|
static | getInstance ( $tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1) |
|
static | clean ($source, $type='string') |
|
| cleanVar ($source, $type='string') |
|
◆ __construct()
__construct |
( |
|
$tagsArray = array() , |
|
|
|
$attrArray = array() , |
|
|
|
$tagsMethod = 0 , |
|
|
|
$attrMethod = 0 , |
|
|
|
$xssAuto = 1 |
|
) |
| |
|
protected |
Constructor
- Parameters
-
array | $tagsArray | - list of user-defined tags |
array | $attrArray | - list of user-defined attributes |
int | $tagsMethod | - 0 = allow just user-defined, 1 = allow all but user-defined |
int | $attrMethod | - 0 = allow just user-defined, 1 = allow all but user-defined |
int | $xssAuto | - 0 = only auto clean essentials, 1 = allow clean blacklisted tags/attr |
◆ clean()
static clean |
( |
|
$source, |
|
|
|
$type = 'string' |
|
) |
| |
|
static |
Static method to be called by another php script. Clean the supplied input using the default filter
- Parameters
-
mixed | $source | Input string/array-of-string to be 'cleaned' |
string | $type | Return/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALPHANUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP) |
- Returns
- mixed 'Cleaned' version of input parameter
◆ cleanVar()
cleanVar |
( |
|
$source, |
|
|
|
$type = 'string' |
|
) |
| |
|
static |
Method to be called by another php script. Processes for XSS and specified bad code according to rules supplied when this instance was instantiated.
- Parameters
-
mixed | $source | Input string/array-of-string to be 'cleaned' |
string | $type | Return/cleaning type for the variable, one of (INTEGER, FLOAT, BOOLEAN, WORD, ALPHANUM, CMD, BASE64, STRING, ARRAY, PATH, USERNAME, WEBURL, EMAIL, IP) |
- Returns
- mixed 'Cleaned' version of input parameter
◆ decode()
Try to convert to plaintext
- Parameters
-
String | $source | string to decode |
- Returns
- String $source decoded
◆ filterAttr()
Internal method to strip a tag of certain attributes
- Parameters
-
- Returns
- array $newSet stripped attributes
◆ filterTags()
Internal method to strip a string of certain tags
- Parameters
-
String | $source | - input string to be 'cleaned' |
- Returns
- String $source - 'cleaned' version of input parameter
◆ getInstance()
static getInstance |
( |
|
$tagsArray = array() , |
|
|
|
$attrArray = array() , |
|
|
|
$tagsMethod = 0 , |
|
|
|
$attrMethod = 0 , |
|
|
|
$xssAuto = 1 |
|
) |
| |
|
static |
Returns an input filter object, only creating it if it does not already exist.
This method must be invoked as: $filter = FilterInput::getInstance();
- Parameters
-
array | $tagsArray | list of user-defined tags |
array | $attrArray | list of user-defined attributes |
int | $tagsMethod | WhiteList method = 0, BlackList method = 1 |
int | $attrMethod | WhiteList method = 0, BlackList method = 1 |
int | $xssAuto | Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 |
- Returns
- FilterInput object.
◆ process()
Method to be called by another php script. Processes for XSS and any specified bad code.
- Parameters
-
mixed | $source | - input string/array-of-string to be 'cleaned' |
- Returns
- string $source - 'cleaned' version of input parameter
◆ remove()
Internal method to iteratively remove all unwanted tags and attributes
- Parameters
-
String | $source | - input string to be 'cleaned' |
- Returns
- String $source - 'cleaned' version of input parameter
◆ $attrArray
◆ $attrBlacklist
$attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc') |
|
protected |
◆ $attrMethod
◆ $tagBlacklist
Initial value:= array(
'applet',
'body',
'bgsound',
'base',
'basefont',
'embed',
'frame',
'frameset',
'head',
'html',
'id',
'iframe',
'ilayer',
'layer',
'link',
'meta',
'name',
'object',
'script',
'style',
'title',
'xml'
)
◆ $tagsArray
◆ $tagsMethod
◆ $xssAuto
The documentation for this class was generated from the following file: