NathanGibbs3 / BASE / 627

pending completion

Build # 627

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'documentation' into devel

Run Details

1766 of 6437 relevant lines covered (27.44%)

105.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.67

/includes/base_state_common.inc.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: routines to manipulate shared state (session information)
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/
// Ensure the conf file has been loaded. Prevent direct access to this file.
defined('_BASE_INC') or die('Accessing this file directly is not allowed.');

// Function: InitArray()
// @doc Defines and initializes a 1 or 2 dimensional array.
//
// @param $a      (in/out) array to initialize
// @param $dim1   number of elements of first dimension
// @param $dim2   number of elements of second dimension
// @param $value  default value
// @return True if array initialized, false if not initialized.
function InitArray(&$a, $dim1 = 1, $dim2 = 0, $value = NULL ){
        if ( !is_int($dim1) || !is_int($dim2) ){
                return false;
        }else{
                $a = array();
                // Are we 2 dimensional?
                if ( $dim2 == 0 ){ // No 1-dim
                        for ( $i = 0; $i < $dim1; $i++ ){
                                $a[$i] = $value;
                        }
                }else{ // Yes 2-dim
                        for ( $i = 0; $i < $dim1; $i++ ){
                                for ( $j = 0; $j < $dim2; $j++ ){
                                        $a[$i][$j] = $value;
                                }
                        }
                }
                return true;
        }
}

// Function: CleanVariable()
// @doc Removes invalid characters/data from a variable based on a specified
//      mask of acceptable data or a list of explicit values.
//      Note: Both mask and explicit list can be used a a time.
//
// @param $item        variable to scrub
// @param $valid_data  mask of valid characters
// @param $exception   array with explicit values to match
// @return a sanitized version of the passed variable.
function CleanVariable( $item, $valid_data = '', $exception = '' ){
        GLOBAL $debug_mode;
        if ( !isset($item) ){ // Is variable set?
                return $item;
        }else{
                // If Array, recursively clean array elements. -- nikns
                if (is_array($item)) {
                        foreach ($item as $key => $value){
                                $item[$key] = CleanVariable($value, $valid_data, $exception);
                        }
                        return $item;
                }else{
                        if ( $exception != '' ){
                                // Is variable value in the exception list?
                                if ( in_array($item, $exception) ){ // Exception Hit
                                        return $item;
                                }
                                if ( $valid_data == '' ){ // Exception Miss
                                        return ''; // No Valid Data.
                                }
                        }
                        if ( $valid_data == '' ){
                                return $item;
                        }else{
                                $regex_mask = '';
                                if ( is_numeric($valid_data) ){ // Issue #157
                                        if ( ($valid_data & VAR_DIGIT) > 0 ){
                                                $regex_mask .= "0-9";
                                        }
                                        if ( ($valid_data & VAR_LETTER) > 0 ){
                                                $regex_mask .= "A-Za-z";
                                        }
                                        if ( ($valid_data & VAR_ULETTER) > 0 ){
                                                $regex_mask .= "A-Z";
                                        }
                                        if ( ($valid_data & VAR_LLETTER) > 0 ){
                                                $regex_mask .= "a-z";
                                        }
                                        if ( ($valid_data & VAR_ALPHA) > 0 ){
                                                $regex_mask .= "0-9A-Za-z";
                                        }
                                        if ( ($valid_data & VAR_SPACE) > 0 ){
                                                $regex_mask .= "\ ";
                                        }
                                        if ( ($valid_data & VAR_PERIOD) > 0 ){
                                                $regex_mask .= "\.";
                                        }
                                        if ( ($valid_data & VAR_FSLASH) > 0 ){
                                                $regex_mask .= "\/";
                                        }
                                        if ( ($valid_data & VAR_OPAREN) > 0 ){
                                                $regex_mask .= "\(";
                                        }
                                        if ( ($valid_data & VAR_CPAREN) > 0 ){
                                                $regex_mask .= "\)";
                                        }
                                        if ( ($valid_data & VAR_BOOLEAN) > 0 ){
                                                $regex_mask .= "=|&|\||!";
                                        }
                                        if ( ($valid_data & VAR_OPERATOR) > 0 ){
                                                $regex_mask .= "\+|\*|\/|=|>|<|&|\||%|!|\^|\(|\)|\-";
                                        }
                                        if ( ($valid_data & VAR_USCORE) > 0 ){
                                                $regex_mask .= "\_";
                                        }
                                        if ( ($valid_data & VAR_AT) > 0 ){
                                                $regex_mask .= "\@";
                                        }
                                        if ( ($valid_data & VAR_COLON) > 0 ){
                                                $regex_mask .= "\:";
                                        }
                                        if ( ($valid_data & VAR_BRACKETS) > 0 ){
                                                $regex_mask .= "\[\]";
                                        }
                                        // Score (\-) always must be at the end of the RE mask.
                                        if ( ($valid_data & VAR_PUNC) > 0 ){
                                                $regex_mask .= "\~\!\#\$\%\^\&\*\_\=\+\:\;\,\.\?\ \(\))\-";
                                        }
                                        if ( ($valid_data & VAR_SCORE) > 0 ){
                                                $regex_mask .= "\-";
                                        }
                                }
                                if( $regex_mask != '' ){
                                        return preg_replace("/[^".$regex_mask."]/", '', $item);
                                }else{
                                        if ( $debug_mode > 0 ){
                                                ErrorMessage(
                                                        __FUNCTION__ .'(): Invalid Mask', '', 1
                                                );
                                        }
                                        return $item;
                                }
                        }
                }
        }
}

// Function: SetSessionVar()
// @doc Handles retrieving and updating persistant session (criteria) data.
// This routine handles the details of checking for criteria updates passed
// through POST/GET and resolving this with values that may already have been
// set and stored in the session.
// All criteria variables need invoke this function before they are used for
// the first time to extract their previously stored values, and process
// potential updates to their value.
// Note: Validation of user input is not performed by this routine.
//
// @param $var_name name of the persistant session variable to retrieve
// @return the updated value of the persistant session variable named by
// $var_name
//
function SetSessionVar($var_name){
        GLOBAL $BCR, $debug_mode;
        $UIM = 'Web'; // Default UI Mode.
        if ( isset($BCR) && is_object($BCR) ){
                $UIM = $BCR->GetCap('UIMode');
        }
        if ( isset($_POST[$var_name]) ){
                $msg = 'POST';
                $Ret = $_POST[$var_name];
        }else if ( isset($_GET[$var_name]) ){
                $msg = 'GET';
                $Ret = $_GET[$var_name];
        }elseif ( isset($_SESSION[$var_name]) ){
                $msg = 'SESSION';
                $Ret = $_SESSION[$var_name];
        }else{
                $msg = '';
                // This return value is a contributing factor to Issue(s) #5, #10, #54
                // & #55.
                // Leaving it at the moment, so as not to break things.
                $Ret = '';
        }
        if ( $debug_mode > 0 && $UIM == 'Web' && $msg != '' ){
                $EMPfx = __FUNCTION__ . "(): ";
                ErrorMessage(
                        $EMPfx . "Importing $msg var '$var_name'", 'black', 1
                );
                if ( !is_array($Ret) ){ // Vars can contain arrays.
                        ErrorMessage(
                                $EMPfx . XSSPrintSafe("$var_name: $Ret"), 'black', 1
                        );
                }
        }
        return $Ret;
}

/* ***********************************************************************
 * Function: ImportHTTPVar()
 *
 * @doc Handles retrieving temporary state variables needed to present a 
 *      given set of results (e.g., sort order, current record).  The
 *      values of these variables are never persistantly stored.  Rather,
 *      they are passed as HTTP POST and GET parameters.
 *
 *      All temporary variables need invoke this function before they are 
 *      used for the first time to extract their value.
 *
 *      Optionally, sanitization parameters can be set, ala CleanVariable()
 *      syntax to validate the user input.
 *     
 * @param $var_name     name of the temporary state variable to retrieve
 * @param $valid_data   (optional) list of valid character types 
 *                                 (see CleanVariable)
 * @param $exception    (optional) array of explicit values the imported
 *                      variable must be set to
 * 
 * @see CleanVariable
 *
 * @return the sanitized value of the temporary state variable named
 *         by $var_name
 *
 ************************************************************************/
function ImportHTTPVar( $var_name, $valid_data = '', $exception = '' ){
        GLOBAL $BCR, $debug_mode;
        $UIM = 'Web'; // Default UI Mode.
        if ( isset($BCR) && is_object($BCR) ){
                $UIM = $BCR->GetCap('UIMode');
        }
        $msg = '';
        $Ret = '';
        if ( isset($_POST[$var_name]) ){
                $msg = 'POST';
                $Ret = $_POST[$var_name];
        }elseif ( isset($_GET[$var_name]) ){
                $msg = 'GET';
                $Ret = $_GET[$var_name];
        }
        if ( $debug_mode > 0 && $UIM == 'Web' && $msg != '' ){
                $EMPfx = __FUNCTION__ . "(): ";
                ErrorMessage(
                        $EMPfx . "Importing $msg var '$var_name'", 'black', 1
                );
                if ( !is_array($Ret) ){ // Vars can contain arrays.
                        ErrorMessage(
                                $EMPfx . XSSPrintSafe("$var_name: $Ret"),  'black', 1
                        );
                }
        }
        $Ret = CleanVariable($Ret, $valid_data, $exception);
        return $Ret;
}

// Function: ExportHTTPVar()
// @doc Handles export of a temporary state variables needed to present a
//      given set of results (e.g., sort order, current record). This routine
//      creates a hidden HTML form variable.
//      Note: User is responsible for generating appropriate HTML form code.
//      Note: Sanitization of input is not performed by this routine.
//      Security Note: Only, temporary variables should make use of this
//                     function. These values are exposed in HTML to the user;
//                     who is free to modify them.
// @param $var_name    Name of the temporary state variable to export
// @param $var_value   Value of the temporary state variable
// @param $tab         Tab stops in output.
// @see ImportHTTPVar
// Returns true if var is exported, false otherwise.
function ExportHTTPVar ( $var_name = '', $var_value = '', $tab = 3 ){
        $Ret = false;
        if ( LoadedString( $var_name ) == true ){ // Input Validation
                if ( !is_int($tab) ){
                        $tab = 3;
                }
                print returnExportHTTPVar ( $var_name, $var_value, $tab );
                $Ret = true;
        }
        return $Ret;
}

// Function: filterSql()
// @doc Filters the input string so that it can be safely used in SQL queries.
// @param $item            value of the variable to filter
// @param $force_alert_db  (default 0 - use current db)
// @return a sanitized version of the passed variable.
function filterSql ( $item, $force_alert_db=0, $db = ''){
        GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,
        $alert_host, $alert_port, $alert_user, $alert_password;
        if ( !isset($item) ){ // Unset Value.
                return $item;
        }else{
                if ( is_array($item) ){ // Array.
                        // Recursively convert array elements.
                        // Works with both Keyed & NonKeyed arrays.
                        foreach ($item as $key => $value) {
                                $item[$key] = filterSql( $value, $force_alert_db );
                        }
                        return $item;
                }else{
                        $Dbcf = 0; // DB Object creation Flag.
                        if( is_object($db) && get_class($db) == 'baseCon' ){
                                $tdb = $db; // DB Onject passed.
                        }else{
                                $tdb = NewBASEDBConnection($DBlib_path, $DBtype);
                                $Dbcf = 1; // DB Onject created.
                                $tdb->baseDBConnect(
                                        $db_connect_method, $alert_dbname, $alert_host, $alert_port,
                                        $alert_user, $alert_password, $force_alert_db
                                );
                        }
                        $PHPVer = GetPHPSV();
                        if( $PHPVer[0] > 5 || ($PHPVer[0] == 5 && $PHPVer[1] > 3) ){
                                $Qh = 0;
                        }else{ // Figure out quote handling on PHP < 5.4.
                                $Qh = get_magic_quotes_runtime();
                        }
                        $item = $tdb->DB->qstr($item,$Qh);
                        if( $Dbcf == 1 ){ // Close it, only if we created it.
                                $tdb->baseClose();
                        }
                        // Cut off first and last character, (quotes added by qstr()).
                        $item = substr($item, 1, strlen($item)-2);
                        return $item;
                }
        }
}

?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: routines to manipulate shared state (session information)
14	********************************************************************************
15	** Authors:
16	********************************************************************************
17	** Kevin Johnson <kjohnson@secureideas.net
18	**
19	********************************************************************************
20	*/
21	// Ensure the conf file has been loaded. Prevent direct access to this file.
22	defined('_BASE_INC') or die('Accessing this file directly is not allowed.');
23
24	// Function: InitArray()
25	// @doc Defines and initializes a 1 or 2 dimensional array.
26	//
27	// @param $a (in/out) array to initialize
28	// @param $dim1 number of elements of first dimension
29	// @param $dim2 number of elements of second dimension
30	// @param $value default value
31	// @return True if array initialized, false if not initialized.
32	function InitArray(&$a, $dim1 = 1, $dim2 = 0, $value = NULL ){
33	if ( !is_int($dim1) \|\| !is_int($dim2) ){	286✔
34	return false;	66✔
35	}else{
36	$a = array();	220✔
37	// Are we 2 dimensional?
38	if ( $dim2 == 0 ){ // No 1-dim	220✔
39	for ( $i = 0; $i < $dim1; $i++ ){	176✔
40	$a[$i] = $value;	176✔
41	}	64✔
42	}else{ // Yes 2-dim	64✔
43	for ( $i = 0; $i < $dim1; $i++ ){	44✔
44	for ( $j = 0; $j < $dim2; $j++ ){	44✔
45	$a[$i][$j] = $value;	44✔
46	}	16✔
47	}	16✔
48	}
49	return true;	220✔
50	}
51	}
52
53	// Function: CleanVariable()
54	// @doc Removes invalid characters/data from a variable based on a specified
55	// mask of acceptable data or a list of explicit values.
56	// Note: Both mask and explicit list can be used a a time.
57	//
58	// @param $item variable to scrub
59	// @param $valid_data mask of valid characters
60	// @param $exception array with explicit values to match
61	// @return a sanitized version of the passed variable.
62	function CleanVariable( $item, $valid_data = '', $exception = '' ){
63	GLOBAL $debug_mode;	524✔
64	if ( !isset($item) ){ // Is variable set?	722✔
65	return $item;	22✔
66	}else{
67	// If Array, recursively clean array elements. -- nikns
68	if (is_array($item)) {	700✔
69	foreach ($item as $key => $value){	22✔
70	$item[$key] = CleanVariable($value, $valid_data, $exception);	22✔
71	}	8✔
72	return $item;	22✔
73	}else{
74	if ( $exception != '' ){	700✔
75	// Is variable value in the exception list?
76	if ( in_array($item, $exception) ){ // Exception Hit	88✔
77	return $item;	44✔
78	}
79	if ( $valid_data == '' ){ // Exception Miss	44✔
80	return ''; // No Valid Data.	22✔
81	}
82	}	8✔
83	if ( $valid_data == '' ){	634✔
84	return $item;	44✔
85	}else{
86	$regex_mask = '';	590✔
87	if ( is_numeric($valid_data) ){ // Issue #157	590✔
88	if ( ($valid_data & VAR_DIGIT) > 0 ){	568✔
89	$regex_mask .= "0-9";	84✔
90	}	28✔
91	if ( ($valid_data & VAR_LETTER) > 0 ){	568✔
92	$regex_mask .= "A-Za-z";	84✔
93	}	28✔
94	if ( ($valid_data & VAR_ULETTER) > 0 ){	568✔
95	$regex_mask .= "A-Z";	22✔
96	}	8✔
97	if ( ($valid_data & VAR_LLETTER) > 0 ){	568✔
98	$regex_mask .= "a-z";	22✔
99	}	8✔
100	if ( ($valid_data & VAR_ALPHA) > 0 ){	568✔
101	$regex_mask .= "0-9A-Za-z";	110✔
102	}	40✔
103	if ( ($valid_data & VAR_SPACE) > 0 ){	568✔
104	$regex_mask .= "\ ";	22✔
105	}	8✔
106	if ( ($valid_data & VAR_PERIOD) > 0 ){	568✔
107	$regex_mask .= "\.";	150✔
108	}	52✔
109	if ( ($valid_data & VAR_FSLASH) > 0 ){	568✔
110	$regex_mask .= "\/";	62✔
111	}	20✔
112	if ( ($valid_data & VAR_OPAREN) > 0 ){	568✔
113	$regex_mask .= "\(";	22✔
114	}	8✔
115	if ( ($valid_data & VAR_CPAREN) > 0 ){	568✔
116	$regex_mask .= "\)";	22✔
117	}	8✔
118	if ( ($valid_data & VAR_BOOLEAN) > 0 ){	568✔
119	$regex_mask .= "=\|&\|\\|\|!";	22✔
120	}	8✔
121	if ( ($valid_data & VAR_OPERATOR) > 0 ){	568✔
122	$regex_mask .= "\+\|\*\|\/\|=\|>\|<\|&\|\\|\|%\|!\|\^\|\(\|\)\|\-";	22✔
123	}	8✔
124	if ( ($valid_data & VAR_USCORE) > 0 ){	568✔
125	$regex_mask .= "\_";	110✔
126	}	40✔
127	if ( ($valid_data & VAR_AT) > 0 ){	568✔
128	$regex_mask .= "\@";	22✔
129	}	8✔
130	if ( ($valid_data & VAR_COLON) > 0 ){	568✔
131	$regex_mask .= "\:";	110✔
132	}	40✔
133	if ( ($valid_data & VAR_BRACKETS) > 0 ){	568✔
134	$regex_mask .= "\[\]";	110✔
135	}	40✔
136	// Score (\-) always must be at the end of the RE mask.
137	if ( ($valid_data & VAR_PUNC) > 0 ){	568✔
138	$regex_mask .= "\~\!\#\$\%\^\&\*\_\=\+\:\;\,\.\?\ \(\))\-";	62✔
139	}	20✔
140	if ( ($valid_data & VAR_SCORE) > 0 ){	568✔
141	$regex_mask .= "\-";	110✔
142	}	40✔
143	}	204✔
144	if( $regex_mask != '' ){	590✔
145	return preg_replace("/[^".$regex_mask."]/", '', $item);	568✔
146	}else{
147	if ( $debug_mode > 0 ){	22✔
148	ErrorMessage(	22✔
149	__FUNCTION__ .'(): Invalid Mask', '', 1	22✔
150	);	8✔
151	}	8✔
152	return $item;	22✔
153	}
154	}
155	}
156	}
157	}
158
159	// Function: SetSessionVar()
160	// @doc Handles retrieving and updating persistant session (criteria) data.
161	// This routine handles the details of checking for criteria updates passed
162	// through POST/GET and resolving this with values that may already have been
163	// set and stored in the session.
164	// All criteria variables need invoke this function before they are used for
165	// the first time to extract their previously stored values, and process
166	// potential updates to their value.
167	// Note: Validation of user input is not performed by this routine.
168	//
169	// @param $var_name name of the persistant session variable to retrieve
170	// @return the updated value of the persistant session variable named by
171	// $var_name
172	//
173	function SetSessionVar($var_name){
174	GLOBAL $BCR, $debug_mode;	64✔
175	$UIM = 'Web'; // Default UI Mode.	88✔
176	if ( isset($BCR) && is_object($BCR) ){	88✔
177	$UIM = $BCR->GetCap('UIMode');	×
178	}
179	if ( isset($_POST[$var_name]) ){	88✔
180	$msg = 'POST';	22✔
181	$Ret = $_POST[$var_name];	22✔
182	}else if ( isset($_GET[$var_name]) ){	74✔
183	$msg = 'GET';	22✔
184	$Ret = $_GET[$var_name];	22✔
185	}elseif ( isset($_SESSION[$var_name]) ){	52✔
186	$msg = 'SESSION';	22✔
187	$Ret = $_SESSION[$var_name];	22✔
188	}else{	8✔
189	$msg = '';	22✔
190	// This return value is a contributing factor to Issue(s) #5, #10, #54
191	// & #55.
192	// Leaving it at the moment, so as not to break things.
193	$Ret = '';	22✔
194	}
195	if ( $debug_mode > 0 && $UIM == 'Web' && $msg != '' ){	88✔
196	$EMPfx = __FUNCTION__ . "(): ";	66✔
197	ErrorMessage(	66✔
198	$EMPfx . "Importing $msg var '$var_name'", 'black', 1	66✔
199	);	24✔
200	if ( !is_array($Ret) ){ // Vars can contain arrays.	66✔
201	ErrorMessage(	66✔
202	$EMPfx . XSSPrintSafe("$var_name: $Ret"), 'black', 1	66✔
203	);	24✔
204	}	24✔
205	}	24✔
206	return $Ret;	88✔
207	}
208
209	/* ***********************************************************************
210	* Function: ImportHTTPVar()
211	*
212	* @doc Handles retrieving temporary state variables needed to present a
213	* given set of results (e.g., sort order, current record). The
214	* values of these variables are never persistantly stored. Rather,
215	* they are passed as HTTP POST and GET parameters.
216	*
217	* All temporary variables need invoke this function before they are
218	* used for the first time to extract their value.
219	*
220	* Optionally, sanitization parameters can be set, ala CleanVariable()
221	* syntax to validate the user input.
222	*
223	* @param $var_name name of the temporary state variable to retrieve
224	* @param $valid_data (optional) list of valid character types
225	* (see CleanVariable)
226	* @param $exception (optional) array of explicit values the imported
227	* variable must be set to
228	*
229	* @see CleanVariable
230	*
231	* @return the sanitized value of the temporary state variable named
232	* by $var_name
233	*
234	************************************************************************/
235	function ImportHTTPVar( $var_name, $valid_data = '', $exception = '' ){
236	GLOBAL $BCR, $debug_mode;
237	$UIM = 'Web'; // Default UI Mode.	×
238	if ( isset($BCR) && is_object($BCR) ){	×
239	$UIM = $BCR->GetCap('UIMode');	×
240	}
241	$msg = '';	×
242	$Ret = '';	×
243	if ( isset($_POST[$var_name]) ){	×
244	$msg = 'POST';	×
245	$Ret = $_POST[$var_name];	×
246	}elseif ( isset($_GET[$var_name]) ){	×
247	$msg = 'GET';	×
248	$Ret = $_GET[$var_name];	×
249	}
250	if ( $debug_mode > 0 && $UIM == 'Web' && $msg != '' ){	×
251	$EMPfx = __FUNCTION__ . "(): ";	×
252	ErrorMessage(	×
253	$EMPfx . "Importing $msg var '$var_name'", 'black', 1	×
254	);
255	if ( !is_array($Ret) ){ // Vars can contain arrays.	×
256	ErrorMessage(	×
257	$EMPfx . XSSPrintSafe("$var_name: $Ret"), 'black', 1	×
258	);
259	}
260	}
261	$Ret = CleanVariable($Ret, $valid_data, $exception);	×
262	return $Ret;	×
263	}
264
265	// Function: ExportHTTPVar()
266	// @doc Handles export of a temporary state variables needed to present a
267	// given set of results (e.g., sort order, current record). This routine
268	// creates a hidden HTML form variable.
269	// Note: User is responsible for generating appropriate HTML form code.
270	// Note: Sanitization of input is not performed by this routine.
271	// Security Note: Only, temporary variables should make use of this
272	// function. These values are exposed in HTML to the user;
273	// who is free to modify them.
274	// @param $var_name Name of the temporary state variable to export
275	// @param $var_value Value of the temporary state variable
276	// @param $tab Tab stops in output.
277	// @see ImportHTTPVar
278	// Returns true if var is exported, false otherwise.
279	function ExportHTTPVar ( $var_name = '', $var_value = '', $tab = 3 ){
280	$Ret = false;	132✔
281	if ( LoadedString( $var_name ) == true ){ // Input Validation	132✔
282	if ( !is_int($tab) ){	88✔
283	$tab = 3;	22✔
284	}	8✔
285	print returnExportHTTPVar ( $var_name, $var_value, $tab );	88✔
286	$Ret = true;	88✔
287	}	32✔
288	return $Ret;	132✔
289	}
290
291	// Function: filterSql()
292	// @doc Filters the input string so that it can be safely used in SQL queries.
293	// @param $item value of the variable to filter
294	// @param $force_alert_db (default 0 - use current db)
295	// @return a sanitized version of the passed variable.
296	function filterSql ( $item, $force_alert_db=0, $db = ''){
297	GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,	156✔
298	$alert_host, $alert_port, $alert_user, $alert_password;	80✔
299	if ( !isset($item) ){ // Unset Value.	216✔
300	return $item;	22✔
301	}else{
302	if ( is_array($item) ){ // Array.	194✔
303	// Recursively convert array elements.
304	// Works with both Keyed & NonKeyed arrays.
305	foreach ($item as $key => $value) {	88✔
306	$item[$key] = filterSql( $value, $force_alert_db );	88✔
307	}	32✔
308	return $item;	88✔
309	}else{
310	$Dbcf = 0; // DB Object creation Flag.	194✔
311	if( is_object($db) && get_class($db) == 'baseCon' ){	194✔
312	$tdb = $db; // DB Onject passed.	40✔
313	}else{	12✔
314	$tdb = NewBASEDBConnection($DBlib_path, $DBtype);	154✔
315	$Dbcf = 1; // DB Onject created.	154✔
316	$tdb->baseDBConnect(	154✔
317	$db_connect_method, $alert_dbname, $alert_host, $alert_port,	112✔
318	$alert_user, $alert_password, $force_alert_db	98✔
319	);	56✔
320	}
321	$PHPVer = GetPHPSV();	194✔
322	if( $PHPVer[0] > 5 \|\| ($PHPVer[0] == 5 && $PHPVer[1] > 3) ){	194✔
323	$Qh = 0;	180✔
324	}else{ // Figure out quote handling on PHP < 5.4.	54✔
325	$Qh = get_magic_quotes_runtime();	14✔
326	}
327	$item = $tdb->DB->qstr($item,$Qh);	194✔
328	if( $Dbcf == 1 ){ // Close it, only if we created it.	194✔
329	$tdb->baseClose();	154✔
330	}	56✔
331	// Cut off first and last character, (quotes added by qstr()).
332	$item = substr($item, 1, strlen($item)-2);	194✔
333	return $item;	194✔
334	}
335	}
336	}
337
338	?>

NathanGibbs3 / BASE / 627

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous