Joomla CMS
3.10.11 (avec JPlatform 13.1 inclus)
Documentation des API du CMS Joomla en version 3.10.11 et du framework Joomla Platform intégré
|
Fonctions membres publiques | |
__construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=self::ONLY_ALLOW_DEFINED_TAGS, $attrMethod=self::ONLY_ALLOW_DEFINED_ATTRIBUTES, $xssAuto=1) | |
clean ($source, $type='string') | |
Fonctions membres publiques statiques | |
static | checkAttribute ($attrSubSet) |
Champs de données | |
const | TAGS_WHITELIST = 0 |
const | TAGS_BLACKLIST = 1 |
const | ATTR_WHITELIST = 0 |
const | ATTR_BLACKLIST = 1 |
const | ONLY_ALLOW_DEFINED_TAGS = 0 |
const | ONLY_BLOCK_DEFINED_TAGS = 1 |
const | ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const | ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
$tagsArray | |
$attrArray | |
$tagsMethod | |
$attrMethod | |
$xssAuto | |
$tagBlacklist | |
$attrBlacklist | |
Fonctions membres protégées | |
remove ($source) | |
cleanTags ($source) | |
cleanAttributes ($attrSet) | |
decode ($source) | |
escapeAttributeValues ($source) | |
stripCssExpressions ($source) | |
Attributs protégés statiques | |
static | $instances = array() |
Fonctions membres privées | |
cleanInt ($source) | |
cleanInteger ($source) | |
cleanUint ($source) | |
cleanFloat ($source) | |
cleanDouble ($source) | |
cleanBool ($source) | |
cleanBoolean ($source) | |
cleanWord ($source) | |
cleanAlnum ($source) | |
cleanCmd ($source) | |
cleanBase64 ($source) | |
cleanString ($source) | |
cleanHtml ($source) | |
cleanPath ($source) | |
pathMatches (&$source, $rootPattern, $pathSeparatorPattern, $filePattern, $pathSeparator) | |
cleanTrim ($source) | |
cleanUsername ($source) | |
Attributs privés | |
$blockedChars | |
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@r Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie. ootc ube.c om
__construct | ( | $tagsArray = array() , |
|
$attrArray = array() , |
|||
$tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS , |
|||
$attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES , |
|||
$xssAuto = 1 |
|||
) |
Constructor for InputFilter class.
array | $tagsArray | List of permitted HTML tags |
array | $attrArray | List of permitted HTML tag attributes |
integer | $tagsMethod | Method for filtering tags, should be one of the ONLY_*_DEFINED_TAGS constants |
integer | $attrMethod | Method for filtering attributes, should be one of the ONLY_*_DEFINED_ATTRIBUTES constants |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1 |
Références InputFilter\$attrArray, InputFilter\$attrMethod, InputFilter\$tagsArray, InputFilter\$tagsMethod, et InputFilter\$xssAuto.
|
static |
Function to determine if contents of an attribute are safe
array | $attrSubSet | A 2 element array for attribute's name, value |
Références ENT_QUOTES.
clean | ( | $source, | |
$type = 'string' |
|||
) |
Cleans the given input source based on the instance configuration and specified data type
string|string[]|object | $source Input string/array-of-string/object to be 'cleaned' | |
string | $type | The return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings. |
$source
parameterRéférences $key, $type, $value, et InputFilter\cleanString().
|
private |
Alphanumerical filter
string | $source | The string to be filtered |
|
protected |
Internal method to strip a tag of disallowed attributes
array | $attrSet | Array of attribute pairs to filter |
Références $count, $i, elseif, et ENT_QUOTES.
Référencé par InputFilter\cleanTags().
|
private |
Base64 filter
string | $source | The string to be filtered |
|
private |
Boolean filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanBoolean().
|
private |
Alias for cleanBool()
string | $source | The string to be filtered |
Références InputFilter\cleanBool().
|
private |
Command filter
string | $source | The string to be filtered |
|
private |
Alias for cleanFloat()
string | $source | The string to be filtered |
Références InputFilter\cleanFloat().
|
private |
Float filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanDouble().
|
private |
HTML filter
string | $source | The string to be filtered |
|
private |
Integer filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanInteger().
|
private |
Alias for cleanInt()
string | $source | The string to be filtered |
Références InputFilter\cleanInt().
|
private |
Path filter
string | $source | The string to be filtered |
Références InputFilter\pathMatches().
|
private |
String filter
string | $source | The string to be filtered |
Références InputFilter\decode().
Référencé par InputFilter\clean().
|
protected |
Internal method to strip a string of disallowed tags
string | $source | Input string to be 'cleaned' |
Références $attr, $count, $i, InputFilter\cleanAttributes(), InputFilter\escapeAttributeValues(), et null.
Référencé par InputFilter\remove().
|
private |
Trim filter
string | $source | The string to be filtered |
|
private |
Unsigned integer filter
string | $source | The string to be filtered |
|
private |
Username filter
string | $source | The string to be filtered |
|
private |
Word filter
string | $source | The string to be filtered |
|
protected |
Try to convert to plaintext
string | $source | The source string. |
Références ENT_QUOTES.
Référencé par InputFilter\cleanString().
|
protected |
Escape < > and " inside attribute values
string | $source | The source string. |
Références InputFilter\stripCssExpressions().
Référencé par InputFilter\cleanTags().
|
private |
Fix a path, if and only if it matches the provided patterns.
If a path matches but is longer than 4095 bytes, it is cleared.
string | $source | The path as provided; it gets cleaned in place, if possible. |
string | $rootPattern | The pattern to identify an absolute path (e.g., '/' on Linux, 'C:\' on Windows), |
string | $pathSeparatorPattern | The pattern for valid path separators |
string | $filePattern | The pattern for valid file and directory names |
string | $pathSeparator | The native path separator |
Référencé par InputFilter\cleanPath().
|
protected |
Internal method to iteratively remove all unwanted tags and attributes
string | $source | Input string to be 'cleaned' |
Références InputFilter\cleanTags().
|
protected |
Remove CSS Expressions in the form of <property>:expression(...)
string | $source | The source string. |
Référencé par InputFilter\escapeAttributeValues().
$attrArray |
Référencé par InputFilter\__construct().
$attrBlacklist |
$attrMethod |
Référencé par InputFilter\__construct().
|
private |
|
staticprotected |
$tagBlacklist |
$tagsArray |
Référencé par InputFilter\__construct().
$tagsMethod |
Référencé par InputFilter\__construct().
$xssAuto |
Référencé par InputFilter\__construct().
const ATTR_BLACKLIST = 1 |
const ATTR_WHITELIST = 0 |
const ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const ONLY_ALLOW_DEFINED_TAGS = 0 |
const ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
const ONLY_BLOCK_DEFINED_TAGS = 1 |
const TAGS_BLACKLIST = 1 |
const TAGS_WHITELIST = 0 |