Docs For Class InputFilter

Description

Located in /includes/phpInputFilter/class.inputfilter.php (line 13)

Variable Summary

mixed $attrArray

mixed $attrBlacklist

mixed $attrMethod

mixed $tagBlacklist

mixed $tagsArray

mixed $tagsMethod

mixed $xssAuto

Method Summary

Boolean badAttributeValue (Array $attrSubSet)

String decode (String $source)

String escapeString ( $string, &$connection, String $source, Resource $connection)

Array filterAttr (Array $attrSet)

String filterTags (String $source)

void inputFilter ([Array $tagsArray = array()], [Array $attrArray = array()], [int $tagsMethod = 0], [int $attrMethod = 0], [int $xssAuto = 1])

String process (Mixed $source)

String quoteSmart (String $source, &$connection, Resource $connection)

String remove (String $source)

String safeSQL (Mixed $source, &$connection, Buffer $connection)

Variables

mixed $attrArray (line 15)

mixed $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc') (line 22)

mixed $attrMethod (line 18)

mixed $tagBlacklist = array('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml') (line 21)

mixed $tagsArray (line 14)

mixed $tagsMethod (line 17)

mixed $xssAuto (line 20)

Methods

badAttributeValue (line 243)

Function to determine if contents of an attribute is safe

return: True if bad code is detected

Boolean badAttributeValue (Array $attrSubSet)

Array $attrSubSet: A 2 element array for attribute [name] and [value]

decode (line 262)

Try to convert to plaintext

access: protected

String decode (String $source)

String $source

escapeString (line 318)

author: Daniel Morris
author: Chris Tobin
access: protected

String escapeString ( $string, &$connection, String $source, Resource $connection)

String $source
Resource $connection: - An open MySQL connection
$string
&$connection

filterAttr (line 193)

Internal method to strip a tag of certain attributes

access: protected

Array filterAttr (Array $attrSet)

Array $attrSet

filterTags (line 88)

Internal method to strip a string of certain tags

return: - 'cleaned' version of input parameter
access: protected

String filterTags (String $source)

String $source: - input string to be 'cleaned'

inputFilter (line 33)

Constructor for inputFilter class. Only first parameter is required.

void inputFilter ([Array $tagsArray = array()], [Array $attrArray = array()], [int $tagsMethod = 0], [int $attrMethod = 0], [int $xssAuto = 1])

Array $tagsArray: - list of user-defined tags
Array $attrArray: - list of user-defined attributes
int $tagsMethod: - 0= allow just user-defined, 1= allow all but user-defined
int $attrMethod: - 0= allow just user-defined, 1= allow all but user-defined
int $xssAuto: - 0= only auto clean essentials, 1= allow clean blacklisted tags/attr

process (line 51)

Method to be called by another php script. Processes for XSS and specified bad code.

return: - 'cleaned' version of input parameter
access: public

String process (Mixed $source)

Mixed $source: - input string/array-of-string to be 'cleaned'

quoteSmart (line 302)

author: Daniel Morris
author: Chris Tobin
access: protected

String quoteSmart (String $source, &$connection, Resource $connection)

String $source
Resource $connection: - An open MySQL connection
&$connection

remove (line 72)

Internal method to iteratively remove all unwanted tags and attributes

return: - 'cleaned' version of input parameter
access: protected

String remove (String $source)

String $source: - input string to be 'cleaned'

safeSQL (line 279)

Method to be called by another php script. Processes for SQL injection

return: - 'cleaned' version of input parameter
access: public

String safeSQL (Mixed $source, &$connection, Buffer $connection)

Mixed $source: - input string/array-of-string to be 'cleaned'
Buffer $connection: - An open MySQL connection
&$connection