InputFilter
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris [email protected] Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
| since |
1.0 |
|---|---|
| package |
Joomla Framework |
Methods
__construct
Constructor for InputFilter class.
__construct(mixed||string|int tagsArray = [], mixed||string|int attrArray = [], tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS, attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES, xssAuto = 1) :
| since |
1.0 |
|---|
Arguments
- tagsArray
array<string|int, mixed>List of permitted HTML tags- attrArray
array<string|int, mixed>List of permitted HTML tag attributes- tagsMethod
intMethod for filtering tags, should be one of theONLY_*_DEFINED_TAGSconstants- attrMethod
intMethod for filtering attributes, should be one of theONLY_*_DEFINED_ATTRIBUTESconstants- xssAuto
intOnly auto clean essentials = 0, Allow clean blocked tags/attributes = 1
Response
mixed
checkAttribute
Function to determine if contents of an attribute are safe
checkAttribute(mixed||string|int attrSubSet) :
| since |
1.0 |
|---|
Arguments
- attrSubSet
array<string|int, mixed>A 2 element array for attribute's name, value
Response
boolTrue if bad code is detected
clean
Cleans the given input source based on the instance configuration and specified data type
clean(string|string[]|object source, type = 'string') :
| since |
1.0 |
|---|
Arguments
- source
string|array<string|int, string>|objectInput string/array-of-string/object to be 'cleaned'- type
stringThe return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Response
mixed'Cleaned' version of the $source parameter
cleanAlnum
Alphanumerical filter
cleanAlnum( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanAttributes
Internal method to strip a tag of disallowed attributes
cleanAttributes(mixed||string|int attrSet) : mixed||string|int
| since |
1.0 |
|---|
Arguments
- attrSet
array<string|int, mixed>Array of attribute pairs to filter
Response
array<string|int, mixed>Filtered array of attribute pairs
cleanBase64
Base64 filter
cleanBase64( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanBool
Boolean filter
cleanBool( source) :
Arguments
- source
stringThe string to be filtered
Response
boolThe filtered value
cleanBoolean
Alias for cleanBool()
cleanBoolean( source) :
Arguments
- source
stringThe string to be filtered
Response
boolThe filtered value
cleanCmd
Command filter
cleanCmd( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanDouble
Alias for cleanFloat()
cleanDouble( source) :
Arguments
- source
stringThe string to be filtered
Response
floatThe filtered value
cleanFloat
Float filter
cleanFloat( source) :
Arguments
- source
stringThe string to be filtered
Response
floatThe filtered value
cleanHtml
HTML filter
cleanHtml( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanInt
Integer filter
cleanInt( source) :
Arguments
- source
stringThe string to be filtered
Response
intThe filtered value
cleanInteger
Alias for cleanInt()
cleanInteger( source) :
Arguments
- source
stringThe string to be filtered
Response
intThe filtered value
cleanPath
Path filter
cleanPath( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanString
String filter
cleanString( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanTags
Internal method to strip a string of disallowed tags
cleanTags( source) :
| since |
1.0 |
|---|
Arguments
- source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
cleanTrim
Trim filter
cleanTrim( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanUint
Unsigned integer filter
cleanUint( source) :
Arguments
- source
stringThe string to be filtered
Response
intThe filtered value
cleanUsername
Username filter
cleanUsername( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
cleanWord
Word filter
cleanWord( source) :
Arguments
- source
stringThe string to be filtered
Response
stringThe filtered string
decode
Try to convert to plaintext
decode( source) :
| since |
1.0 |
|---|---|
| deprecated |
This method will be removed once support for PHP 5.3 is discontinued. |
Arguments
- source
stringThe source string.
Response
stringPlaintext string
escapeAttributeValues
Escape < > and " inside attribute values
escapeAttributeValues( source) :
| since |
1.0 |
|---|
Arguments
- source
stringThe source string.
Response
stringFiltered string
remove
Internal method to iteratively remove all unwanted tags and attributes
remove( source) :
| since |
1.0 |
|---|
Arguments
- source
stringInput string to be 'cleaned'
Response
string'Cleaned' version of input parameter
stripCssExpressions
Remove CSS Expressions in the form of
stripCssExpressions( source) :
| since |
1.0 |
|---|
Arguments
- source
stringThe source string.
Response
stringFiltered string
Constants
ONLY_ALLOW_DEFINED_TAGS
Defines the InputFilter instance should only allow the supplied list of HTML tags.
| Value | 0 |
|---|---|
| since |
1.4.0 |
Type(s)
int
ONLY_BLOCK_DEFINED_TAGS
Defines the InputFilter instance should block the defined list of HTML tags and allow all others.
| Value | 1 |
|---|---|
| since |
1.4.0 |
Type(s)
int
ONLY_ALLOW_DEFINED_ATTRIBUTES
Defines the InputFilter instance should only allow the supplied list of attributes.
| Value | 0 |
|---|---|
| since |
1.4.0 |
Type(s)
int
ONLY_BLOCK_DEFINED_ATTRIBUTES
Defines the InputFilter instance should block the defined list of attributes and allow all others.
| Value | 1 |
|---|---|
| since |
1.4.0 |
Type(s)
int
Properties
tagsArray
The array of permitted tags.
| since |
1.0 |
|---|
Type(s)
array<string|int, mixed>
attrArray
The array of permitted tag attributes.
| since |
1.0 |
|---|
Type(s)
array<string|int, mixed>
tagsMethod
The method for sanitising tags
| since |
1.0 |
|---|
Type(s)
int
attrMethod
The method for sanitising attributes
| since |
1.0 |
|---|
Type(s)
int
xssAuto
A flag for XSS checks. Only auto clean essentials = 0, Allow clean blocked tags/attr = 1
| since |
1.0 |
|---|
Type(s)
int
blockedTags
The list the blocked tags for the instance.
| since |
1.0 |
|---|
Type(s)
array<string|int, string>
blockedAttributes
The list of blocked tag attributes for the instance.
| since |
1.0 |
|---|
Type(s)
array<string|int, string>
blockedChars
A special list of blocked characters.
| since |
1.3.3 |
|---|
Type(s)
array<string|int, string>