JFilterInput/clean
From Joomla! Documentation
< API16:JFilterInput
The "API16" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
Description[edit]
Method to be called by another php script. Processes for XSS and specified bad code.
<! removed transcluded page call, red link never existed >
Syntax[edit]
clean($source, $type='string')
Parameter Name | Default Value | Description |
---|---|---|
$source | $source Input string/array-of-string to be 'cleaned' | |
$type | 'string' | $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE) |
Returns[edit]
mixed 'Cleaned' version of input parameter
Defined in[edit]
libraries/joomla/filter/filterinput.php
Importing[edit]
jimport( 'joomla.filter.filterinput' );
Source Body[edit]
public function clean($source, $type='string')
{
// Handle the type constraint
switch (strtoupper($type))
{
case 'INT' :
case 'INTEGER' :
// Only use the first integer value
preg_match('/-?[0-9]+/', (string) $source, $matches);
$result = @ (int) $matches[0];
break;
case 'FLOAT' :
case 'DOUBLE' :
// Only use the first floating point value
preg_match('/-?[0-9]+(\.[0-9]+)?/', (string) $source, $matches);
$result = @ (float) $matches[0];
break;
case 'BOOL' :
case 'BOOLEAN' :
$result = (bool) $source;
break;
case 'WORD' :
$result = (string) preg_replace('/[^A-Z_]/i', '', $source);
break;
case 'ALNUM' :
$result = (string) preg_replace('/[^A-Z0-9]/i', '', $source);
break;
case 'CMD' :
$result = (string) preg_replace('/[^A-Z0-9_\.-]/i', '', $source);
$result = ltrim($result, '.');
break;
case 'BASE64' :
$result = (string) preg_replace('/[^A-Z0-9\/+=]/i', '', $source);
break;
case 'STRING' :
$result = (string) $this->_remove($this->_decode((string) $source));
break;
case 'ARRAY' :
$result = (array) $source;
break;
case 'PATH' :
$pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*([\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
preg_match($pattern, (string) $source, $matches);
$result = @ (string) $matches[0];
break;
case 'USERNAME' :
$result = (string) preg_replace('/[\x00-\x1F\x7F<>"\'%&]/', '', $source);
break;
default :
// Are we dealing with an array?
if (is_array($source))
{
foreach ($source as $key => $value)
{
// filter element for XSS and other 'bad' code etc.
if (is_string($value)) {
$source[$key] = $this->_remove($this->_decode($value));
}
}
$result = $source;
}
else
{
// Or a string?
if (is_string($source) && !empty ($source)) {
// filter source for XSS and other 'bad' code etc.
$result = $this->_remove($this->_decode($source));
}
else {
// Not an array or string.. return the passed parameter
$result = $source;
}
}
break;
}
return $result;
}
<! removed transcluded page call, red link never existed >
Examples[edit]
Code Examples[edit]