InputFilter
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@rootcube.com Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
since |
1.0 |
---|
Methods
__construct
Constructor for InputFilter class.
__construct(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS, integer $attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES, integer $xssAuto = 1)
since |
1.0 |
---|
Arguments
- $tagsArray
array
List of permitted HTML tags- $attrArray
array
List of permitted HTML tag attributes- $tagsMethod
integer
Method for filtering tags, should be one of theONLY_*_DEFINED_TAGS
constants- $attrMethod
integer
Method for filtering attributes, should be one of theONLY_*_DEFINED_ATTRIBUTES
constants- $xssAuto
integer
Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1
checkAttribute
Function to determine if contents of an attribute are safe
checkAttribute(array $attrSubSet) : boolean
since |
1.0 |
---|
Arguments
- $attrSubSet
array
A 2 element array for attribute's name, value
Response
boolean
True if bad code is detected
clean
Cleans the given input source based on the instance configuration and specified data type
clean(string|array<mixed,string>|object $source, string $type = 'string') : mixed
since |
1.0 |
---|
Arguments
- $source
string|array<mixed,string>|object
Input string/array-of-string/object to be 'cleaned'- $type
string
The return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Response
mixed
'Cleaned' version of the $source
parameter
cleanAlnum
Alphanumerical filter
cleanAlnum(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanAttributes
Internal method to strip a tag of disallowed attributes
cleanAttributes(array $attrSet) : array
since |
1.0 |
---|
Arguments
- $attrSet
array
Array of attribute pairs to filter
Response
array
Filtered array of attribute pairs
cleanBase64
Base64 filter
cleanBase64(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanBool
Boolean filter
cleanBool(string $source) : boolean
Arguments
- $source
string
The string to be filtered
Response
boolean
The filtered value
cleanBoolean
Alias for cleanBool()
cleanBoolean(string $source) : boolean
Arguments
- $source
string
The string to be filtered
Response
boolean
The filtered value
cleanCmd
Command filter
cleanCmd(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanDouble
Alias for cleanFloat()
cleanDouble(string $source) : float
Arguments
- $source
string
The string to be filtered
Response
float
The filtered value
cleanFloat
Float filter
cleanFloat(string $source) : float
Arguments
- $source
string
The string to be filtered
Response
float
The filtered value
cleanHtml
HTML filter
cleanHtml(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanInt
Integer filter
cleanInt(string $source) : integer
Arguments
- $source
string
The string to be filtered
Response
integer
The filtered value
cleanInteger
Alias for cleanInt()
cleanInteger(string $source) : integer
Arguments
- $source
string
The string to be filtered
Response
integer
The filtered value
cleanPath
Path filter
cleanPath(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanString
String filter
cleanString(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanTags
Internal method to strip a string of disallowed tags
cleanTags(string $source) : string
since |
1.0 |
---|
Arguments
- $source
string
Input string to be 'cleaned'
Response
string
'Cleaned' version of input parameter
cleanTrim
Trim filter
cleanTrim(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanUint
Unsigned integer filter
cleanUint(string $source) : integer
Arguments
- $source
string
The string to be filtered
Response
integer
The filtered value
cleanUsername
Username filter
cleanUsername(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
cleanWord
Word filter
cleanWord(string $source) : string
Arguments
- $source
string
The string to be filtered
Response
string
The filtered string
decode
Try to convert to plaintext
decode(string $source) : string
since |
1.0 |
---|---|
deprecated |
This method will be removed once support for PHP 5.3 is discontinued. |
Arguments
- $source
string
The source string.
Response
string
Plaintext string
escapeAttributeValues
Escape < > and " inside attribute values
escapeAttributeValues(string $source) : string
since |
1.0 |
---|
Arguments
- $source
string
The source string.
Response
string
Filtered string
remove
Internal method to iteratively remove all unwanted tags and attributes
remove(string $source) : string
since |
1.0 |
---|
Arguments
- $source
string
Input string to be 'cleaned'
Response
string
'Cleaned' version of input parameter
stripCssExpressions
Remove CSS Expressions in the form of
stripCssExpressions(string $source) : string
..)
since |
1.0 |
---|
Arguments
- $source
string
The source string.
Response
string
Filtered string
Constants
TAGS_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising tags.
Value | 0 |
---|---|
since |
1.3.0 |
deprecated |
2.0 Use the |
Type(s)
integer
TAGS_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising tags.
Value | 1 |
---|---|
since |
1.3.0 |
deprecated |
2.0 Use the |
Type(s)
integer
ATTR_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising attributes.
Value | 0 |
---|---|
since |
1.3.0 |
deprecated |
2.0 Use the |
Type(s)
integer
ATTR_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising attributes.
Value | 1 |
---|---|
since |
1.3.0 |
deprecated |
2.0 Use the |
Type(s)
integer
ONLY_ALLOW_DEFINED_TAGS
Defines the InputFilter instance should only allow the supplied list of HTML tags.
Value | 0 |
---|---|
since |
1.4.0 |
Type(s)
integer
ONLY_BLOCK_DEFINED_TAGS
Defines the InputFilter instance should block the defined list of HTML tags and allow all others.
Value | 1 |
---|---|
since |
1.4.0 |
Type(s)
integer
ONLY_ALLOW_DEFINED_ATTRIBUTES
Defines the InputFilter instance should only allow the supplied list of attributes.
Value | 0 |
---|---|
since |
1.4.0 |
Type(s)
integer
ONLY_BLOCK_DEFINED_ATTRIBUTES
Defines the InputFilter instance should block the defined list of attributes and allow all others.
Value | 1 |
---|---|
since |
1.4.0 |
Type(s)
integer
Properties
instances
A container for InputFilter instances.
tagsArray
The array of permitted tags.
since |
1.0 |
---|
Type(s)
array
attrArray
The array of permitted tag attributes.
since |
1.0 |
---|
Type(s)
array
tagsMethod
The method for sanitising tags
since |
1.0 |
---|
Type(s)
integer
attrMethod
The method for sanitising attributes
since |
1.0 |
---|
Type(s)
integer
xssAuto
A flag for XSS checks. Only auto clean essentials = 0, Allow clean blocked tags/attr = 1
since |
1.0 |
---|
Type(s)
integer
tagBlacklist
The list the blocked tags for the instance.
since |
1.0 |
---|---|
note |
This property will be renamed to $blockedTags in version 2.0 |
Type(s)
array<mixed,string>
attrBlacklist
The list of blocked tag attributes for the instance.
since |
1.0 |
---|---|
note |
This property will be renamed to $blockedAttributes in version 2.0 |
Type(s)
array<mixed,string>
blockedChars
A special list of blocked characters.
since |
1.3.3 |
---|
Type(s)
array<mixed,string>