Pagination

Check if a file path contains traversals (including encoded traversals) or null bytes.

Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.

In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.

Validate URL.

Only accepts http:// and https:// protocol and ASCII characters. Other protocols and internationalised domain names will fail validation due to limitation of filter.

URL-encode and escape a query string for use in a URL.

Trims, checks for UTF-8 compliance, rawurlencodes and then escapes with htmlspecialchars(). If you wish to use the data on a landing page you must decode it with htmlspecialchars_decode() followed by rawurldecode() in that order. But really, if you are using any characters that need to be encoded in the first place you should probably just stop.

Check that a string is comprised solely of alphanumeric characters.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphanumeric characters and underscores.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphabetical characters.

Tolerates vanilla ASCII only. Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check if the character encoding of text is UTF-8.

All strings received from external sources must be passed through this function, particularly prior to storage in the database.

Cast to string, check UTF-8 encoding and strip trailing whitespace and control characters.

Removes trailing whitespace and control characters (ASCII <= 32 / UTF-8 points 0-32 inclusive), checks for UTF-8 character set and casts input to a string. Note that the data returned by this function still requires escaping at the point of use; it is not database or XSS safe.

As the input is cast to a string do NOT apply this function to non-string types (int, float, bool, object, resource, null, array, etc).

Constructor.

Creates a pagination control designed for use with the Bootstrap framework.

$query is an array of arbitrary query string parameters. Note that these need to be passed in as an array of key => value pairs, and you should build this yourself using known and whitelisted values. Do not pass through random query strings someone gave you on the internetz.

If you want to create pagination controls for other presentation-side libraries add additional methods to this class.

Set the count property, which represents the number of objects matching the page parameters.

Set extra parameters to be included in pagination control links.

$extraParams is a potential XSS attack vector; only use known and whitelisted keys.

The key => value pairs are i) rawurlencoded and ii) entity escaped. However, in order to avoid messing up the query and avoid unnecessary decoding it is possible to maintain manual control over the operators. (Basically, input requiring encoding or escaping is absolutely not wanted here, it is just being conducted to mitigate XSS attacks). If you actually want to use such input (check your sanity), you will need to decode it prior to use on the landing page.

Set the pagination limit for gallery views.

Sets the limit property, which controls the number of objects to be retrieved in a single page view.

Set the pagination limit for search views.

Set the starting position in the set of available object.

Set the ID of a tag used to filter content.

Set the base URL for pagination control links.

Set the pagination limit for user-side views (other than search or gallery).