Cache

Check if a file path contains traversals (including encoded traversals) or null bytes.

Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.

In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.

URL-encode and escape a query string for use in a URL.

Trims, checks for UTF-8 compliance, rawurlencodes and then escapes with htmlspecialchars(). If you wish to use the data on a landing page you must decode it with htmlspecialchars_decode() followed by rawurldecode() in that order. But really, if you are using any characters that need to be encoded in the first place you should probably just stop.

Check that a string is comprised solely of alphanumeric characters.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphanumeric characters and underscores.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphabetical characters.

Tolerates vanilla ASCII only. Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check if the character encoding of text is UTF-8.

All strings received from external sources must be passed through this function, particularly prior to storage in the database.

Cast to string, check UTF-8 encoding and strip trailing whitespace and control characters.

Removes trailing whitespace and control characters (ASCII <= 32 / UTF-8 points 0-32 inclusive), checks for UTF-8 character set and casts input to a string. Note that the data returned by this function still requires escaping at the point of use; it is not database or XSS safe.

As the input is cast to a string do NOT apply this function to non-string types (int, float, bool, object, resource, null, array, etc).

Constructor.

Check if a cached page exists and has not expired, and displays it.

You should only pass in parameters that you were expecting and had explicitly whitelisted and have already validated. Gating the parameters in this way reduces the opportunity for exploitation.

If a cached page is not available controller script execution will simply proceed and the FrontController will request the page be written to cache, assuming that caching is enabled.

A call to check() should ALWAYS precede a call to save() in order to set the path variable.

Clear the private cache.

The entire cache will be cleared. This method is called if a single object is added, edited or destroyed to ensure that index pages and pagination controls stay up to date.

Save a copy of this page to the cache directory.

This function should be called after check() and before ob_end_flush(). Note that warnings are suppressed when trying to open the file. The query parameters are important to retrieve the precise representation of the page requested, since they change its state.

To disable the cache for a particular page load, pass in empty $params array.