class ContentEdit

Model for editing content objects.

Traits

Provides definition of permitted content object types.
Includes HTMLPurifier library. Use sparingly as it requires significant resources.
Provides a list of common (permitted) mimetypes for file uploads.
Taglink
Validates that a filename or path does NOT contain directory traversals in any form.
Provides methods for validating UTF-8 character encoding and string composition.

Methods

array
listTemplates()

Returns a list of template names used by specific content types.

array
listTypes()

Returns a whitelist of permitted content object types.

HtmlPurifier
getHtmlPurifier()

Return a configured instance of HTMLPurifier.

array
listAudioMimetypes()

Return a list of permitted audio mimetypes and extensions.

from Mimetypes
array
listImageMimetypes()

Return a list of permitted image mimetypes and extensions.

from Mimetypes
array
listVideoMimetypes()

Return a list of permitted video mimetypes and extensions.

from Mimetypes
array
listMimetypes()

Returns an array of mimetypes that are permitted for upload to the media directory.

from Mimetypes
bool
hasTraversalorNullByte(string $path)

Check if a file path contains traversals (including encoded traversals) or null bytes.

string
encodeEscapeUrl(string $url)

URL-encode and escape a query string for use in a URL.

bool
isAlnum(string $alnum)

Check that a string is comprised solely of alphanumeric characters.

bool
isAlnumUnderscore(string $alnumUnderscore)

Check that a string is comprised solely of alphanumeric characters and underscores.

bool
isAlpha(string $alpha)

Check that a string is comprised solely of alphabetical characters.

bool
isUtf8(string $text)

Check if the character encoding of text is UTF-8.

string
trimString(mixed $text)

Cast to string, check UTF-8 encoding and strip trailing whitespace and control characters.

__construct(Database $database, CriteriaFactory $criteriaFactory, Preference $preference, FileHandler $fileHandler, Cache $cache)

Constructor.

array
edit(int $id)

Edit content object.

bool
insert()

Insert a content object into the database.

bool
update()

Update a content object in the database.

array
collections()

Get all colllection-type content objects.

string
dateFormat()

Returns the date template as per the date() function of PHP.

string
defaultLanguage()

Returns the default language preference.

preference()

Return an instance of the Tuskfish site preferences.

string
siteAuthor()

Returns the site author preference.

array
tagSelectOptions()

Returns a list of options for the tag select box.

array
validateForm(array $form)

Validate submitted form data for content object.

Details

in ContentTypes at line 36
array listTemplates()

Returns a list of template names used by specific content types.

Return Value

array Array of type-template key values.

in ContentTypes at line 62
array listTypes()

Returns a whitelist of permitted content object types.

Use this whitelist when dynamically instantiating content objects. If you create additional types of content object (which must be descendants of the TfContentObject class) you must add them to the whitelist below. Otherwise their use will be denied in many parts of the Tuskfish system.

Return Value

array Array of whitelisted (permitted) content object types.

in HtmlPurifier at line 36
HtmlPurifier getHtmlPurifier()

Return a configured instance of HTMLPurifier.

Return Value

HtmlPurifier

in Mimetypes at line 36
array listAudioMimetypes()

Return a list of permitted audio mimetypes and extensions.

Return Value

array

in Mimetypes at line 51
array listImageMimetypes()

Return a list of permitted image mimetypes and extensions.

Return Value

array

in Mimetypes at line 65
array listVideoMimetypes()

Return a list of permitted video mimetypes and extensions.

Return Value

array

in Mimetypes at line 85
array listMimetypes()

Returns an array of mimetypes that are permitted for upload to the media directory.

NOTE: Adding HTML or any other scripting language or executable to this list would be a BAD IDEA, as such files can include PHP code, although uploaded files have execution permissions removed and are stored outside of the web root in order to prevent direct access by browser.

Return Value

array Array of permitted mimetypes and extensions.

in TraversalCheck at line 46
bool hasTraversalorNullByte(string $path)

Check if a file path contains traversals (including encoded traversals) or null bytes.

Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.

In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.

Parameters

string $path

Return Value

bool True if a traversal or null byte is found, otherwise false.

See also

in ValidateString at line 41
string encodeEscapeUrl(string $url)

URL-encode and escape a query string for use in a URL.

Trims, checks for UTF-8 compliance, rawurlencodes and then escapes with htmlspecialchars(). If you wish to use the data on a landing page you must decode it with htmlspecialchars_decode() followed by rawurldecode() in that order. But really, if you are using any characters that need to be encoded in the first place you should probably just stop.

Parameters

string $url Unescaped input URL.

Return Value

string Encoded and escaped URL.

in ValidateString at line 59
bool isAlnum(string $alnum)

Check that a string is comprised solely of alphanumeric characters.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Parameters

string $alnum Input to be tested.

Return Value

bool True if valid alphanumerical string, false otherwise.

in ValidateString at line 77
bool isAlnumUnderscore(string $alnumUnderscore)

Check that a string is comprised solely of alphanumeric characters and underscores.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Parameters

string $alnumUnderscore Input to be tested.

Return Value

bool True if valid alphanumerical or underscore string, false otherwise.

in ValidateString at line 95
bool isAlpha(string $alpha)

Check that a string is comprised solely of alphabetical characters.

Tolerates vanilla ASCII only. Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Parameters

string $alpha Input to be tested.

Return Value

bool True if valid alphabetical string, false otherwise.

in ValidateString at line 113
bool isUtf8(string $text)

Check if the character encoding of text is UTF-8.

All strings received from external sources must be passed through this function, particularly prior to storage in the database.

Parameters

string $text Input string to check.

Return Value

bool True if string is UTF-8 encoded otherwise false.

in ValidateString at line 131
string trimString(mixed $text)

Cast to string, check UTF-8 encoding and strip trailing whitespace and control characters.

Removes trailing whitespace and control characters (ASCII <= 32 / UTF-8 points 0-32 inclusive), checks for UTF-8 character set and casts input to a string. Note that the data returned by this function still requires escaping at the point of use; it is not database or XSS safe.

As the input is cast to a string do NOT apply this function to non-string types (int, float, bool, object, resource, null, array, etc).

Parameters

mixed $text Input to be trimmed.

Return Value

string Trimmed and UTF-8 validated string.

at line 65
__construct(Database $database, CriteriaFactory $criteriaFactory, Preference $preference, FileHandler $fileHandler, Cache $cache)

Constructor.

Parameters

Database $database
CriteriaFactory $criteriaFactory
Preference $preference
FileHandler $fileHandler
Cache $cache

at line 89
array edit(int $id)

Edit content object.

Parameters

int $id ID of content object.

Return Value

array Content object data as associative array.

at line 107
bool insert()

Insert a content object into the database.

Return Value

bool True on success, false on failure.

at line 143
bool update()

Update a content object in the database.

Return Value

bool on success, false on failure.

at line 243
array collections()

Get all colllection-type content objects.

Return Value

array Array of collections.

at line 268
string dateFormat()

Returns the date template as per the date() function of PHP.

Return Value

string

at line 278
string defaultLanguage()

Returns the default language preference.

Return Value

string Default language as two-letter ISO code.

at line 322
Preference preference()

Return an instance of the Tuskfish site preferences.

Return Value

Preference

at line 332
string siteAuthor()

Returns the site author preference.

Return Value

string

at line 342
array tagSelectOptions()

Returns a list of options for the tag select box.

Return Value

array Array of tag IDs and titles as key-value pairs.

at line 408
array validateForm(array $form)

Validate submitted form data for content object.

Parameters

array $form Submitted form data.

Return Value

array Validated form data.