Class Xmf\FilterInput

FilterInput is a class for filtering input from any data source

Forked from the php input filter library by Daniel Morris

Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Xmf\FilterInput
- XoopsFilterInput

Located at class\libraries\vendor\xoops\xmf\src\FilterInput.php

Methods


					
	protected

__construct(array $tagsArray = [], array $attrArray = [], int $tagsMethod = 0, int $attrMethod = 0, int $xssAuto = 1)

Constructor

Parameters

`$tagsArray`	list of user-defined tags
`$attrArray`	list of user-defined attributes
`$tagsMethod`	0 = allow just user-defined, 1 = allow all but user-defined
`$attrMethod`	0 = allow just user-defined, 1 = allow all but user-defined
`$xssAuto`	0 = only auto clean essentials, 1 = allow clean blacklisted tags/attr


					
	public
					static

getInstance(
	array $tagsArray = [],
	array $attrArray = [],
	int $tagsMethod = 0,
	int $attrMethod = 0,
	int $xssAuto = 1,
): FilterInput

Returns an input filter object, only creating it if it does not already exist.

This method must be invoked as: $filter = FilterInput::getInstance();

Parameters

`$tagsArray`	list of user-defined tags
`$attrArray`	list of user-defined attributes
`$tagsMethod`	WhiteList method = 0, BlackList method = 1
`$attrMethod`	WhiteList method = 0, BlackList method = 1
`$xssAuto`	Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

Returns

object.


					
	public

process(mixed $source): string|array

Method to be called by another php script. Processes for XSS and any specified bad code.

Parameters

$source

input string/array-of-string to be 'cleaned'

Returns

$source - 'cleaned' version of input parameter


					
	public
					static

clean(mixed $source, string $type = 'string'): mixed

Static method to be called by another php script. Clean the supplied input using the default filter

Parameters

`$source`	Input string/array-of-string to be 'cleaned'
`$type`	Return/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALPHANUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP)

Returns

'Cleaned' version of input parameter


					
	public

cleanVar(mixed $source, string $type = 'string'): mixed

Method to be called by another php script. Processes for XSS and specified bad code according to rules supplied when…

Method to be called by another php script. Processes for XSS and specified bad code according to rules supplied when this instance was instantiated.

Parameters

`$source`	Input string/array-of-string to be 'cleaned'
`$type`	Return/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALPHANUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP)

Returns

'Cleaned' version of input parameter


					
	protected

remove(String $source): String

Internal method to iteratively remove all unwanted tags and attributes

Parameters

$source

input string to be 'cleaned'

Returns

$source - 'cleaned' version of input parameter


					
	protected

filterTags(String $source): String

Internal method to strip a string of certain tags

Parameters

$source

input string to be 'cleaned'

Returns

$source - 'cleaned' version of input parameter


					
	protected

filterAttr(array $attrSet): array

Internal method to strip a tag of certain attributes

Parameters

$attrSet

attributes

Returns

$newSet stripped attributes


					
	protected

decode(String $source): String

Try to convert to plaintext

Parameters

$source

string to decode

Returns

$source decoded

Properties
`protected`	`$tagsArray`	#
`protected`	`$attrArray`	#
`protected`	`$tagsMethod`	#
`protected`	`$attrMethod`	#
`protected`	`$xssAuto`	#
`protected`	`$tagBlacklist = [ 'applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml', ]`	#
`protected`	`$attrBlacklist = ['action', 'background', 'codebase', 'dynsrc', 'lowsrc']`	#

Namespaces

Classes

Class Xmf\FilterInput

Parameters

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns