hSanitize.php

Name: hSanitize.php – Osclass Sanitization Helper Documentation | Helper Functions | Osclass Documentation
Brand: Osclass
Availability: InStock
Rating: 3 (1 reviews)

The hSanitize.php helper in Osclass offers a collection of functions to ensure that user input is clean and that output is safely escaped, preventing security issues such as XSS. These functions help normalize URLs, names, usernames, integers, and phone numbers, and also provide mechanisms to escape HTML and JavaScript strings.

Functions Description

osc_sanitize_url($value) – Sanitizes a website URL by removing potentially harmful characters.

osc_sanitize_name($value) – Sanitizes capitalization for a string by capitalizing the first letter of each word. If the string is in all-caps, it converts it to a more natural case.

osc_sanitize_allcaps($value) – Sanitizes a string that is entirely in uppercase, converting it to a more readable format.

osc_sanitize_int($value) – Sanitizes a number by removing any non-numeric characters (excluding periods).

osc_sanitize_phone($value) – Formats a phone number. It supports 10-digit numbers with extensions and defaults to an international format if the value does not match a standard US number.

osc_esc_html($str = '') – Escapes HTML special characters to prevent cross-site scripting (XSS) attacks.

osc_esc_js($str) – Escapes special characters (such as single quotes, double quotes, <, >, &, and line endings) for safe use in JavaScript.

Advanced Information

osc_sanitize_url($value)

Parameters:
- $value (string): The URL to sanitize. Returns an empty string if the value is empty or null.
Returns: A sanitized URL string using PHP's FILTER_SANITIZE_URL filter.
Details: This function uses the PHP filter mechanism to strip out unwanted characters from the URL.

osc_sanitize_string($value)

Parameters:
- $value (string): The string to sanitize.
Returns: A sanitized string as processed by the internal function osc_sanitizeString().
Details: This is a wrapper function that passes the input to osc_sanitizeString() (implementation not shown).

osc_sanitize_name($value)

Parameters:
- $value (string): The name string to sanitize. Returns an empty string if the value is empty or null.
Returns: A string with proper capitalization—each word’s first letter is capitalized.
Details:
- Trims the input, converts any all-caps text to a more natural case using osc_sanitize_allcaps(), and then applies ucwords() to capitalize each word.

osc_sanitize_allcaps($value)

Parameters:
- $value (string): The string to evaluate. Returns an empty string if the value is empty or null.
Returns: The adjusted string where, if the input is entirely in uppercase (and contains no lowercase letters), it is converted to lowercase with the first letter capitalized.
Details: Uses regular expressions to detect an all-caps pattern and then applies strtolower() and ucfirst() accordingly.

osc_sanitize_username($value)

Parameters:
- $value (string): The username to sanitize. Returns an empty string if the value is empty or null.
Returns: A sanitized username string where spaces are replaced with dashes, unwanted characters are removed, and multiple dashes are collapsed.
Details: This function replaces spaces with dashes, strips out any characters that are not alphanumeric or underscores, replaces underscores with dashes, and then collapses consecutive dashes into a single dash.

osc_sanitize_int($value)

Parameters:
- $value (string): The value to sanitize as an integer.
Returns: An integer value if the input contains non-digit characters; otherwise, returns the original value.
Details: Uses a regular expression to check if the value contains only digits. If not, it casts the value to an integer.

osc_sanitize_phone($value)

Parameters:
- $value (string): The phone number string to format. Returns an empty string if the value is empty or null.
Returns: A formatted phone number string.
Details:
- Removes non-alphanumeric characters and converts the string to lowercase.
- If the number is 11 digits and starts with '1', the leading digit is removed.
- Attempts to detect and format phone extensions, replacing various extension markers with "ext".
- Formats 7-digit numbers as XXX-XXXX and 10-digit numbers as XXX-XXX-XXXX.

osc_esc_html($str = "")

Parameters:
- $str (string, default: ""): The HTML string to escape.
Returns: An HTML-escaped string, with special characters converted to HTML entities.
Details:
- Temporarily replaces existing HTML entities with markers to avoid double-escaping.
- Uses htmlspecialchars() for escaping, then restores the original entities.

osc_esc_js($str = "")

Parameters:
- $str (string, default: ""): The string to escape for use in JavaScript.
Returns: A string with special characters escaped, making it safe for inclusion in JavaScript code.
Details:
- Strips HTML tags (preserving specific line break markers), removes carriage returns, and applies addslashes().
- Replaces newline characters and HTML break tags with \n to ensure the string is JavaScript-safe.

hPremium.php hSearch.php

Getting Started (5)

Config & Troubleshoot (16)

Administration (41)

Settings (11)

Tools (10)

Features (7)

Developer Guide (36)

Helper Functions (22)

hCategories.php

hCurrency.php

hDatabaseInfo.php

hDefines.php

hErrors.php

hItems.php

hLocale.php

hLocation.php

hMessages.php

hPage.php

hPagination.php

hPlugins.php

hPreference.php

hPremium.php

hSanitize.php

hSearch.php

hSecurity.php

hTheme.php

hTranslations.php

hUsers.php

hUtils.php

hValidate.php

Release Notes (13)

hSanitize.php

Functions Description

Advanced Information

osc_sanitize_url($value)

osc_sanitize_string($value)

osc_sanitize_name($value)

osc_sanitize_allcaps($value)

osc_sanitize_username($value)

osc_sanitize_int($value)

osc_sanitize_phone($value)

osc_esc_html($str = "")

osc_esc_js($str = "")