InputFilter
class InputFilter extends InputFilter
InputFilter is a class for filtering input from any data source
Forked from the php input filter library by: Daniel Morris dan@rootcube.com Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
Properties
integer | $stripUSC | A flag for Unicode Supplementary Characters (4-byte Unicode character) stripping. |
Methods
Constructor for inputFilter class. Only first parameter is required.
Returns an input filter object, only creating it if it doesn't already exist.
Method to be called by another php script. Processes for XSS and specified bad code.
Function to punyencode utf8 mail when saving content
Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
Details
__construct(
array $tagsArray = array(),
array $attrArray = array(),
integer $tagsMethod,
integer $attrMethod,
integer $xssAuto = 1,
integer $stripUSC = -1)
Constructor for inputFilter class. Only first parameter is required.
static
InputFilter
getInstance(
array $tagsArray = array(),
array $attrArray = array(),
integer $tagsMethod,
integer $attrMethod,
integer $xssAuto = 1,
integer $stripUSC = -1)
Returns an input filter object, only creating it if it doesn't already exist.
mixed
clean(
mixed $source,
string $type = 'string')
Method to be called by another php script. Processes for XSS and specified bad code.
static
boolean
isSafeFile(
array $file,
array $options = array())
Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
The options you can define are:
nullbyte Prevent files with a null byte in their name (buffer overflow attack)
forbiddenextensions Do not allow these strings anywhere in the file's extension
phptagincontent Do not allow <?php
tag in content
pharstubincontent Do not allow the __HALT_COMPILER()
phar stub in content
shorttagincontent Do not allow short tag <?
in content
shorttagextensions Which file extensions to scan for short tags in content
fobiddenextincontent Do not allow forbiddenextensions anywhere in content
phpextcontentextensions Which file extensions to scan for .php in content
This code is an adaptation and improvement of Admin Tools' UploadShield feature, relicensed and contributed by its author.