XOOPS  2.6.0
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Xoops\Core\FilterInput Class Reference
Inheritance diagram for Xoops\Core\FilterInput:
Inheritance graph

Public Member Functions

 __construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1)
 
 process ($source)
 

Static Public Member Functions

static clean ($source, $type= 'string')
 
static gather ($source, $input_map, $require=false)
 
static getInstance ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1)
 

Protected Member Functions

 decode ($source)
 
 filterAttr ($attrSet)
 
 filterTags ($source)
 
 remove ($source)
 

Protected Attributes

 $attrArray
 
 $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc')
 
 $attrMethod
 
 $tagBlacklist
 
 $tagsArray
 
 $tagsMethod
 
 $xssAuto
 

Detailed Description

Definition at line 37 of file FilterInput.php.

Constructor & Destructor Documentation

Xoops\Core\FilterInput::__construct (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1 
)

Constructor

Parameters
Array$tagsArray- list of user-defined tags
Array$attrArray- list of user-defined attributes
int$tagsMethod- 0 = allow just user-defined, 1 = allow all but user-defined
int$attrMethod- 0 = allow just user-defined, 1 = allow all but user-defined
int$xssAuto- 0 = only auto clean essentials, 1 = allow clean blacklisted tags/attr

Definition at line 63 of file FilterInput.php.

References Xoops\Core\FilterInput\$attrArray, Xoops\Core\FilterInput\$attrMethod, $i, Xoops\Core\FilterInput\$tagsArray, Xoops\Core\FilterInput\$tagsMethod, and Xoops\Core\FilterInput\$xssAuto.

Member Function Documentation

static Xoops\Core\FilterInput::clean (   $source,
  $type = 'string' 
)
static

Method to be called by another php script. Processes for XSS and specified bad code.

Parameters
mixed$sourceInput string/array-of-string to be 'cleaned'
string$typeReturn/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP)
Returns
mixed 'Cleaned' version of input parameter

Definition at line 167 of file FilterInput.php.

References $filter, $result, and $type.

Xoops\Core\FilterInput::decode (   $source)
protected

Try to convert to plaintext

Parameters
String$sourcestring to decode
Returns
String $source decoded

Definition at line 512 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\process().

Here is the caller graph for this function:

Xoops\Core\FilterInput::filterAttr (   $attrSet)
protected

Internal method to strip a tag of certain attributes

Parameters
array$attrSetattributes
Returns
Array $newSet stripped attributes

Definition at line 434 of file FilterInput.php.

References $i.

Referenced by Xoops\Core\FilterInput\filterTags().

Here is the caller graph for this function:

Xoops\Core\FilterInput::filterTags (   $source)
protected

Internal method to strip a string of certain tags

Parameters
String$source- input string to be 'cleaned'
Returns
String $source - 'cleaned' version of input parameter

Definition at line 304 of file FilterInput.php.

References $i, and Xoops\Core\FilterInput\filterAttr().

Referenced by Xoops\Core\FilterInput\remove().

Here is the call graph for this function:

Here is the caller graph for this function:

static Xoops\Core\FilterInput::gather (   $source,
  $input_map,
  $require = false 
)
static

gather - gather input from a source

Parameters
string$sourcename of source superglobal, get, post or cookie
array$input_mapeach element of the array is an array consisting of elements to gather and clean from source
  • name - key in source superglobal, no default
  • type - XoopsFilterInput::clean type, default string
  • default - default value, default ''
  • trim - true to trim spaces from input, default true
  • max length - maximum length to accept, 0=no limit, default 0 Example: array('op','string','view',true)
mixed$requirename of required element, or false for nothing required name. If the require name is set, values will only be returned if the key $require is set in the source array.
Returns
array|false array of cleaned elements as specified by input_map, or false if require key specified but not set

Definition at line 557 of file FilterInput.php.

References $name, and $type.

static Xoops\Core\FilterInput::getInstance (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1 
)
static

Returns a reference to an input filter object, only creating it if it doesn't already exist.

This method must be invoked as: $filter = & XoopsFilterInput::getInstance();

Parameters
array$tagsArraylist of user-defined tags
array$attrArraylist of user-defined attributes
int$tagsMethodWhiteList method = 0, BlackList method = 1
int$attrMethodWhiteList method = 0, BlackList method = 1
int$xssAutoOnly auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
Returns
XoopsFilterInput object.
Since
1.5

Definition at line 104 of file FilterInput.php.

References Xoops\Core\FilterInput\$attrArray, Xoops\Core\FilterInput\$attrMethod, Xoops\Core\FilterInput\$tagsArray, Xoops\Core\FilterInput\$tagsMethod, and Xoops\Core\FilterInput\$xssAuto.

Referenced by Xoops\Core\Request\cleanVar().

Here is the caller graph for this function:

Xoops\Core\FilterInput::process (   $source)

Method to be called by another php script. Processes for XSS and any specified bad code.

Parameters
Mixed$source- input string/array-of-string to be 'cleaned'
Returns
String $source - 'cleaned' version of input parameter

Definition at line 135 of file FilterInput.php.

References Xoops\Core\FilterInput\decode().

Here is the call graph for this function:

Xoops\Core\FilterInput::remove (   $source)
protected

Internal method to iteratively remove all unwanted tags and attributes

Parameters
String$source- input string to be 'cleaned'
Returns
String $source - 'cleaned' version of input parameter

Definition at line 285 of file FilterInput.php.

References Xoops\Core\FilterInput\filterTags().

Here is the call graph for this function:

Member Data Documentation

Xoops\Core\FilterInput::$attrArray
protected

Definition at line 40 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\__construct(), and Xoops\Core\FilterInput\getInstance().

Xoops\Core\FilterInput::$attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc')
protected

Definition at line 52 of file FilterInput.php.

Xoops\Core\FilterInput::$attrMethod
protected

Definition at line 43 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\__construct(), and Xoops\Core\FilterInput\getInstance().

Xoops\Core\FilterInput::$tagBlacklist
protected
Initial value:
= array(
'applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame',
'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer',
'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'
)

Definition at line 46 of file FilterInput.php.

Xoops\Core\FilterInput::$tagsArray
protected

Definition at line 39 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\__construct(), and Xoops\Core\FilterInput\getInstance().

Xoops\Core\FilterInput::$tagsMethod
protected

Definition at line 42 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\__construct(), and Xoops\Core\FilterInput\getInstance().

Xoops\Core\FilterInput::$xssAuto
protected

Definition at line 45 of file FilterInput.php.

Referenced by Xoops\Core\FilterInput\__construct(), and Xoops\Core\FilterInput\getInstance().

The documentation for this class was generated from the following file: