+
| Name | Description |
| 名称 | 描述 |
+===========+===========================================================================+
| string | Strip tags |
| string | 带标签 |
+-----------+---------------------------------------------------------------------------+
| email | Remove all characters except letters, digits and !#$%&*+-/=?^_`{|}~@.[]. |
| email | 删掉除字母、数字和 !#$%&*+-/=?^_`{|}~@.[] 外的全部字符 |
+-----------+---------------------------------------------------------------------------+
| int | Remove all characters except digits, plus and minus sign. |
| int | 删掉除R数字、加号、减号外的全部字符 |
+-----------+---------------------------------------------------------------------------+
| float | Remove all characters except digits, dot, plus and minus sign. |
| float | 删掉除数字、点号和加号、减号外的全部字符 |
+-----------+---------------------------------------------------------------------------+
| alphanum | Remove all characters except [a-zA-Z0-9] |
| alphanum | 删掉除[a-zA-Z0-9]外的全部字符 |
+-----------+---------------------------------------------------------------------------+
| striptags | Applies the strip_tags_ function |
| striptags | 调用 strip_tags_ 方法 |
+-----------+---------------------------------------------------------------------------+
| trim | Applies the trim_ function |
| trim | 调用 trim_ 方法 |
+-----------+---------------------------------------------------------------------------+
| lower | Applies the strtolower_ function |
| lower | 调用 strtolower_ 方法 |
+-----------+---------------------------------------------------------------------------+
| upper | Applies the strtoupper_ function |
| upper | 调用 strtoupper_ 方法 |
+-----------+---------------------------------------------------------------------------+

创建过滤器(Creating your own Filters)
-------------------------
You can add your own filters to :doc:`Phalcon\\Filter <../api/Phalcon_Filter>`. The filter function could be an anonymous function:
你可以将你自己的过滤器添加到 :doc:`Phalcon\\Filter <../api/Phalcon_Filter>` 。过滤器的方法可以是匿名函数:

.. code-block:: php
<?php
$filter = new \Phalcon\Filter();
//Using an anonymous function
//使用匿名函数
$filter->add('md5', function($value) {
return preg_replace('/[^0-9a-f]/', '', $value);
});
//Sanitize with the "md5" filter
//利用md5过滤器清理
$filtered = $filter->sanitize($possibleMd5, "md5");
Or, if you prefer, you can implement the filter in a class:
或者,如果你愿意,你可以在类中实现过滤器:

.. code-block:: php
Expand All @@ -167,23 +166,22 @@ Or, if you prefer, you can implement the filter in a class:
$filter = new \Phalcon\Filter();
//Using an object
//使用对象
$filter->add('ipv4', new IPv4Filter());
//Sanitize with the "ipv4" filter
//利用"ipv4"过滤器清理
$filteredIp = $filter->sanitize("127.0.0.1", "ipv4");
复杂的过滤与清理(Complex Sanitizing and Filtering)
--------------------------------
PHP itself provides an excellent filter extension you can use. Check out its documentation: `Data Filtering at PHP Documentation`_
你可以使用PHP本身提供的优秀过滤器扩展。请查看对应的文档: `PHP文档上的数据过滤器`_

自定义过滤器(Implementing your own Filter)
----------------------------
The :doc:`Phalcon\\FilterInterface <../api/Phalcon_FilterInterface>` interface must be implemented to create your own filtering service
replacing the one provided by Phalcon.
如需创建你自己的过滤器并代替Phalcon提供的过滤器,你需要实现 :doc:`Phalcon\\FilterInterface <../api/Phalcon_FilterInterface>` 接口。

.. _Full image (from xkcd): http://xkcd.com/327/
.. _Data Filtering at PHP Documentation: http://www.php.net/manual/en/book.filter.php
.. _PHP文档上的数据过滤器: http://www.php.net/manual/en/book.filter.php
.. _strip_tags: http://www.php.net/manual/en/function.strip-tags.php
.. _trim: http://www.php.net/manual/en/function.trim.php
.. _strtolower: http://www.php.net/manual/en/function.strtolower.php
Expand Down
62 changes: 31 additions & 31 deletions zh/reference/flash.rst
View file
@@ -1,36 +1,36 @@
闪存消息(Flashing Messages)
=================
Flash messages are used to notify the user about the state of actions he/she made or simply show information to the users.
These kind of messages can be generated using this component.
闪存消息用于通知用户关于他/她产生的动作状态,或者简单地为用户显示一此信息。
这类消息可以使用这个组件来生成。

适配器(Adapters)
--------
This component makes use of adapters to define the behavior of the messages after being passed to the Flasher:
这个组件使用了适配器来定义消息传递给Flasher后的行为:

+---------+-----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+
| Adapter | Description | API |
| 适配器 | 描述 | API |
+=========+===============================================================================================+============================================================================+
| Direct | Directly outputs the messages passed to the flasher | :doc:`Phalcon\\Flash\\Direct <../api/Phalcon_Flash_Direct>` |
| Direct | 直接输出传递给flasher的消息 | :doc:`Phalcon\\Flash\\Direct <../api/Phalcon_Flash_Direct>` |
+---------+-----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+
| Session | Temporarily stores the messages in session, then messages can be printed in the next request | :doc:`Phalcon\\Flash\\Session <../api/Phalcon_Flash_Session>` |
| Session | 将消息临时存放于会话中,以便消息可以在后面的请求中打印出来 | :doc:`Phalcon\\Flash\\Session <../api/Phalcon_Flash_Session>` |
+---------+-----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+

使用(Usage)
-----
Usually the Flash Messaging service is requested from the services container,
if you're using :doc:`Phalcon\\DI\\FactoryDefault <../api/Phalcon_DI_FactoryDefault>`
then :doc:`Phalcon\\Flash\\Direct <../api/Phalcon_Flash_Direct>` is automatically registered as "flash" service:
通常闪存消息都是来自服务容器的请求,
如果你正在使用 :doc:`Phalcon\\DI\\FactoryDefault <../api/Phalcon_DI_FactoryDefault>`
那么 :doc:`Phalcon\\Flash\\Direct <../api/Phalcon_Flash_Direct>` 将会作为 "flash" 服务自动注册:

.. code-block:: php
<?php
//Set up the flash service
//建立flash服务
$di->set('flash', function() {
return new \Phalcon\Flash\Direct();
});
This way, you can use it in controllers or views by injecting the service in the required scope:
这样的话,你便可以在控制器或者视图中通过在必要的片段中注入此服务来使用它:

.. code-block:: php
Expand All @@ -51,7 +51,7 @@ This way, you can use it in controllers or views by injecting the service in the
}
There are four built-in message types supported:
目前已支持的有四种内置消息类型:

.. code-block:: php
Expand All @@ -62,7 +62,7 @@ There are four built-in message types supported:
$this->flash->notice("this a very important information");
$this->flash->warning("best check yo self, you're not looking too good.");
You can add messages with your own types:
你可以用你自己的类型来添加消息:

.. code-block:: php
Expand All @@ -72,7 +72,7 @@ You can add messages with your own types:
输出信息(Printing Messages)
-----------------
Messages sent to the flash service are automatically formatted with html:
发送给flash服务的消息将会自动格式成html:

.. code-block:: html

Expand All @@ -81,14 +81,14 @@ Messages sent to the flash service are automatically formatted with html:
<div class="noticeMessage">this a very important information</div>
<div class="warningMessage">best check yo self, you're not looking too good.</div>

As you can see, CSS classes are added automatically to the DIVs. These classes allow you to define the graphical presentation
of the messages in the browser. The CSS classes can be overridden, for example, if you're using Twitter bootstrap, classes can be configured as:
正如你看到的,CSS的类将会自动添加到div中。这些类允许你定义消息在浏览器上的图形表现。
此CSS类可以被重写,例如,如果你正在使用Twitter的bootstrap,对应的类可以这样配置:

.. code-block:: php
<?php
//Register the flash service with custom CSS classes
//利用自定义的CSS类来注册flash服务
$di->set('flash', function(){
$flash = new \Phalcon\Flash\Direct(array(
'error' => 'alert alert-error',
Expand All @@ -98,7 +98,7 @@ of the messages in the browser. The CSS classes can be overridden, for example,
return $flash;
});
Then the messages would be printed as follows:
然后消息会是这样输出:

.. code-block:: html

Expand All @@ -108,9 +108,9 @@ Then the messages would be printed as follows:

绝对刷送与会话(Implicit Flush vs. Session)
--------------------------
Depending on the adapter used to send the messages, it could be producing output directly, or be temporarily storing the messages in session to be shown later.
When should you use each? That usually depends on the type of redirection you do after sending the messages. For example,
if you make a "forward" is not necessary to store the messages in session, but if you do a HTTP redirect then, they need to be stored in session:
依赖于发送消息的适配器,它可以立即产生输出,也可以先临时将消息存放于会话中随后再显示。
你何时应该使用哪个?这通常依赖于你在发送消息后重定向的类型。例如,
如果你用了“转发”则不需要将消息存放于会话中,但如果你用的是一个HTTP重定向,那么则需要存放于会话中:

.. code-block:: php
Expand All @@ -127,18 +127,18 @@ if you make a "forward" is not necessary to store the messages in session, but i
public function saveAction()
{
//store the post
//存储POST
//Using direct flash
//使用直接闪存
$this->flash->success("Your information was stored correctly!");
//Forward to the index action
//转发到index动作
return $this->dispatcher->forward(array("action" => "index"));
}
}
Or using a HTTP redirection:
或者使用一个HTTP重定向:

.. code-block:: php
Expand All @@ -155,24 +155,24 @@ Or using a HTTP redirection:
public function saveAction()
{
//store the post
//存储POST
//Using session flash
//使用会话闪存
$this->flashSession->success("Your information was stored correctly!");
//Make a full HTTP redirection
//返回一个完整的HTTP重定向
return $this->response->redirect("contact/index");
}
}
In this case you need to manually print the messages in the corresponding view:
在这种情况下,你需要手动在交互的视图上打印消息:

.. code-block:: html+php

<!-- app/views/contact/index.phtml -->

<p><?php $this->flashSession->output() ?></p>

The attribute 'flashSession' is how the flash was previously set into the dependency injection container.
You need to start the :doc:`session <session>` first to successfully use the flashSession messenger.
"flashSession"属性是先前在依赖注入容器中设置的闪存。
为了能成功使用flashSession消息者,你需要先启动 :doc:`session <session>`

0 comments on commit 0aef184

Please sign in to comment.