Inputs - IDS Docs

InputProcessor¶

Initialisierung¶

Erzeuge neue Instanz bzw. speichere existierende in Variable

$inputProcessor = new InputProcessor($securityMonitor);

Aktiviere Custom Filters (base64, adresses etc)

$inputProcessor->activateBuiltinFilters();

Return ein Array mit den verfügbaren Filtern

$inputProcessor->getAvailableFilters();

Eingabeparameter validieren¶

skip_filter - Überspringe Filterung komplett

$whitelist = [
    'GET' => [
        'id' => 'SKIP_PROCESSING', // skip_filter
    ],
];

single_filter - Einfacher Filter

$inputProcessor = new InputProcessor($securityMonitor);
$whitelist = [
    'GET' => [
        'id' => FILTER_VALIDATE_INT, // single_filter
    ],
    'POST' => [
        'password' => FILTER_SANITIZE_STRING, // single_filter
    ],
];

$validatedInputs = $inputProcessor->validateInputs($whitelist, $_GET, $_POST);

flat_filter_array - Array mit Filter + Flags

$whitelist = [
    'POST' => [
        'username' => [FILTER_SANITIZE_STRING, STRIP_TAGS], // flat_filter_array
    ],
];

filter_flag_array - Array mit 'filter' und 'flags' Keys

$inputProcessor = new InputProcessor($securityMonitor);
$whitelist = [
    'POST' => [
        'username' => [ // filter_flag_array
            'filter' => FILTER_VALIDATE_INT,
            'flags' => FILTER_REQUIRE_ARRAY
        ],
    ],
];

$validatedInputs = $inputProcessor->validateInputs($whitelist, $_GET, $_POST);

filter_options_array - Array mit 'filter' und 'options' Keys

$inputProcessor = new InputProcessor($securityMonitor);
$whitelist = [
    'POST' => [
        'username' => [ // filter_options_array
            'filter' => IDS_FILTER_SANITIZE_NAME,
            'options' => [
                'max_length' => 50,
                'allow_numbers' => true
            ]
        ],
        'address' => [ // filter_options_array
            'filter' => IDS_FILTER_SANITIZE_ADDRESS,
            'options' => [
                'allow_special_chars' => ['-', '.', '/']
            ]
        ],
    ],
];

$validatedInputs = $inputProcessor->validateInputs($whitelist, $_GET, $_POST);

filter_flag_options_array - Array mit 'filter', 'flags' und 'options' Keys

$whitelist = [
    'POST' => [
        'data' => [ // filter_flag_options_array
            'filter' => IDS_FILTER_SANITIZE_B64,
            'flags' => 0,
            'options' => ['url_safe' => true]
        ],
    ],
];

associative_filter_array - Nested Array für komplexe Datenstrukturen

$inputProcessor = new InputProcessor($securityMonitor);
$_POST['artikelArray'] = [
            '123456',
            'not_an_int',
        ];

$whitelist = [
    'POST' => [
        'artikelArray' => [ // associative_filter_array (wenn Input Array ist)
            'filter' => FILTER_VALIDATE_INT,
        ],
    ],
];

$validatedInputs = $inputProcessor->validateInputs($whitelist, $_GET, $_POST);

numeric_filter_array - Array via Formdata from JS

$paramWhitelist = [
    'POST' => [
        'jahr' => [FILTER_UNSAFE_RAW],
    ]
];

$_POST['jahr'] = json_encode($_POST['jahr']);
$inputs = $security->validateInputs($paramWhitelist, $_GET, $_POST);
$inputs['POST']['jahr'] = json_decode($inputs['POST']['jahr'] ,true) ?? [];

IDS_FILTER_SANITIZE_B64 / IDS_FILTER_VALIDATE_B64 - max_length: Maximale Länge - url_safe: URL-sichere base64 zeichen (- und _ statt + und /) - normalize: base64 neu encodieren für konsistentes format

IDS_FILTER_SANITIZE_ADDRESS / IDS_FILTER_VALIDATE_ADDRESS
- max_length: Maximale Länge - min_length: Minimale Länge - allow_special_chars: Array mit erlaubten Sonderzeichen ['|', '-']

IDS_FILTER_SANITIZE_NAME / IDS_FILTER_VALIDATE_NAME - max_length: Maximale Länge - min_length: Minimale Länge - allow_numbers: Zahlen erlauben - allow_punctuation: Satzzeichen erlauben (@, #, $, %, &, *) - min_words: Minimale Wörteranzahl - allow_special_chars: Array mit erlaubten Sonderzeichen

//scart.php im ihle-sis
// Dynamische Post Parameters
for ($i = 0; $i < $_POST['anzds']; $i++) {
    $paramWhitelist['POST']["anz$i"] = [FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH];
    $paramWhitelist['POST']["sonder$i"] = [FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH];
    $paramWhitelist['POST']["id$i"] = [FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH];
}

// ajax_angebot im ihle-sis
    'POST' => [
        'func' => [FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH],
        'artikel' => [
            'posnr' => FILTER_SANITIZE_SPECIAL_CHARS,
            'ianr' => FILTER_SANITIZE_SPECIAL_CHARS,
            'prs' => FILTER_SANITIZE_SPECIAL_CHARS, 
            'vkprs' => FILTER_SANITIZE_NUMBER_FLOAT,
            'menge' => FILTER_SANITIZE_NUMBER_FLOAT,
            'artikel_herkunft' => FILTER_SANITIZE_SPECIAL_CHARS,
        ],
    ]

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search

InputProcessor¶

Initialisierung¶

Eingabeparameter validieren¶

Custom Filter Options¶