Class Dwoo_Security_Policy

Description

represents the security settings of a dwoo instance, it can be passed around to different dwoo instances

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

This file is released under the LGPL "GNU Lesser General Public License" More information can be found here: http://www.gnu.org/copyleft/lesser.html

Located in /Dwoo/Security/Policy.php (line 22)


	
			
Class Constant Summary
Variable Summary
Method Summary
void allowDirectory (mixed $path)
void allowPhpFunction (mixed $func)
void disallowDirectory (mixed $path)
void disallowPhpFunction (mixed $func)
void setConstantHandling ([bool $level = self::CONST_DISALLOW])
void setPhpHandling ([int $level = self::PHP_REMOVE])
Variables
array $allowedDirectories = array() (line 64)

paths that are safe to use with include or other file-access plugins

  • access: protected
array $allowedPhpFunctions = array
(
'str_repeat', 'number_format', 'htmlentities', 'htmlspecialchars',
'long2ip', 'strlen', 'list', 'empty', 'count', 'sizeof', 'in_array', 'is_array',
)
(line 53)

php functions that are allowed to be used within the template

  • access: protected
bool $constHandling = self::CONST_DISALLOW (line 82)

stores the constant handling level

defaults to Dwoo_Security_Policy::CONST_DISALLOW

  • access: protected
int $phpHandling = self::PHP_REMOVE (line 73)

stores the php handling level

defaults to Dwoo_Security_Policy::PHP_REMOVE

  • access: protected
Methods
allowDirectory (line 128)

adds a directory to the safelist for includes and other file-access plugins

  • access: public
void allowDirectory (mixed $path)
  • mixed $path: a path name or an array of paths
allowPhpFunction (line 89)

adds a php function to the allowed list

  • access: public
void allowPhpFunction (mixed $func)
  • mixed $func: function name or array of function names
disallowDirectory (line 142)

removes a directory from the safelist

  • access: public
void disallowDirectory (mixed $path)
  • mixed $path: a path name or an array of paths
disallowPhpFunction (line 103)

removes a php function from the allowed list

  • access: public
void disallowPhpFunction (mixed $func)
  • mixed $func: function name or array of function names
getAllowedDirectories (line 157)

returns the list of safe paths, note that the paths are stored in the array keys and not values

  • access: public
array getAllowedDirectories ()
getAllowedPhpFunctions (line 118)

returns the list of php functions allowed to run, note that the function names are stored in the array keys and not values

  • access: public
array getAllowedPhpFunctions ()
getConstantHandling (line 197)

returns the constant handling level

  • return: the current level, one of the Dwoo_Security_Policy::CONST_* constants
  • access: public
bool getConstantHandling ()
getPhpHandling (line 177)

returns the php handling level

  • return: the current level, one of the Dwoo_Security_Policy::PHP_* constants
  • access: public
int getPhpHandling ()
setConstantHandling (line 187)

sets the constant handling level, defaults to CONST_DISALLOW

  • access: public
void setConstantHandling ([bool $level = self::CONST_DISALLOW])
  • bool $level: one of the Dwoo_Security_Policy::CONST_* constants
setPhpHandling (line 167)

sets the php handling level, defaults to REMOVE

  • access: public
void setPhpHandling ([int $level = self::PHP_REMOVE])
  • int $level: one of the Dwoo_Security_Policy::PHP_* constants
Class Constants
CONST_ALLOW = true (line 45)

constant handling constants, defaults to CONST_DISALLOW

CONST_DISALLOW : throw an error if {$dwoo.const.*} is used in the template CONST_ALLOW : allow {$dwoo.const.*} calls

CONST_DISALLOW = false (line 44)

constant handling constants, defaults to CONST_DISALLOW

CONST_DISALLOW : throw an error if {$dwoo.const.*} is used in the template CONST_ALLOW : allow {$dwoo.const.*} calls

PHP_ALLOW = 3 (line 35)

php handling constants, defaults to PHP_REMOVE

PHP_REMOVE : remove all <?php ?> (+ short tags if your short tags option is on) from the input template PHP_ALLOW : leave them as they are PHP_ENCODE : run htmlentities over them

PHP_ENCODE = 1 (line 33)

php handling constants, defaults to PHP_REMOVE

PHP_REMOVE : remove all <?php ?> (+ short tags if your short tags option is on) from the input template PHP_ALLOW : leave them as they are PHP_ENCODE : run htmlentities over them

PHP_REMOVE = 2 (line 34)

php handling constants, defaults to PHP_REMOVE

PHP_REMOVE : remove all <?php ?> (+ short tags if your short tags option is on) from the input template PHP_ALLOW : leave them as they are PHP_ENCODE : run htmlentities over them

Documentation generated on Sun, 03 Aug 2008 15:12:43 +0200 by phpDocumentor 1.4.0