Custom Inspekt Functions
What is Inspekt?
Inspekt is an input filtering and validation library for PHP4 and PHP5.
The main principles behind Inspekt are:
- Accessing user input via the PHP superglobals is inherently dangerous, because the "default" action is to retrieve raw, potentially dangerous data
- Piecemeal, "inline" filtering/validation done at various places in an application's source code is too error-prone to be effective
- The purpose of a library or framework is to make a programmer's job easier. Verbose and/or complex solutions should be avoided unless they are the only solution
An example of what Inspekt looks like in Hotaru CMS:
$username = $h->cage->get->testUsername('user');
Features of Inspekt
- 'Cage' objects that encapsulate input and require the coder to use the provided filtering and validation methods to access input data
- Automatic application of filtering as defined in a configuration file
- A library of static filtering and validation methods
- A simple, clear API
- No external dependencies
Using Inspekt with Hotaru
Because superglobal arrays such as $_GET and $_POST are "destroyed", you won't be able to use them in your plugin. Instead, you will need to use the Inspekt object.
In addition to the default testers and filters quoted below, here are some custom Hotaru methods which can be found in libs/InspektExtras.php:
- testAlnumLines($key) - chars, digits, underscores and dashes.
- testPage($key) - chars, digits, forward slashes, underscores and dashes.
- testUsername($key) - chars, digits, underscores and dashes, and is 4-32 characters long.
- testPassword($key) - chars, digits, underscores and dashes, @, *, # and is 8-60 characters long.
- getFriendlyUrl($key) - converts a post title into a friendly url, e.g. this-is-a-friendly-url
- getHtmLawed($key) - Uses htmLawed to clean HTML and remove any malicious code, i.e. XSS.
- sanitizeAll($key) - convert to HTML entities and strip tags
- sanitizeTags($key) - strip tags
- sanitizeEnts($key) - convert to HTML entities
Note: Those last three sanitize functions also strip slashes if Magic Quotes are enabled. Hotaru adds slashes in all database queries using a special prepare() function in ezSQL.
Standard Inspect Filters and Testers
- Filters - Filter methods remove data from the value of the given key and return what remains. If the key does not exist, they return FALSE
- getAlnum (mixed $key)
- getAlpha (mixed $key)
- getDigits (mixed $key)
- getDir (mixed $key)
- getInt (mixed $key)
- getPath (mixed $key)
- getRaw (string $key)
- noPath (mixed $key)
- noTags (mixed $key)
- Testers - Tester methods return the value of the given key on pass, and FALSE on fail or if key fails
- testAlnum (mixed $key)
- testAlpha (mixed $key)
- testBetween (mixed $key, mixed $min, mixed $max, [boolean $inc = TRUE])
- testCcnum (mixed $key, [mixed $type = NULL])
- testDate (mixed $key)
- testDigits (mixed $key)
- testEmail (mixed $key)
- testFloat (mixed $key)
- testGreaterThan (mixed $key, [mixed $min = NULL])
- testHex (mixed $key)
- testHostname (mixed $key, [integer $allow = ISPK_HOST_ALLOW_ALL])
- testInt (mixed $key)
- testIp (mixed $key)
- testLessThan (mixed $key, [mixed $max = NULL])
- testOneOf (mixed $key, [ $allowed = NULL])
- testPhone (mixed $key, [ $country = 'US'])
- testRegex (mixed $key, [mixed $pattern = NULL])
- testUri (unknown_type $key)
- testZip (mixed $key)
External Information Sources about Inspekt: