Overview

Namespaces

  • None
  • Xmf
    • Database
    • Module
      • Helper
    • Template
  • Xoops
    • Auth
    • Core
      • Cache
      • Database
        • Logging
        • Schema
      • Exception
      • Handler
        • Scheme
      • Kernel
        • Dtype
        • Handlers
        • Model
      • Lists
      • Locale
        • Punic
      • Service
        • Contract
      • Session
      • Text
        • Sanitizer
          • Extensions
      • Theme
        • Plugins
    • Form
    • Html
    • Locale
    • Module
      • Helper
      • Plugin

Classes

  • Assets
  • ComposerUtility
  • Events
  • FilterInput
  • FixedGroups
  • HttpRequest
  • Logger
  • MediaUploader
  • MimeTypes
  • PreloadItem
  • Psr0ClassLoader
  • Psr4ClassLoader
  • Random
  • Registry
  • Request
  • Security
  • XoopsTpl
  • Yaml

Interfaces

  • AttributeInterface
  • Overview
  • Namespace
  • Class
  • Tree

Class FilterInput

XoopsFilterInput is a class for filtering input from any data source

Forked from the php input filter library by Daniel Morris

Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Direct known subclasses

Xmf\FilterInput, XoopsFilterInput
Namespace: Xoops\Core
Package: Xoops\Core
Category: Xoops\Core\FilterInput
Copyright: 2005 Daniel Morris
Copyright: 2005 - 2013 Open Source Matters, Inc. All rights reserved.
Copyright: 2011-2015 XOOPS Project (http://xoops.org)
License: GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
Author: Daniel Morris dan@rootcube.com
Author: Louis Landry louis.landry@joomla.org
Author: Grégory Mage (Aka Mage)
Author: trabis lusopoemas@gmail.com
Author: Richard Griffith richard@geekwright.com
Version: Release: 1.0
Since: 2.5.7
Link: http://xoops.org
Located at oops_lib/Xoops/Core/FilterInput.php
Methods summary
public
# __construct( Array $tagsArray = array(), Array $attrArray = array(), integer $tagsMethod = 0, integer $attrMethod = 0, integer $xssAuto = 1 )

Constructor

Constructor

Parameters

$tagsArray
  • list of user-defined tags
$attrArray
  • list of user-defined attributes
$tagsMethod
  • 0 = allow just user-defined, 1 = allow all but user-defined
$attrMethod
  • 0 = allow just user-defined, 1 = allow all but user-defined
$xssAuto
  • 0 = only auto clean essentials, 1 = allow clean blacklisted tags/attr
public static XoopsFilterInput
# getInstance( array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod = 0, integer $attrMethod = 0, integer $xssAuto = 1 )

Returns a reference to an input filter object, only creating it if it doesn't already exist.

Returns a reference to an input filter object, only creating it if it doesn't already exist.

This method must be invoked as: $filter = & XoopsFilterInput::getInstance();

Parameters

$tagsArray
list of user-defined tags
$attrArray
list of user-defined attributes
$tagsMethod
WhiteList method = 0, BlackList method = 1
$attrMethod
WhiteList method = 0, BlackList method = 1
$xssAuto

Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

Returns

XoopsFilterInput
object.

Since

1.5
public String
# process( Mixed $source )

Method to be called by another php script. Processes for XSS and any specified bad code.

Method to be called by another php script. Processes for XSS and any specified bad code.

Parameters

$source
  • input string/array-of-string to be 'cleaned'

Returns

String
$source - 'cleaned' version of input parameter
public static mixed
# clean( mixed $source, string $type = 'string' )

Method to be called by another php script. Processes for XSS and specified bad code.

Method to be called by another php script. Processes for XSS and specified bad code.

Parameters

$source
Input string/array-of-string to be 'cleaned'
$type

Return/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP)

Returns

mixed
'Cleaned' version of input parameter
protected String
# remove( String $source )

Internal method to iteratively remove all unwanted tags and attributes

Internal method to iteratively remove all unwanted tags and attributes

Parameters

$source
  • input string to be 'cleaned'

Returns

String
$source - 'cleaned' version of input parameter
protected String
# filterTags( String $source )

Internal method to strip a string of certain tags

Internal method to strip a string of certain tags

Parameters

$source
  • input string to be 'cleaned'

Returns

String
$source - 'cleaned' version of input parameter
protected Array
# filterAttr( array $attrSet )

Internal method to strip a tag of certain attributes

Internal method to strip a tag of certain attributes

Parameters

$attrSet
attributes

Returns

Array
$newSet stripped attributes
protected String
# decode( String $source )

Try to convert to plaintext

Try to convert to plaintext

Parameters

$source
string to decode

Returns

String
$source decoded
public static array|false
# gather( string $source, array $input_map, mixed $require = false )

gather - gather input from a source

gather - gather input from a source

Parameters

$source
name of source superglobal, get, post or cookie
$input_map

each element of the array is an array consisting of elements to gather and clean from source - name - key in source superglobal, no default - type - XoopsFilterInput::clean type, default string - default - default value, default '' - trim - true to trim spaces from input, default true - max length - maximum length to accept, 0=no limit, default 0 Example: array('op','string','view',true)

$require

name of required element, or false for nothing required name. If the require name is set, values will only be returned if the key $require is set in the source array.

Returns

array|false

array of cleaned elements as specified by input_map, or false if require key specified but not set

Properties summary
protected $tagsArray
#
protected $attrArray
#
protected $tagsMethod
#
protected $attrMethod
#
protected $xssAuto
#
protected array $tagBlacklist
# array( 'applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml' )
protected array $attrBlacklist
# array('action', 'background', 'codebase', 'dynsrc', 'lowsrc')
API documentation generated by ApiGen