Search

Methods

Back to InputFilter class

Method clean

public mixed
clean
(mixed $source, mixed $type = 'string')
Method to be called by another php script. Processes for XSS and specified bad code.
Parameters
  • mixed $source Input string/array-of-string to be 'cleaned'
  • string $type The return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Returns
  • mixed 'Cleaned' version of input parameter
Since
  • 1.7.0
Class: InputFilter
Project: Joomla

Method clean - Source code

/**
 * Method to be called by another php script. Processes for XSS and
 * specified bad code.
 *
 * @param   mixed   $source  Input string/array-of-string to be 'cleaned'
 * @param   string  $type    The return type for the variable:
 *                           INT:       An integer, or an array of integers,
 *                           UINT:      An unsigned integer, or an array of unsigned integers,
 *                           FLOAT:     A floating point number, or an array of floating point numbers,
 *                           BOOLEAN:   A boolean value,
 *                           WORD:      A string containing A-Z or underscores only (not case sensitive),
 *                           ALNUM:     A string containing A-Z or 0-9 only (not case sensitive),
 *                           CMD:       A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive),
 *                           BASE64:    A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive),
 *                           STRING:    A fully decoded and sanitised string (default),
 *                           HTML:      A sanitised string,
 *                           ARRAY:     An array,
 *                           PATH:      A sanitised file path, or an array of sanitised file paths,
 *                           TRIM:      A string trimmed from normal, non-breaking and multibyte spaces
 *                           USERNAME:  Do not use (use an application specific filter),
 *                           RAW:       The raw string is returned with no filtering,
 *                           unknown:   An unknown filter will act like STRING. If the input is an array it will return an
 *                                      array of fully decoded and sanitised strings.
 *
 * @return  mixed  'Cleaned' version of input parameter
 *
 * @since   1.7.0
 */
public function clean($source, $type = 'string')
{
    // Strip Unicode Supplementary Characters when requested to do so
    if ($this->stripUSC) {
        // Alternatively: preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xE2\xAF\x91", $source) but it'd be slower.
        $source = $this->stripUSC($source);
    }
    return parent::clean($source, $type);
}