Location: PHPKode > projects > PHP on Trax > johnpipi-trax-f599562/trax/doc/PHPonTrax/InputFilter.html
<html>
<head>
<title>Docs For Class InputFilter</title>
<link rel="stylesheet" type="text/css" href="../media/style.css">
</head>
<body>

<table border="0" cellspacing="0" cellpadding="0" height="48" width="100%">
  <tr>
    <td class="header_top">PHPonTrax</td>
  </tr>
  <tr><td class="header_line"><img src="../media/empty.png" width="1" height="1" border="0" alt=""  /></td></tr>
  <tr>
    <td class="header_menu">
  		  [ <a href="../classtrees_PHPonTrax.html" class="menu">class tree: PHPonTrax</a> ]
		  [ <a href="../elementindex_PHPonTrax.html" class="menu">index: PHPonTrax</a> ]
		  [ <a href="../elementindex.html" class="menu">all elements</a> ]
    </td>
  </tr>
  <tr><td class="header_line"><img src="../media/empty.png" width="1" height="1" border="0" alt=""  /></td></tr>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="200" class="menu">
	<div id="todolist">
			<p><a href="../todolist.html">Todo List</a></p>
	</div>
      <b>Packages:</b><br />
              <a href="../li_PHPonTrax.html">PHPonTrax</a><br />
              <a href="../li_PHPonTraxTest.html">PHPonTraxTest</a><br />
            <br /><br />
		<b>Tutorials/Manuals:</b><br />
					<strong>Package-level:</strong>
							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_PHPonTrax.pkg.html">PHP On Trax</a>
<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_rails_examples.pkg.html">Examples From The Rails Book</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_simpleapp.pkg.html">Build A Simple Trax Application</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_database.pkg.html">Create A Database and User</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_advbuild.pkg.html">Advanced Application Build Topics</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_naming.pkg.html">The Trax Naming Convention</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_troubleshoot.pkg.html">Troubleshooting</a>
</ul>

<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_reference.pkg.html">Reference</a>
</ul>

</li></ul>


										<strong>Class-level:</strong>
							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActiveRecordHelper.cls.html">ActiveRecordHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_FormTagHelper.cls.html">FormTagHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_Helpers.cls.html">Helpers</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_UrlHelper.cls.html">UrlHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_FormHelper.cls.html">FormHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_InputFilter.cls.html">InputFilter</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActionMailer.cls.html">ActionMailer</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ApplicationController.cls.html">ApplicationController</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActionController.cls.html">ActionController</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActiveRecord.cls.html">ActiveRecord</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_DateHelper.cls.html">DateHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_Router.cls.html">Router</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_FormOptionsHelper.cls.html">FormOptionsHelper</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_TraxGenerator.cls.html">TraxGenerator</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_Session.cls.html">Session</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_Inflector.cls.html">Inflector</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActiveRecordError.cls.html">ActiveRecordError</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ActionControllerError.cls.html">ActionControllerError</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ScaffoldController.cls.html">ScaffoldController</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_Dispatcher.cls.html">Dispatcher</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_TraxError.cls.html">TraxError</a>
</ul>


							<ul>
	<li type="square"><a href="../PHPonTrax/tutorial_ApplicationMailer.cls.html">ApplicationMailer</a>
</ul>


							                        <b>Files:</b><br />
      	  <div class="package">
			<a href="../PHPonTrax/_vendor_trax_action_controller_php.html">		action_controller.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_mailer_php.html">		action_mailer.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_php.html">		action_view.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_active_record_php.html">		active_record.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_active_record_helper_php.html">		active_record_helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_add_phtml.html">		add.phtml
		</a><br>
			<a href="../PHPonTrax/_data_app_controllers_application_php.html">		application.php
		</a><br>
			<a href="../PHPonTrax/_data_app_views_layouts_application_phtml.html">		application.phtml
		</a><br>
			<a href="../PHPonTrax/_data_app_helpers_application_helper_php.html">		application_helper.php
		</a><br>
			<a href="../PHPonTrax/_data_app_application_mailer_php.html">		application_mailer.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_asset_tag_helper_php.html">		asset_tag_helper.php
		</a><br>
			<a href="../PHPonTrax/_test_layouts_catalog_phtml.html">		catalog.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_controller_php.html">		controller.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_controller_php.html">		controller.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_date_helper_php.html">		date_helper.php
		</a><br>
			<a href="../PHPonTrax/_data_config_environments_development_php.html">		development.php
		</a><br>
			<a href="../PHPonTrax/_data_public_dispatch_php.html">		dispatch.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_dispatcher_php.html">		dispatcher.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_edit_phtml.html">		edit.phtml
		</a><br>
			<a href="../PHPonTrax/_data_config_environment_php.html">		environment.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_error_phtml.html">		error.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_form_helper_php.html">		form_helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_form_options_helper_php.html">		form_options_helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_form_scaffolding_phtml.html">		form_scaffolding.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_form_tag_helper_php.html">		form_tag_helper.php
		</a><br>
			<a href="../PHPonTrax/_data_script_generate_php.html">		generate.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_helper_php.html">		helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_php.html">		helpers.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_index_phtml.html">		index.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_inflector_php.html">		inflector.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_input_filter_php.html">		input_filter.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_javascript_helper_php.html">		javascript_helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_layout_phtml.html">		layout.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_layout_phtml.html">		layout.phtml
		</a><br>
			<a href="../PHPonTrax/_makepkg_php.html">		makepkg.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_model_php.html">		model.php
		</a><br>
			<a href="../PHPonTrax/_data_config_environments_production_php.html">		production.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_router_php.html">		router.php
		</a><br>
			<a href="../PHPonTrax/_data_config_routes_php.html">		routes.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_scaffold_controller_php.html">		scaffold_controller.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_session_php.html">		session.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_show_phtml.html">		show.phtml
		</a><br>
			<a href="../PHPonTrax/_data_config_environments_test_php.html">		test.php
		</a><br>
			<a href="../PHPonTrax/_trax_php.html">		trax.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_trax_exceptions_php.html">		trax_exceptions.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_trax_generator_php.html">		trax_generator.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_action_view_helpers_url_helper_php.html">		url_helper.php
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_view_phtml.html">		view.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_view_add_phtml.html">		view_add.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_view_edit_phtml.html">		view_edit.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_view_index_phtml.html">		view_index.phtml
		</a><br>
			<a href="../PHPonTrax/_vendor_trax_templates_scaffolds_generator_templates_view_show_phtml.html">		view_show.phtml
		</a><br>
	  </div><br />

      
            <b>Classes:</b><br />
        <div class="package">
		    		<a href="../PHPonTrax/.html"></a><br />
	    		<a href="../PHPonTrax/ActionController.html">ActionController</a><br />
	    		<a href="../PHPonTrax/ActionControllerError.html">ActionControllerError</a><br />
	    		<a href="../PHPonTrax/ActionMailer.html">ActionMailer</a><br />
	    		<a href="../PHPonTrax/ActiveRecord.html">ActiveRecord</a><br />
	    		<a href="../PHPonTrax/ActiveRecordError.html">ActiveRecordError</a><br />
	    		<a href="../PHPonTrax/ActiveRecordHelper.html">ActiveRecordHelper</a><br />
	    		<a href="../PHPonTrax/ApplicationController.html">ApplicationController</a><br />
	    		<a href="../PHPonTrax/ApplicationMailer.html">ApplicationMailer</a><br />
	    		<a href="../PHPonTrax/AssetTagHelper.html">AssetTagHelper</a><br />
	    		<a href="../PHPonTrax/DateHelper.html">DateHelper</a><br />
	    		<a href="../PHPonTrax/Dispatcher.html">Dispatcher</a><br />
	    		<a href="../PHPonTrax/FormHelper.html">FormHelper</a><br />
	    		<a href="../PHPonTrax/FormOptionsHelper.html">FormOptionsHelper</a><br />
	    		<a href="../PHPonTrax/FormTagHelper.html">FormTagHelper</a><br />
	    		<a href="../PHPonTrax/Helpers.html">Helpers</a><br />
	    		<a href="../PHPonTrax/Inflector.html">Inflector</a><br />
	    		<a href="../PHPonTrax/InputFilter.html">InputFilter</a><br />
	    		<a href="../PHPonTrax/JavaScriptHelper.html">JavaScriptHelper</a><br />
	    		<a href="../PHPonTrax/Router.html">Router</a><br />
	    		<a href="../PHPonTrax/ScaffoldController.html">ScaffoldController</a><br />
	    		<a href="../PHPonTrax/Session.html">Session</a><br />
	    		<a href="../PHPonTrax/TraxError.html">TraxError</a><br />
	    		<a href="../PHPonTrax/TraxGenerator.html">TraxGenerator</a><br />
	    		<a href="../PHPonTrax/UrlHelper.html">UrlHelper</a><br />
	  </div>

                </td>
    <td>
      <table cellpadding="10" cellspacing="0" width="100%" border="0"><tr><td valign="top">

<h1>Class: InputFilter</h1>
Source Location: /vendor/trax/input_filter.php<br /><br />


<table width="100%" border="0">
<tr><td valign="top">

<h3><a href="#class_details">Class Overview</a></h3>
<pre></pre><br />
<div class="description">Filter user input to remove potential security threats</div><br /><br />
<h4>Author(s):</h4>
<ul>
        </ul>




    


</td>

<td valign="top">
<h3><a href="#class_vars">Variables</a></h3>
<ul>
    <li><a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$attrMethod">$attrMethod</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$tagsMethod">$tagsMethod</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a></li>
  </ul>
</td>


<td valign="top">
<h3><a href="#class_methods">Methods</a></h3>
<ul>
    <li><a href="../PHPonTrax/InputFilter.html#method__construct">__construct</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methoddecode">decode</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodescapeString">escapeString</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">filterAttr</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodprocess">process</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodprocess_all">process_all</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodquoteSmart">quoteSmart</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodremove">remove</a></li>
    <li><a href="../PHPonTrax/InputFilter.html#methodsafeSQL">safeSQL</a></li>
  </ul>
</td>

</tr></table>
<hr />

<table width="100%" border="0"><tr>






</tr></table>
<hr />

<a name="class_details"></a>
<h3>Class Details</h3>
<div class="tags">
[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a32">32</a>]<br />
Filter user input to remove potential security threats<br /><br /><p>InputFilter has three public methods that are useful in protecting   a web site from potential security threats from user input.   <ul><li><a href="../PHPonTrax/InputFilter.html#methodsafeSQL">safeSQL()</a> protects SQL from the user.</li><li><a href="../PHPonTrax/InputFilter.html#methodprocess">process()</a> protects HTML tags and attributes from the
      user.</li><li><a href="../PHPonTrax/InputFilter.html#methodprocess_all">process_all()</a> applies <a href="../PHPonTrax/InputFilter.html#methodprocess">process()</a> to all
      possible sources of user input</li></ul>   For usage instructions see   <a href="../PHPonTrax/tutorial_InputFilter.cls.html">the class tutorial</a>.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>todo:</b>&nbsp;&nbsp;</td><td>Check FIXMEs</td>
  </tr>
</table>
</div>
</div><br /><br />
<div class="top">[ <a href="#top">Top</a> ]</div><br />

<hr />
<a name="class_vars"></a>
<h3>Class Variables</h3>
<div class="tags">
	<a name="var$attrArray"></a>
	<p></p>
	<h4>$attrArray = <span class="value">array()</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a52">52</a>]</p>
  User-provided list of attributes to either accept or reject<br /><br /><p>Whether the attributes in this list are accepted or rejected is   determined by the value of <a href="../PHPonTrax/InputFilter.html#var$attrMethod">$attrMethod</a>.   <strong>FIXME:</strong> static declaration must be after visibility declaration</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">InputFilter::filterAttr()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#method__construct">InputFilter::__construct()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>string[]</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$attrBlacklist"></a>
	<p></p>
	<h4>$attrBlacklist = <span class="value">array('action',&nbsp;'background',&nbsp;'codebase',&nbsp;'dynsrc',&nbsp;'lowsrc')</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a132">132</a>]</p>
  List of attributes to be removed<br /><br /><p>If <a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a> is true, remove the attributes in this list.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>var:</b>&nbsp;&nbsp;</td><td><strong>FIXME:</strong> static declaration must be after visibility declaration</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">InputFilter::filterAttr()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>string[]</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$attrMethod"></a>
	<p></p>
	<h4>$attrMethod = <span class="value">&nbsp;0</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a90">90</a>]</p>
  How to apply user-provided attribute list<br /><br /><p>Which method to use when applying the list of attributes   provided by the user and stored in <a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a>.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>var:</b>&nbsp;&nbsp;</td><td>Tested by <a href="../PHPonTrax/InputFilter.html#methodfilterAttr">filterAttr()</a> to see whether the                user-provide list of tags in <a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a>                describes those tags which are forbidden, or                those tags which are permitted.  Default false.   <ul><li>true =&gt;  Remove  those tags which are in
                 <a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a>.</li><li>false =&gt; Allow only those tags which are listed in
                 <a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a>.</li></ul>   <strong>FIXME:</strong> static declaration must be after visibility declaration</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">InputFilter::filterAttr()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#method__construct">InputFilter::__construct()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>boolean</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$tagBlacklist"></a>
	<p></p>
	<h4>$tagBlacklist = <span class="value">array('applet',&nbsp;'body',&nbsp;'bgsound',&nbsp;'base',&nbsp;'basefont',&nbsp;'embed',<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'frame',&nbsp;'frameset',&nbsp;'head',&nbsp;'html',&nbsp;'id',&nbsp;'iframe',<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ilayer',&nbsp;'layer',&nbsp;'link',&nbsp;'meta',&nbsp;'name',&nbsp;'object',<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'script',&nbsp;'style',&nbsp;'title',&nbsp;'xml')</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a119">119</a>]</p>
  List of tags to be removed<br /><br /><p>If <a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a> is true, remove the tags in this list.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>var:</b>&nbsp;&nbsp;</td><td><strong>FIXME:</strong> static declaration must be after visibility declaration</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>string[]</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$tagsArray"></a>
	<p></p>
	<h4>$tagsArray = <span class="value">array()</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a42">42</a>]</p>
  User-provided list of tags to either accept or reject<br /><br /><p>Whether the tags in this list are accepted or rejected is   determined by the value of <a href="../PHPonTrax/InputFilter.html#var$tagsMethod">$tagsMethod</a>.   <strong>FIXME:</strong> static declaration must be after visibility declaration</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#method__construct">InputFilter::__construct()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>string[]</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$tagsMethod"></a>
	<p></p>
	<h4>$tagsMethod = <span class="value">&nbsp;0</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a71">71</a>]</p>
  How to apply user-provided tags list<br /><br /><p>Which method to use when applying the list of tags provided by   the user and stored in <a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a>.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>var:</b>&nbsp;&nbsp;</td><td>Tested by <a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags()</a> to see whether the                user-provide list of tags in <a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a>                describes those tags which are forbidden, or                those tags which are permitted.  Default false.   <ul><li>true =&gt;  Remove  those tags which are in
                 <a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a>.</li><li>false =&gt; Allow only those tags which are listed in
                 <a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a>.</li></ul>   <strong>FIXME:</strong> static declaration must be after visibility declaration</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#method__construct">InputFilter::__construct()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>boolean</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
	<a name="var$xssAuto"></a>
	<p></p>
	<h4>$xssAuto = <span class="value">&nbsp;1</span></h4>
	<p>[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a110">110</a>]</p>
  Whether to remove blacklisted tags and attributes<br /><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>var:</b>&nbsp;&nbsp;</td><td>Tested by <a href="../PHPonTrax/InputFilter.html#methodfilterAttr">filterAttr()</a> and                <a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags()</a> to see whether to remove                blacklisted tags and attributes.  Default true.   <ul><li>true =&gt; Remove tags in <a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> and
                attributes in <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>, in
                addition to all other potentially suspect tags
                and attributes.</li><li>false =&gt; Remove potentially suspect tags and attributes
      without consulting<a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> or
      <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>.</li></ul>   <strong>FIXME:</strong> static declaration must be after visibility declaration</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">InputFilter::filterAttr()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>static:</b>&nbsp;&nbsp;</td><td></td>
  </tr>
</table>
</div>

  <br />
	<div class="tags">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><b>Type:</b>&nbsp;&nbsp;</td>
      <td>boolean</td>
    </tr>
      </table>
	</div><br /><br />
	<div class="top">[ <a href="#top">Top</a> ]</div><br />
</div><br />

<hr />
<a name="class_methods"></a>
<h3>Class Methods</h3>
<div class="tags">
  <hr />
	<a name="method__construct"></a>
	<h3>constructor __construct <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a174">174</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>InputFilter __construct(
[string[]
$tagsArray = array()], [string[]
$attrArray = array()], [boolean
$tagsMethod = 0], [boolean
$attrMethod = 0], [boolean
$xssAuto = 1])</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Constructor for InputFilter class.<br /><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>public</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodprocess_all">InputFilter::process_all()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$tagsMethod">InputFilter::$tagsMethod</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$tagsArray">InputFilter::$tagsArray</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$attrMethod">InputFilter::$attrMethod</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$attrArray">InputFilter::$attrArray</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string[]&nbsp;&nbsp;</td>
        <td><b>$tagsArray</b>&nbsp;&nbsp;</td>
        <td>User-provided list of tags to                               either accept or reject.  Default: none</td>
      </tr>
          <tr>
        <td class="type">string[]&nbsp;&nbsp;</td>
        <td><b>$attrArray</b>&nbsp;&nbsp;</td>
        <td>User-provided list of attributes to                               either accept or reject.  Default: none</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$tagsMethod</b>&nbsp;&nbsp;</td>
        <td>How to apply the list of tags in $tagsArray:   <ul><li>true =&gt;  Remove  those tags which are listed in
                 $tagsArray.</li><li>false =&gt; Allow only those tags which are listed in
                 $tagsArray.</li></ul>   Default: false</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$attrMethod</b>&nbsp;&nbsp;</td>
        <td>How to apply the list of attributess in $attrArray:   <ul><li>true =&gt;  Remove  those attributes which are listed in
                 $attrArray.</li><li>false =&gt; Allow only those attributes which are listed in
                 $attrArray.</li></ul>   Default: false</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$xssAuto</b>&nbsp;&nbsp;</td>
        <td>Behavior of <a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags()</a>:   <ul><li>true =&gt; Remove tags in <a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> and
                attributes in <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>, in
                addition to all other potentially suspect tags
                and attributes.</li><li>false =&gt; Remove potentially suspect tags and attributes
      without consulting<a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> or
      <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>.</li></ul>   Default: true</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methoddecode"></a>
	<h3>method decode <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a508">508</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string decode(
string
$source)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Convert HTML entities to characters<br /><br /><p>Convert input string containing HTML entities to the   corresponding character (&amp;amp; =&gt; &amp;).  ISO 8859-1 character   set is assumed.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>Input string, with entities converted to characters</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodprocess">InputFilter::process()</a></td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodsafeSQL">InputFilter::safeSQL()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/preg_replace">preg_replace()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/html_entity_decode">html_entity_decode()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/chr">chr()</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>Character string containing HTML entities</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodescapeString"></a>
	<h3>method escapeString <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a601">601</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string escapeString(
string
$string, resource
&$connection)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Escape SQL special characters in string<br /><br /><p>Escape SQL special characters in the input string, taking into   account the character set of the connection.</p><p><strong>FIXME:</strong> since we require PHP 5 can't we remove the use   of mysql_esacape_string()?</p><p><strong>FIXME:</strong>Shouldn't we pass the connection to   mysql_real_escape_string()?</p><p><strong>FIXME:</strong>Is this really RDBMS independent?</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>Value of $string with characters special in                  SQL escaped by '\'s</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/version_compare">version_compare()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodquoteSmart">InputFilter::quoteSmart()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/phpversion">phpversion()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/mysql_real_escape_string">mysql_real_escape_string()</a></td>
  </tr>
  <tr>
    <td><b>author:</b>&nbsp;&nbsp;</td><td>Chris Tobin, Daniel Morris</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/mysql_escape_string">mysql_escape_string()</a></td>
  </tr>
  <tr>
    <td><b>todo:</b>&nbsp;&nbsp;</td><td>Check FIXMEs</td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string&nbsp;&nbsp;</td>
        <td><b>$string</b>&nbsp;&nbsp;</td>
        <td>String to be protected</td>
      </tr>
          <tr>
        <td class="type">resource&nbsp;&nbsp;</td>
        <td><b>$connection</b>&nbsp;&nbsp;</td>
        <td>- An open MySQL connection</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodfilterAttr"></a>
	<h3>method filterAttr <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a446">446</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string[] filterAttr(
string[]
$attrSet)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Internal method to strip a tag of certain attributes<br /><br /><p>Remove potentially dangerous attributes from a set of   &quot;attr=value&quot; strings.  Attributes considered dangerous are:   <ul><li>Any attribute name containing any non-alphabetic
      character</li><li>Any attribute name beginning &quot;on...&quot;</li><li>If <a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a> is true, any attribute name in
      <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a></li><li>Any attribute with a value containing the strings
      'javascript:', 'behaviour:', 'vbscript:', 'mocha:',
      'livescript:'</li><li>Any attribute whose name contains 'style' and whose
      value contains 'expression'.</li><li>If there is a user-provided list of attributes in
      <a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a>, process according to the value of
      <a href="../PHPonTrax/InputFilter.html#var$attrMethod">$attrMethod</a>.</li></ul></p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>Input with potentially dangerous attributes                    removed</td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$xssAuto">InputFilter::$xssAuto</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$attrMethod">InputFilter::$attrMethod</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">InputFilter::$attrBlacklist</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$attrArray">InputFilter::$attrArray</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string[]&nbsp;&nbsp;</td>
        <td><b>$attrSet</b>&nbsp;&nbsp;</td>
        <td>Array of strings &quot;attr=value&quot; parsed                            from a tag.</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodfilterTags"></a>
	<h3>method filterTags <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a318">318</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string filterTags(
string
$source)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove forbidden tags and attributes from a string<br /><br /><p>Inspect the input for tags &quot;&lt;tagname ...&gt;&quot; and check the tag   name against a list of forbidden tag names.  Delete all tags   with forbidden names.  If <a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a> is true, delete all   tags in <a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a>.  If there is a user-defined tag   list in <a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a>, process according to the value of   <a href="../PHPonTrax/InputFilter.html#var$tagsMethod">$tagsMethod</a>.</p><p>If the tag name is OK, then call <a href="../PHPonTrax/InputFilter.html#methodfilterAttr">filterAttr()</a> to check   all attributes of the tag and delete forbidden attributes.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>Cleaned version of input parameter</td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodremove">InputFilter::remove()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$xssAuto">InputFilter::$xssAuto</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$tagsMethod">InputFilter::$tagsMethod</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">InputFilter::$tagBlacklist</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#var$tagsArray">InputFilter::$tagsArray</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">InputFilter::filterAttr()</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>Input string to be 'cleaned'</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodprocess"></a>
	<h3>method process <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a260">260</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>mixed process(
mixed
$source)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove forbidden tags and attributes from array of strings<br /><br /><p>Accept a string or array of strings.  For each string in the   source, remove the forbidden tags and attributes from the string.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>'cleaned' version of input parameter</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodprocess_all">InputFilter::process_all()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>public</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodremove">InputFilter::remove()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methoddecode">InputFilter::decode()</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">mixed&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>- input string/array-of-string to be 'cleaned'</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodprocess_all"></a>
	<h3>method process_all <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a234">234</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>void process_all(
[string[]
$tagsArray = array()], [string[]
$attrArray = array()], [boolean
$tagsMethod = 0], [boolean
$attrMethod = 0], [boolean
$xssAuto = 1])</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove forbidden tags and attributes from user input<br /><br /><p>Construct an InputFilter object.  Then apply the   <a href="../PHPonTrax/InputFilter.html#methodprocess">process()</a> method to each of the user input arrays   <a href="http://www.php.net/reserved.variables#reserved.variables.post">$_POST</a>,   <a href="http://www.php.net/reserved.variables#reserved.variables.get">$_GET</a> and   <a href="http://www.php.net/reserved.variables#reserved.variables.request">$_REQUEST</a>.   <strong>FIXME:</strong> isn't it partly redundant to do this to $_REQUEST?   Shouldn't we do it to $_COOKIE instead?</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>public</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/Dispatcher.html#methoddispatch">Dispatcher::dispatch()</a></td>
  </tr>
  <tr>
    <td><b>todo:</b>&nbsp;&nbsp;</td><td>Check out FIXMEs</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodprocess">InputFilter::process()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#method__construct">InputFilter::__construct()</a></td>
  </tr>
  <tr>
    <td><b>author:</b>&nbsp;&nbsp;</td><td>John Peterson</td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string[]&nbsp;&nbsp;</td>
        <td><b>$tagsArray</b>&nbsp;&nbsp;</td>
        <td>User-provided list of tags to                               either accept or reject.  Default: none</td>
      </tr>
          <tr>
        <td class="type">string[]&nbsp;&nbsp;</td>
        <td><b>$attrArray</b>&nbsp;&nbsp;</td>
        <td>User-provided list of attributes to                               either accept or reject.  Default: none</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$tagsMethod</b>&nbsp;&nbsp;</td>
        <td>How to apply the list of tags in $tagsArray:   <ul><li>true =&gt;  Remove  those tags which are listed in
                 $tagsArray.</li><li>false =&gt; Allow only those tags which are listed in
                 $tagsArray.</li></ul>   Default: false</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$attrMethod</b>&nbsp;&nbsp;</td>
        <td>How to apply the list of attributess in $attrArray:   <ul><li>true =&gt;  Remove  those attributes which are listed in
                 $attrArray.</li><li>false =&gt; Allow only those attributes which are listed in
                 $attrArray.</li></ul>   Default: false</td>
      </tr>
          <tr>
        <td class="type">boolean&nbsp;&nbsp;</td>
        <td><b>$xssAuto</b>&nbsp;&nbsp;</td>
        <td>Behavior of <a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags()</a>:   <ul><li>true =&gt; Remove tags in <a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> and
                attributes in <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>, in
                addition to all other potentially suspect tags
                and attributes.</li><li>false =&gt; Remove potentially suspect tags and attributes
      without consulting<a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> or
      <a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a>.</li></ul>   Default: true</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodquoteSmart"></a>
	<h3>method quoteSmart <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a569">569</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string quoteSmart(
string
$source, resource
&$connection)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove GPC magic quotes from input string &amp; escape SQL special   characters<br /><br /><p>The input is a string that came from a GET or POST HTTP   operation, or a cookie.  If GPC magic quotes are currently in   effect, the resulting slashes are stripped.  Then any SQL   special characters in the string are escaped, taking into   account the character set in use on $connection.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>Input string with any GPC magic quotes stripped                  and SQL special characters escaped</td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodsafeSQL">InputFilter::safeSQL()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/stripslashes">stripslashes()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="http://www.php.net/get_magic_quotes_gpc">get_magic_quotes_gpc()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodescapeString">InputFilter::escapeString()</a></td>
  </tr>
  <tr>
    <td><b>author:</b>&nbsp;&nbsp;</td><td>Chris Tobin, Daniel Morris</td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>Input string to be converted</td>
      </tr>
          <tr>
        <td class="type">resource&nbsp;&nbsp;</td>
        <td><b>$connection</b>&nbsp;&nbsp;</td>
        <td>An open MySQL connection</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodremove"></a>
	<h3>method remove <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a287">287</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>string remove(
string
$source)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove forbidden tags and attributes from a string iteratively<br /><br /><p>Call <a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags()</a> repeatedly until no change in the   input is produced.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>'cleaned' version of $source</td>
  </tr>
  <tr>
    <td><b>usedby:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodprocess">InputFilter::process()</a></td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>protected</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodfilterTags">InputFilter::filterTags()</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">string&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>Input string to be 'cleaned'</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
  <hr />
	<a name="methodsafeSQL"></a>
	<h3>method safeSQL <span class="smalllinenumber">[line <a href="..//__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html#a536">536</a>]</span></h3>
	<div class="function">
    <table width="90%" border="0" cellspacing="0" cellpadding="1"><tr><td class="code_border">
    <table width="100%" border="0" cellspacing="0" cellpadding="2"><tr><td class="code">
		<code>mixed safeSQL(
mixed
$source, resource
&$connection)</code>
    </td></tr></table>
    </td></tr></table><br />
	
		Remove HTML entities and magic quotes, insert SQL special   character escapes<br /><br /><p>If the input is a string or an array of strings, then each   string is edited to convert any HTML entities to the   corresponding character and remove slashes inserted by   <a href="http://www.php.net/manual/en/security.magicquotes.php">magic quotes</a>,   then the result has SQL special characters   escaped.</p><br /><br /><br />
<h4>Tags:</h4>
<div class="tags">
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><b>return:</b>&nbsp;&nbsp;</td><td>with HTML entities and GPC magic quotes                 removed from, and SQL special character escapes                 inserted in, the string or array of strings.</td>
  </tr>
  <tr>
    <td><b>access:</b>&nbsp;&nbsp;</td><td>public</td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methodquoteSmart">InputFilter::quoteSmart()</a></td>
  </tr>
  <tr>
    <td><b>uses:</b>&nbsp;&nbsp;</td><td><a href="../PHPonTrax/InputFilter.html#methoddecode">InputFilter::decode()</a></td>
  </tr>
</table>
</div>
<br /><br />


        <h4>Parameters:</h4>
    <div class="tags">
    <table border="0" cellspacing="0" cellpadding="0">
          <tr>
        <td class="type">mixed&nbsp;&nbsp;</td>
        <td><b>$source</b>&nbsp;&nbsp;</td>
        <td>Input to be 'cleaned'</td>
      </tr>
          <tr>
        <td class="type">resource&nbsp;&nbsp;</td>
        <td><b>$connection</b>&nbsp;&nbsp;</td>
        <td>An open MySQL connection</td>
      </tr>
        </table>
    </div><br />
        <div class="top">[ <a href="#top">Top</a> ]</div>
  </div>
</div><br />


        <div class="credit">
		    <hr />
		    Documentation generated on Thu, 04 May 2006 19:47:49 -0600 by <a href="http://www.phpdoc.org">phpDocumentor 1.3.0RC4</a>
	      </div>
      </td></tr></table>
    </td>
  </tr>
</table>

</body>
</html>
Return current item: PHP on Trax