/**
* Method to be called by another php script. Processes for XSS and
* specified bad code.
*
* @access public
* @param mixed $source Input string/array-of-string to be 'cleaned'
* @param string $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
* @return mixed 'Cleaned' version of input parameter
* @static
*/
function clean($source, $type = 'string')
{
// Handle the type constraint
switch (strtoupper($type)) {
case 'INT':
case 'INTEGER':
// Only use the first integer value
preg_match('/-?[0-9]+/', (string) $source, $matches);
$result = @(int) $matches[0];
break;
case 'FLOAT':
case 'DOUBLE':
// Only use the first floating point value
preg_match('/-?[0-9]+(\\.[0-9]+)?/', (string) $source, $matches);
$result = @(double) $matches[0];
break;
case 'BOOL':
case 'BOOLEAN':
$result = (bool) $source;
break;
case 'WORD':
$result = (string) preg_replace('/[^A-Z_]/i', '', $source);
break;
case 'ALNUM':
$result = (string) preg_replace('/[^A-Z0-9]/i', '', $source);
break;
case 'CMD':
$result = (string) preg_replace('/[^A-Z0-9_\\.-]/i', '', $source);
$result = ltrim($result, '.');
break;
case 'BASE64':
$result = (string) preg_replace('/[^A-Z0-9\\/+=]/i', '', $source);
break;
case 'STRING':
// Check for static usage and assign $filter the proper variable
if (isset($this) && is_a($this, 'Xmf_Filter_Input')) {
$filter =& $this;
} else {
$filter =& Xmf_Filter_Input::getInstance();
}
$result = (string) $filter->_remove($filter->_decode((string) $source));
break;
case 'ARRAY':
$result = (array) $source;
break;
case 'PATH':
$pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\\.-]*([\\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\\.-]*)*$/';
preg_match($pattern, (string) $source, $matches);
$result = @(string) $matches[0];
break;
case 'USERNAME':
$result = (string) preg_replace('/[\\x00-\\x1F\\x7F<>"\'%&]/', '', $source);
break;
default:
// Check for static usage and assign $filter the proper variable
if (is_object($this) && get_class($this) == 'Xmf_Filter_Input') {
$filter =& $this;
} else {
$filter =& Xmf_Filter_Input::getInstance();
}
// Are we dealing with an array?
if (is_array($source)) {
foreach ($source as $key => $value) {
// filter element for XSS and other 'bad' code etc.
if (is_string($value)) {
$source[$key] = $filter->_remove($filter->_decode($value));
}
}
$result = $source;
} else {
// Or a string?
if (is_string($source) && !empty($source)) {
// filter source for XSS and other 'bad' code etc.
$result = $filter->_remove($filter->_decode($source));
} else {
// Not an array or string.. return the passed parameter
$result = $source;
}
}
break;
}
return $result;
}
/**
* Clean up an input variable.
*
* @param mixed The input variable.
* @param int Filter bit mask. 1=no trim: If this flag is cleared and the
* input is a string, the string will have leading and trailing whitespace
* trimmed. 2=allow_raw: If set, no more filtering is performed, higher bits
* are ignored. 4=allow_html: HTML is allowed, but passed through a safe
* HTML filter first. If set, no more filtering is performed. If no bits
* other than the 1 bit is set, a strict filter is applied.
* @param string The variable type {@see JFilterInput::clean()}.
*/
function _cleanVar($var, $mask = 0, $type = null)
{
// Static input filters for specific settings
static $noHtmlFilter = null;
static $safeHtmlFilter = null;
// If the no trim flag is not set, trim the variable
if (!($mask & 1) && is_string($var)) {
$var = trim($var);
}
// Now we handle input filtering
if ($mask & 2) {
// If the allow raw flag is set, do not modify the variable
$var = $var;
} else {
if ($mask & 4) {
// If the allow html flag is set, apply a safe html filter to the variable
if (is_null($safeHtmlFilter)) {
$safeHtmlFilter =& Xmf_Filter_Input::getInstance(null, null, 1, 1);
}
$var = $safeHtmlFilter->clean($var, $type);
} else {
// Since no allow flags were set, we will apply the most strict filter to the variable
if (is_null($noHtmlFilter)) {
$noHtmlFilter =& Xmf_Filter_Input::getInstance();
}
$var = $noHtmlFilter->clean($var, $type);
}
}
return $var;
}
