Public Member Functions | |
| inputFilter ($tagsArray=array(), $attrArray=array(), $tagsMethod=0, $attrMethod=0, $xssAuto=1) | |
| process ($source) | |
| remove ($source) | |
| filterTags ($source) | |
| filterAttr ($attrSet) | |
| badAttributeValue ($attrSubSet) | |
| decode ($source) | |
| safeSQL ($source, &$connection) | |
| quoteSmart ($source, &$connection) | |
| escapeString ($string, &$connection) | |
Data Fields | |
| $tagsArray | |
| $attrArray | |
| $tagsMethod | |
| $attrMethod | |
| $xssAuto | |
| $tagBlacklist = array ('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml') | |
| $attrBlacklist = array ('action', 'background', 'codebase', 'dynsrc', 'lowsrc') | |
, with comments) : PHP Input Filter
Modification by Louis Landry
: Daniel Morris : dan@rootcube.com : GNU General Public License (GPL)
Definition at line 17 of file inputfilter.php.
| badAttributeValue | ( | $ | attrSubSet | ) |
Function to determine if contents of an attribute is safe
protected
| array | $attrSubSet A 2 element array for attributes name,value |
Definition at line 437 of file inputfilter.php.
Referenced by filterAttr().
| decode | ( | $ | source | ) |
Try to convert to plaintext
protected
| string | $source |
Definition at line 451 of file inputfilter.php.
| escapeString | ( | $ | string, | |
| &$ | connection | |||
| ) |
protected
| string | $source | |
| resource | $connection An open MySQL connection |
Definition at line 537 of file inputfilter.php.
Referenced by quoteSmart().
| filterAttr | ( | $ | attrSet | ) |
Internal method to strip a tag of certain attributes
protected
| array | $attrSet Array of attribute pairs to filter |
Definition at line 334 of file inputfilter.php.
References badAttributeValue().
Referenced by filterTags().
| filterTags | ( | $ | source | ) |
Internal method to strip a string of certain tags
protected
| string | $source Input string to be 'cleaned' |
Definition at line 127 of file inputfilter.php.
References filterAttr().
Referenced by remove().
| inputFilter | ( | $ | tagsArray = array (), |
|
| $ | attrArray = array (), |
|||
| $ | tagsMethod = 0, |
|||
| $ | attrMethod = 0, |
|||
| $ | xssAuto = 1 | |||
| ) |
Constructor for inputFilter class. Only first parameter is required.
protected
| array | $tagsArray list of user-defined tags | |
| array | $attrArray list of user-defined attributes | |
| int | $tagsMethod WhiteList method = 0, BlackList method = 1 | |
| int | $attrMethod WhiteList method = 0, BlackList method = 1 | |
| int | $xssAuto Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1 |
Definition at line 40 of file inputfilter.php.
| process | ( | $ | source | ) |
Method to be called by another php script. Processes for XSS and specified bad code.
public
| mixed | $source Input string/array-of-string to be 'cleaned' |
Definition at line 66 of file inputfilter.php.
References decode().
| quoteSmart | ( | $ | source, | |
| &$ | connection | |||
| ) |
Method to escape a string
protected
| string | $source | |
| resource | $connection An open MySQL connection |
Definition at line 511 of file inputfilter.php.
References escapeString().
Referenced by safeSQL().
| remove | ( | $ | source | ) |
Internal method to iteratively remove all unwanted tags and attributes
protected
| string | $source Input string to be 'cleaned' |
Definition at line 106 of file inputfilter.php.
References filterTags().
| safeSQL | ( | $ | source, | |
| &$ | connection | |||
| ) |
Method to be called by another php script. Processes for SQL injection
public
| mixed | $source input string/array-of-string to be 'cleaned' | |
| resource | $connection - An open MySQL connection |
Definition at line 470 of file inputfilter.php.
References decode(), and quoteSmart().
1.6.2