class vB_Cleaner

Class to handle and sanitize variables from GET, POST and COOKIE etc

Traits

Constants

TYPE_NOCLEAN

TYPE_BOOL

TYPE_INT

TYPE_UINT

TYPE_NUM

TYPE_UNUM

TYPE_UNIXTIME

TYPE_STR

TYPE_NOTRIM

TYPE_NOHTML

TYPE_ARRAY

TYPE_FILE

TYPE_BINARY

TYPE_NOHTMLCOND

TYPE_ARRAY_BOOL

TYPE_ARRAY_INT

TYPE_ARRAY_UINT

TYPE_ARRAY_NUM

TYPE_ARRAY_UNUM

TYPE_ARRAY_UNIXTIME

TYPE_ARRAY_STR

TYPE_ARRAY_NOTRIM

TYPE_ARRAY_NOHTML

TYPE_ARRAY_ARRAY

TYPE_ARRAY_FILE

TYPE_ARRAY_BINARY

TYPE_ARRAY_NOHTMLCOND

TYPE_ARRAY_KEYS_INT

TYPE_ARRAY_KEYS_STR

CONVERT_SINGLE

CONVERT_KEYS

STR_NOHTML

Properties

protected array $superglobalLookup Translation table for short superglobal name to long superglobal name

Methods

__sleep()

No description

__wakeup()

No description

__construct()

Constructor

array
cleanArray(array $source, array $variables)

Makes data in an array safe to use

mixed
clean(mixed $var, integer $vartype = self::TYPE_NOCLEAN, boolean $exists = true)

Makes a single variable safe to use and returns it

mixed
doClean(mixed $data, integer $type)

Does the actual work to make a variable safe

string
xssClean(string $var)

Removes HTML characters and potentially unsafe scripting words from a string

string
xssCleanUrl(string $url)

Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.

Details

in vB_Trait_NoSerialize at line 15
__sleep()

in vB_Trait_NoSerialize at line 20
__wakeup()

at line 83
__construct()

Constructor

First, verifies that $GLOBALS has not been modified from the outside. Second, ensures that if REQUEST_METHOD is POST all super globals have the same keys to avoid variable injection. Third, Ensures that register_globals is disabled and unsets all GPC variables from the $GLOBALS array if register_globals is not disabled. Fourth, moves $_COOKIE vars into the REQUEST_METHOD vars and deletes them from the $_REQUEST array.

at line 162
array cleanArray(array $source, array $variables)

Makes data in an array safe to use

Parameters

array $source The source array containing the data to be cleaned
array $variables Array of variable names and types we want to extract from the source array

Return Value

array

at line 183
mixed clean(mixed $var, integer $vartype = self::TYPE_NOCLEAN, boolean $exists = true)

Makes a single variable safe to use and returns it

Parameters

mixed $var The variable to be cleaned
integer $vartype The type of the variable in which we are interested
boolean $exists Whether or not the variable to be cleaned actually is set

Return Value

mixed The cleaned value

at line 292
protected mixed doClean(mixed $data, integer $type)

Does the actual work to make a variable safe

Parameters

mixed $data The data we want to make safe
integer $type The type of the data

Return Value

mixed

at line 436
string xssClean(string $var)

Removes HTML characters and potentially unsafe scripting words from a string

Parameters

string $var The variable we want to make safe

Return Value

string

at line 451
string xssCleanUrl(string $url)

Removes HTML characters and potentially unsafe scripting words from a URL Note: The query string and the URL #fragment are preserved.

Parameters

string $url The url to clean

Return Value

string