Actions

API15

JFilterInput/clean

From Joomla! Documentation

< API15:JFilterInput
Revision as of 10:52, 12 May 2013 by JoomlaWikiBot (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Replacement filing cabinet.png
This Namespace has been archived - Please Do Not Edit or Create Pages in this namespace. Pages contain information for a Joomla! version which is no longer supported. It exists only as a historical reference, will not be improved and its content may be incomplete.

Contents

Description

Method to be called by another php script. Processes for XSS and specified bad code.

[<! removed edit link to red link >]

<! removed transcluded page call, red link never existed >

Syntax

clean($source, $type='string')
Parameter Name Default Value Description
$source $source Input string/array-of-string to be 'cleaned'
$type 'string' $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)

Returns

mixed 'Cleaned' version of input parameter

Defined in

libraries/joomla/filter/filterinput.php

Importing

jimport( 'joomla.filter.filterinput' );

Source Body

function clean($source, $type='string')
{
        // Handle the type constraint
        switch (strtoupper($type))
        {
                case 'INT' :
                case 'INTEGER' :
                        // Only use the first integer value
                        preg_match('/-?[0-9]+/', (string) $source, $matches);
                        $result = @ (int) $matches[0];
                        break;
 
                case 'FLOAT' :
                case 'DOUBLE' :
                        // Only use the first floating point value
                        preg_match('/-?[0-9]+(\.[0-9]+)?/', (string) $source, $matches);
                        $result = @ (float) $matches[0];
                        break;
 
                case 'BOOL' :
                case 'BOOLEAN' :
                        $result = (bool) $source;
                        break;
 
                case 'WORD' :
                        $result = (string) preg_replace( '/[^A-Z_]/i', '', $source );
                        break;
 
                case 'ALNUM' :
                        $result = (string) preg_replace( '/[^A-Z0-9]/i', '', $source );
                        break;
 
                case 'CMD' :
                        $result = (string) preg_replace( '/[^A-Z0-9_\.-]/i', '', $source );
                        $result = ltrim($result, '.');
                        break;
 
                case 'BASE64' :
                        $result = (string) preg_replace( '/[^A-Z0-9\/+=]/i', '', $source );
                        break;
 
                case 'STRING' :
                        // Check for static usage and assign $filter the proper variable
                        if(isset($this) && is_a( $this, 'JFilterInput' )) {
                                $filter =& $this;
                        } else {
                                $filter =& JFilterInput::getInstance();
                        }
                        $result = (string) $filter->_remove($filter->_decode((string) $source));
                        break;
 
                case 'ARRAY' :
                        $result = (array) $source;
                        break;
 
                case 'PATH' :
                        $pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*([\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
                        preg_match($pattern, (string) $source, $matches);
                        $result = @ (string) $matches[0];
                        break;
 
                case 'USERNAME' :
                        $result = (string) preg_replace( '/[\x00-\x1F\x7F<>"\'%&]/', '', $source );
                        break;
 
                default :
                        // Check for static usage and assign $filter the proper variable
                        if(is_object($this) && get_class($this) == 'JFilterInput') {
                                $filter =& $this;
                        } else {
                                $filter =& JFilterInput::getInstance();
                        }
                        // Are we dealing with an array?
                        if (is_array($source)) {
                                foreach ($source as $key => $value)
                                {
                                        // filter element for XSS and other 'bad' code etc.
                                        if (is_string($value)) {
                                                $source[$key] = $filter->_remove($filter->_decode($value));
                                        }
                                }
                                $result = $source;
                        } else {
                                // Or a string?
                                if (is_string($source) && !empty ($source)) {
                                        // filter source for XSS and other 'bad' code etc.
                                        $result = $filter->_remove($filter->_decode($source));
                                } else {
                                        // Not an array or string.. return the passed parameter
                                        $result = $source;
                                }
                        }
                        break;
        }
        return $result;
}

[<! removed edit link to red link >] <! removed transcluded page call, red link never existed >

Examples

<CodeExamplesForm />