Joomla CMS  3.8.5 (avec JPlatform 13.1 inclus)
Documentation des API du CMS Joomla en version 3.8.5 et du framework Joomla Platform intégré
Référence de la classe InputFilter
+ Graphe d'héritage de InputFilter:

Fonctions membres publiques

 __construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=-1)
 
 clean ($source, $type='string')
 
 emailToPunycode ($text)
 
- Fonctions membres publiques hérités de InputFilter
 __construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=self::TAGS_WHITELIST, $attrMethod=self::ATTR_WHITELIST, $xssAuto=1)
 
 clean ($source, $type='string')
 

Fonctions membres publiques statiques

static & getInstance ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=-1)
 
static isSafeFile ($file, $options=array())
 
- Fonctions membres publiques statiques hérités de InputFilter
static checkAttribute ($attrSubSet)
 

Champs de données

 $stripUSC = 0
 
- Champs de données hérités de InputFilter
const TAGS_WHITELIST = 0
 
const TAGS_BLACKLIST = 1
 
const ATTR_WHITELIST = 0
 
const ATTR_BLACKLIST = 1
 
 $tagsArray
 
 $attrArray
 
 $tagsMethod
 
 $attrMethod
 
 $xssAuto
 
 $tagBlacklist
 
 $attrBlacklist
 

Fonctions membres protégées

 _remove ($source)
 
 remove ($source)
 
 _cleanTags ($source)
 
 cleanTags ($source)
 
 _cleanAttributes ($attrSet)
 
 escapeAttributeValues ($source)
 
 _decode ($source)
 
 decode ($source)
 
 _escapeAttributeValues ($source)
 
 _stripCSSExpressions ($source)
 
 stripUSC ($source)
 
- Fonctions membres protégées hérités de InputFilter
 remove ($source)
 
 cleanTags ($source)
 
 cleanAttributes ($attrSet)
 
 decode ($source)
 
 escapeAttributeValues ($source)
 
 stripCssExpressions ($source)
 

Fonctions membres protégées statiques

static decodeFileData (array $data)
 

Membres hérités additionnels

- Attributs protégés statiques hérités de InputFilter
static $instances = array()
 

Description détaillée

InputFilter is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris dan@r.nosp@m.ootc.nosp@m.ube.c.nosp@m.om Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Depuis
11.1

Documentation des constructeurs et destructeur

◆ __construct()

__construct (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1,
  $stripUSC = -1 
)

Constructor for inputFilter class. Only first parameter is required.

Paramètres
array$tagsArrayList of user-defined tags
array$attrArrayList of user-defined attributes
integer$tagsMethodWhiteList method = 0, BlackList method = 1
integer$attrMethodWhiteList method = 0, BlackList method = 1
integer$xssAutoOnly auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
integer$stripUSCStrip 4-byte unicode characters = 1, no strip = 0, ask the database driver = -1
Depuis
11.1

If Unicode Supplementary Characters stripping is not set we have to check with the database driver. If the driver does not support USCs (i.e. there is no utf8mb4 support) we will enable USC stripping.

Références $db.

Documentation des fonctions membres

◆ _cleanAttributes()

_cleanAttributes (   $attrSet)
protected

Internal method to strip a tag of certain attributes

Paramètres
array$attrSetArray of attribute pairs to filter
Renvoie
array Filtered array of attribute pairs
Depuis
11.1
Obsolète:
4.0 Use InputFilter::cleanAttributes() instead

◆ _cleanTags()

_cleanTags (   $source)
protected

Internal method to strip a string of certain tags

Paramètres
string$sourceInput string to be 'cleaned'
Renvoie
string 'Cleaned' version of input parameter
Depuis
11.1
Obsolète:
4.0 Use InputFilter::cleanTags() instead

◆ _decode()

_decode (   $source)
protected

Try to convert to plaintext

Paramètres
string$sourceThe source string.
Renvoie
string Plaintext string
Depuis
11.1
Obsolète:
4.0 Use InputFilter::decode() instead

◆ _escapeAttributeValues()

_escapeAttributeValues (   $source)
protected

Escape < > and " inside attribute values

Paramètres
string$sourceThe source string.
Renvoie
string Filtered string
Depuis
11.1
Obsolète:
4.0 Use InputFilter::escapeAttributeValues() instead

◆ _remove()

_remove (   $source)
protected

Internal method to iteratively remove all unwanted tags and attributes

Paramètres
string$sourceInput string to be 'cleaned'
Renvoie
string 'Cleaned' version of input parameter
Depuis
11.1
Obsolète:
4.0 Use InputFilter::remove() instead

◆ _stripCSSExpressions()

_stripCSSExpressions (   $source)
protected

Remove CSS Expressions in the form of <property>:expression(...)

Paramètres
string$sourceThe source string.
Renvoie
string Filtered string
Depuis
11.1
Obsolète:
4.0 Use InputFilter::stripCSSExpressions() instead

◆ clean()

clean (   $source,
  $type = 'string' 
)

Method to be called by another php script. Processes for XSS and specified bad code.

Paramètres
mixed$sourceInput string/array-of-string to be 'cleaned'
string$typeThe return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Renvoie
mixed 'Cleaned' version of input parameter
Depuis
11.1

Références $key, $type, et $value.

◆ cleanTags()

cleanTags (   $source)
protected

Internal method to strip a string of certain tags

Paramètres
string$sourceInput string to be 'cleaned'
Renvoie
string 'Cleaned' version of input parameter
Depuis
3.5

Références $offset, et elseif.

◆ decode()

decode (   $source)
protected

Try to convert to plaintext

Paramètres
string$sourceThe source string.
Renvoie
string Plaintext string
Depuis
3.5

Références ENT_COMPAT.

◆ decodeFileData()

static decodeFileData ( array  $data)
staticprotected

Method to decode a file data array.

Paramètres
array$dataThe data array to decode.
Renvoie
array
Depuis
3.4

Références $data.

◆ emailToPunycode()

emailToPunycode (   $text)

Function to punyencode utf8 mail when saving content

Paramètres
string$textThe strings to encode
Renvoie
string The punyencoded mail
Depuis
3.5

Références $text.

◆ escapeAttributeValues()

escapeAttributeValues (   $source)
protected

Escape < > and " inside attribute values

Paramètres
string$sourceThe source string.
Renvoie
string Filtered string
Depuis
3.5

◆ getInstance()

static& getInstance (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1,
  $stripUSC = -1 
)
static

Returns an input filter object, only creating it if it doesn't already exist.

Paramètres
array$tagsArrayList of user-defined tags
array$attrArrayList of user-defined attributes
integer$tagsMethodWhiteList method = 0, BlackList method = 1
integer$attrMethodWhiteList method = 0, BlackList method = 1
integer$xssAutoOnly auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
integer$stripUSCStrip 4-byte unicode characters = 1, no strip = 0, ask the database driver = -1
Renvoie
InputFilter The InputFilter object.
Depuis
11.1

Référencé par Cookie\__construct(), Json\__construct(), Files\__construct(), Input\__construct(), Cli\__construct(), ExtensionAdapter\_endElement(), Update\_endElement(), CollectionAdapter\_startElement(), Cli\unserialize(), et Input\unserialize().

◆ isSafeFile()

static isSafeFile (   $file,
  $options = array() 
)
static

Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.

The options you can define are: null_byte Prevent files with a null byte in their name (buffer overflow attack) forbidden_extensions Do not allow these strings anywhere in the file's extension php_tag_in_content Do not allow <?php tag in content shorttag_in_content Do not allow short tag <? in content shorttag_extensions Which file extensions to scan for short tags in content fobidden_ext_in_content Do not allow forbidden_extensions anywhere in content php_ext_content_extensions Which file extensions to scan for .php in content

This code is an adaptation and improvement of Admin Tools' UploadShield feature, relicensed and contributed by its author.

Paramètres
array$fileAn uploaded file descriptor
array$optionsThe scanner options (see the code for details)
Renvoie
boolean True of the file is safe
Depuis
3.4

Références $data, $file, $i, et $options.

Référencé par Files\get().

◆ remove()

remove (   $source)
protected

Internal method to iteratively remove all unwanted tags and attributes

Paramètres
string$sourceInput string to be 'cleaned'
Renvoie
string 'Cleaned' version of input parameter
Depuis
3.5

◆ stripUSC()

stripUSC (   $source)
protected

Recursively strip Unicode Supplementary Characters from the source. Not: objects cannot be filtered.

Paramètres
mixed$sourceThe data to filter
Renvoie
mixed The filtered result
Depuis
3.5

Documentation des champs

◆ $stripUSC

$stripUSC = 0

La documentation de cette classe a été générée à partir du fichier suivant :