Search

Projects

Classes

Methods

Back to Joomla project (class list)

Class InputFilter - list of methods

InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
Package: Joomla\CMS\Filter
Copyright: (C) 2006 Open Source Matters, Inc.
License: GNU General Public License version 2 or later; see LICENSE.txt
Located at: Joomla/Filter/InputFilter.php
Project: Joomla

Method Summary

public
__construct
(mixed $tagsArray = array(), mixed $attrArray = array(), mixed $tagsMethod = 0, mixed $attrMethod = 0, mixed $xssAuto = 1, mixed $stripUSC = 0)

Constructor for inputFilter class. Only first parameter is required.
Parameters
  • array $tagsArray List of user-defined tags
  • array $attrArray List of user-defined attributes
  • int $tagsMethod The constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS
  • int $attrMethod The constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES
  • int $xssAuto Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1
  • int $stripUSC Strip 4-byte unicode characters = 1, no strip = 0
Since
  • 1.7.0
Show source code of this method: __construct Source Code

public static \Joomla\CMS\Filter\InputFilter
(mixed $tagsArray = array(), mixed $attrArray = array(), mixed $tagsMethod = 0, mixed $attrMethod = 0, mixed $xssAuto = 1, mixed $stripUSC = 0)

Returns an input filter object, only creating it if it doesn't already exist.
Parameters
  • array $tagsArray List of user-defined tags
  • array $attrArray List of user-defined attributes
  • int $tagsMethod The constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS
  • int $attrMethod The constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES
  • int $xssAuto Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1
  • int $stripUSC Strip 4-byte unicode characters = 1, no strip = 0
Returns
  • \Joomla\CMS\Filter\InputFilter The InputFilter object.
Since
  • 1.7.0
Show source code of this method: getInstance Source Code

public mixed
(mixed $source, mixed $type = 'string')

Method to be called by another php script. Processes for XSS and specified bad code.
Parameters
  • mixed $source Input string/array-of-string to be 'cleaned'
  • string $type The return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Returns
  • mixed 'Cleaned' version of input parameter
Since
  • 1.7.0
Show source code of this method: clean Source Code

public string
(mixed $text)

Function to punyencode utf8 mail when saving content
Parameters
  • string $text The strings to encode
Returns
  • string The punyencoded mail
Since
  • 3.5
Show source code of this method: emailToPunycode Source Code

public static bool
(mixed $file, mixed $options = array())

Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
Parameters
  • array $file An uploaded file descriptor
  • array $options The scanner options (see the code for details)
Returns
  • bool True of the file is safe
Since
  • 3.4
Show source code of this method: isSafeFile Source Code

protected static array
(array $data)

Method to decode a file data array.
Parameters
  • array $data The data array to decode.
Returns
  • array
Since
  • 3.4
Show source code of this method: decodeFileData Source Code

protected string
(mixed $source)

Try to convert to plaintext
Parameters
  • string $source The source string.
Returns
  • string Plaintext string
Since
  • 3.5
Show source code of this method: decode Source Code

protected mixed
(mixed $source)

Recursively strip Unicode Supplementary Characters from the source. Not: objects cannot be filtered.
Parameters
  • mixed $source The data to filter
Returns
  • mixed The filtered result
Since
  • 3.5
Show source code of this method: stripUSC Source Code

Properties Summary

private int
$stripUSC
A flag for Unicode Supplementary Characters (4-byte Unicode character) stripping.
Since
  • 3.5
protected static \Joomla\CMS\Filter\InputFilter[]
$instances
A container for InputFilter instances.
Since
  • 4.0.0

Constants Summary

public
$FORBIDDEN_FILE_EXTENSIONS
An array containing a list of extensions for files that are typically executable directly in the webserver context, potentially resulting in code executions
Since
  • 4.0.0

Tags Summary

Since
1.7.0