Joomla CMS
3.10.11 (avec JPlatform 13.1 inclus)
Documentation des API du CMS Joomla en version 3.10.11 et du framework Joomla Platform intégré
|
Fonctions membres publiques | |
__construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=-1) | |
clean ($source, $type='string') | |
emailToPunycode ($text) | |
Fonctions membres publiques hérités de InputFilter | |
__construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=self::ONLY_ALLOW_DEFINED_TAGS, $attrMethod=self::ONLY_ALLOW_DEFINED_ATTRIBUTES, $xssAuto=1) | |
clean ($source, $type='string') | |
Fonctions membres publiques statiques | |
static & | getInstance ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=-1) |
static | isSafeFile ($file, $options=array()) |
Fonctions membres publiques statiques hérités de InputFilter | |
static | checkAttribute ($attrSubSet) |
Champs de données | |
$stripUSC = 0 | |
Champs de données hérités de InputFilter | |
const | TAGS_WHITELIST = 0 |
const | TAGS_BLACKLIST = 1 |
const | ATTR_WHITELIST = 0 |
const | ATTR_BLACKLIST = 1 |
const | ONLY_ALLOW_DEFINED_TAGS = 0 |
const | ONLY_BLOCK_DEFINED_TAGS = 1 |
const | ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const | ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
$tagsArray | |
$attrArray | |
$tagsMethod | |
$attrMethod | |
$xssAuto | |
$tagBlacklist | |
$attrBlacklist | |
Fonctions membres protégées | |
_remove ($source) | |
remove ($source) | |
_cleanTags ($source) | |
cleanTags ($source) | |
_cleanAttributes ($attrSet) | |
escapeAttributeValues ($source) | |
_decode ($source) | |
decode ($source) | |
_escapeAttributeValues ($source) | |
_stripCSSExpressions ($source) | |
stripUSC ($source) | |
Fonctions membres protégées hérités de InputFilter | |
remove ($source) | |
cleanTags ($source) | |
cleanAttributes ($attrSet) | |
decode ($source) | |
escapeAttributeValues ($source) | |
stripCssExpressions ($source) | |
Fonctions membres protégées statiques | |
static | decodeFileData (array $data) |
Membres hérités additionnels | |
Attributs protégés statiques hérités de InputFilter | |
static | $instances = array() |
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@r Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie. ootc ube.c om
__construct | ( | $tagsArray = array() , |
|
$attrArray = array() , |
|||
$tagsMethod = 0 , |
|||
$attrMethod = 0 , |
|||
$xssAuto = 1 , |
|||
$stripUSC = -1 |
|||
) |
Constructor for inputFilter class. Only first parameter is required.
array | $tagsArray | List of user-defined tags |
array | $attrArray | List of user-defined attributes |
integer | $tagsMethod | WhiteList method = 0, BlackList method = 1 |
integer | $attrMethod | WhiteList method = 0, BlackList method = 1 |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 |
integer | $stripUSC | Strip 4-byte unicode characters = 1, no strip = 0, ask the database driver = -1 |
If Unicode Supplementary Characters stripping is not set we have to check with the database driver. If the driver does not support USCs (i.e. there is no utf8mb4 support) we will enable USC stripping.
Références $db.
|
protected |
Internal method to strip a tag of certain attributes
array | $attrSet | Array of attribute pairs to filter |
|
protected |
Internal method to strip a string of certain tags
string | $source | Input string to be 'cleaned' |
|
protected |
Try to convert to plaintext
string | $source | The source string. |
|
protected |
Escape < > and " inside attribute values
string | $source | The source string. |
|
protected |
Internal method to iteratively remove all unwanted tags and attributes
string | $source | Input string to be 'cleaned' |
|
protected |
Remove CSS Expressions in the form of <property>:expression(...)
string | $source | The source string. |
clean | ( | $source, | |
$type = 'string' |
|||
) |
Method to be called by another php script. Processes for XSS and specified bad code.
mixed | $source | Input string/array-of-string to be 'cleaned' |
string | $type | The return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings. |
|
protected |
|
protected |
Try to convert to plaintext
string | $source | The source string. |
Références ENT_COMPAT.
|
staticprotected |
Method to decode a file data array.
array | $data | The data array to decode. |
Références $data.
emailToPunycode | ( | $text | ) |
|
protected |
Escape < > and " inside attribute values
string | $source | The source string. |
|
static |
Returns an input filter object, only creating it if it doesn't already exist.
array | $tagsArray | List of user-defined tags |
array | $attrArray | List of user-defined attributes |
integer | $tagsMethod | WhiteList method = 0, BlackList method = 1 |
integer | $attrMethod | WhiteList method = 0, BlackList method = 1 |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 |
integer | $stripUSC | Strip 4-byte unicode characters = 1, no strip = 0, ask the database driver = -1 |
Référencé par Cookie\__construct(), Files\__construct(), Json\__construct(), Cli\__construct(), Input\__construct(), FeedParser\__construct(), ExtensionAdapter\_endElement(), Update\_endElement(), CollectionAdapter\_startElement(), CMSApplication\enqueueMessage(), Cli\unserialize(), et Input\unserialize().
|
static |
Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
The options you can define are: null_byte Prevent files with a null byte in their name (buffer overflow attack) forbidden_extensions Do not allow these strings anywhere in the file's extension php_tag_in_content Do not allow <?php
tag in content phar_stub_in_content Do not allow the __HALT_COMPILER()
phar stub in content shorttag_in_content Do not allow short tag <?
in content shorttag_extensions Which file extensions to scan for short tags in content fobidden_ext_in_content Do not allow forbidden_extensions anywhere in content php_ext_content_extensions Which file extensions to scan for .php in content
This code is an adaptation and improvement of Admin Tools' UploadShield feature, relicensed and contributed by its author.
array | $file | An uploaded file descriptor |
array | $options | The scanner options (see the code for details) |
Références $data, $file, $i, et $options.
Référencé par Files\get().
|
protected |
Internal method to iteratively remove all unwanted tags and attributes
string | $source | Input string to be 'cleaned' |
Références htmlspecialchars.
|
protected |
Recursively strip Unicode Supplementary Characters from the source. Not: objects cannot be filtered.
mixed | $source | The data to filter |
$stripUSC = 0 |