Joomla CMS
4.2.2
Documentation des API du CMS Joomla en version 4.2.2
|
Fonctions membres publiques | |
__construct (array $tagsArray=[], array $attrArray=[], $tagsMethod=self::ONLY_ALLOW_DEFINED_TAGS, $attrMethod=self::ONLY_ALLOW_DEFINED_ATTRIBUTES, $xssAuto=1) | |
clean ($source, $type='string') | |
Fonctions membres publiques statiques | |
static | checkAttribute ($attrSubSet) |
Champs de données | |
const | ONLY_ALLOW_DEFINED_TAGS = 0 |
const | ONLY_BLOCK_DEFINED_TAGS = 1 |
const | ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const | ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
$tagsArray | |
$attrArray | |
$tagsMethod | |
$attrMethod | |
$xssAuto | |
$blockedTags | |
$blockedAttributes | |
Fonctions membres protégées | |
remove ($source) | |
cleanTags ($source) | |
cleanAttributes (array $attrSet) | |
decode ($source) | |
escapeAttributeValues ($source) | |
stripCssExpressions ($source) | |
Fonctions membres privées | |
cleanInt ($source) | |
cleanInteger ($source) | |
cleanUint ($source) | |
cleanFloat ($source) | |
cleanDouble ($source) | |
cleanBool ($source) | |
cleanBoolean ($source) | |
cleanWord ($source) | |
cleanAlnum ($source) | |
cleanCmd ($source) | |
cleanBase64 ($source) | |
cleanString ($source) | |
cleanHtml ($source) | |
cleanPath ($source) | |
cleanTrim ($source) | |
cleanUsername ($source) | |
Attributs privés | |
$blockedChars | |
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@r Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie. ootc ube.c om
__construct | ( | array | $tagsArray = [] , |
array | $attrArray = [] , |
||
$tagsMethod = self::ONLY_ALLOW_DEFINED_TAGS , |
|||
$attrMethod = self::ONLY_ALLOW_DEFINED_ATTRIBUTES , |
|||
$xssAuto = 1 |
|||
) |
Constructor for InputFilter class.
array | $tagsArray | List of permitted HTML tags |
array | $attrArray | List of permitted HTML tag attributes |
integer | $tagsMethod | Method for filtering tags, should be one of the ONLY_*_DEFINED_TAGS constants |
integer | $attrMethod | Method for filtering attributes, should be one of the ONLY_*_DEFINED_ATTRIBUTES constants |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1 |
Références InputFilter\$attrArray, InputFilter\$attrMethod, InputFilter\$tagsArray, InputFilter\$tagsMethod, et InputFilter\$xssAuto.
|
static |
Function to determine if contents of an attribute are safe
array | $attrSubSet | A 2 element array for attribute's name, value |
Références ENT_QUOTES.
Référencé par ContactTable\check().
clean | ( | $source, | |
$type = 'string' |
|||
) |
Cleans the given input source based on the instance configuration and specified data type
string|string[]|object | $source Input string/array-of-string/object to be 'cleaned' | |
string | $type | The return type for the variable: INT: An integer UINT: An unsigned integer FLOAT: A floating point number BOOLEAN: A boolean value WORD: A string containing A-Z or underscores only (not case sensitive) ALNUM: A string containing A-Z or 0-9 only (not case sensitive) CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive) BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive) STRING: A fully decoded and sanitised string (default) HTML: A sanitised string ARRAY: An array PATH: A sanitised file path TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter) RAW: The raw string is returned with no filtering unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings. |
$source
parameterRéférences $key, $method, $result, $this, $type, $value, et InputFilter\cleanString().
|
private |
Alphanumerical filter
string | $source | The string to be filtered |
|
protected |
Internal method to strip a tag of disallowed attributes
array | $attrSet | Array of attribute pairs to filter |
Références $count, $i, elseif, et ENT_QUOTES.
Référencé par InputFilter\cleanTags().
|
private |
Base64 filter
string | $source | The string to be filtered |
|
private |
Boolean filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanBoolean().
|
private |
Alias for cleanBool()
string | $source | The string to be filtered |
Références InputFilter\cleanBool().
|
private |
Command filter
string | $source | The string to be filtered |
Références $result.
|
private |
Alias for cleanFloat()
string | $source | The string to be filtered |
Références InputFilter\cleanFloat().
|
private |
Float filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanDouble().
|
private |
HTML filter
string | $source | The string to be filtered |
|
private |
Integer filter
string | $source | The string to be filtered |
Référencé par InputFilter\cleanInteger().
|
private |
Alias for cleanInt()
string | $source | The string to be filtered |
Références InputFilter\cleanInt().
|
private |
Path filter
string | $source | The string to be filtered |
|
private |
String filter
string | $source | The string to be filtered |
Références InputFilter\decode().
Référencé par InputFilter\clean().
|
protected |
Internal method to strip a string of disallowed tags
string | $source | Input string to be 'cleaned' |
Références $attr, $count, $i, $tagName, InputFilter\cleanAttributes(), InputFilter\escapeAttributeValues(), null, StringHelper\strlen(), StringHelper\strpos(), et StringHelper\substr().
Référencé par InputFilter\remove().
|
private |
Trim filter
string | $source | The string to be filtered |
Références $result, et StringHelper\trim().
|
private |
Unsigned integer filter
string | $source | The string to be filtered |
|
private |
Username filter
string | $source | The string to be filtered |
|
private |
Word filter
string | $source | The string to be filtered |
|
protected |
Try to convert to plaintext
string | $source | The source string. |
Références ENT_QUOTES.
Référencé par InputFilter\cleanString().
|
protected |
Escape < > and " inside attribute values
string | $source | The source string. |
Références InputFilter\stripCssExpressions(), StringHelper\strlen(), et StringHelper\substr().
Référencé par InputFilter\cleanTags().
|
protected |
Internal method to iteratively remove all unwanted tags and attributes
string | $source | Input string to be 'cleaned' |
Références $temp, et InputFilter\cleanTags().
|
protected |
Remove CSS Expressions in the form of <property>:expression(...)
string | $source | The source string. |
Référencé par InputFilter\escapeAttributeValues().
$attrArray |
Référencé par InputFilter\__construct().
$attrMethod |
Référencé par InputFilter\__construct().
$blockedAttributes |
|
private |
$blockedTags |
$tagsArray |
Référencé par InputFilter\__construct().
$tagsMethod |
Référencé par InputFilter\__construct().
$xssAuto |
Référencé par InputFilter\__construct().
const ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const ONLY_ALLOW_DEFINED_TAGS = 0 |
const ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
const ONLY_BLOCK_DEFINED_TAGS = 1 |