Search

Methods

Back to ComponentHelper class

Method filterText

public static string
filterText
(mixed $text)
Applies the global text filters to arbitrary text as per settings for current user groups
Parameters
  • string $text The string to filter
Returns
  • string The filtered string
Since
  • 2.5
Class: ComponentHelper
Project: Joomla

Method filterText - Source code

/**
 * Applies the global text filters to arbitrary text as per settings for current user groups
 *
 * @param   string  $text  The string to filter
 *
 * @return  string  The filtered string
 *
 * @since   2.5
 */
public static function filterText($text)
{
    // Punyencoding utf8 email addresses
    $text = InputFilter::getInstance()->emailToPunycode($text);
    // Filter settings
    $config = static::getParams('com_config');
    $user = Factory::getUser();
    $userGroups = Access::getGroupsByUser($user->get('id'));
    $filters = $config->get('filters');
    $forbiddenListTags = array();
    $forbiddenListAttributes = array();
    $customListTags = array();
    $customListAttributes = array();
    $allowedListTags = array();
    $allowedListAttributes = array();
    $allowedList = false;
    $forbiddenList = false;
    $customList = false;
    $unfiltered = false;
    // Cycle through each of the user groups the user is in.
    // Remember they are included in the Public group as well.
    foreach ($userGroups as $groupId) {
        // May have added a group by not saved the filters.
        if (!isset($filters->{$groupId})) {
            continue;
        }
        // Each group the user is in could have different filtering properties.
        $filterData = $filters->{$groupId};
        $filterType = strtoupper($filterData->filter_type);
        if ($filterType === 'NH') {
            // Maximum HTML filtering.
        } elseif ($filterType === 'NONE') {
            // No HTML filtering.
            $unfiltered = true;
        } else {
            // Forbidden list or allowed list.
            // Preprocess the tags and attributes.
            $tags = explode(',', $filterData->filter_tags);
            $attributes = explode(',', $filterData->filter_attributes);
            $tempTags = array();
            $tempAttributes = array();
            foreach ($tags as $tag) {
                $tag = trim($tag);
                if ($tag) {
                    $tempTags[] = $tag;
                }
            }
            foreach ($attributes as $attribute) {
                $attribute = trim($attribute);
                if ($attribute) {
                    $tempAttributes[] = $attribute;
                }
            }
            // Collect the forbidden list or allowed list tags and attributes.
            // Each list is cumulative.
            if ($filterType === 'BL') {
                $forbiddenList = true;
                $forbiddenListTags = array_merge($forbiddenListTags, $tempTags);
                $forbiddenListAttributes = array_merge($forbiddenListAttributes, $tempAttributes);
            } elseif ($filterType === 'CBL') {
                // Only set to true if Tags or Attributes were added
                if ($tempTags || $tempAttributes) {
                    $customList = true;
                    $customListTags = array_merge($customListTags, $tempTags);
                    $customListAttributes = array_merge($customListAttributes, $tempAttributes);
                }
            } elseif ($filterType === 'WL') {
                $allowedList = true;
                $allowedListTags = array_merge($allowedListTags, $tempTags);
                $allowedListAttributes = array_merge($allowedListAttributes, $tempAttributes);
            }
        }
    }
    // Remove duplicates before processing (because the forbidden list uses both sets of arrays).
    $forbiddenListTags = array_unique($forbiddenListTags);
    $forbiddenListAttributes = array_unique($forbiddenListAttributes);
    $customListTags = array_unique($customListTags);
    $customListAttributes = array_unique($customListAttributes);
    $allowedListTags = array_unique($allowedListTags);
    $allowedListAttributes = array_unique($allowedListAttributes);
    if (!$unfiltered) {
        // Custom Forbidden list precedes Default forbidden list.
        if ($customList) {
            $filter = InputFilter::getInstance(array(), array(), 1, 1);
            // Override filter's default forbidden tags and attributes
            if ($customListTags) {
                $filter->blockedTags = $customListTags;
            }
            if ($customListAttributes) {
                $filter->blockedAttributes = $customListAttributes;
            }
        } elseif ($forbiddenList) {
            // Remove the allowed tags and attributes from the forbidden list.
            $forbiddenListTags = array_diff($forbiddenListTags, $allowedListTags);
            $forbiddenListAttributes = array_diff($forbiddenListAttributes, $allowedListAttributes);
            $filter = InputFilter::getInstance($forbiddenListTags, $forbiddenListAttributes, InputFilter::ONLY_BLOCK_DEFINED_TAGS, InputFilter::ONLY_BLOCK_DEFINED_ATTRIBUTES);
            // Remove the allowed tags from filter's default forbidden list.
            if ($allowedListTags) {
                $filter->blockedTags = array_diff($filter->blockedTags, $allowedListTags);
            }
            // Remove the allowed attributes from filter's default forbidden list.
            if ($allowedListAttributes) {
                $filter->blockedAttributes = array_diff($filter->blockedAttributes, $allowedListAttributes);
            }
        } elseif ($allowedList) {
            // Turn off XSS auto clean
            $filter = InputFilter::getInstance($allowedListTags, $allowedListAttributes, 0, 0, 0);
        } else {
            $filter = InputFilter::getInstance();
        }
        $text = $filter->clean($text, 'html');
    }
    return $text;
}