LSYii_SecurityManager

Extends \CSecurityManager

LimeSurvey Copyright (C) 2007-2018 The LimeSurvey Project Team / Carsten Schmitz All rights reserved.

License: GNU/GPL License v3 or later, see LICENSE.php LimeSurvey is free software. This version may have been modified pursuant to the GNU General Public License, and as distributed it includes or is derivative of works licensed under the GNU General Public License or other free or open source software licenses. See COPYRIGHT.php for copyright notices and details.

package

Default

Methods

Create a directory in tmp dir using a random string

createRandomTempDir(string $dir = null, string $prefix = '', integer $mode = 448) : string

Arguments

$dir

string

the temp directory (if empty will use the one from configuration)

$prefix

string

wanted prefix for the directory

$mode

integer

wanted file mode for this directory

Response

string

the path of the created directory

Get a random number between two values using openssl_random_pseudo_bytes

crypto_rand_secure(integer $min, integer $max) : string

Arguments

$min

integer

$max

integer

Response

string

Generate a random ASCII string. Generates only [0-9a-zA-z_~] characters which are all transparent in raw URL encoding.

generateRandomString(integer $length, boolean $cryptographicallyStrong = true) : string|boolean
since 1.1.14

Arguments

$length

integer

length of the generated string in characters.

$cryptographicallyStrong

boolean

set this to require cryptographically strong randomness.

Response

string|boolean

random string or false in case it cannot be generated.

Get the original size of a zip archive to prevent Zip Bombing see comment here : http://php.net/manual/en/function.zip-entry-filesize.php

get_zip_originalsize(string $filename) : integer

Arguments

$filename

string

Response

integer

Generate a random string, using openssl if available, else using md5

getRandomString(integer $length = 32) : string

Arguments

$length

integer

wanted lenght of the random string (only for openssl mode)

Response

string

Test if a given zip file is Zip Bomb see comment here : http://php.net/manual/en/function.zip-entry-filesize.php

isZipBomb(string $zip_filename) : integer

Arguments

$zip_filename

string

Response

integer