WebsiteBaker Documentation

User Tools

Site Tools

You are here: start » en » dev » 284 » security
en:dev:284:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:dev:284:security [24.03.2016 21:05] – [::getIDKEY] translated mrbasemanen:dev:284:security [24.03.2016 21:41] (current) – finished translation and removed fixme mrbaseman
Line 1: Line 1:
-FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// 
- 
 ====== System Security ====== ====== System Security ======
 (A whole package of individual elements. From password encryption to measurements to protect against cross-site scripting.) (A whole package of individual elements. From password encryption to measurements to protect against cross-site scripting.)
Line 65: Line 63:
 === ::checkIDKEY === === ::checkIDKEY ===
 **Prototype:** <php>mixed checkIDKEY(string $sFieldname, mixed $mDefault = 0, string $sRequest = 'POST'. bool $bPreserve = false)</php>\\ **Prototype:** <php>mixed checkIDKEY(string $sFieldname, mixed $mDefault = 0, string $sRequest = 'POST'. bool $bPreserve = false)</php>\\
-  * **//$sRequest//** Enthält dieses Argument den Wert '**//POST//** oder **//GET//**, so wird der Inhalt von **//$sFieldname//** als Bezeichner eines POST oder GET Elementesdessen Wert entschlüsselt werden soll, genutztEnthält es dagegen '**//RAW//**' so ist der Inhalt von **//$sFieldname//** selbst der zu decodierende Schlüsselwert+  * **//$sRequest//** If this argument contains the value '**//POST//** or **//GET//**, the content of  **//$sFieldname//** is used as an identifier of a POST or GET elementwhose value is to be decryptedIf it however contains '**//RAW//**' the content of **//$sFieldname//** directly contains the value to be decoded
-  * **//$mDefault//** ist der Wert, der zurückgegeben wird, falls der Schlüsselwert ungültig ist.+  * **//$mDefault//** is the value that is returned if the key value is invalid.
  
 === ::sanitizeLifeTime === === ::sanitizeLifeTime ===
 **Prototype:** <php>integer sanitizeLifeTime(integer $iLifeTime)</php>\\ **Prototype:** <php>integer sanitizeLifeTime(integer $iLifeTime)</php>\\
-Ein übergebener Integer-Wert wird auf eine verfügbare Intervallstufe zwischen LIFETIME_MIN und LIFETIME_MAX korrigiertEin negativer Wert bei aktiviertem DEBUG-Modus auf DEBUG_LIFETIME, ansonsten auf LIFETIME_MIN. Ein ungültiger Wert grundsätzlich auf LIFETIME_MIN. Der berechnete Wert wird zurückgegeben.+The supplied integer value is corrected to an available interval between LIFETIME_MIN and LIFETIME_MAX. A negative value when activated DEBUG mode is mapped on DEBUG_LIFETIME, otherwise on LIFETIME_MIN. An invalid value is mapped on LIFETIME_MIN. The calculated value is returned. 
 === ::getTokenLifeTime === === ::getTokenLifeTime ===
 **Prototype:** <php>array getTokenLifeTime(void)</php>\\ **Prototype:** <php>array getTokenLifeTime(void)</php>\\
-Gibt ein Array mit folgenden Schlüsseln zurück+Returns an array with the following keys
-^Schlüssel Beschreibung +^Key   Description                          
-| min  | minimale Lebensdauer in Sekunden     +| min  | minimum lifetime in seconds          
-| max  | maximale Lebensdauer in Sekunden     +| max  | maximum lifetime in seconds          
-| step | Schrittweite in Sekunden             +| step | Increment in seconds                 
-| value| Eingestellte Laufzeit in Sekunden    +| value| Set duration in seconds              
-Wozu werden diese Werte benötigtAn das Template übergebenlässt sich z.B. eine Fortschrittsanzeige realisieren, die optisch die Zeit bis zum Timeout anzeigt.+What are these values needed forTransfered to the templateone can for instance implement a progress bar that visually displays the time until timeout.
  
 ---- ----
-==== Anwendungsbeispiele ==== +==== Examples ==== 
-:!: **Achtung:** Requests müssen eindeutig seinDer 'action' Parameter eines **//form//** Tags darf keine zusätzlichen URL-Argumente ( //*.php?x=1//enthaltenEventuell notwendige Zusatzargumente müssen mit //<input type="hidden" …>// übergeben werden.+:!: **Warning** Requests must be uniqueThe 'action' parameter of a **//form//** tag must not contain any additional URL arguments ( //*.php?x=1// ). Any necessary additional arguments must be passed with //<input type="hidden" …>//.
  
-=== Formular ===+=== Form ===
 <PHP> <PHP>
 $sOutput = '<form method="post" action="index.php">' $sOutput = '<form method="post" action="index.php">'
Line 92: Line 91:
 echo $sOutput;     echo $sOutput;    
  
-// Auswertung+// Evaluation
  
-if ($oReg->App->checkFTAN('POST')) { /* alles OK */ }+if ($oReg->App->checkFTAN('POST')) { /* everythig OK */ }
  
 $iRecordId = $oReg->App->checkIDKEY('record_id', 0, 'POST'); $iRecordId = $oReg->App->checkIDKEY('record_id', 0, 'POST');
Line 104: Line 103:
 echo $sOutput;     echo $sOutput;    
  
-// Auswertung+// Evaluation
  
-if ($oReg->App->checkFTAN('GET')) { /* alles OK */ }+if ($oReg->App->checkFTAN('GET')) { /* everything OK */ }
  
 $iRecordId = $oReg->App->checkIDKEY('record_id', 0, 'GET'); $iRecordId = $oReg->App->checkIDKEY('record_id', 0, 'GET');
Line 121: Line 120:
 twig-template twig-template
  
-// Beispiel 1+// Example 1
  <form method="post" action="{{ TargetUrl }}">  <form method="post" action="{{ TargetUrl }}">
    <input type="hidden" name="{{ FTAN.name }}" value="{{ FTAN.value }}">    <input type="hidden" name="{{ FTAN.name }}" value="{{ FTAN.value }}">
Line 128: Line 127:
  </form>  </form>
  
-// Beispiel +// Example 
- <a href="{{ TargetUrl }}?{{ FTAN.name }}={{ FTAN.value }}&record_id={{ RecordId }}" title="xx">Tu was</a>+ <a href="{{ TargetUrl }}?{{ FTAN.name }}={{ FTAN.value }}&record_id={{ RecordId }}" title="xx">Do something</a>
 </PHP> </PHP>
 <PHP> <PHP>
 save-script save-script
  
-// Beispiel 1+// Example 1
 if ($oReg->App->checkFTAN()) { if ($oReg->App->checkFTAN()) {
     $record_id = $oReg->App->checkIDKEY('record_id');     $record_id = $oReg->App->checkIDKEY('record_id');
     [...]     [...]
 }    }   
-// Beispiel 2+// Example 2
 if ($oReg->App->checkFTAN('GET')) { if ($oReg->App->checkFTAN('GET')) {
     $record_id = $oReg->App->checkIDKEY('record_id', 0, 'GET');     $record_id = $oReg->App->checkIDKEY('record_id', 0, 'GET');
en/dev/284/security.1458853500.txt.gz · Last modified: 24.03.2016 21:05 by mrbaseman

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed