JFilterInput

Extends \JObject

JFilterInput is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris dan@rootcube.com Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

package

Joomla.Platform

subpackage

Filter

since

11.1

Methods

__construct

Class constructor, overridden in descendant classes.

__construct(mixed $properties = null) 
inherited
since

11.1

Arguments

$properties

mixedEither and associative array or another object to set the initial properties of the object.

__toString

Magic method to convert the object to a string gracefully.

__toString() : string
inherited deprecated
since

11.1

deprecated

12.3 Classes should provide their own __toString() implementation.

Response

stringThe classname.

_cleanAttributes

Internal method to strip a tag of certain attributes

_cleanAttributes(array $attrSet) : array
since

11.1

Arguments

$attrSet

arrayArray of attribute pairs to filter

Response

arrayFiltered array of attribute pairs

_cleanTags

Internal method to strip a string of certain tags

_cleanTags(string $source) : string
since

11.1

Arguments

$source

stringInput string to be 'cleaned'

Response

string'Cleaned' version of input parameter

_decode

Try to convert to plaintext

_decode(string $source) : string
since

11.1

Arguments

$source

stringThe source string.

Response

stringPlaintext string

_escapeAttributeValues

Escape < > and " inside attribute values

_escapeAttributeValues(string $source) : string
since

11.1

Arguments

$source

stringThe source string.

Response

stringFiltered string

_remove

Internal method to iteratively remove all unwanted tags and attributes

_remove(string $source) : string
since

11.1

Arguments

$source

stringInput string to be 'cleaned'

Response

string'Cleaned' version of input parameter

_stripCSSExpressions

Remove CSS Expressions in the form of :expression(.

_stripCSSExpressions(string $source) : string

..)

since

11.1

Arguments

$source

stringThe source string.

Response

stringFiltered string

checkAttribute

Function to determine if contents of an attribute are safe

checkAttribute(array $attrSubSet) : boolean
static
since

11.1

Arguments

$attrSubSet

arrayA 2 element array for attribute's name, value

Response

booleanTrue if bad code is detected

clean

Method to be called by another php script. Processes for XSS and specified bad code.

clean(mixed $source, string $type = 'string') : mixed
since

11.1

Arguments

$source

mixedInput string/array-of-string to be 'cleaned'

$type

stringReturn type for the variable (INT, UINT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)

Response

mixed'Cleaned' version of input parameter

def

Sets a default value if not alreay assigned

def(string $property, mixed $default = null) : mixed
inherited
since

11.1

Arguments

$property

stringThe name of the property.

$default

mixedThe default value.

Response

mixed

get

Returns a property of the object or the default value if the property is not set.

get(string $property, mixed $default = null) : mixed
inherited
since

11.1

see \JObject::getProperties()

Arguments

$property

stringThe name of the property.

$default

mixedThe default value.

Response

mixedThe value of the property.

getError

Get the most recent error message.

getError(integer $i = null, boolean $toString = true) : string
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Arguments

$i

integerOption error index.

$toString

booleanIndicates if JError objects should return their error message.

Response

stringError message

getErrors

Return all errors, if any.

getErrors() : array
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Response

arrayArray of error messages or JErrors.

getInstance

Returns an input filter object, only creating it if it doesn't already exist.

getInstance(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod, integer $attrMethod, integer $xssAuto = 1) : \JFilterInput
static
since

11.1

Arguments

$tagsArray

arrayList of user-defined tags

$attrArray

arrayList of user-defined attributes

$tagsMethod

integerWhiteList method = 0, BlackList method = 1

$attrMethod

integerWhiteList method = 0, BlackList method = 1

$xssAuto

integerOnly auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

Response

\JFilterInputThe JFilterInput object.

getProperties

Returns an associative array of object properties.

getProperties(boolean $public = true) : array
inherited
since

11.1

see \JObject::get()

Arguments

$public

booleanIf true, returns only the public properties.

Response

array

set

Modifies a property of the object, creating it if it does not already exist.

set(string $property, mixed $value = null) : mixed
inherited
since

11.1

Arguments

$property

stringThe name of the property.

$value

mixedThe value of the property to set.

Response

mixedPrevious value of the property.

setError

Add an error message.

setError(string $error) : void
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Arguments

$error

stringError message.

setProperties

Set the object properties based on a named array/hash.

setProperties(mixed $properties) : boolean
inherited
since

11.1

see \JObject::set()

Arguments

$properties

mixedEither an associative array or another object.

Response

boolean

toString

Converts the object to a string (the class name).

toString() : string
inherited deprecated
since

11.1

deprecated

12.1 Use magic method __toString()

see \JObject::__toString()

Response

string

Properties

instances

A container for JFilterInput instances.

static
since

11.3

Type(s)

array

tagsArray

An array of permitted tags.

since

11.1

Type(s)

array

attrArray

An array of permitted tag attributes.

since

11.1

Type(s)

array

tagsMethod

Method for tags: WhiteList method = 0 (default), BlackList method = 1

since

11.1

Type(s)

integer

attrMethod

Method for attributes: WhiteList method = 0 (default), BlackList method = 1

since

11.1

Type(s)

integer

xssAuto

Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

since

11.1

Type(s)

integer

tagBlacklist

A list of the default blacklisted tags.

since

11.1

Type(s)

array

attrBlacklist

A list of the default blacklisted tag attributes. All event handlers implicit.

since

11.1

Type(s)

array

_errors

An array of error messages or Exception objects.

inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Type(s)

array