JFilterInput/clean
From Joomla! Documentation
< API15:JFilterInputRevision as of 11:52, 12 May 2013 by JoomlaWikiBot (talk | contribs) (removing red link to edit, no existant pages)
Revision as of 11:52, 12 May 2013 by JoomlaWikiBot (talk | contribs) (removing red link to edit, no existant pages)
The "API15" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
Description[edit]
Method to be called by another php script. Processes for XSS and specified bad code.
[<! removed edit link to red link >]
<! removed transcluded page call, red link never existed >
Syntax[edit]
clean($source, $type='string')| Parameter Name | Default Value | Description |
|---|---|---|
| $source | $source Input string/array-of-string to be 'cleaned' | |
| $type | 'string' | $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE) |
Returns[edit]
mixed 'Cleaned' version of input parameter
Defined in[edit]
libraries/joomla/filter/filterinput.php
Importing[edit]
jimport( 'joomla.filter.filterinput' );Source Body[edit]
function clean($source, $type='string')
{
// Handle the type constraint
switch (strtoupper($type))
{
case 'INT' :
case 'INTEGER' :
// Only use the first integer value
preg_match('/-?[0-9]+/', (string) $source, $matches);
$result = @ (int) $matches[0];
break;
case 'FLOAT' :
case 'DOUBLE' :
// Only use the first floating point value
preg_match('/-?[0-9]+(\.[0-9]+)?/', (string) $source, $matches);
$result = @ (float) $matches[0];
break;
case 'BOOL' :
case 'BOOLEAN' :
$result = (bool) $source;
break;
case 'WORD' :
$result = (string) preg_replace( '/[^A-Z_]/i', '', $source );
break;
case 'ALNUM' :
$result = (string) preg_replace( '/[^A-Z0-9]/i', '', $source );
break;
case 'CMD' :
$result = (string) preg_replace( '/[^A-Z0-9_\.-]/i', '', $source );
$result = ltrim($result, '.');
break;
case 'BASE64' :
$result = (string) preg_replace( '/[^A-Z0-9\/+=]/i', '', $source );
break;
case 'STRING' :
// Check for static usage and assign $filter the proper variable
if(isset($this) && is_a( $this, 'JFilterInput' )) {
$filter =& $this;
} else {
$filter =& JFilterInput::getInstance();
}
$result = (string) $filter->_remove($filter->_decode((string) $source));
break;
case 'ARRAY' :
$result = (array) $source;
break;
case 'PATH' :
$pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*([\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
preg_match($pattern, (string) $source, $matches);
$result = @ (string) $matches[0];
break;
case 'USERNAME' :
$result = (string) preg_replace( '/[\x00-\x1F\x7F<>"\'%&]/', '', $source );
break;
default :
// Check for static usage and assign $filter the proper variable
if(is_object($this) && get_class($this) == 'JFilterInput') {
$filter =& $this;
} else {
$filter =& JFilterInput::getInstance();
}
// Are we dealing with an array?
if (is_array($source)) {
foreach ($source as $key => $value)
{
// filter element for XSS and other 'bad' code etc.
if (is_string($value)) {
$source[$key] = $filter->_remove($filter->_decode($value));
}
}
$result = $source;
} else {
// Or a string?
if (is_string($source) && !empty ($source)) {
// filter source for XSS and other 'bad' code etc.
$result = $filter->_remove($filter->_decode($source));
} else {
// Not an array or string.. return the passed parameter
$result = $source;
}
}
break;
}
return $result;
}[<! removed edit link to red link >] <! removed transcluded page call, red link never existed >
Examples[edit]
<CodeExamplesForm />