Class InputFilter

InputFilter is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris <dan@rootcube.com> Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Direct known subclasses

JFilterInput

Namespace: Joomla\Filter
Since: 1.0
Located at vendor/joomla/filter/src/InputFilter.php

Methods summary

`public`	# `__construct( array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = Joomla\Filter\InputFilter::TAGS_WHITELIST, integer $attrMethod = Joomla\Filter\InputFilter::ATTR_WHITELIST, integer $xssAuto = 1 )` Constructor for InputFilter class. Constructor for InputFilter class. Parameters `$tagsArray` `array` - $tagsArray List of user-defined tags `$attrArray` `array` - $attrArray List of user-defined attributes `$tagsMethod` `integer` - $tagsMethod WhiteList method = 0, BlackList method = 1 `$attrMethod` `integer` - $attrMethod WhiteList method = 0, BlackList method = 1 `$xssAuto` `integer` - $xssAuto Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 Since 1.0
`public mixed`	# `clean( mixed $source, string $type = 'string' )` Method to be called by another php script. Processes for XSS and specified bad code. Method to be called by another php script. Processes for XSS and specified bad code. Parameters `$source` `mixed` - $source Input string/array-of-string to be 'cleaned' `$type` `string` - $type The return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings. Returns `mixed` - 'Cleaned' version of input parameter Since 1.0
`public static boolean`	# `checkAttribute( array $attrSubSet )` Function to determine if contents of an attribute are safe Function to determine if contents of an attribute are safe Parameters `$attrSubSet` `array` - $attrSubSet A 2 element array for attribute's name, value Returns `boolean` - True if bad code is detected Since 1.0
`protected string`	# `remove( string $source )` Internal method to iteratively remove all unwanted tags and attributes Internal method to iteratively remove all unwanted tags and attributes Parameters `$source` `string` - $source Input string to be 'cleaned' Returns `string` - 'Cleaned' version of input parameter Since 1.0
`protected string`	# `cleanTags( string $source )` Internal method to strip a string of certain tags Internal method to strip a string of certain tags Parameters `$source` `string` - $source Input string to be 'cleaned' Returns `string` - 'Cleaned' version of input parameter Since 1.0
`protected array`	# `cleanAttributes( array $attrSet )` Internal method to strip a tag of certain attributes Internal method to strip a tag of certain attributes Parameters `$attrSet` `array` - $attrSet Array of attribute pairs to filter Returns `array` - Filtered array of attribute pairs Since 1.0
`protected string`	# `decode( string $source )` Try to convert to plaintext Try to convert to plaintext Deprecated This method will be removed once support for PHP 5.3 is discontinued. Parameters `$source` `string` - $source The source string. Returns `string` - Plaintext string Since 1.0
`protected string`	# `escapeAttributeValues( string $source )` Escape < > and " inside attribute values Escape < > and " inside attribute values Parameters `$source` `string` - $source The source string. Returns `string` - Filtered string Since 1.0
`protected string`	# `stripCssExpressions( string $source )` Remove CSS Expressions in the form of <property>:expression(...) Remove CSS Expressions in the form of <property>:expression(...) Parameters `$source` `string` - $source The source string. Returns `string` - Filtered string Since 1.0

Magic methods summary

Constants summary

`integer`	`TAGS_WHITELIST`	`0`	# Defines the InputFilter instance should use a whitelist method for sanitising tags. Defines the InputFilter instance should use a whitelist method for sanitising tags. Since 1.3.0
`integer`	`TAGS_BLACKLIST`	`1`	# Defines the InputFilter instance should use a blacklist method for sanitising tags. Defines the InputFilter instance should use a blacklist method for sanitising tags. Since 1.3.0
`integer`	`ATTR_WHITELIST`	`0`	# Defines the InputFilter instance should use a whitelist method for sanitising attributes. Defines the InputFilter instance should use a whitelist method for sanitising attributes. Since 1.3.0
`integer`	`ATTR_BLACKLIST`	`1`	# Defines the InputFilter instance should use a blacklist method for sanitising attributes. Defines the InputFilter instance should use a blacklist method for sanitising attributes. Since 1.3.0

Properties summary

`protected static Joomla\Filter\InputFilter[]`	`$instances`	# A container for InputFilter instances. A container for InputFilter instances. Deprecated 1.2.0 Since 1.0
`public array`	`$tagsArray`	# The array of permitted tags (whitelist). The array of permitted tags (whitelist). Since 1.0
`public array`	`$attrArray`	# The array of permitted tag attributes (whitelist). The array of permitted tag attributes (whitelist). Since 1.0
`public integer`	`$tagsMethod`	# The method for sanitising tags The method for sanitising tags Since 1.0
`public integer`	`$attrMethod`	# The method for sanitising attributes The method for sanitising attributes Since 1.0
`public integer`	`$xssAuto`	# A flag for XSS checks. Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 A flag for XSS checks. Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 Since 1.0
`public array`	`$tagBlacklist`	# The list of the default blacklisted tags. The list of the default blacklisted tags. Since 1.0
`public array`	`$attrBlacklist`	# The list of the default blacklisted tag attributes. All event handlers implicit. The list of the default blacklisted tag attributes. All event handlers implicit. Since 1.0

Namespaces

Classes

Class InputFilter

Direct known subclasses

Methods summary

Parameters

Since

Parameters

Returns

Since

Parameters

Returns

Since

Parameters

Returns

Since

Parameters

Returns

Since

Parameters

Returns

Since

Deprecated

Parameters

Returns

Since

Parameters

Returns

Since

Parameters

Returns

Since

Magic methods summary

Constants summary

Since

Since

Since

Since

Properties summary

Deprecated

Since

Since

Since

Since

Since

Since

Since

Since