Joomla CMS  4.2.2
Documentation des API du CMS Joomla en version 4.2.2
Référence de la classe InputFilter
+ Graphe d'héritage de InputFilter:

Fonctions membres publiques

 __construct ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=0)
 
 clean ($source, $type='string')
 
 emailToPunycode ($text)
 
- Fonctions membres publiques hérités de InputFilter
 __construct (array $tagsArray=[], array $attrArray=[], $tagsMethod=self::ONLY_ALLOW_DEFINED_TAGS, $attrMethod=self::ONLY_ALLOW_DEFINED_ATTRIBUTES, $xssAuto=1)
 
 clean ($source, $type='string')
 

Fonctions membres publiques statiques

static getInstance ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1, $stripUSC=0)
 
static isSafeFile ($file, $options=array())
 
- Fonctions membres publiques statiques hérités de InputFilter
static checkAttribute ($attrSubSet)
 

Champs de données

const FORBIDDEN_FILE_EXTENSIONS
 
- Champs de données hérités de InputFilter
const ONLY_ALLOW_DEFINED_TAGS = 0
 
const ONLY_BLOCK_DEFINED_TAGS = 1
 
const ONLY_ALLOW_DEFINED_ATTRIBUTES = 0
 
const ONLY_BLOCK_DEFINED_ATTRIBUTES = 1
 
 $tagsArray
 
 $attrArray
 
 $tagsMethod
 
 $attrMethod
 
 $xssAuto
 
 $blockedTags
 
 $blockedAttributes
 

Fonctions membres protégées

 decode ($source)
 
 stripUSC ($source)
 
- Fonctions membres protégées hérités de InputFilter
 remove ($source)
 
 cleanTags ($source)
 
 cleanAttributes (array $attrSet)
 
 decode ($source)
 
 escapeAttributeValues ($source)
 
 stripCssExpressions ($source)
 

Fonctions membres protégées statiques

static decodeFileData (array $data)
 

Attributs protégés statiques

static $instances = array()
 

Attributs privés

 $stripUSC = 0
 

Description détaillée

InputFilter is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris dan@r.nosp@m.ootc.nosp@m.ube.c.nosp@m.om Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Depuis
1.7.0

Documentation des constructeurs et destructeur

◆ __construct()

__construct (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1,
  $stripUSC = 0 
)

Constructor for inputFilter class. Only first parameter is required.

Paramètres
array$tagsArrayList of user-defined tags
array$attrArrayList of user-defined attributes
integer$tagsMethodThe constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS
integer$attrMethodThe constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES
integer$xssAutoOnly auto clean essentials = 0, Allow clean blocked tags/attributes = 1
integer$stripUSCStrip 4-byte unicode characters = 1, no strip = 0
Depuis
1.7.0

Références Symfony\Contracts\Service\__construct().

Documentation des fonctions membres

◆ clean()

clean (   $source,
  $type = 'string' 
)

Method to be called by another php script. Processes for XSS and specified bad code.

Paramètres
mixed$sourceInput string/array-of-string to be 'cleaned'
string$typeThe return type for the variable: INT: An integer, or an array of integers, UINT: An unsigned integer, or an array of unsigned integers, FLOAT: A floating point number, or an array of floating point numbers, BOOLEAN: A boolean value, WORD: A string containing A-Z or underscores only (not case sensitive), ALNUM: A string containing A-Z or 0-9 only (not case sensitive), CMD: A string containing A-Z, 0-9, underscores, periods or hyphens (not case sensitive), BASE64: A string containing A-Z, 0-9, forward slashes, plus or equals (not case sensitive), STRING: A fully decoded and sanitised string (default), HTML: A sanitised string, ARRAY: An array, PATH: A sanitised file path, or an array of sanitised file paths, TRIM: A string trimmed from normal, non-breaking and multibyte spaces USERNAME: Do not use (use an application specific filter), RAW: The raw string is returned with no filtering, unknown: An unknown filter will act like STRING. If the input is an array it will return an array of fully decoded and sanitised strings.
Renvoie
mixed 'Cleaned' version of input parameter
Depuis
1.7.0

Références $type.

◆ decode()

decode (   $source)
protected

Try to convert to plaintext

Paramètres
string$sourceThe source string.
Renvoie
string Plaintext string
Depuis
3.5

Références ENT_COMPAT.

◆ decodeFileData()

static decodeFileData ( array  $data)
staticprotected

Method to decode a file data array.

Paramètres
array$dataThe data array to decode.
Renvoie
array
Depuis
3.4

Références $data, et $result.

◆ emailToPunycode()

emailToPunycode (   $text)

Function to punyencode utf8 mail when saving content

Paramètres
string$textThe strings to encode
Renvoie
string The punyencoded mail
Depuis
3.5

Références $text, et PunycodeHelper\emailToPunycode().

◆ getInstance()

static getInstance (   $tagsArray = array(),
  $attrArray = array(),
  $tagsMethod = 0,
  $attrMethod = 0,
  $xssAuto = 1,
  $stripUSC = 0 
)
static

Returns an input filter object, only creating it if it doesn't already exist.

Paramètres
array$tagsArrayList of user-defined tags
array$attrArrayList of user-defined attributes
integer$tagsMethodThe constant static::ONLY_ALLOW_DEFINED_TAGS or static::BLOCK_DEFINED_TAGS
integer$attrMethodThe constant static::ONLY_ALLOW_DEFINED_ATTRIBUTES or static::BLOCK_DEFINED_ATTRIBUTES
integer$xssAutoOnly auto clean essentials = 0, Allow clean blocked tags/attributes = 1
integer$stripUSCStrip 4-byte unicode characters = 1, no strip = 0
Renvoie
InputFilter The InputFilter object.
Depuis
1.7.0

Référencé par Cookie\__construct(), Files\__construct(), Json\__construct(), Cli\__construct(), Input\__construct(), FeedParser\__construct(), ExtensionAdapter\_endElement(), Update\_endElement(), HtmlDocument\_fetchTemplate(), Captcha\_load(), Editor\_loadEditor(), CollectionAdapter\_startElement(), User\check(), TemplateController\createFile(), HtmlView\display(), ArticlesController\displayList(), UsersController\displayList(), PluginsController\displayList(), MediaController\displayList(), CMSApplication\enqueueMessage(), SafehtmlFilter\filter(), UrlFilter\filter(), FormField\filter(), LanguagesHelper\filterKey(), LanguagesHelper\filterText(), ComponentHelper\filterText(), PackageAdapter\getElement(), InstallerAdapter\getElement(), Parser\getInstance(), BaseController\getInstance(), InstallerAdapter\getName(), FinderHelper\getQuery(), InstallerAdapter\getScriptClassName(), AdministratorApplication\getTemplate(), Joomla\Plugin\Editors\TinyMCE\PluginTraits\onDisplay(), TemplateController\overrides(), ListModel\populateState(), LevelModel\save(), StringsModel\search(), MailModel\send(), ItemController\setType(), UsernameRule\test(), Cli\unserialize(), Input\unserialize(), LanguageAdapter\update(), et TemplateController\uploadFile().

◆ isSafeFile()

static isSafeFile (   $file,
  $options = array() 
)
static

Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.

The options you can define are: null_byte Prevent files with a null byte in their name (buffer overflow attack) forbidden_extensions Do not allow these strings anywhere in the file's extension php_tag_in_content Do not allow <?php tag in content phar_stub_in_content Do not allow the __HALT_COMPILER() phar stub in content shorttag_in_content Do not allow short tag <? in content shorttag_extensions Which file extensions to scan for short tags in content fobidden_ext_in_content Do not allow forbidden_extensions anywhere in content php_ext_content_extensions Which file extensions to scan for .php in content

This code is an adaptation and improvement of Admin Tools' UploadShield feature, relicensed and contributed by its author.

Paramètres
array$fileAn uploaded file descriptor
array$optionsThe scanner options (see the code for details)
Renvoie
boolean True of the file is safe
Depuis
3.4

Références $data, $i, et $options.

Référencé par Files\get(), et File\upload().

◆ stripUSC()

stripUSC (   $source)
protected

Recursively strip Unicode Supplementary Characters from the source. Not: objects cannot be filtered.

Paramètres
mixed$sourceThe data to filter
Renvoie
mixed The filtered result
Depuis
3.5

Documentation des champs

◆ $instances

$instances = array()
staticprotected

◆ $stripUSC

$stripUSC = 0
private

◆ FORBIDDEN_FILE_EXTENSIONS

const FORBIDDEN_FILE_EXTENSIONS
Valeur initiale :
= [
'php', 'phps', 'pht', 'phtml', 'php3', 'php4', 'php5', 'php6', 'php7', 'asp',
'php8', 'phar', 'inc', 'pl', 'cgi', 'fcgi', 'java', 'jar', 'py', 'aspx'
]

An array containing a list of extensions for files that are typically executable directly in the webserver context, potentially resulting in code executions

Depuis
4.0.0

Référencé par MediaHelper\canUpload(), et MediaHelper\checkFileExtension().


La documentation de cette classe a été générée à partir du fichier suivant :