Created
December 2, 2016 09:56
-
-
Save elmarputz/1fd25150679c8affd034cd4c1bc01686 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class Util extends BaseObject { | |
/** | |
* bereinigt den output | |
* | |
* @param string $string der string | |
* @return string | |
*/ | |
public static function escape($string) { | |
return nl2br(htmlentities($string)); | |
} | |
/** | |
* redirect mit optionaler url - HINWEIS - redirection attack möglich! | |
* | |
* @param string $string uri optional | |
* @return null | |
*/ | |
public static function redirect($page = null) { | |
if ($page == null) { | |
$page = isset($_REQUEST['page']) ? | |
$_REQUEST['page'] : | |
$_SERVER['REQUEST_URI']; | |
} | |
header("Location: $page"); | |
} | |
/** | |
* GET parameter "page" adds current page to action so that a redirect | |
* back to this page is possible after successful execution of POST action | |
* if "page" has been set before then just keep the current value (to avoid | |
* problem with "growing URLs" when a POST form is rendered "a second time" | |
* e.g. during a forward after an unsuccessful POS action) | |
* | |
* Be sure to check for invalid / insecure page redirects!! | |
* | |
* @param string $action uri optional | |
* @param array $params array key/value pairs | |
* @return null | |
*/ | |
public static function action($action, $params = null) { | |
$page = isset($_REQUEST['page']) ? | |
$_REQUEST['page'] : | |
$_SERVER['REQUEST_URI']; | |
$res = 'index.php?action=' . rawurlencode($action) . '&page=' . rawurlencode($page); | |
if (is_array($params)) { | |
foreach ($params as $name => $value) { | |
$res .= '&' . rawurlencode($name) . '=' . rawurlencode($value); | |
} | |
} | |
return $res; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment