Classname XssFilter
Provides a set of filters, to filter data from possible xss attacks based on the PHP Secure Class to prevent XSS Attacks from http://www.webkami.com/programming/php/php-secure-class-to-avoid-xss/php-secure-class-to-avoid-xss-1-0-2.php, but it's a complete rewrite.
Note: this class will be used by the implementation classes AND the backend of the feindura-CMS.
static string | escapeBasics() | Escapes basic chars like \ and ' . |
static bool | bool() | Check if the data is a boolean. |
static int | number() | Check if the data is a number. |
static int | int() | Check if the data is a integer. |
static number | float() | Check if the data is a float. |
static string|number|null | string() | Check if the data is alphanumeric string with some special chars. Allowed chars are: |
static string|null | stringStrict() | Check if the data is a alphanumerical string, allowing only underscores "_" and spaces. |
static string|null | alphabetical() | Check if the data is a alphabetical string. |
static int|false | filename() | Check if the data is filename string. |
static int|false | path() | Check if the data is local path string. The path cannot have ".." . |
static int|false | url() | Check if the data is a URL. The path cannot have ".." . |
static string|null | text() | Change the HTML important signs to htmlspecialchars with the htmlspecialchars() function. Text <a |
void | __construct() | Constructor is not callable, XssFilter::init() is used instead. |
array | $array |
the data to escape the \ and ' |
Name escapeBasics()
Escapes basic chars like \ and ' .
bool|string | $data |
the data to check against |
bool | $returnAsString |
(optional) if TRUE it returns the bool as a string like: "true" or "false" Default false |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name bool()
Check if the data is a boolean.
int | $data |
the data to check against |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default 0 |
Name number()
Check if the data is a number.
int | $data |
the data to check against |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default 0 |
Name int()
Check if the data is a integer.
number | $data |
the data to check against |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default 0 |
Name float()
Check if the data is a float.
static string|number|null string ( |
string , [string|null = null], [mixed = false]) |
string | $data |
the data to check against |
string|null | $addChars |
(optional) a string with allowed characters (they are implemented in a regex so some chars have to be escaped like: "\$") Default null |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name alphaOrNumeric()
Check if the data is alphanumeric string with some special chars. Allowed chars are:
string | $data |
the data to check against |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name stringStrict()
Check if the data is a alphanumerical string, allowing only underscores "_" and spaces.
string | $data |
the data to check against |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name alphabetical()
Check if the data is a alphabetical string.
string | $data |
the data to check against |
bool | $encode |
(optional) tell if the filename should be urlencoded before Default false |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name filename()
Check if the data is filename string.
int | $data |
the data to check against |
bool | $encode |
(optional) whether the path should be urlencoded before Default false |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name path()
Check if the data is local path string. The path cannot have ".." .
int | $data |
the data to check against |
bool | $encode |
(optional) whether the path should be urlencoded before Default false |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name url()
Check if the data is a URL. The path cannot have ".." .
string | $data |
the data to check against |
string | $charset |
(optional) the charset used by the htmlspecialchars public static function Default 'UTF-8' |
mixed | $default |
(optional) the default value return if the $data parameter couldn't be validated Default false |
Name text()
Change the HTML important signs to htmlspecialchars with the htmlspecialchars() function.
Text <a href="test"> other text
Type constructor
Constructor is not callable, XssFilter::init() is used instead.