Search

Methods

Back to UrlFilter class

Method filter

public mixed
filter
(\SimpleXMLElement $element, mixed $value, mixed $group = null, \Joomla\Registry\Registry $input = null, \Joomla\CMS\Form\Form $form = null)
Method to filter a field value.
Parameters
  • \SimpleXMLElement $element The SimpleXMLElement object representing the `<field>` tag for the form field object.
  • mixed $value The form field value to validate.
  • string $group The field name group control value. This acts as an array container for the field. For example if the field has name="foo" and the group value is set to "bar" then the full field name would end up being "bar[foo]".
  • \Joomla\Registry\Registry $input An optional Registry object with the entire data set to validate against the entire form.
  • \Joomla\CMS\Form\Form $form The form object for which the field is being tested.
Returns
  • mixed The filtered value.
Since
  • 4.0.0
Class: UrlFilter
Project: Joomla

Method filter - Source code

/**
 * Method to filter a field value.
 *
 * @param   \SimpleXMLElement  $element  The SimpleXMLElement object representing the `<field>` tag for the form field object.
 * @param   mixed              $value    The form field value to validate.
 * @param   string             $group    The field name group control value. This acts as an array container for the field.
 *                                       For example if the field has name="foo" and the group value is set to "bar" then the
 *                                       full field name would end up being "bar[foo]".
 * @param   Registry           $input    An optional Registry object with the entire data set to validate against the entire form.
 * @param   Form               $form     The form object for which the field is being tested.
 *
 * @return  mixed   The filtered value.
 *
 * @since   4.0.0
 */
public function filter(\SimpleXMLElement $element, $value, $group = null, Registry $input = null, Form $form = null)
{
    if (empty($value)) {
        return false;
    }
    // This cleans some of the more dangerous characters but leaves special characters that are valid.
    $value = InputFilter::getInstance()->clean($value, 'html');
    $value = trim($value);
    // <>" are never valid in a uri see https://www.ietf.org/rfc/rfc1738.txt
    $value = str_replace(array('<', '>', '"'), '', $value);
    // Check for a protocol
    $protocol = parse_url($value, PHP_URL_SCHEME);
    // If there is no protocol and the relative option is not specified,
    // we assume that it is an external URL and prepend http://
    if ((string) $element['type'] === 'url' && !$protocol && !$element['relative'] || !(string) $element['type'] === 'url' && !$protocol) {
        $protocol = 'http';
        // If it looks like an internal link, then add the root.
        if (substr($value, 0, 9) === 'index.php') {
            $value = Uri::root() . $value;
        } else {
            // Put the url back together.
            $value = $protocol . '://' . $value;
        }
    } elseif (!$protocol && $element['relative']) {
        $host = Uri::getInstance('SERVER')->getHost();
        // If it starts with the host string, just prepend the protocol.
        if (substr($value, 0) === $host) {
            $value = 'http://' . $value;
        } elseif (substr($value, 0, 1) !== '/') {
            $value = Uri::root(true) . '/' . $value;
        }
    }
    $value = PunycodeHelper::urlToPunycode($value);
    return $value;
}