Joomla CMS
4.2.2
Documentation des API du CMS Joomla en version 4.2.2
|
Fonctions membres publiques | |
__construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=0) | |
clean ($source, $type='string') | |
emailToPunycode ($text) | |
Fonctions membres publiques hérités de InputFilter | |
__construct (array $tagsArray=[], array $attrArray=[], $tagsMethod=self::ONLY_ALLOW_DEFINED_TAGS, $attrMethod=self::ONLY_ALLOW_DEFINED_ATTRIBUTES, $xssAuto=1) | |
clean ($source, $type='string') | |
Fonctions membres publiques statiques | |
static | getInstance ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=0) |
static | isSafeFile ($file, $options=array()) |
Fonctions membres publiques statiques hérités de InputFilter | |
static | checkAttribute ($attrSubSet) |
Champs de données | |
const | FORBIDDEN_FILE_EXTENSIONS |
Champs de données hérités de InputFilter | |
const | ONLY_ALLOW_DEFINED_TAGS = 0 |
const | ONLY_BLOCK_DEFINED_TAGS = 1 |
const | ONLY_ALLOW_DEFINED_ATTRIBUTES = 0 |
const | ONLY_BLOCK_DEFINED_ATTRIBUTES = 1 |
$tagsArray | |
$attrArray | |
$tagsMethod | |
$attrMethod | |
$xssAuto | |
$blockedTags | |
$blockedAttributes | |
Fonctions membres protégées | |
decode ($source) | |
stripUSC ($source) | |
Fonctions membres protégées hérités de InputFilter | |
remove ($source) | |
cleanTags ($source) | |
cleanAttributes (array $attrSet) | |
decode ($source) | |
escapeAttributeValues ($source) | |
stripCssExpressions ($source) | |
Fonctions membres protégées statiques | |
static | decodeFileData (array $data) |
Attributs protégés statiques | |
static | $instances = array() |
Attributs privés | |
$stripUSC = 0 | |
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@r Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie. ootc ube.c om
__construct | ( | $tagsArray = array() , |
|
$attrArray = array() , |
|||
$tagsMethod = 0 , |
|||
$attrMethod = 0 , |
|||
$xssAuto = 1 , |
|||
$stripUSC = 0 |
|||
) |
Constructor for inputFilter class. Only first parameter is required.
array | $tagsArray | List of user-defined tags |
array | $attrArray | List of user-defined attributes |
integer | $tagsMethod | The constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS |
integer | $attrMethod | The constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1 |
integer | $stripUSC | Strip 4-byte unicode characters = 1, no strip = 0 |
Références Symfony\Contracts\Service\__construct().
clean | ( | $source, | |
$type = 'string' |
|||
) |
Method to be called by another php script. Processes for XSS and specified bad code.
mixed | $source | Input string/array-of-string to be 'cleaned' |
string | $type | The return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings. |
Références $type.
|
protected |
Try to convert to plaintext
string | $source | The source string. |
Références ENT_COMPAT.
|
staticprotected |
emailToPunycode | ( | $text | ) |
Function to punyencode utf8 mail when saving content
string | $text | The strings to encode |
Références $text, et PunycodeHelper\emailToPunycode().
|
static |
Returns an input filter object, only creating it if it doesn't already exist.
array | $tagsArray | List of user-defined tags |
array | $attrArray | List of user-defined attributes |
integer | $tagsMethod | The constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS |
integer | $attrMethod | The constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES |
integer | $xssAuto | Only auto clean essentials = 0, Allow clean blocked tags/attributes = 1 |
integer | $stripUSC | Strip 4-byte unicode characters = 1, no strip = 0 |
Référencé par Cookie\__construct(), Files\__construct(), Json\__construct(), Cli\__construct(), Input\__construct(), FeedParser\__construct(), ExtensionAdapter\_endElement(), Update\_endElement(), HtmlDocument\_fetchTemplate(), Captcha\_load(), Editor\_loadEditor(), CollectionAdapter\_startElement(), User\check(), TemplateController\createFile(), HtmlView\display(), ArticlesController\displayList(), UsersController\displayList(), PluginsController\displayList(), MediaController\displayList(), CMSApplication\enqueueMessage(), SafehtmlFilter\filter(), UrlFilter\filter(), FormField\filter(), LanguagesHelper\filterKey(), LanguagesHelper\filterText(), ComponentHelper\filterText(), PackageAdapter\getElement(), InstallerAdapter\getElement(), Parser\getInstance(), BaseController\getInstance(), InstallerAdapter\getName(), FinderHelper\getQuery(), InstallerAdapter\getScriptClassName(), AdministratorApplication\getTemplate(), Joomla\Plugin\Editors\TinyMCE\PluginTraits\onDisplay(), TemplateController\overrides(), ListModel\populateState(), LevelModel\save(), StringsModel\search(), MailModel\send(), ItemController\setType(), UsernameRule\test(), Cli\unserialize(), Input\unserialize(), LanguageAdapter\update(), et TemplateController\uploadFile().
|
static |
Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
The options you can define are: null_byte Prevent files with a null byte in their name (buffer overflow attack) forbidden_extensions Do not allow these strings anywhere in the file's extension php_tag_in_content Do not allow <?php
tag in content phar_stub_in_content Do not allow the __HALT_COMPILER()
phar stub in content shorttag_in_content Do not allow short tag <?
in content shorttag_extensions Which file extensions to scan for short tags in content fobidden_ext_in_content Do not allow forbidden_extensions anywhere in content php_ext_content_extensions Which file extensions to scan for .php in content
This code is an adaptation and improvement of Admin Tools' UploadShield feature, relicensed and contributed by its author.
array | $file | An uploaded file descriptor |
array | $options | The scanner options (see the code for details) |
Références $data, $i, et $options.
Référencé par Files\get(), et File\upload().
|
protected |
Recursively strip Unicode Supplementary Characters from the source. Not: objects cannot be filtered.
mixed | $source | The data to filter |
|
staticprotected |
|
private |
const FORBIDDEN_FILE_EXTENSIONS |
An array containing a list of extensions for files that are typically executable directly in the webserver context, potentially resulting in code executions
Référencé par MediaHelper\canUpload(), et MediaHelper\checkFileExtension().