sanitizeObject

This is a quick function which returns a key=>value array of designated object fields while removing those to be kept from the presentation.

Authored on

Tags
proof of concept
security
Framework
xPDO

PHP Source Code

<?php
	function sanitizeObject($object, $keepFields = array()) {
		$out = array();
		if ($keepFields) {
		    $c=0;
		       	foreach ($keepFields as $field) {
					if ($obj instanceof xPDOObject){
						$out[$c++][$field] = $object->get($field);
                    }
				}
		}
		return $out;
	}

Implementation

sanitizedObject($obj, array('skuId', 'minAmount', 'maxAmount'))

Alternative PHP Source Code

<?php
	function sanitize() {
	$obj = clone $this;
	unset ($obj-password, $obj->cachepwd, $obj->salt);
	return $obj;
	}

Alternative Implementation

$sanitizedObj = $obj->sanitize()

Comments

xPDO has an amazing ability of streamlining database to presentation translations, but in some scenarios simply providing an xPDO object to a presentation method, such as $modx->getchunk('chunkName', $object) may allow undesirable information onto the page.

I created this function to sanitize Object values before they are sent to any display mechanism. Either of the example source codes could safely be sent to the front end via $modx->getchunk('chunkName', $className->sanitizedObject($obj, array('skuId', 'minAmount', 'maxAmount'))) or $modx->getchunk('chunkName', $sanitizedObj->toArray())