Joomla! API

Download
Launch

InputFilter

InputFilter is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris dan@rootcube.com Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

since

1.0

Methods

__construct

Constructor for InputFilter class.

__construct(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS, integer $attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES, integer $xssAuto = 1)
since

1.0

Arguments

$tagsArray

arrayList of permitted HTML tags

$attrArray

arrayList of permitted HTML tag attributes

$tagsMethod

integerMethod for filtering tags, should be one of the ONLY_*_DEFINED_TAGS constants

$attrMethod

integerMethod for filtering attributes, should be one of the ONLY_*_DEFINED_ATTRIBUTES constants

$xssAuto

integerOnly auto clean essentials = 0, Allow clean blocked tags/attributes = 1

checkAttribute

Function to determine if contents of an attribute are safe

checkAttribute(array $attrSubSet) : boolean
static
since

1.0

Arguments

$attrSubSet

arrayA 2 element array for attribute's name, value

Response

booleanTrue if bad code is detected

clean

Cleans the given input source based on the instance configuration and specified data type

clean(string|array<mixed,string>|object $source, string $type = 'string') : mixed
since

1.0

Arguments

$source

string|array<mixed,string>|objectInput string/array-of-string/object to be 'cleaned'

$type

stringThe return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.

Response

mixed'Cleaned' version of the $source parameter

cleanAlnum

Alphanumerical filter

cleanAlnum(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanAttributes

Internal method to strip a tag of disallowed attributes

cleanAttributes(array $attrSet) : array
since

1.0

Arguments

$attrSet

arrayArray of attribute pairs to filter

Response

arrayFiltered array of attribute pairs

cleanBase64

Base64 filter

cleanBase64(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanBool

Boolean filter

cleanBool(string $source) : boolean

Arguments

$source

stringThe string to be filtered

Response

booleanThe filtered value

cleanBoolean

Alias for cleanBool()

cleanBoolean(string $source) : boolean

Arguments

$source

stringThe string to be filtered

Response

booleanThe filtered value

cleanCmd

Command filter

cleanCmd(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanDouble

Alias for cleanFloat()

cleanDouble(string $source) : float

Arguments

$source

stringThe string to be filtered

Response

floatThe filtered value

cleanFloat

Float filter

cleanFloat(string $source) : float

Arguments

$source

stringThe string to be filtered

Response

floatThe filtered value

cleanHtml

HTML filter

cleanHtml(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanInt

Integer filter

cleanInt(string $source) : integer

Arguments

$source

stringThe string to be filtered

Response

integerThe filtered value

cleanInteger

Alias for cleanInt()

cleanInteger(string $source) : integer

Arguments

$source

stringThe string to be filtered

Response

integerThe filtered value

cleanPath

Path filter

cleanPath(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanString

String filter

cleanString(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanTags

Internal method to strip a string of disallowed tags

cleanTags(string $source) : string
since

1.0

Arguments

$source

stringInput string to be 'cleaned'

Response

string'Cleaned' version of input parameter

cleanTrim

Trim filter

cleanTrim(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanUint

Unsigned integer filter

cleanUint(string $source) : integer

Arguments

$source

stringThe string to be filtered

Response

integerThe filtered value

cleanUsername

Username filter

cleanUsername(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

cleanWord

Word filter

cleanWord(string $source) : string

Arguments

$source

stringThe string to be filtered

Response

stringThe filtered string

decode

Try to convert to plaintext

decode(string $source) : string
deprecated
since

1.0
deprecated

This method will be removed once support for PHP 5.3 is discontinued.

Arguments

$source

stringThe source string.

Response

stringPlaintext string

escapeAttributeValues

Escape < > and " inside attribute values

escapeAttributeValues(string $source) : string
since

1.0

Arguments

$source

stringThe source string.

Response

stringFiltered string

remove

Internal method to iteratively remove all unwanted tags and attributes

remove(string $source) : string
since

1.0

Arguments

$source

stringInput string to be 'cleaned'

Response

string'Cleaned' version of input parameter

stripCssExpressions

Remove CSS Expressions in the form of :expression(.

stripCssExpressions(string $source) : string

..)

since

1.0

Arguments

$source

stringThe source string.

Response

stringFiltered string

Constants

TAGS_WHITELIST

Defines the InputFilter instance should use a whitelist method for sanitising tags.

deprecated
Value 0
since

1.3.0
deprecated

2.0 Use the InputFilter::ONLY_ALLOW_DEFINED_TAGS constant instead

Type(s)

integer

TAGS_BLACKLIST

Defines the InputFilter instance should use a blacklist method for sanitising tags.

deprecated
Value 1
since

1.3.0
deprecated

2.0 Use the InputFilter::ONLY_BLOCK_DEFINED_TAGS constant instead

Type(s)

integer

ATTR_WHITELIST

Defines the InputFilter instance should use a whitelist method for sanitising attributes.

deprecated
Value 0
since

1.3.0
deprecated

2.0 Use the InputFilter::ONLY_ALLOW_DEFINED_ATTRIBUTES constant instead

Type(s)

integer

ATTR_BLACKLIST

Defines the InputFilter instance should use a blacklist method for sanitising attributes.

deprecated
Value 1
since

1.3.0
deprecated

2.0 Use the InputFilter::ONLY_BLOCK_DEFINED_ATTRIBUTES constant instead

Type(s)

integer

ONLY_ALLOW_DEFINED_TAGS

Defines the InputFilter instance should only allow the supplied list of HTML tags.

Value 0
since

1.4.0

Type(s)

integer

ONLY_BLOCK_DEFINED_TAGS

Defines the InputFilter instance should block the defined list of HTML tags and allow all others.

Value 1
since

1.4.0

Type(s)

integer

ONLY_ALLOW_DEFINED_ATTRIBUTES

Defines the InputFilter instance should only allow the supplied list of attributes.

Value 0
since

1.4.0

Type(s)

integer

ONLY_BLOCK_DEFINED_ATTRIBUTES

Defines the InputFilter instance should block the defined list of attributes and allow all others.

Value 1
since

1.4.0

Type(s)

integer

Properties

instances

A container for InputFilter instances.

static deprecated
since

1.0
deprecated

2.0

Type(s)

array<mixed,\Joomla\Filter\InputFilter>

tagsArray

The array of permitted tags.

since

1.0

Type(s)

array

attrArray

The array of permitted tag attributes.

since

1.0

Type(s)

array

tagsMethod

The method for sanitising tags

since

1.0

Type(s)

integer

attrMethod

The method for sanitising attributes

since

1.0

Type(s)

integer

xssAuto

A flag for XSS checks. Only auto clean essentials = 0, Allow clean blocked tags/attr = 1

since

1.0

Type(s)

integer

tagBlacklist

The list the blocked tags for the instance.

since

1.0
note

This property will be renamed to $blockedTags in version 2.0

Type(s)

array<mixed,string>

attrBlacklist

The list of blocked tag attributes for the instance.

since

1.0
note

This property will be renamed to $blockedAttributes in version 2.0

Type(s)

array<mixed,string>

blockedChars

A special list of blocked characters.

since

1.3.3

Type(s)

array<mixed,string>
  • \ Joomla
  • \ Filter
  • \ InputFilter