Public Member Functions | |
inputFilter ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1) | |
process ($source) | |
remove ($source) | |
filterTags ($source) | |
filterAttr ($attrSet) | |
badAttributeValue ($attrSubSet) | |
decode ($source) | |
safeSQL ($source, &$connection) | |
quoteSmart ($source, &$connection) | |
escapeString ($string, &$connection) | |
Data Fields | |
$tagsArray | |
$attrArray | |
$tagsMethod | |
$attrMethod | |
$xssAuto | |
$tagBlacklist = array ('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml') | |
$attrBlacklist = array ('action', 'background', 'codebase', 'dynsrc', 'lowsrc') |
, with comments) : PHP Input Filter
Modification by Louis Landry
: Daniel Morris : dan@rootcube.com : GNU General Public License (GPL)
Definition at line 17 of file inputfilter.php.
badAttributeValue | ( | $ | attrSubSet | ) |
Function to determine if contents of an attribute is safe
protected
array | $attrSubSet A 2 element array for attributes name,value |
Definition at line 437 of file inputfilter.php.
Referenced by filterAttr().
decode | ( | $ | source | ) |
Try to convert to plaintext
protected
string | $source |
Definition at line 451 of file inputfilter.php.
escapeString | ( | $ | string, | |
&$ | connection | |||
) |
protected
string | $source | |
resource | $connection An open MySQL connection |
Definition at line 537 of file inputfilter.php.
Referenced by quoteSmart().
filterAttr | ( | $ | attrSet | ) |
Internal method to strip a tag of certain attributes
protected
array | $attrSet Array of attribute pairs to filter |
Definition at line 334 of file inputfilter.php.
References badAttributeValue().
Referenced by filterTags().
filterTags | ( | $ | source | ) |
Internal method to strip a string of certain tags
protected
string | $source Input string to be 'cleaned' |
Definition at line 127 of file inputfilter.php.
References filterAttr().
Referenced by remove().
inputFilter | ( | $ | tagsArray = array () , |
|
$ | attrArray = array () , |
|||
$ | tagsMethod = 0 , |
|||
$ | attrMethod = 0 , |
|||
$ | xssAuto = 1 | |||
) |
Constructor for inputFilter class. Only first parameter is required.
protected
array | $tagsArray list of user-defined tags | |
array | $attrArray list of user-defined attributes | |
int | $tagsMethod WhiteList method = 0, BlackList method = 1 | |
int | $attrMethod WhiteList method = 0, BlackList method = 1 | |
int | $xssAuto Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 |
Definition at line 40 of file inputfilter.php.
process | ( | $ | source | ) |
Method to be called by another php script. Processes for XSS and specified bad code.
public
mixed | $source Input string/array-of-string to be 'cleaned' |
Definition at line 66 of file inputfilter.php.
References decode().
quoteSmart | ( | $ | source, | |
&$ | connection | |||
) |
Method to escape a string
protected
string | $source | |
resource | $connection An open MySQL connection |
Definition at line 511 of file inputfilter.php.
References escapeString().
Referenced by safeSQL().
remove | ( | $ | source | ) |
Internal method to iteratively remove all unwanted tags and attributes
protected
string | $source Input string to be 'cleaned' |
Definition at line 106 of file inputfilter.php.
References filterTags().
safeSQL | ( | $ | source, | |
&$ | connection | |||
) |
Method to be called by another php script. Processes for SQL injection
public
mixed | $source input string/array-of-string to be 'cleaned' | |
resource | $connection - An open MySQL connection |
Definition at line 470 of file inputfilter.php.
References decode(), and quoteSmart().