InputFilter
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris [email protected] Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
| since |
1.0 |
|---|
Methods
__construct
Constructor for InputFilter class.
__construct(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS, integer $attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES, integer $xssAuto = 1)
| since |
1.0 |
|---|
Arguments
- $tagsArray
arrayList of permitted HTML tags- $attrArray
arrayList of permitted HTML tag attributes- $tagsMethod
integerMethod for filtering tags, should be one of theONLY_*_DEFINED_TAGSconstants- $attrMethod
integerMethod for filtering attributes, should be one of theONLY_*_DEFINED_ATTRIBUTESconstants- $xssAuto
integerOnly auto clean essentials = 0, Allow clean blocked tags/attributes = 1
checkAttribute
Function to determine if contents of an attribute are safe
checkAttribute(array $attrSubSet) : boolean
| since |
1.0 |
|---|
Arguments
- $attrSubSet
arrayA 2 element array for attribute's name, value
Response
booleanTrue if bad code is detected
clean
Cleans the given input source based on the instance configuration and specified data type
clean(string|array<mixed,string>|object $source, string $type = 'string') : mixed
| since |
1.0 |
|---|
Arguments
- $source
string|array<mixed,string>|objectInput string/array-of-string/object to be 'cleaned'- $type
stringThe return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Response
mixed'Cleaned' version of the $source parameter
cleanAlnum
Alphanumerical filter
cleanAlnum(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanAttributes
Internal method to strip a tag of disallowed attributes
cleanAttributes(array $attrSet) : array
| since |
1.0 |
|---|
Arguments
- $attrSet
arrayArray of attribute pairs to filter
Response
arrayFiltered array of attribute pairs
cleanBase64
Base64 filter
cleanBase64(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanBool
Boolean filter
cleanBool(string $source) : boolean
Arguments
- $source
stringThe string to be filtered
Response
booleanThe filtered value
cleanBoolean
Alias for cleanBool()
cleanBoolean(string $source) : boolean
Arguments
- $source
stringThe string to be filtered
Response
booleanThe filtered value
cleanCmd
Command filter
cleanCmd(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanDouble
Alias for cleanFloat()
cleanDouble(string $source) : float
Arguments
- $source
stringThe string to be filtered
Response
floatThe filtered value
cleanFloat
Float filter
cleanFloat(string $source) : float
Arguments
- $source
stringThe string to be filtered
Response
floatThe filtered value
cleanHtml
HTML filter
cleanHtml(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanInt
Integer filter
cleanInt(string $source) : integer
Arguments
- $source
stringThe string to be filtered
Response
integerThe filtered value
cleanInteger
Alias for cleanInt()
cleanInteger(string $source) : integer
Arguments
- $source
stringThe string to be filtered
Response
integerThe filtered value
cleanPath
Path filter
cleanPath(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanString
String filter
cleanString(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanTags
Internal method to strip a string of disallowed tags
cleanTags(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
cleanTrim
Trim filter
cleanTrim(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanUint
Unsigned integer filter
cleanUint(string $source) : integer
Arguments
- $source
stringThe string to be filtered
Response
integerThe filtered value
cleanUsername
Username filter
cleanUsername(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
cleanWord
Word filter
cleanWord(string $source) : string
Arguments
- $source
stringThe string to be filtered
Response
stringThe filtered string
decode
Try to convert to plaintext
decode(string $source) : string
| since |
1.0 |
|---|---|
| deprecated |
This method will be removed once support for PHP 5.3 is discontinued. |
Arguments
- $source
stringThe source string.
Response
stringPlaintext string
escapeAttributeValues
Escape < > and " inside attribute values
escapeAttributeValues(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringThe source string.
Response
stringFiltered string
remove
Internal method to iteratively remove all unwanted tags and attributes
remove(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
stripCssExpressions
Remove CSS Expressions in the form of
stripCssExpressions(string $source) : string
..)
| since |
1.0 |
|---|
Arguments
- $source
stringThe source string.
Response
stringFiltered string
Constants
TAGS_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising tags.
| Value | 0 |
|---|---|
| since |
1.3.0 |
| deprecated |
2.0 Use the |
Type(s)
integer
TAGS_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising tags.
| Value | 1 |
|---|---|
| since |
1.3.0 |
| deprecated |
2.0 Use the |
Type(s)
integer
ATTR_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising attributes.
| Value | 0 |
|---|---|
| since |
1.3.0 |
| deprecated |
2.0 Use the |
Type(s)
integer
ATTR_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising attributes.
| Value | 1 |
|---|---|
| since |
1.3.0 |
| deprecated |
2.0 Use the |
Type(s)
integer
ONLY_ALLOW_DEFINED_TAGS
Defines the InputFilter instance should only allow the supplied list of HTML tags.
| Value | 0 |
|---|---|
| since |
1.4.0 |
Type(s)
integer
ONLY_BLOCK_DEFINED_TAGS
Defines the InputFilter instance should block the defined list of HTML tags and allow all others.
| Value | 1 |
|---|---|
| since |
1.4.0 |
Type(s)
integer
ONLY_ALLOW_DEFINED_ATTRIBUTES
Defines the InputFilter instance should only allow the supplied list of attributes.
| Value | 0 |
|---|---|
| since |
1.4.0 |
Type(s)
integer
ONLY_BLOCK_DEFINED_ATTRIBUTES
Defines the InputFilter instance should block the defined list of attributes and allow all others.
| Value | 1 |
|---|---|
| since |
1.4.0 |
Type(s)
integer
Properties
instances
A container for InputFilter instances.
tagsArray
The array of permitted tags.
| since |
1.0 |
|---|
Type(s)
array
attrArray
The array of permitted tag attributes.
| since |
1.0 |
|---|
Type(s)
array
tagsMethod
The method for sanitising tags
| since |
1.0 |
|---|
Type(s)
integer
attrMethod
The method for sanitising attributes
| since |
1.0 |
|---|
Type(s)
integer
xssAuto
A flag for XSS checks. Only auto clean essentials = 0, Allow clean blocked tags/attr = 1
| since |
1.0 |
|---|
Type(s)
integer
tagBlacklist
The list the blocked tags for the instance.
| since |
1.0 |
|---|---|
| note |
This property will be renamed to $blockedTags in version 2.0 |
Type(s)
array<mixed,string>
attrBlacklist
The list of blocked tag attributes for the instance.
| since |
1.0 |
|---|---|
| note |
This property will be renamed to $blockedAttributes in version 2.0 |
Type(s)
array<mixed,string>
blockedChars
A special list of blocked characters.
| since |
1.3.3 |
|---|
Type(s)
array<mixed,string>