InputFilter
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@rootcube.com Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
| since |
1.0 |
|---|
Methods
__construct
Constructor for InputFilter class.
__construct(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = self::TAGS_WHITELIST, integer $attrMethod = self::ATTR_WHITELIST, integer $xssAuto = 1)
| since |
1.0 |
|---|
Arguments
- $tagsArray
arrayList of user-defined tags- $attrArray
arrayList of user-defined attributes- $tagsMethod
integerWhiteList method = 0, BlackList method = 1- $attrMethod
integerWhiteList method = 0, BlackList method = 1- $xssAuto
integerOnly auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
checkAttribute
Function to determine if contents of an attribute are safe
checkAttribute(array $attrSubSet) : boolean
| since |
1.0 |
|---|
Arguments
- $attrSubSet
arrayA 2 element array for attribute's name, value
Response
booleanTrue if bad code is detected
clean
Method to be called by another php script. Processes for XSS and specified bad code.
clean(mixed $source, string $type = 'string') : mixed
| since |
1.0 |
|---|
Arguments
- $source
mixedInput string/array-of-string to be 'cleaned'- $type
stringThe return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Response
mixed'Cleaned' version of input parameter
cleanAttributes
Internal method to strip a tag of certain attributes
cleanAttributes(array $attrSet) : array
| since |
1.0 |
|---|
Arguments
- $attrSet
arrayArray of attribute pairs to filter
Response
arrayFiltered array of attribute pairs
cleanTags
Internal method to strip a string of certain tags
cleanTags(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
decode
Try to convert to plaintext
decode(string $source) : string
| since |
1.0 |
|---|---|
| deprecated |
This method will be removed once support for PHP 5.3 is discontinued. |
Arguments
- $source
stringThe source string.
Response
stringPlaintext string
escapeAttributeValues
Escape < > and " inside attribute values
escapeAttributeValues(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringThe source string.
Response
stringFiltered string
remove
Internal method to iteratively remove all unwanted tags and attributes
remove(string $source) : string
| since |
1.0 |
|---|
Arguments
- $source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
stripCssExpressions
Remove CSS Expressions in the form of
stripCssExpressions(string $source) : string
..)
| since |
1.0 |
|---|
Arguments
- $source
stringThe source string.
Response
stringFiltered string
Constants
TAGS_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising tags.
| Value | 0 |
|---|---|
| since |
1.3.0 |
Type(s)
integer
TAGS_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising tags.
| Value | 1 |
|---|---|
| since |
1.3.0 |
Type(s)
integer
ATTR_WHITELIST
Defines the InputFilter instance should use a whitelist method for sanitising attributes.
| Value | 0 |
|---|---|
| since |
1.3.0 |
Type(s)
integer
ATTR_BLACKLIST
Defines the InputFilter instance should use a blacklist method for sanitising attributes.
| Value | 1 |
|---|---|
| since |
1.3.0 |
Type(s)
integer
Properties
instances
A container for InputFilter instances.
tagsArray
The array of permitted tags (whitelist).
| since |
1.0 |
|---|
Type(s)
array
attrArray
The array of permitted tag attributes (whitelist).
| since |
1.0 |
|---|
Type(s)
array
tagsMethod
The method for sanitising tags
| since |
1.0 |
|---|
Type(s)
integer
attrMethod
The method for sanitising attributes
| since |
1.0 |
|---|
Type(s)
integer
xssAuto
A flag for XSS checks. Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
| since |
1.0 |
|---|
Type(s)
integer
tagBlacklist
The list of the default blacklisted tags.
| since |
1.0 |
|---|
Type(s)
array
attrBlacklist
The list of the default blacklisted tag attributes. All event handlers implicit.
| since |
1.0 |
|---|
Type(s)
array
blacklistedChars
A special list of blacklisted chars
| since |
1.3.3 |
|---|
Type(s)
array