2012-04-29 17:15:06 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-11 09:58:15 +00:00
|
|
|
* PrivateBin
|
2012-04-29 17:15:06 +00:00
|
|
|
*
|
|
|
|
* a zero-knowledge paste bin
|
|
|
|
*
|
2016-07-11 09:58:15 +00:00
|
|
|
* @link https://github.com/PrivateBin/PrivateBin
|
2012-04-29 17:15:06 +00:00
|
|
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
2016-07-19 11:56:52 +00:00
|
|
|
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
2016-12-26 11:13:50 +00:00
|
|
|
* @version 1.1
|
2012-04-29 17:15:06 +00:00
|
|
|
*/
|
2016-12-12 17:43:23 +00:00
|
|
|
|
2016-12-12 17:50:00 +00:00
|
|
|
namespace PrivateBin;
|
2016-07-21 15:09:48 +00:00
|
|
|
|
|
|
|
use Exception;
|
|
|
|
|
2012-04-29 17:15:06 +00:00
|
|
|
/**
|
2016-08-09 09:54:42 +00:00
|
|
|
* Filter
|
2012-04-29 17:15:06 +00:00
|
|
|
*
|
|
|
|
* Provides data filtering functions.
|
|
|
|
*/
|
2016-08-09 09:54:42 +00:00
|
|
|
class Filter
|
2012-04-29 17:15:06 +00:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* strips slashes deeply
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @param mixed $value
|
|
|
|
* @return mixed
|
|
|
|
*/
|
2016-08-09 09:54:42 +00:00
|
|
|
public static function stripslashesDeep($value)
|
2012-04-29 17:15:06 +00:00
|
|
|
{
|
|
|
|
return is_array($value) ?
|
2016-08-09 09:54:42 +00:00
|
|
|
array_map('self::stripslashesDeep', $value) :
|
2012-04-29 17:15:06 +00:00
|
|
|
stripslashes($value);
|
|
|
|
}
|
2012-04-30 20:58:08 +00:00
|
|
|
|
|
|
|
/**
|
2015-09-06 17:21:17 +00:00
|
|
|
* format a given time string into a human readable label (localized)
|
|
|
|
*
|
|
|
|
* accepts times in the format "[integer][time unit]"
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @param string $time
|
|
|
|
* @throws Exception
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-08-09 09:54:42 +00:00
|
|
|
public static function formatHumanReadableTime($time)
|
2015-09-06 17:21:17 +00:00
|
|
|
{
|
|
|
|
if (preg_match('/^(\d+) *(\w+)$/', $time, $matches) !== 1) {
|
|
|
|
throw new Exception("Error parsing time format '$time'", 30);
|
|
|
|
}
|
|
|
|
switch ($matches[2]) {
|
|
|
|
case 'sec':
|
|
|
|
$unit = 'second';
|
|
|
|
break;
|
|
|
|
case 'min':
|
|
|
|
$unit = 'minute';
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
$unit = rtrim($matches[2], 's');
|
|
|
|
}
|
2016-08-09 09:54:42 +00:00
|
|
|
return I18n::_(array('%d ' . $unit, '%d ' . $unit . 's'), (int) $matches[1]);
|
2015-09-06 17:21:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* format a given number of bytes in IEC 80000-13:2008 notation (localized)
|
2012-04-30 20:58:08 +00:00
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @param int $size
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-08-09 09:54:42 +00:00
|
|
|
public static function formatHumanReadableSize($size)
|
2012-04-30 20:58:08 +00:00
|
|
|
{
|
2015-09-06 17:21:17 +00:00
|
|
|
$iec = array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB');
|
2016-08-15 14:45:47 +00:00
|
|
|
$i = 0;
|
2016-07-26 06:19:35 +00:00
|
|
|
while (($size / 1024) >= 1) {
|
|
|
|
$size = $size / 1024;
|
|
|
|
$i++;
|
2012-04-30 20:58:08 +00:00
|
|
|
}
|
2016-08-09 09:54:42 +00:00
|
|
|
return number_format($size, ($i ? 2 : 0), '.', ' ') . ' ' . I18n::_($iec[$i]);
|
2012-04-30 20:58:08 +00:00
|
|
|
}
|
2014-02-06 21:52:17 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* fixed time string comparison operation to prevent timing attacks
|
|
|
|
* https://crackstation.net/hashing-security.htm?=rd#slowequals
|
|
|
|
*
|
|
|
|
* @access public
|
2015-08-16 13:55:31 +00:00
|
|
|
* @static
|
2014-02-06 21:52:17 +00:00
|
|
|
* @param string $a
|
|
|
|
* @param string $b
|
|
|
|
* @return bool
|
|
|
|
*/
|
2016-08-09 09:54:42 +00:00
|
|
|
public static function slowEquals($a, $b)
|
2014-02-06 21:52:17 +00:00
|
|
|
{
|
|
|
|
$diff = strlen($a) ^ strlen($b);
|
2016-07-26 06:19:35 +00:00
|
|
|
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
|
2014-02-06 21:52:17 +00:00
|
|
|
$diff |= ord($a[$i]) ^ ord($b[$i]);
|
|
|
|
}
|
|
|
|
return $diff === 0;
|
2016-07-26 06:19:35 +00:00
|
|
|
}
|
2012-04-29 17:15:06 +00:00
|
|
|
}
|