InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris <dan@rootcube.com> Original
Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin
and Andrew Eddie.
public
|
#
__construct( array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = Joomla\Filter\InputFilter::TAGS_WHITELIST, integer $attrMethod = Joomla\Filter\InputFilter::ATTR_WHITELIST, integer $xssAuto = 1 )
Constructor for InputFilter class.
Constructor for InputFilter class.
Parameters
- $tagsArray
array - $tagsArray List of user-defined tags- $attrArray
array - $attrArray List of user-defined attributes- $tagsMethod
integer - $tagsMethod WhiteList method = 0, BlackList method = 1- $attrMethod
integer - $attrMethod WhiteList method = 0, BlackList method = 1- $xssAuto
integer - $xssAuto Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 Since
1.0
|
public
mixed
|
#
clean( mixed $source, string $type = 'string' )
Method to be called by another php script. Processes for XSS and specified
bad code.
Method to be called by another php script. Processes for XSS and specified
bad code.
Parameters
- $source
mixed - $source Input string/array-of-string to be 'cleaned'- $type
string - $type The return type for the variable: INT: An integer, or an array of
integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A
floating point number, or an array of floating point numbers, BOOLEAN: A boolean
value, WORD: A string containing A-Z or underscores only (not case sensitive),
ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string
containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive),
BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case
sensitive), STRING: A fully decoded and sanitised string (default), HTML: A
sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of
sanitised file paths, TRIM: A string trimmed from normal, non-breaking and
multibyte spaces USERNAME: Do not use (use an application specific filter), RAW:
The raw string is returned with no filtering, unknown: An unknown filter will
act like STRING. If the input is an array it will return an array of fully
decoded and sanitised strings. Returns
mixed - 'Cleaned' version of input parameter
Since
1.0
|
public static
boolean
|
#
checkAttribute( array $attrSubSet )
Function to determine if contents of an attribute are safe
Function to determine if contents of an attribute are safe
Parameters
- $attrSubSet
array - $attrSubSet A 2 element array for attribute's name, value Returns
boolean - True if bad code is detected
Since
1.0
|
protected
string
|
#
remove( string $source )
Internal method to iteratively remove all unwanted tags and attributes
Internal method to iteratively remove all unwanted tags and attributes
Parameters
- $source
string - $source Input string to be 'cleaned' Returns
string - 'Cleaned' version of input parameter
Since
1.0
|
protected
string
|
#
cleanTags( string $source )
Internal method to strip a string of certain tags
Internal method to strip a string of certain tags
Parameters
- $source
string - $source Input string to be 'cleaned' Returns
string - 'Cleaned' version of input parameter
Since
1.0
|
protected
array
|
#
cleanAttributes( array $attrSet )
Internal method to strip a tag of certain attributes
Internal method to strip a tag of certain attributes
Parameters
- $attrSet
array - $attrSet Array of attribute pairs to filter Returns
array - Filtered array of attribute pairs
Since
1.0
|
protected
string
|
#
decode( string $source )
Try to convert to plaintext
Try to convert to plaintext
Deprecated
This method will be removed once support for PHP 5.3 is discontinued.
Parameters
- $source
string - $source The source string. Returns
string - Plaintext string
Since
1.0
|
protected
string
|
#
escapeAttributeValues( string $source )
Escape < > and " inside attribute values
Escape < > and " inside attribute values
Parameters
- $source
string - $source The source string. Returns
string - Filtered string
Since
1.0
|
protected
string
|
#
stripCssExpressions( string $source )
Remove CSS Expressions in the form of <property>:expression(...)
Remove CSS Expressions in the form of <property>:expression(...)
Parameters
- $source
string - $source The source string. Returns
string - Filtered string
Since
1.0
|
protected static
Joomla\Filter\InputFilter[]
|
$instances
|
#
A container for InputFilter instances.
A container for InputFilter instances.
Deprecated
1.2.0
Since
1.0
|
public
array
|
$tagsArray
|
#
The array of permitted tags (whitelist).
The array of permitted tags (whitelist).
Since
1.0
|
public
array
|
$attrArray
|
#
The array of permitted tag attributes (whitelist).
The array of permitted tag attributes (whitelist).
Since
1.0
|
public
integer
|
$tagsMethod
|
#
The method for sanitising tags
The method for sanitising tags
Since
1.0
|
public
integer
|
$attrMethod
|
#
The method for sanitising attributes
The method for sanitising attributes
Since
1.0
|
public
integer
|
$xssAuto
|
#
A flag for XSS checks. Only auto clean essentials = 0, Allow clean
blacklisted tags/attr = 1
A flag for XSS checks. Only auto clean essentials = 0, Allow clean
blacklisted tags/attr = 1
Since
1.0
|
public
array
|
$tagBlacklist
|
#
The list of the default blacklisted tags.
The list of the default blacklisted tags.
Since
1.0
|
public
array
|
$attrBlacklist
|
#
The list of the default blacklisted tag attributes. All event handlers
implicit.
The list of the default blacklisted tag attributes. All event handlers
implicit.
Since
1.0
|
