/**
* Method to apply an input filter to a value based on field data.
*
* @param string $element The XML element object representation of the form field.
* @param mixed $value The value to filter for the field.
* @return mixed The filtered value.
*/
protected function filterField($element, $value)
{
// Make sure there is a valid SimpleXMLElement.
if (!$element instanceof SimpleXMLElement) {
return false;
}
// Get the field filter type.
$filter = (string) $element['filter'];
// Process the input value based on the filter.
$return = null;
switch (strtoupper($filter)) {
// Access Control Rules.
case 'RULES':
$return = array();
foreach ((array) $value as $action => $ids) {
// Build the rules array.
$return[$action] = array();
foreach ($ids as $id => $p) {
if ($p !== '') {
$return[$action][$id] = $p == '1' || $p == 'true' ? true : false;
}
}
}
break;
// Do nothing, thus leaving the return value as null.
// Do nothing, thus leaving the return value as null.
case 'UNSET':
break;
// No Filter.
// No Filter.
case 'RAW':
$return = $value;
break;
// Filter the input as an array of integers.
// Filter the input as an array of integers.
case 'INT_ARRAY':
// Make sure the input is an array.
if (is_object($value)) {
$value = get_object_vars($value);
}
$value = is_array($value) ? $value : array($value);
Arr::toInteger($value);
$return = $value;
break;
// Filter safe HTML.
// Filter safe HTML.
case 'SAFEHTML':
$return = String::clean($value, 'string');
break;
// Convert a date to UTC based on the server timezone offset.
// Convert a date to UTC based on the server timezone offset.
case 'SERVER_UTC':
if (intval($value) > 0) {
// Get the server timezone setting.
$offset = App::get('config')->get('offset');
// Return an SQL formatted datetime string in UTC.
$return = with(new Date($value, $offset))->toSql();
} else {
$return = '';
}
break;
// Convert a date to UTC based on the user timezone offset.
// Convert a date to UTC based on the user timezone offset.
case 'USER_UTC':
if (intval($value) > 0) {
// Get the user timezone setting defaulting to the server timezone setting.
$offset = App::get('user')->getParam('timezone', App::get('config')->get('offset'));
// Return a MySQL formatted datetime string in UTC.
$return = with(new Date($value, $offset))->toSql();
} else {
$return = '';
}
break;
// Ensures a protocol is present in the saved field. Only use when
// the only permitted protocols requre '://'. See FormRuleUrl for list of these.
// Ensures a protocol is present in the saved field. Only use when
// the only permitted protocols requre '://'. See FormRuleUrl for list of these.
case 'URL':
if (empty($value)) {
return false;
}
$value = String::clean($value);
$value = trim($value);
// <>" are never valid in a uri see http://www.ietf.org/rfc/rfc1738.txt.
$value = str_replace(array('<', '>', '"'), '', $value);
// Check for a protocol
$protocol = parse_url($value, PHP_URL_SCHEME);
// If there is no protocol and the relative option is not specified,
// we assume that it is an external URL and prepend http://.
if ($element['type'] == 'url' && !$protocol && !$element['relative'] || !$element['type'] == 'url' && !$protocol) {
$protocol = 'http';
// If it looks like an internal link, then add the root.
if (substr($value, 0, 9) == 'index.php') {
$value = App::get('request')->root() . $value;
} else {
// Put the url back together.
$value = $protocol . '://' . $value;
}
} elseif (!$protocol && $element['relative']) {
$host = App::get('request')->host();
// If it starts with the host string, just prepend the protocol.
if (substr($value, 0) == $host) {
$value = 'http://' . $value;
} else {
$value = App::get('request')->root() . $value;
}
}
$return = $value;
break;
case 'TEL':
$value = trim($value);
// Does it match the NANP pattern?
if (preg_match('/^(?:\\+?1[-. ]?)?\\(?([2-9][0-8][0-9])\\)?[-. ]?([2-9][0-9]{2})[-. ]?([0-9]{4})$/', $value) == 1) {
$number = (string) preg_replace('/[^\\d]/', '', $value);
if (substr($number, 0, 1) == 1) {
$number = substr($number, 1);
}
if (substr($number, 0, 2) == '+1') {
$number = substr($number, 2);
}
$result = '1.' . $number;
} elseif (preg_match('/^\\+(?:[0-9] ?){6,14}[0-9]$/', $value) == 1) {
$countrycode = substr($value, 0, strpos($value, ' '));
$countrycode = (string) preg_replace('/[^\\d]/', '', $countrycode);
$number = strstr($value, ' ');
$number = (string) preg_replace('/[^\\d]/', '', $number);
$result = $countrycode . '.' . $number;
} elseif (preg_match('/^\\+[0-9]{1,3}\\.[0-9]{4,14}(?:x.+)?$/', $value) == 1) {
if (strstr($value, 'x')) {
$xpos = strpos($value, 'x');
$value = substr($value, 0, $xpos);
}
$result = str_replace('+', '', $value);
} elseif (preg_match('/[0-9]{1,3}\\.[0-9]{4,14}$/', $value) == 1) {
$result = $value;
} else {
$value = (string) preg_replace('/[^\\d]/', '', $value);
if ($value != null && strlen($value) <= 15) {
$length = strlen($value);
// if it is fewer than 13 digits assume it is a local number
if ($length <= 12) {
$result = '.' . $value;
} else {
// If it has 13 or more digits let's make a country code.
$cclen = $length - 12;
$result = substr($value, 0, $cclen) . '.' . substr($value, $cclen);
}
} else {
$result = '';
}
}
$return = $result;
break;
default:
// Check for a callback filter.
if (strpos($filter, '::') !== false && is_callable(explode('::', $filter))) {
$return = call_user_func(explode('::', $filter), $value);
} elseif (function_exists($filter)) {
$return = call_user_func($filter, $value);
} else {
$return = String::clean($value, $filter);
}
break;
}
return $return;
}
