Class JFilterInput

Description

JFilterInput is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris <dan@rootcube.com> Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

  • since: 11.1

Located in /libraries/joomla/filter/input.php (line 22)

JObject
   |
   --JFilterInput
Variable Summary
static array $instances
array $attrArray
integer $attrMethod
array $tagsArray
integer $tagsMethod
integer $xssAuto
Method Summary
static boolean checkAttribute (array $attrSubSet)
static JFilterInput &getInstance ([array $tagsArray = array()], [array $attrArray = array()], [integer $tagsMethod = 0], [integer $attrMethod = 0], [integer $xssAuto = 1])
JFilterInput __construct ([array $tagsArray = array()], [array $attrArray = array()], [integer $tagsMethod = 0], [integer $attrMethod = 0], [integer $xssAuto = 1])
mixed clean (mixed $source, [string $type = 'string'])
array _cleanAttributes (array $attrSet)
string _cleanTags (string $source)
string _decode (string $source)
string _escapeAttributeValues (string $source)
string _remove (string $source)
string _stripCSSExpressions (string $source)
Variables
static array $instances = array() (line 28)
  • var: A container for JFilterInput instances.
  • since: 11.3
  • access: protected
array $attrArray (line 40)
  • var: An array of permitted tag attributes.
  • since: 11.1
  • access: public
array $attrBlacklist = array(
'action',
'background',
'codebase',
'dynsrc',
'lowsrc'
)
(line 93)
  • var: A list of the default blacklisted tag attributes. All event handlers implicit.
  • since: 11.1
  • access: public
integer $attrMethod (line 52)
  • var: Method for attributes: WhiteList method = 0 (default), BlackList method = 1
  • since: 11.1
  • access: public
array $tagBlacklist = array(
'applet',
'body',
'bgsound',
'base',
'basefont',
'embed',
'frame',
'frameset',
'head',
'html',
'id',
'iframe',
'ilayer',
'layer',
'link',
'meta',
'name',
'object',
'script',
'style',
'title',
'xml'
)
(line 64)
  • var: A list of the default blacklisted tags.
  • since: 11.1
  • access: public
array $tagsArray (line 34)
  • var: An array of permitted tags.
  • since: 11.1
  • access: public
integer $tagsMethod (line 46)
  • var: Method for tags: WhiteList method = 0 (default), BlackList method = 1
  • since: 11.1
  • access: public
integer $xssAuto (line 58)
  • var: Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
  • since: 11.1
  • access: public

Inherited Variables

Inherited from JObject

JObject::$_errors
Methods
static method checkAttribute (line 274)

Function to determine if contents of an attribute are safe

  • return: True if bad code is detected
  • since: 11.1
  • access: public
static boolean checkAttribute (array $attrSubSet)
  • array $attrSubSet: A 2 element array for attribute's name, value
static method getInstance (line 139)

Returns an input filter object, only creating it if it doesn't already exist.

  • return: The JFilterInput object.
  • since: 11.1
  • access: public
static JFilterInput &getInstance ([array $tagsArray = array()], [array $attrArray = array()], [integer $tagsMethod = 0], [integer $attrMethod = 0], [integer $xssAuto = 1])
  • array $tagsArray: List of user-defined tags
  • array $attrArray: List of user-defined attributes
  • integer $tagsMethod: WhiteList method = 0, BlackList method = 1
  • integer $attrMethod: WhiteList method = 0, BlackList method = 1
  • integer $xssAuto: Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
Constructor __construct (line 112)

Constructor for inputFilter class. Only first parameter is required.

  • since: 11.1
  • access: public
JFilterInput __construct ([array $tagsArray = array()], [array $attrArray = array()], [integer $tagsMethod = 0], [integer $attrMethod = 0], [integer $xssAuto = 1])
  • array $tagsArray: List of user-defined tags
  • array $attrArray: List of user-defined attributes
  • integer $tagsMethod: WhiteList method = 0, BlackList method = 1
  • integer $attrMethod: WhiteList method = 0, BlackList method = 1
  • integer $xssAuto: Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

Redefinition of:
JObject::__construct()
Class constructor, overridden in descendant classes.
clean (line 162)

Method to be called by another php script. Processes for XSS and specified bad code.

  • return: 'Cleaned' version of input parameter
  • since: 11.1
  • access: public
mixed clean (mixed $source, [string $type = 'string'])
  • mixed $source: Input string/array-of-string to be 'cleaned'
  • string $type: Return type for the variable (INT, UINT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
_cleanAttributes (line 540)

Internal method to strip a tag of certain attributes

  • return: Filtered array of attribute pairs
  • since: 11.1
  • access: protected
array _cleanAttributes (array $attrSet)
  • array $attrSet: Array of attribute pairs to filter
_cleanTags (line 316)

Internal method to strip a string of certain tags

  • return: 'Cleaned' version of input parameter
  • since: 11.1
  • access: protected
string _cleanTags (string $source)
  • string $source: Input string to be 'cleaned'
_decode (line 637)

Try to convert to plaintext

  • return: Plaintext string
  • since: 11.1
  • access: protected
string _decode (string $source)
  • string $source: The source string.
_escapeAttributeValues (line 667)

Escape < > and " inside attribute values

  • return: Filtered string
  • since: 11.1
  • access: protected
string _escapeAttributeValues (string $source)
  • string $source: The source string.
_remove (line 293)

Internal method to iteratively remove all unwanted tags and attributes

  • return: 'Cleaned' version of input parameter
  • since: 11.1
  • access: protected
string _remove (string $source)
  • string $source: Input string to be 'cleaned'
_stripCSSExpressions (line 719)

Remove CSS Expressions in the form of <property>:expression(...)

  • return: Filtered string
  • since: 11.1
  • access: protected
string _stripCSSExpressions (string $source)
  • string $source: The source string.

Inherited Methods

Inherited From JObject

JObject::__construct()
JObject::def()
JObject::get()
JObject::getError()
JObject::getErrors()
JObject::getProperties()
JObject::set()
JObject::setError()
JObject::setProperties()
JObject::toString()
JObject::__toString()

Documentation generated on Mon, 25 Jun 2012 13:55:50 -0500 by phpDocumentor 1.4.4