Static Public Member Functions
static	cleanArgv ($name, $type='text')
static	cleanGetVar ($name, $type='text')
static	cleanPostVar ($name, $type='text')
static	sanitizeOutput ($output)
static	sanitizePath ($path)
static	sanitizePID ($pid)
static	sanitizePort ($port)
static	sanitizeServiceName ($serviceName)

Detailed Description

Input cleaning and sanitization utilities.

Provides safe access to command-line arguments, GET, and POST variables, plus sanitizers for PIDs, ports, service names, file paths, and HTML output.

Usage:

$action = UtilInput::cleanArgv(1);
$page   = UtilInput::cleanGetVar('p');
$pid    = UtilInput::sanitizePID($rawPid);

Definition at line 24 of file class.util.input.php.

Member Function Documentation

◆ cleanArgv()

cleanArgv	(		$name,
			$type = 'text' )

static

Cleans and returns a specific command line argument based on the type specified.

Parameters

string	$name	The index of the argument in the $_SERVER['argv'] array.
string	$type	The type of the argument to return: 'text', 'numeric', 'boolean', or 'array'.

Returns: mixed Returns the cleaned argument based on the type or false if the argument is not set.

Definition at line 34 of file class.util.input.php.

    {
        if (isset($_SERVER['argv'])) {
            if ($type == 'text') {
                return (isset($_SERVER['argv'][$name]) && !empty($_SERVER['argv'][$name])) ? trim($_SERVER['argv'][$name]) : '';
            } elseif ($type == 'numeric') {
                return (isset($_SERVER['argv'][$name]) && is_numeric($_SERVER['argv'][$name])) ? intval($_SERVER['argv'][$name]) : '';
            } elseif ($type == 'boolean') {
                return (isset($_SERVER['argv'][$name])) ? true : false;
            } elseif ($type == 'array') {
                return (isset($_SERVER['argv'][$name]) && is_array($_SERVER['argv'][$name])) ? $_SERVER['argv'][$name] : array();
            }
        }
 
        return false;
    }

Referenced by Action\process().

◆ cleanGetVar()

cleanGetVar	(		$name,
			$type = 'text' )

static

Cleans and returns a specific $_GET variable based on the type specified.

Parameters

string	$name	The name of the $_GET variable.
string	$type	The type of the variable to return: 'text', 'numeric', 'boolean', or 'array'.

Returns: mixed Returns the cleaned $_GET variable based on the type or false if the variable is not set.

Definition at line 59 of file class.util.input.php.

    {
        if (is_string($name)) {
            if ($type == 'text') {
                $value = (isset($_GET[$name]) && $_GET[$name] !== '') ? (string)$_GET[$name] : '';
                $value = str_replace("\0", '', $value);
                $value = preg_replace('/[\x00-\x1F\x7F]/u', '', $value);
                $value = trim($value);
                return filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            } elseif ($type == 'numeric') {
                return (isset($_GET[$name]) && is_numeric($_GET[$name])) ? intval($_GET[$name]) : '';
            } elseif ($type == 'boolean') {
                return (isset($_GET[$name])) ? true : false;
            } elseif ($type == 'array') {
                return (isset($_GET[$name]) && is_array($_GET[$name])) ? $_GET[$name] : array();
            }
        }
 
        return false;
    }

Referenced by Homepage\__construct().

◆ cleanPostVar()

cleanPostVar	(		$name,
			$type = 'text' )

static

Cleans and returns a specific $_POST variable based on the type specified.

Parameters

string	$name	The name of the $_POST variable.
string	$type	The type of the variable to return: 'text', 'number', 'float', 'boolean', 'array', or 'content'.

Returns: mixed Returns the cleaned $_POST variable based on the type or false if the variable is not set.

Definition at line 88 of file class.util.input.php.

    {
        if (is_string($name)) {
            if ($type == 'text') {
                $value = (isset($_POST[$name]) && $_POST[$name] !== '') ? (string)$_POST[$name] : '';
                $value = str_replace("\0", '', $value);
                $value = preg_replace('/[\x00-\x1F\x7F]/u', '', $value);
                $value = trim($value);
                return filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            } elseif ($type == 'number') {
                return (isset($_POST[$name]) && is_numeric($_POST[$name])) ? intval($_POST[$name]) : '';
            } elseif ($type == 'float') {
                return (isset($_POST[$name]) && is_numeric($_POST[$name])) ? floatval($_POST[$name]) : '';
            } elseif ($type == 'boolean') {
                return (isset($_POST[$name])) ? true : false;
            } elseif ($type == 'array') {
                return (isset($_POST[$name]) && is_array($_POST[$name])) ? $_POST[$name] : array();
            } elseif ($type == 'content') {
                return (isset($_POST[$name]) && !empty($_POST[$name])) ? trim($_POST[$name]) : '';
            }
        }
 
        return false;
    }

◆ sanitizeOutput()

sanitizeOutput ( $output )

static

Sanitizes output for display to prevent XSS attacks. Escapes HTML special characters.

Parameters

string $output The output to sanitize.

Returns: string Returns the sanitized output safe for HTML display.

Definition at line 235 of file class.util.input.php.

    {
        if (!is_string($output)) {
            return '';
        }
 
        $output = str_replace("\0", '', $output);
 
        return htmlspecialchars($output, ENT_QUOTES | ENT_HTML5, 'UTF-8');
    }

◆ sanitizePath()

sanitizePath ( $path )

static

Sanitizes a file path by removing null bytes and checking for path traversal attempts. This is a basic sanitization — paths should still be validated before use.

Parameters

string $path The path to sanitize.

Returns: string|false Returns the sanitized path, or false if dangerous patterns detected.

Definition at line 205 of file class.util.input.php.

    {
        if (!is_string($path) || empty($path)) {
            return false;
        }
 
        $sanitized = str_replace("\0", '', $path);
 
        // Check for path traversal attempts (but allow environment variables)
        $pathWithoutEnvVars = preg_replace('/%[^%]+%/', '', $sanitized);
        if (strpos($pathWithoutEnvVars, '..') !== false) {
            Log::warning('Path traversal attempt detected: ' . $path);
            return false;
        }
 
        // Remove dangerous characters — preserve : for drive letters and ; for PATH
        // Also strip common cmd.exe metacharacters to reduce command-injection risk when paths are interpolated.
        $sanitized = preg_replace('/[<>"|?*&^`\x00-\x1F]/', '', $sanitized);
 
        return $sanitized;
    }

References Log\warning().

◆ sanitizePID()

sanitizePID ( $pid )

static

Sanitizes a process ID (PID) by removing all non-numeric characters. This prevents command injection through PID parameters.

Parameters

mixed $pid The PID to sanitize.

Returns: int|false Returns the sanitized PID as integer, or false if invalid.

Definition at line 121 of file class.util.input.php.

    {
        $sanitized = preg_replace('/[^0-9]/', '', (string)$pid);
 
        if (empty($sanitized)) {
            Log::warning('Invalid PID provided: ' . var_export($pid, true));
            return false;
        }
 
        $pidInt = (int)$sanitized;
 
        if ($pidInt <= 0 || $pidInt > 2147483647) {
            Log::warning('PID out of valid range: ' . $pidInt);
            return false;
        }
 
        return $pidInt;
    }

References Log\warning().

Referenced by Batch\findExeByPid().

◆ sanitizePort()

sanitizePort ( $port )

static

Sanitizes a port number by ensuring it's a valid integer in the correct range. This prevents command injection through port parameters.

Parameters

mixed $port The port to sanitize.

Returns: int|false Returns the sanitized port as integer, or false if invalid.

Definition at line 148 of file class.util.input.php.

    {
        $portStr = trim((string)$port);
 
        if ($portStr === '' || !preg_match('/^\d+$/', $portStr)) {
            Log::warning('Invalid port provided: ' . var_export($port, true));
            return false;
        }
 
        $portInt = (int)$portStr;
 
        if ($portInt < 1 || $portInt > 65535) {
            Log::warning('Port out of valid range: ' . $portInt);
            return false;
        }
 
        return $portInt;
    }

References $port, and Log\warning().

Referenced by Batch\getProcessUsingPort().

◆ sanitizeServiceName()

sanitizeServiceName ( $serviceName )

static

Sanitizes a service name by removing dangerous characters. Allows only alphanumeric characters, underscores, and hyphens.

Parameters

string $serviceName The service name to sanitize.

Returns: string|false Returns the sanitized service name, or false if invalid.

Definition at line 175 of file class.util.input.php.

    {
        if (!is_string($serviceName) || empty($serviceName)) {
            Log::warning('Invalid service name: not a string or empty');
            return false;
        }
 
        $sanitized = preg_replace('/[^a-zA-Z0-9_-]/', '', $serviceName);
 
        if (empty($sanitized)) {
            Log::warning('Service name became empty after sanitization: ' . $serviceName);
            return false;
        }
 
        // Limit length to 256 characters (Windows service name limit)
        if (strlen($sanitized) > 256) {
            $sanitized = substr($sanitized, 0, 256);
        }
 
        return $sanitized;
    }

References Log\warning().

Referenced by Batch\setServiceDescription(), Batch\setServiceDisplayName(), and Batch\setServiceStartType().

The documentation for this class was generated from the following file:

E:/Bearsampp-development/sandbox/core/classes/class.util.input.php

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ cleanArgv()

◆ cleanGetVar()

◆ cleanPostVar()

◆ sanitizeOutput()

◆ sanitizePath()

◆ sanitizePID()

◆ sanitizePort()

◆ sanitizeServiceName()