vB_Cleaner
in package
Uses
vB_Trait_NoSerialize
Class to handle and sanitize variables from GET, POST and COOKIE etc
Tags
Table of Contents
- CONVERT_KEYS = 200
- CONVERT_SINGLE = 100
- STR_NOHTML = self::TYPE_NOHTML
- TYPE_ARRAY = 10
- TYPE_ARRAY_ARRAY = 110
- TYPE_ARRAY_BINARY = 112
- TYPE_ARRAY_BOOL = 101
- TYPE_ARRAY_FILE = self::TYPE_FILE
- TYPE_ARRAY_INT = 102
- TYPE_ARRAY_KEYS_INT = 202
- TYPE_ARRAY_KEYS_STR = 207
- TYPE_ARRAY_NOHTML = 109
- TYPE_ARRAY_NOHTMLCOND = 113
- TYPE_ARRAY_NOTRIM = 108
- TYPE_ARRAY_NUM = 104
- TYPE_ARRAY_STR = 107
- TYPE_ARRAY_UINT = 103
- TYPE_ARRAY_UNIXTIME = 106
- TYPE_ARRAY_UNUM = 105
- TYPE_BINARY = 12
- TYPE_BOOL = 1
- TYPE_FILE = 11
- TYPE_INT = 2
- TYPE_NOCLEAN = 0
- TYPE_NOHTML = 9
- TYPE_NOHTMLCOND = 13
- TYPE_NOTRIM = 8
- TYPE_NUM = 4
- TYPE_STR = 7
- TYPE_UINT = 3
- TYPE_UNIXTIME = 6
- TYPE_UNUM = 5
- $superglobalLookup : array<string|int, mixed>
- Translation table for short superglobal name to long superglobal name
- __construct() : mixed
- Constructor
- __serialize() : mixed
- __sleep() : mixed
- __unserialize() : mixed
- __wakeup() : mixed
- clean() : mixed
- Makes a single variable safe to use and returns it
- cleanArray() : array<string|int, mixed>
- Makes data in an array safe to use
- xssClean() : string
- Removes HTML characters and potentially unsafe scripting words from a string
- xssCleanUrl() : string
- Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.
- doClean() : mixed
- Does the actual work to make a variable safe
Constants
CONVERT_KEYS
public
mixed
CONVERT_KEYS
= 200
CONVERT_SINGLE
public
mixed
CONVERT_SINGLE
= 100
STR_NOHTML
public
mixed
STR_NOHTML
= self::TYPE_NOHTML
TYPE_ARRAY
public
mixed
TYPE_ARRAY
= 10
TYPE_ARRAY_ARRAY
public
mixed
TYPE_ARRAY_ARRAY
= 110
TYPE_ARRAY_BINARY
public
mixed
TYPE_ARRAY_BINARY
= 112
TYPE_ARRAY_BOOL
public
mixed
TYPE_ARRAY_BOOL
= 101
TYPE_ARRAY_FILE
public
mixed
TYPE_ARRAY_FILE
= self::TYPE_FILE
TYPE_ARRAY_INT
public
mixed
TYPE_ARRAY_INT
= 102
TYPE_ARRAY_KEYS_INT
public
mixed
TYPE_ARRAY_KEYS_INT
= 202
TYPE_ARRAY_KEYS_STR
public
mixed
TYPE_ARRAY_KEYS_STR
= 207
TYPE_ARRAY_NOHTML
public
mixed
TYPE_ARRAY_NOHTML
= 109
TYPE_ARRAY_NOHTMLCOND
public
mixed
TYPE_ARRAY_NOHTMLCOND
= 113
TYPE_ARRAY_NOTRIM
public
mixed
TYPE_ARRAY_NOTRIM
= 108
TYPE_ARRAY_NUM
public
mixed
TYPE_ARRAY_NUM
= 104
TYPE_ARRAY_STR
public
mixed
TYPE_ARRAY_STR
= 107
TYPE_ARRAY_UINT
public
mixed
TYPE_ARRAY_UINT
= 103
TYPE_ARRAY_UNIXTIME
public
mixed
TYPE_ARRAY_UNIXTIME
= 106
TYPE_ARRAY_UNUM
public
mixed
TYPE_ARRAY_UNUM
= 105
TYPE_BINARY
public
mixed
TYPE_BINARY
= 12
TYPE_BOOL
public
mixed
TYPE_BOOL
= 1
TYPE_FILE
public
mixed
TYPE_FILE
= 11
TYPE_INT
public
mixed
TYPE_INT
= 2
TYPE_NOCLEAN
public
mixed
TYPE_NOCLEAN
= ""
TYPE_NOHTML
public
mixed
TYPE_NOHTML
= 9
TYPE_NOHTMLCOND
public
mixed
TYPE_NOHTMLCOND
= 13
TYPE_NOTRIM
public
mixed
TYPE_NOTRIM
= 8
TYPE_NUM
public
mixed
TYPE_NUM
= 4
TYPE_STR
public
mixed
TYPE_STR
= 7
TYPE_UINT
public
mixed
TYPE_UINT
= 3
TYPE_UNIXTIME
public
mixed
TYPE_UNIXTIME
= 6
TYPE_UNUM
public
mixed
TYPE_UNUM
= 5
Properties
$superglobalLookup
Translation table for short superglobal name to long superglobal name
protected
array<string|int, mixed>
$superglobalLookup
= array('g' => '_GET', 'p' => '_POST', 'r' => '_REQUEST', 'c' => '_COOKIE', 's' => '_SERVER', 'e' => '_ENV', 'f' => '_FILES')
Methods
__construct()
Constructor
public
__construct() : mixed
First, verifies that $GLOBALS has not been modified from the outside. Second, ensures that if REQUEST_METHOD is POST all super globals have the same keys to avoid variable injection. Third, Ensures that register_globals is disabled and unsets all GPC variables from the $GLOBALS array if register_globals is not disabled. Fourth, moves $_COOKIE vars into the REQUEST_METHOD vars and deletes them from the $_REQUEST array.
Return values
mixed —__serialize()
public
__serialize() : mixed
Return values
mixed —__sleep()
public
__sleep() : mixed
Return values
mixed —__unserialize()
public
__unserialize(mixed $serialized) : mixed
Parameters
- $serialized : mixed
Return values
mixed —__wakeup()
public
__wakeup() : mixed
Return values
mixed —clean()
Makes a single variable safe to use and returns it
public
clean(mixed &$var[, mixed $vartype = self::TYPE_NOCLEAN ][, mixed $exists = true ]) : mixed
Parameters
- $var : mixed
- $vartype : mixed = self::TYPE_NOCLEAN
- $exists : mixed = true
Return values
mixed —The cleaned value
cleanArray()
Makes data in an array safe to use
public
cleanArray(mixed &$source, mixed $variables) : array<string|int, mixed>
Parameters
- $source : mixed
- $variables : mixed
Return values
array<string|int, mixed> —xssClean()
Removes HTML characters and potentially unsafe scripting words from a string
public
xssClean(mixed $var) : string
Parameters
- $var : mixed
Return values
string —xssCleanUrl()
Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.
public
xssCleanUrl(mixed $url) : string
Parameters
- $url : mixed
Return values
string —doClean()
Does the actual work to make a variable safe
protected
doClean(mixed &$data, mixed $type) : mixed
Parameters
- $data : mixed
- $type : mixed