API16

JFilterInput/clean

From Joomla! Documentation

< API16:JFilterInput

The "API16" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.

Description[edit]

Method to be called by another php script. Processes for XSS and specified bad code.


<! removed transcluded page call, red link never existed >

Syntax[edit]

clean($source, $type='string')
Parameter Name Default Value Description
$source $source Input string/array-of-string to be 'cleaned'
$type 'string' $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)

Returns[edit]

mixed 'Cleaned' version of input parameter

Defined in[edit]

libraries/joomla/filter/filterinput.php

Importing[edit]

jimport( 'joomla.filter.filterinput' );

Source Body[edit]

public function clean($source, $type='string')
{
        // Handle the type constraint
        switch (strtoupper($type))
        {
                case 'INT' :
                case 'INTEGER' :
                        // Only use the first integer value
                        preg_match('/-?[0-9]+/', (string) $source, $matches);
                        $result = @ (int) $matches[0];
                        break;

                case 'FLOAT' :
                case 'DOUBLE' :
                        // Only use the first floating point value
                        preg_match('/-?[0-9]+(\.[0-9]+)?/', (string) $source, $matches);
                        $result = @ (float) $matches[0];
                        break;

                case 'BOOL' :
                case 'BOOLEAN' :
                        $result = (bool) $source;
                        break;

                case 'WORD' :
                        $result = (string) preg_replace('/[^A-Z_]/i', '', $source);
                        break;

                case 'ALNUM' :
                        $result = (string) preg_replace('/[^A-Z0-9]/i', '', $source);
                        break;

                case 'CMD' :
                        $result = (string) preg_replace('/[^A-Z0-9_\.-]/i', '', $source);
                        $result = ltrim($result, '.');
                        break;

                case 'BASE64' :
                        $result = (string) preg_replace('/[^A-Z0-9\/+=]/i', '', $source);
                        break;

                case 'STRING' :
                        $result = (string) $this->_remove($this->_decode((string) $source));
                        break;

                case 'ARRAY' :
                        $result = (array) $source;
                        break;

                case 'PATH' :
                        $pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*([\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
                        preg_match($pattern, (string) $source, $matches);
                        $result = @ (string) $matches[0];
                        break;

                case 'USERNAME' :
                        $result = (string) preg_replace('/[\x00-\x1F\x7F<>"\'%&]/', '', $source);
                        break;

                default :
                        // Are we dealing with an array?
                        if (is_array($source))
                        {
                                foreach ($source as $key => $value)
                                {
                                        // filter element for XSS and other 'bad' code etc.
                                        if (is_string($value)) {
                                                $source[$key] = $this->_remove($this->_decode($value));
                                        }
                                }
                                $result = $source;
                        }
                        else
                        {
                                // Or a string?
                                if (is_string($source) && !empty ($source)) {
                                        // filter source for XSS and other 'bad' code etc.
                                        $result = $this->_remove($this->_decode($source));
                                }
                                else {
                                        // Not an array or string.. return the passed parameter
                                        $result = $source;
                                }
                        }
                        break;
        }
        return $result;
}


<! removed transcluded page call, red link never existed >

Examples[edit]

Code Examples[edit]