Location: PHPKode > projects > PHP on Trax > johnpipi-trax-f599562/trax/doc/__filesource/fsource_PHPonTrax__vendortraxinput_filter.php.html
<html>
<head>
<title>File Source for input_filter.php</title>
<link rel="stylesheet" type="text/css" href="../media/style.css">
</head>
<body>

<table border="0" cellspacing="0" cellpadding="0" height="48" width="100%">
  <tr>
    <td class="header_top">PHPonTrax</td>
  </tr>
  <tr><td class="header_line"><img src="../media/empty.png" width="1" height="1" border="0" alt=""  /></td></tr>
  <tr>
    <td class="header_menu">
  		  [ <a href="../classtrees_PHPonTrax.html" class="menu">class tree: PHPonTrax</a> ]
		  [ <a href="../elementindex_PHPonTrax.html" class="menu">index: PHPonTrax</a> ]
		  [ <a href="../elementindex.html" class="menu">all elements</a> ]
    </td>
  </tr>
  <tr><td class="header_line"><img src="../media/empty.png" width="1" height="1" border="0" alt=""  /></td></tr>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="200" class="menu">
	<div id="todolist">
			<p><a href="../todolist.html">Todo List</a></p>
	</div>
      <b>Packages:</b><br />
              <a href="../li_PHPonTrax.html">PHPonTrax</a><br />
              <a href="../li_PHPonTraxTest.html">PHPonTraxTest</a><br />
            <br /><br />
                  
                </td>
    <td>
      <table cellpadding="10" cellspacing="0" width="100%" border="0"><tr><td valign="top">

<h1 align="center">Source for file input_filter.php</h1>
<p>Documentation is available at <a href="../PHPonTrax/_vendor_trax_input_filter_php.html">input_filter.php</a></p>
<div class="php">
<div class="listing"><pre><ol><li><a name="a1"></a><span class="src-php">&lt;?php</span></li>
<li><a name="a2"></a><span class="src-doc">/**</span></li>
<li><a name="a3"></a><span class="src-doc"> *  File containing the InputFilter class</span></li>
<li><a name="a4"></a><span class="src-doc"> *</span></li>
<li><a name="a5"></a><span class="src-doc"> *  (PHP 5)</span></li>
<li><a name="a6"></a><span class="src-doc"> *</span></li>
<li><a name="a7"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@package</span><span class="src-doc"> PHPonTrax</span></li>
<li><a name="a8"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@version</span><span class="src-doc"> $Id$</span></li>
<li><a name="a9"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@author</span><span class="src-doc"> Daniel Morris</span></li>
<li><a name="a10"></a><span class="src-doc"> *   contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider,</span></li>
<li><a name="a11"></a><span class="src-doc"> *                 Chris Tobin and Andrew Eddie.</span></li>
<li><a name="a12"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@copyright</span><span class="src-doc"> Daniel Morris &lt;hide@address.com&gt;</span></li>
<li><a name="a13"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@license</span><span class="src-doc"> http://opensource.org/licenses/gpl-license.php GNU Public License</span></li>
<li><a name="a14"></a><span class="src-doc"> */</span></li>
<li><a name="a15"></a>&nbsp;</li>
<li><a name="a16"></a><span class="src-doc">/**</span></li>
<li><a name="a17"></a><span class="src-doc"> *  Filter user input to remove potential security threats</span></li>
<li><a name="a18"></a><span class="src-doc"> *</span></li>
<li><a name="a19"></a><span class="src-doc"> *  InputFilter has three public methods that are useful in protecting</span></li>
<li><a name="a20"></a><span class="src-doc"> *  a web site from potential security threats from user input.</span></li>
<li><a name="a21"></a><span class="src-doc"> *  &lt;ul&gt;</span></li>
<li><a name="a22"></a><span class="src-doc"> *    &lt;li&gt;</span><span class="src-doc-inlinetag">{@link safeSQL()}</span><span class="src-doc"> protects SQL from the user.&lt;/li&gt;</span></li>
<li><a name="a23"></a><span class="src-doc"> *    &lt;li&gt;</span><span class="src-doc-inlinetag">{@link process()}</span><span class="src-doc"> protects HTML tags and attributes from the</span></li>
<li><a name="a24"></a><span class="src-doc"> *      user.&lt;/li&gt;</span></li>
<li><a name="a25"></a><span class="src-doc"> *    &lt;li&gt;</span><span class="src-doc-inlinetag">{@link process_all()}</span><span class="src-doc"> applies </span><span class="src-doc-inlinetag">{@link process()}</span><span class="src-doc"> to all</span></li>
<li><a name="a26"></a><span class="src-doc"> *      possible sources of user input&lt;/li&gt;</span></li>
<li><a name="a27"></a><span class="src-doc"> *  &lt;/ul&gt;</span></li>
<li><a name="a28"></a><span class="src-doc"> *  For usage instructions see</span></li>
<li><a name="a29"></a><span class="src-doc"> *  </span><span class="src-doc-inlinetag">{@tutorial PHPonTrax/InputFilter.cls the class tutorial}</span><span class="src-doc">.</span></li>
<li><a name="a30"></a><span class="src-doc"> *  </span><span class="src-doc-coretag">@todo</span><span class="src-doc"> Check FIXMEs</span></li>
<li><a name="a31"></a><span class="src-doc"> */</span></li>
<li><a name="a32"></a><span class="src-key">class </span><a href="../PHPonTrax/InputFilter.html">InputFilter</a> <span class="src-sym">{</span></li>
<li><a name="a33"></a>    </li>
<li><a name="a34"></a>    <span class="src-doc">/**</span></li>
<li><a name="a35"></a><span class="src-doc">     *  User-provided list of tags to either accept or reject</span></li>
<li><a name="a36"></a><span class="src-doc">     *</span></li>
<li><a name="a37"></a><span class="src-doc">     *  Whether the tags in this list are accepted or rejected is</span></li>
<li><a name="a38"></a><span class="src-doc">     *  determined by the value of </span><span class="src-doc-inlinetag">{@link $tagsMethod}</span><span class="src-doc">.</span></li>
<li><a name="a39"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a40"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">string[] </span></li>
<li><a name="a41"></a><span class="src-doc">     */</span></li>
<li><a name="a42"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$tagsArray">$tagsArray</a> = <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">;    </span><span class="src-comm">// default = empty array</span></li>
<li><a name="a43"></a>    </li>
<li><a name="a43"></a>        </li>
<li><a name="a44"></a>    <span class="src-doc">/**</span></li>
<li><a name="a45"></a><span class="src-doc">     *  User-provided list of attributes to either accept or reject</span></li>
<li><a name="a46"></a><span class="src-doc">     *</span></li>
<li><a name="a47"></a><span class="src-doc">     *  Whether the attributes in this list are accepted or rejected is</span></li>
<li><a name="a48"></a><span class="src-doc">     *  determined by the value of </span><span class="src-doc-inlinetag">{@link $attrMethod}</span><span class="src-doc">.</span></li>
<li><a name="a49"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a50"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">string[] </span></li>
<li><a name="a51"></a><span class="src-doc">     */</span></li>
<li><a name="a52"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$attrArray">$attrArray</a> = <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">;    </span><span class="src-comm">// default = empty array</span></li>
<li><a name="a53"></a>    </li>
<li><a name="a53"></a>        </li>
<li><a name="a54"></a>    <span class="src-doc">/**</span></li>
<li><a name="a55"></a><span class="src-doc">     *  How to apply user-provided tags list</span></li>
<li><a name="a56"></a><span class="src-doc">     *</span></li>
<li><a name="a57"></a><span class="src-doc">     *  Which method to use when applying the list of tags provided by</span></li>
<li><a name="a58"></a><span class="src-doc">     *  the user and stored in </span><span class="src-doc-inlinetag">{@link $tagsArray}</span><span class="src-doc">.</span></li>
<li><a name="a59"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">boolean </span><span class="src-doc">Tested by </span><span class="src-doc-inlinetag">{@link filterTags()}</span><span class="src-doc"> to see whether the</span></li>
<li><a name="a60"></a><span class="src-doc">     *                user-provide list of tags in </span><span class="src-doc-inlinetag">{@link $tagsArray}</span></li>
<li><a name="a61"></a><span class="src-doc">     *                describes those tags which are forbidden, or</span></li>
<li><a name="a62"></a><span class="src-doc">     *                those tags which are permitted.  Default false.</span></li>
<li><a name="a63"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a64"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those tags which are in</span></li>
<li><a name="a65"></a><span class="src-doc">     *                  </span><span class="src-doc-inlinetag">{@link $tagsArray}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a66"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those tags which are listed in</span></li>
<li><a name="a67"></a><span class="src-doc">     *                  </span><span class="src-doc-inlinetag">{@link $tagsArray}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a68"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a69"></a><span class="src-doc">     *   &lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a70"></a><span class="src-doc">     */</span></li>
<li><a name="a71"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$tagsMethod">$tagsMethod</a> = <span class="src-num">0</span><span class="src-sym">;    </span><span class="src-comm">// default = 0</span></li>
<li><a name="a72"></a>    </li>
<li><a name="a72"></a>        </li>
<li><a name="a73"></a>    <span class="src-doc">/**</span></li>
<li><a name="a74"></a><span class="src-doc">     *  How to apply user-provided attribute list</span></li>
<li><a name="a75"></a><span class="src-doc">     *</span></li>
<li><a name="a76"></a><span class="src-doc">     *  Which method to use when applying the list of attributes</span></li>
<li><a name="a77"></a><span class="src-doc">     *  provided by the user and stored in </span><span class="src-doc-inlinetag">{@link $attrArray}</span><span class="src-doc">.</span></li>
<li><a name="a78"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">boolean </span><span class="src-doc">Tested by </span><span class="src-doc-inlinetag">{@link filterAttr()}</span><span class="src-doc"> to see whether the</span></li>
<li><a name="a79"></a><span class="src-doc">     *                user-provide list of tags in </span><span class="src-doc-inlinetag">{@link $attrArray}</span></li>
<li><a name="a80"></a><span class="src-doc">     *                describes those tags which are forbidden, or</span></li>
<li><a name="a81"></a><span class="src-doc">     *                those tags which are permitted.  Default false.</span></li>
<li><a name="a82"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a83"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those tags which are in</span></li>
<li><a name="a84"></a><span class="src-doc">     *                  </span><span class="src-doc-inlinetag">{@link $attrArray}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a85"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those tags which are listed in</span></li>
<li><a name="a86"></a><span class="src-doc">     *                  </span><span class="src-doc-inlinetag">{@link $attrArray}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a87"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a88"></a><span class="src-doc">     *   &lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a89"></a><span class="src-doc">     */</span></li>
<li><a name="a90"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$attrMethod">$attrMethod</a> = <span class="src-num">0</span><span class="src-sym">;    </span><span class="src-comm">// default = 0</span></li>
<li><a name="a91"></a>&nbsp;</li>
<li><a name="a92"></a>    </li>
<li><a name="a91"></a>    </li>
<li><a name="a92"></a>    </li>
<li><a name="a93"></a>    <span class="src-doc">/**</span></li>
<li><a name="a94"></a><span class="src-doc">     *  Whether to remove blacklisted tags and attributes</span></li>
<li><a name="a95"></a><span class="src-doc">     *</span></li>
<li><a name="a96"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">boolean </span><span class="src-doc">Tested by </span><span class="src-doc-inlinetag">{@link filterAttr()}</span><span class="src-doc"> and</span></li>
<li><a name="a97"></a><span class="src-doc">     *                </span><span class="src-doc-inlinetag">{@link filterTags()}</span><span class="src-doc"> to see whether to remove</span></li>
<li><a name="a98"></a><span class="src-doc">     *                blacklisted tags and attributes.  Default true.</span></li>
<li><a name="a99"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a100"></a><span class="src-doc">     *     &lt;li&gt;true =&gt; Remove tags in </span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> and</span></li>
<li><a name="a101"></a><span class="src-doc">     *                 attributes in </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">, in</span></li>
<li><a name="a102"></a><span class="src-doc">     *                 addition to all other potentially suspect tags</span></li>
<li><a name="a103"></a><span class="src-doc">     *                 and attributes.&lt;/li&gt;</span></li>
<li><a name="a104"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Remove potentially suspect tags and attributes</span></li>
<li><a name="a105"></a><span class="src-doc">     *       without consulting</span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> or</span></li>
<li><a name="a106"></a><span class="src-doc">     *       </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a107"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a108"></a><span class="src-doc">     *   &lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a109"></a><span class="src-doc">     */</span></li>
<li><a name="a110"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$xssAuto">$xssAuto</a> = <span class="src-num">1</span><span class="src-sym">;     </span><span class="src-comm">// default = 1</span></li>
<li><a name="a111"></a>    </li>
<li><a name="a111"></a>        </li>
<li><a name="a112"></a>    <span class="src-doc">/**</span></li>
<li><a name="a113"></a><span class="src-doc">     *  List of tags to be removed</span></li>
<li><a name="a114"></a><span class="src-doc">     *</span></li>
<li><a name="a115"></a><span class="src-doc">     *  If </span><span class="src-doc-inlinetag">{@link $xssAuto}</span><span class="src-doc"> is true, remove the tags in this list.</span></li>
<li><a name="a116"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">string[] </span></li>
<li><a name="a117"></a><span class="src-doc">     *   </span><span class="src-doc">&lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a118"></a><span class="src-doc">     */</span></li>
<li><a name="a119"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$tagBlacklist">$tagBlacklist</a> =</li>
<li><a name="a120"></a>        <span class="src-key">array</span><span class="src-sym">(</span><span class="src-str">'applet'</span><span class="src-sym">, </span><span class="src-str">'body'</span><span class="src-sym">, </span><span class="src-str">'bgsound'</span><span class="src-sym">, </span><span class="src-str">'base'</span><span class="src-sym">, </span><span class="src-str">'basefont'</span><span class="src-sym">, </span><span class="src-str">'embed'</span><span class="src-sym">,</span></li>
<li><a name="a121"></a>              <span class="src-str">'frame'</span><span class="src-sym">, </span><span class="src-str">'frameset'</span><span class="src-sym">, </span><span class="src-str">'head'</span><span class="src-sym">, </span><span class="src-str">'html'</span><span class="src-sym">, </span><span class="src-str">'id'</span><span class="src-sym">, </span><span class="src-str">'iframe'</span><span class="src-sym">,</span></li>
<li><a name="a122"></a>              <span class="src-str">'ilayer'</span><span class="src-sym">, </span><span class="src-str">'layer'</span><span class="src-sym">, </span><span class="src-str">'link'</span><span class="src-sym">, </span><span class="src-str">'meta'</span><span class="src-sym">, </span><span class="src-str">'name'</span><span class="src-sym">, </span><span class="src-str">'object'</span><span class="src-sym">,</span></li>
<li><a name="a123"></a>              <span class="src-str">'script'</span><span class="src-sym">, </span><span class="src-str">'style'</span><span class="src-sym">, </span><span class="src-str">'title'</span><span class="src-sym">, </span><span class="src-str">'xml'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a124"></a>    </li>
<li><a name="a125"></a>    <span class="src-doc">/**</span></li>
<li><a name="a126"></a><span class="src-doc">     *  List of attributes to be removed</span></li>
<li><a name="a127"></a><span class="src-doc">     *</span></li>
<li><a name="a128"></a><span class="src-doc">     *  If </span><span class="src-doc-inlinetag">{@link $xssAuto}</span><span class="src-doc"> is true, remove the attributes in this list.</span></li>
<li><a name="a129"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@var </span><span class="src-doc-type">string[] </span></li>
<li><a name="a130"></a><span class="src-doc">     *   </span><span class="src-doc">&lt;b&gt;FIXME:&lt;/b&gt; static declaration must be after visibility declaration</span></li>
<li><a name="a131"></a><span class="src-doc">     */</span></li>
<li><a name="a132"></a>    <span class="src-key">static </span><span class="src-key">protected </span><a href="../PHPonTrax/InputFilter.html#var$attrBlacklist">$attrBlacklist</a> =</li>
<li><a name="a133"></a>        <span class="src-key">array</span><span class="src-sym">(</span><span class="src-str">'action'</span><span class="src-sym">, </span><span class="src-str">'background'</span><span class="src-sym">, </span><span class="src-str">'codebase'</span><span class="src-sym">, </span><span class="src-str">'dynsrc'</span><span class="src-sym">, </span><span class="src-str">'lowsrc'</span><span class="src-sym">)</span><span class="src-sym">; </span></li>
<li><a name="a134"></a>        </li>
<li><a name="a135"></a>    <span class="src-doc">/** </span></li>
<li><a name="a136"></a><span class="src-doc">     *  Constructor for InputFilter class.</span></li>
<li><a name="a137"></a><span class="src-doc">     *</span></li>
<li><a name="a138"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string[] </span><span class="src-doc-var">$tagsArray </span><span class="src-doc"> User-provided list of tags to</span></li>
<li><a name="a139"></a><span class="src-doc">     *                               either accept or reject.  Default: none</span></li>
<li><a name="a140"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string[] </span><span class="src-doc-var">$attrArray </span><span class="src-doc"> User-provided list of attributes to</span></li>
<li><a name="a141"></a><span class="src-doc">     *                               either accept or reject.  Default: none</span></li>
<li><a name="a142"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$tagsMethod </span><span class="src-doc">How to apply the list of tags in $tagsArray:</span></li>
<li><a name="a143"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a144"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those tags which are listed in</span></li>
<li><a name="a145"></a><span class="src-doc">     *                  $tagsArray.&lt;/li&gt;</span></li>
<li><a name="a146"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those tags which are listed in</span></li>
<li><a name="a147"></a><span class="src-doc">     *                  $tagsArray.&lt;/li&gt;</span></li>
<li><a name="a148"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a149"></a><span class="src-doc">     *   Default: false</span></li>
<li><a name="a150"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$attrMethod </span><span class="src-doc">How to apply the list of attributess in $attrArray:</span></li>
<li><a name="a151"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a152"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those attributes which are listed in</span></li>
<li><a name="a153"></a><span class="src-doc">     *                  $attrArray.&lt;/li&gt;</span></li>
<li><a name="a154"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those attributes which are listed in</span></li>
<li><a name="a155"></a><span class="src-doc">     *                  $attrArray.&lt;/li&gt;</span></li>
<li><a name="a156"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a157"></a><span class="src-doc">     *   Default: false</span></li>
<li><a name="a158"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$xssAuto </span><span class="src-doc">Behavior of </span><span class="src-doc-inlinetag">{@link filterTags()}</span><span class="src-doc">:</span></li>
<li><a name="a159"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a160"></a><span class="src-doc">     *     &lt;li&gt;true =&gt; Remove tags in </span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> and</span></li>
<li><a name="a161"></a><span class="src-doc">     *                 attributes in </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">, in</span></li>
<li><a name="a162"></a><span class="src-doc">     *                 addition to all other potentially suspect tags</span></li>
<li><a name="a163"></a><span class="src-doc">     *                 and attributes.&lt;/li&gt;</span></li>
<li><a name="a164"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Remove potentially suspect tags and attributes</span></li>
<li><a name="a165"></a><span class="src-doc">     *       without consulting</span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> or</span></li>
<li><a name="a166"></a><span class="src-doc">     *       </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a167"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a168"></a><span class="src-doc">     *   Default: true</span></li>
<li><a name="a169"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $attrArray</span></li>
<li><a name="a170"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $attrMethod</span></li>
<li><a name="a171"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $tagsArray</span></li>
<li><a name="a172"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $tagsMethod</span></li>
<li><a name="a173"></a><span class="src-doc">     */</span></li>
<li><a name="a174"></a>    <span class="src-key">public </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#method__construct">__construct</a><span class="src-sym">(</span><span class="src-var">$tagsArray </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-var">$attrArray </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">,</span></li>
<li><a name="a175"></a>                                <span class="src-var">$tagsMethod </span>= <span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$attrMethod </span>= <span class="src-num">0</span><span class="src-sym">,</span></li>
<li><a name="a176"></a>                                <span class="src-var">$xssAuto </span>= <span class="src-num">1</span><span class="src-sym">) </span><span class="src-sym">{ </span></li>
<li><a name="a177"></a>        <span class="src-comm">// make sure user defined arrays are in lowercase</span></li>
<li><a name="a178"></a>        <span class="src-key">for </span><span class="src-sym">(</span><span class="src-var">$i </span>= <span class="src-num">0</span><span class="src-sym">; </span><span class="src-var">$i </span>&lt; <a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$tagsArray</span><span class="src-sym">)</span><span class="src-sym">; </span><span class="src-var">$i</span>++<span class="src-sym">) </span><span class="src-var">$tagsArray</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">] </span>= <a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$tagsArray</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a179"></a>        <span class="src-key">for </span><span class="src-sym">(</span><span class="src-var">$i </span>= <span class="src-num">0</span><span class="src-sym">; </span><span class="src-var">$i </span>&lt; <a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$attrArray</span><span class="src-sym">)</span><span class="src-sym">; </span><span class="src-var">$i</span>++<span class="src-sym">) </span><span class="src-var">$attrArray</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">] </span>= <a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrArray</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a180"></a>        <span class="src-comm">// assign to member vars</span></li>
<li><a name="a181"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagsArray </span>= (array) <span class="src-var">$tagsArray</span><span class="src-sym">;</span></li>
<li><a name="a182"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrArray </span>= (array) <span class="src-var">$attrArray</span><span class="src-sym">;</span></li>
<li><a name="a183"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagsMethod </span>= <span class="src-var">$tagsMethod</span><span class="src-sym">;</span></li>
<li><a name="a184"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrMethod </span>= <span class="src-var">$attrMethod</span><span class="src-sym">;</span></li>
<li><a name="a185"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$xssAuto </span>= <span class="src-var">$xssAuto</span><span class="src-sym">;</span></li>
<li><a name="a186"></a>    <span class="src-sym">}</span></li>
<li><a name="a187"></a>&nbsp;</li>
<li><a name="a188"></a>    <span class="src-doc">/**</span></li>
<li><a name="a189"></a><span class="src-doc">     *  Remove forbidden tags and attributes from user input</span></li>
<li><a name="a190"></a><span class="src-doc">     *</span></li>
<li><a name="a191"></a><span class="src-doc">     *  Construct an InputFilter object.  Then apply the</span></li>
<li><a name="a192"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link process()}</span><span class="src-doc"> method to each of the user input arrays</span></li>
<li><a name="a193"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link http://www.php.net/reserved.variables#reserved.variables.post $_POST}</span><span class="src-doc">,</span></li>
<li><a name="a194"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link http://www.php.net/reserved.variables#reserved.variables.get $_GET}</span><span class="src-doc"> and</span></li>
<li><a name="a195"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link http://www.php.net/reserved.variables#reserved.variables.request $_REQUEST}</span><span class="src-doc">.</span></li>
<li><a name="a196"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt; isn't it partly redundant to do this to $_REQUEST?</span></li>
<li><a name="a197"></a><span class="src-doc">     *  Shouldn't we do it to $_COOKIE instead?</span></li>
<li><a name="a198"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string[] </span><span class="src-doc-var">$tagsArray </span><span class="src-doc"> User-provided list of tags to</span></li>
<li><a name="a199"></a><span class="src-doc">     *                               either accept or reject.  Default: none</span></li>
<li><a name="a200"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string[] </span><span class="src-doc-var">$attrArray </span><span class="src-doc"> User-provided list of attributes to</span></li>
<li><a name="a201"></a><span class="src-doc">     *                               either accept or reject.  Default: none</span></li>
<li><a name="a202"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$tagsMethod </span><span class="src-doc">How to apply the list of tags in $tagsArray:</span></li>
<li><a name="a203"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a204"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those tags which are listed in</span></li>
<li><a name="a205"></a><span class="src-doc">     *                  $tagsArray.&lt;/li&gt;</span></li>
<li><a name="a206"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those tags which are listed in</span></li>
<li><a name="a207"></a><span class="src-doc">     *                  $tagsArray.&lt;/li&gt;</span></li>
<li><a name="a208"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a209"></a><span class="src-doc">     *   Default: false</span></li>
<li><a name="a210"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$attrMethod </span><span class="src-doc">How to apply the list of attributess in $attrArray:</span></li>
<li><a name="a211"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a212"></a><span class="src-doc">     *     &lt;li&gt;true =&gt;  Remove  those attributes which are listed in</span></li>
<li><a name="a213"></a><span class="src-doc">     *                  $attrArray.&lt;/li&gt;</span></li>
<li><a name="a214"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Allow only those attributes which are listed in</span></li>
<li><a name="a215"></a><span class="src-doc">     *                  $attrArray.&lt;/li&gt;</span></li>
<li><a name="a216"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a217"></a><span class="src-doc">     *   Default: false</span></li>
<li><a name="a218"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">boolean </span><span class="src-doc-var">$xssAuto </span><span class="src-doc">Behavior of </span><span class="src-doc-inlinetag">{@link filterTags()}</span><span class="src-doc">:</span></li>
<li><a name="a219"></a><span class="src-doc">     *   &lt;ul&gt;</span></li>
<li><a name="a220"></a><span class="src-doc">     *     &lt;li&gt;true =&gt; Remove tags in </span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> and</span></li>
<li><a name="a221"></a><span class="src-doc">     *                 attributes in </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">, in</span></li>
<li><a name="a222"></a><span class="src-doc">     *                 addition to all other potentially suspect tags</span></li>
<li><a name="a223"></a><span class="src-doc">     *                 and attributes.&lt;/li&gt;</span></li>
<li><a name="a224"></a><span class="src-doc">     *     &lt;li&gt;false =&gt; Remove potentially suspect tags and attributes</span></li>
<li><a name="a225"></a><span class="src-doc">     *       without consulting</span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc"> or</span></li>
<li><a name="a226"></a><span class="src-doc">     *       </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a227"></a><span class="src-doc">     *   &lt;/ul&gt;</span></li>
<li><a name="a228"></a><span class="src-doc">     *   Default: true</span></li>
<li><a name="a229"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@author</span><span class="src-doc"> John Peterson</span></li>
<li><a name="a230"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> __construct()</span></li>
<li><a name="a231"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> process()</span></li>
<li><a name="a232"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@todo</span><span class="src-doc"> Check out FIXMEs</span></li>
<li><a name="a233"></a><span class="src-doc">     */</span></li>
<li><a name="a234"></a>    <span class="src-key">public </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodprocess_all">process_all</a><span class="src-sym">(</span><span class="src-var">$tagsArray </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-var">$attrArray </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">,</span></li>
<li><a name="a235"></a>                                <span class="src-var">$tagsMethod </span>= <span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$attrMethod </span>= <span class="src-num">0</span><span class="src-sym">,</span></li>
<li><a name="a236"></a>                                <span class="src-var">$xssAuto </span>= <span class="src-num">1</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a237"></a>        <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">__construct</span><span class="src-sym">(</span><span class="src-var">$tagsArray</span><span class="src-sym">, </span><span class="src-var">$attrArray</span><span class="src-sym">, </span><span class="src-var">$tagsMethod</span><span class="src-sym">,</span></li>
<li><a name="a238"></a>                          <span class="src-var">$attrMethod</span><span class="src-sym">, </span><span class="src-var">$xssAuto</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a239"></a>        <span class="src-key">if</span><span class="src-sym">(</span><a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$_POST</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a240"></a>            <span class="src-var">$_POST </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">process</span><span class="src-sym">(</span><span class="src-var">$_POST</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a241"></a>        <span class="src-sym">}</span></li>
<li><a name="a242"></a>        <span class="src-key">if</span><span class="src-sym">(</span><a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$_GET</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a243"></a>            <span class="src-var">$_GET </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">process</span><span class="src-sym">(</span><span class="src-var">$_GET</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a244"></a>        <span class="src-sym">}</span></li>
<li><a name="a245"></a>        <span class="src-key">if</span><span class="src-sym">(</span><a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$_REQUEST</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a246"></a>            <span class="src-var">$_REQUEST </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">process</span><span class="src-sym">(</span><span class="src-var">$_REQUEST</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a247"></a>        <span class="src-sym">}</span></li>
<li><a name="a248"></a>    <span class="src-sym">}</span></li>
<li><a name="a249"></a>    </li>
<li><a name="a250"></a>    <span class="src-doc">/** </span></li>
<li><a name="a251"></a><span class="src-doc">     *  Remove forbidden tags and attributes from array of strings</span></li>
<li><a name="a252"></a><span class="src-doc">     *</span></li>
<li><a name="a253"></a><span class="src-doc">     *  Accept a string or array of strings.  For each string in the</span></li>
<li><a name="a254"></a><span class="src-doc">     *  source, remove the forbidden tags and attributes from the string.</span></li>
<li><a name="a255"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">mixed </span><span class="src-doc-var">$source </span><span class="src-doc">- input string/array-of-string to be 'cleaned'</span></li>
<li><a name="a256"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">mixed </span><span class="src-doc">'cleaned' version of input parameter</span></li>
<li><a name="a257"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> decode()</span></li>
<li><a name="a258"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> remove()</span></li>
<li><a name="a259"></a><span class="src-doc">     */</span></li>
<li><a name="a260"></a>    <span class="src-key">public </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodprocess">process</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a261"></a>        <span class="src-comm">// clean all elements in this array</span></li>
<li><a name="a262"></a>        <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_array">is_array</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a263"></a>            <span class="src-key">foreach</span><span class="src-sym">(</span><span class="src-var">$source </span><span class="src-key">as </span><span class="src-var">$key </span>=&gt; <span class="src-var">$value</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a264"></a>                <span class="src-comm">// for arrays in arrays</span></li>
<li><a name="a265"></a>                <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_array">is_array</a><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">)) </span><span class="src-var">$source</span><span class="src-sym">[</span><span class="src-var">$key</span><span class="src-sym">] </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">process</span><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a266"></a>                <span class="src-comm">// filter element for XSS and other 'bad' code etc.</span></li>
<li><a name="a267"></a>                <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_string">is_string</a><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">)) </span><span class="src-var">$source</span><span class="src-sym">[</span><span class="src-var">$key</span><span class="src-sym">] </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">remove</span><span class="src-sym">(</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">decode</span><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a268"></a>            <span class="src-sym">}</span></li>
<li><a name="a269"></a>            <span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a270"></a>        <span class="src-comm">// clean this string</span></li>
<li><a name="a271"></a>        <span class="src-sym">} </span><span class="src-key">else </span><span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_string">is_string</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a272"></a>            <span class="src-comm">// filter source for XSS and other 'bad' code etc.</span></li>
<li><a name="a273"></a>            <span class="src-key">return </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">remove</span><span class="src-sym">(</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">decode</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a274"></a>        <span class="src-comm">// return parameter as given</span></li>
<li><a name="a275"></a>        <span class="src-sym">} </span><span class="src-key">else </span><span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;    </span></li>
<li><a name="a276"></a>    <span class="src-sym">}</span></li>
<li><a name="a277"></a>&nbsp;</li>
<li><a name="a278"></a>    <span class="src-doc">/** </span></li>
<li><a name="a279"></a><span class="src-doc">     *  Remove forbidden tags and attributes from a string iteratively</span></li>
<li><a name="a280"></a><span class="src-doc">     *</span></li>
<li><a name="a281"></a><span class="src-doc">     *  Call </span><span class="src-doc-inlinetag">{@link filterTags()}</span><span class="src-doc"> repeatedly until no change in the</span></li>
<li><a name="a282"></a><span class="src-doc">     *  input is produced.</span></li>
<li><a name="a283"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string </span><span class="src-doc-var">$source </span><span class="src-doc">Input string to be 'cleaned'</span></li>
<li><a name="a284"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string </span><span class="src-doc">'cleaned' version of $source</span></li>
<li><a name="a285"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> filterTags()</span></li>
<li><a name="a286"></a><span class="src-doc">     */</span></li>
<li><a name="a287"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodremove">remove</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a288"></a>        <span class="src-comm">//  FIXME: what do we use $loopCounter for?</span></li>
<li><a name="a289"></a>        <span class="src-var">$loopCounter</span>=<span class="src-num">0</span><span class="src-sym">;</span></li>
<li><a name="a290"></a>        <span class="src-comm">// provides nested-tag protection</span></li>
<li><a name="a291"></a>        <span class="src-key">while</span><span class="src-sym">(</span><span class="src-var">$source </span>!= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">filterTags</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a292"></a>            <span class="src-var">$source </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">filterTags</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a293"></a>            <span class="src-var">$loopCounter</span>++<span class="src-sym">;</span></li>
<li><a name="a294"></a>        <span class="src-sym">}</span></li>
<li><a name="a295"></a>        <span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a296"></a>    <span class="src-sym">}    </span></li>
<li><a name="a297"></a>    </li>
<li><a name="a298"></a>    <span class="src-doc">/** </span></li>
<li><a name="a299"></a><span class="src-doc">     *  Remove forbidden tags and attributes from a string</span></li>
<li><a name="a300"></a><span class="src-doc">     *</span></li>
<li><a name="a301"></a><span class="src-doc">     *  Inspect the input for tags &quot;&lt;tagname ...&gt;&quot; and check the tag</span></li>
<li><a name="a302"></a><span class="src-doc">     *  name against a list of forbidden tag names.  Delete all tags</span></li>
<li><a name="a303"></a><span class="src-doc">     *  with forbidden names.  If </span><span class="src-doc-inlinetag">{@link $xssAuto}</span><span class="src-doc"> is true, delete all</span></li>
<li><a name="a304"></a><span class="src-doc">     *  tags in </span><span class="src-doc-inlinetag">{@link $tagBlacklist}</span><span class="src-doc">.  If there is a user-defined tag</span></li>
<li><a name="a305"></a><span class="src-doc">     *  list in </span><span class="src-doc-inlinetag">{@link $tagsArray}</span><span class="src-doc">, process according to the value of</span></li>
<li><a name="a306"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link $tagsMethod}</span><span class="src-doc">.</span></li>
<li><a name="a307"></a><span class="src-doc">     *</span></li>
<li><a name="a308"></a><span class="src-doc">     *  If the tag name is OK, then call </span><span class="src-doc-inlinetag">{@link filterAttr()}</span><span class="src-doc"> to check</span></li>
<li><a name="a309"></a><span class="src-doc">     *  all attributes of the tag and delete forbidden attributes.</span></li>
<li><a name="a310"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string </span><span class="src-doc-var">$source </span><span class="src-doc">Input string to be 'cleaned'</span></li>
<li><a name="a311"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string </span><span class="src-doc">Cleaned version of input parameter</span></li>
<li><a name="a312"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> filterAttr()</span></li>
<li><a name="a313"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $tagBlacklist</span></li>
<li><a name="a314"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $tagsArray</span></li>
<li><a name="a315"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $tagsMethod</span></li>
<li><a name="a316"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $xssAuto</span></li>
<li><a name="a317"></a><span class="src-doc">     */</span></li>
<li><a name="a318"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodfilterTags">filterTags</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a319"></a>        <span class="src-comm">// filter pass setup</span></li>
<li><a name="a320"></a>        <span class="src-var">$preTag </span>= <span class="src-id">NULL</span><span class="src-sym">;</span></li>
<li><a name="a321"></a>        <span class="src-var">$postTag </span>= <span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a322"></a>        <span class="src-comm">// find initial tag's position</span></li>
<li><a name="a323"></a>        <span class="src-var">$tagOpen_start </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a324"></a>        <span class="src-comm">// interate through string until no tags left</span></li>
<li><a name="a325"></a>        <span class="src-key">while</span><span class="src-sym">(</span><span class="src-var">$tagOpen_start </span>!== <span class="src-id">FALSE</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a326"></a>            <span class="src-comm">// process tag interatively</span></li>
<li><a name="a327"></a>            <span class="src-var">$preTag </span>.= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$tagOpen_start</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a328"></a>            <span class="src-var">$postTag </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-var">$tagOpen_start</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a329"></a>            <span class="src-var">$fromTagOpen </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a330"></a>            <span class="src-comm">// end of tag</span></li>
<li><a name="a331"></a>            <span class="src-var">$tagOpen_end </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromTagOpen</span><span class="src-sym">, </span><span class="src-str">'&gt;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a332"></a>            <span class="src-key">if </span><span class="src-sym">(</span><span class="src-var">$tagOpen_end </span>=== <span class="src-id">false</span><span class="src-sym">) </span><span class="src-key">break</span><span class="src-sym">;</span></li>
<li><a name="a333"></a>            <span class="src-comm">// next start of tag (for nested tag assessment)</span></li>
<li><a name="a334"></a>            <span class="src-var">$tagOpen_nested </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromTagOpen</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a335"></a>            <span class="src-key">if </span><span class="src-sym">((</span><span class="src-var">$tagOpen_nested </span>!== <span class="src-id">false</span><span class="src-sym">) </span>&amp;&amp; <span class="src-sym">(</span><span class="src-var">$tagOpen_nested </span>&lt; <span class="src-var">$tagOpen_end</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a336"></a>                <span class="src-var">$preTag </span>.= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$tagOpen_nested</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a337"></a>                <span class="src-var">$postTag </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$tagOpen_nested</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a338"></a>                <span class="src-var">$tagOpen_start </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a339"></a>                <span class="src-key">continue</span><span class="src-sym">;</span></li>
<li><a name="a340"></a>            <span class="src-sym">} </span></li>
<li><a name="a341"></a>            <span class="src-var">$tagOpen_nested </span>= <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromTagOpen</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">) </span>+ <span class="src-var">$tagOpen_start </span>+ <span class="src-num">1</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a342"></a>            <span class="src-var">$currentTag </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromTagOpen</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$tagOpen_end</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a343"></a>            <span class="src-var">$tagLength </span>= <a href="http://www.php.net/strlen">strlen</a><span class="src-sym">(</span><span class="src-var">$currentTag</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a344"></a>            <span class="src-key">if </span><span class="src-sym">(</span><span class="src-sym">!</span><span class="src-var">$tagOpen_end</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a345"></a>                <span class="src-var">$preTag </span>.= <span class="src-var">$postTag</span><span class="src-sym">;</span></li>
<li><a name="a346"></a>                <span class="src-var">$tagOpen_start </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;            </span></li>
<li><a name="a347"></a>            <span class="src-sym">}</span></li>
<li><a name="a348"></a>            <span class="src-comm">// iterate through tag finding attribute pairs - setup</span></li>
<li><a name="a349"></a>            <span class="src-var">$tagLeft </span>= <span class="src-var">$currentTag</span><span class="src-sym">;</span></li>
<li><a name="a350"></a>            <span class="src-var">$attrSet </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a351"></a>            <span class="src-var">$currentSpace </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$tagLeft</span><span class="src-sym">, </span><span class="src-str">' '</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a352"></a>            <span class="src-comm">// is end tag</span></li>
<li><a name="a353"></a>            <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$currentTag</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">) </span>== <span class="src-str">&quot;/&quot;</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a354"></a>                <span class="src-var">$isCloseTag </span>= <span class="src-id">TRUE</span><span class="src-sym">;</span></li>
<li><a name="a355"></a>                list<span class="src-sym">(</span><span class="src-var">$tagName</span><span class="src-sym">) </span>= <a href="http://www.php.net/explode">explode</a><span class="src-sym">(</span><span class="src-str">' '</span><span class="src-sym">, </span><span class="src-var">$currentTag</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a356"></a>                <span class="src-var">$tagName </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$tagName</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a357"></a>            <span class="src-comm">// is start tag</span></li>
<li><a name="a358"></a>            <span class="src-sym">} </span><span class="src-key">else </span><span class="src-sym">{</span></li>
<li><a name="a359"></a>                <span class="src-var">$isCloseTag </span>= <span class="src-id">FALSE</span><span class="src-sym">;</span></li>
<li><a name="a360"></a>                list<span class="src-sym">(</span><span class="src-var">$tagName</span><span class="src-sym">) </span>= <a href="http://www.php.net/explode">explode</a><span class="src-sym">(</span><span class="src-str">' '</span><span class="src-sym">, </span><span class="src-var">$currentTag</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a361"></a>            <span class="src-sym">}        </span></li>
<li><a name="a362"></a>            <span class="src-comm">// excludes all &quot;non-regular&quot; tagnames OR no tagname OR remove if xssauto is on and tag is blacklisted</span></li>
<li><a name="a363"></a>            <span class="src-key">if </span><span class="src-sym">((</span><span class="src-sym">!</span><a href="http://www.php.net/preg_match">preg_match</a><span class="src-sym">(</span><span class="src-str">&quot;</span><span class="src-str">/^<span class="src-sym">[</span><span class="src-id">a</span>-<span class="src-id">z</span><span class="src-sym">]</span><span class="src-sym">[</span><span class="src-id">a</span>-<span class="src-id">z0</span>-9<span class="src-sym">]</span>*$/<span class="src-id">i</span></span><span class="src-str">&quot;</span><span class="src-sym">,</span><span class="src-var">$tagName</span><span class="src-sym">)) </span>|| <span class="src-sym">(</span><span class="src-sym">!</span><span class="src-var">$tagName</span><span class="src-sym">) </span>|| <span class="src-sym">((</span><a href="http://www.php.net/in_array">in_array</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$tagName</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagBlacklist</span><span class="src-sym">)) </span>&amp;&amp; <span class="src-sym">(</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$xssAuto</span><span class="src-sym">))) </span><span class="src-sym">{</span></li>
<li><a name="a364"></a>                <span class="src-var">$postTag </span>= <span class="src-id">substr</span><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$tagLength </span>+ <span class="src-num">2</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a365"></a>                <span class="src-var">$tagOpen_start </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a366"></a>                <span class="src-comm">// don't append this tag</span></li>
<li><a name="a367"></a>                <span class="src-key">continue</span><span class="src-sym">;</span></li>
<li><a name="a368"></a>            <span class="src-sym">}</span></li>
<li><a name="a369"></a>            <span class="src-comm">// this while is needed to support attribute values with spaces in!</span></li>
<li><a name="a370"></a>            <span class="src-key">while </span><span class="src-sym">(</span><span class="src-var">$currentSpace </span>!== <span class="src-id">FALSE</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a371"></a>                <span class="src-var">$fromSpace </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$tagLeft</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$currentSpace</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a372"></a>                <span class="src-var">$nextSpace </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-str">' '</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a373"></a>                <span class="src-var">$openQuotes </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-str">'&quot;'</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a374"></a>                <span class="src-var">$closeQuotes </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$openQuotes</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">, </span><span class="src-str">'&quot;'</span><span class="src-sym">) </span>+ <span class="src-var">$openQuotes </span>+ <span class="src-num">1</span><span class="src-sym">;</span></li>
<li><a name="a375"></a>                <span class="src-comm">// another equals exists</span></li>
<li><a name="a376"></a>                <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-str">'='</span><span class="src-sym">) </span>!== <span class="src-id">FALSE</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a377"></a>                    <span class="src-comm">// opening and closing quotes exists</span></li>
<li><a name="a378"></a>                    <span class="src-key">if </span><span class="src-sym">((</span><span class="src-var">$openQuotes </span>!== <span class="src-id">FALSE</span><span class="src-sym">) </span>&amp;&amp; <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$openQuotes</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">, </span><span class="src-str">'&quot;'</span><span class="src-sym">) </span>!== <span class="src-id">FALSE</span><span class="src-sym">))</span></li>
<li><a name="a379"></a>                        <span class="src-var">$attr </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$closeQuotes</span>+<span class="src-num">1</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a380"></a>                    <span class="src-comm">// one or neither exist</span></li>
<li><a name="a381"></a>                    <span class="src-key">else </span><span class="src-var">$attr </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$nextSpace</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a382"></a>                <span class="src-comm">// no more equals exist</span></li>
<li><a name="a383"></a>                <span class="src-sym">} </span><span class="src-key">else </span><span class="src-var">$attr </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-var">$nextSpace</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a384"></a>                <span class="src-comm">// last attr pair</span></li>
<li><a name="a385"></a>                <span class="src-key">if </span><span class="src-sym">(</span><span class="src-sym">!</span><span class="src-var">$attr</span><span class="src-sym">) </span><span class="src-var">$attr </span>= <span class="src-var">$fromSpace</span><span class="src-sym">;</span></li>
<li><a name="a386"></a>                <span class="src-comm">// add to attribute pairs array</span></li>
<li><a name="a387"></a>                <span class="src-var">$attrSet</span><span class="src-sym">[</span><span class="src-sym">] </span>= <span class="src-var">$attr</span><span class="src-sym">;</span></li>
<li><a name="a388"></a>                <span class="src-comm">// next inc</span></li>
<li><a name="a389"></a>                <span class="src-var">$tagLeft </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$fromSpace</span><span class="src-sym">, </span><a href="http://www.php.net/strlen">strlen</a><span class="src-sym">(</span><span class="src-var">$attr</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a390"></a>                <span class="src-var">$currentSpace </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$tagLeft</span><span class="src-sym">, </span><span class="src-str">' '</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a391"></a>            <span class="src-sym">}</span></li>
<li><a name="a392"></a>            <span class="src-comm">// appears in array specified by user</span></li>
<li><a name="a393"></a>            <span class="src-var">$tagFound </span>= <a href="http://www.php.net/in_array">in_array</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$tagName</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagsArray</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a394"></a>            <span class="src-comm">// remove this tag on condition</span></li>
<li><a name="a395"></a>            <span class="src-key">if </span><span class="src-sym">((</span><span class="src-sym">!</span><span class="src-var">$tagFound </span>&amp;&amp; <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagsMethod</span><span class="src-sym">) </span>|| <span class="src-sym">(</span><span class="src-var">$tagFound </span>&amp;&amp; <span class="src-sym">!</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$tagsMethod</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a396"></a>                <span class="src-comm">// reconstruct tag with allowed attributes</span></li>
<li><a name="a397"></a>                <span class="src-key">if </span><span class="src-sym">(</span><span class="src-sym">!</span><span class="src-var">$isCloseTag</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a398"></a>                    <span class="src-var">$attrSet </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">filterAttr</span><span class="src-sym">(</span><span class="src-var">$attrSet</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a399"></a>                    <span class="src-var">$preTag </span>.= <span class="src-str">'&lt;' </span>. <span class="src-var">$tagName</span><span class="src-sym">;</span></li>
<li><a name="a400"></a>                    <span class="src-key">for </span><span class="src-sym">(</span><span class="src-var">$i </span>= <span class="src-num">0</span><span class="src-sym">; </span><span class="src-var">$i </span>&lt; <a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$attrSet</span><span class="src-sym">)</span><span class="src-sym">; </span><span class="src-var">$i</span>++<span class="src-sym">)</span></li>
<li><a name="a401"></a>                        <span class="src-var">$preTag </span>.= <span class="src-str">' ' </span>. <span class="src-var">$attrSet</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">]</span><span class="src-sym">;</span></li>
<li><a name="a402"></a>                    <span class="src-comm">// reformat single tags to XHTML</span></li>
<li><a name="a403"></a>                    <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$fromTagOpen</span><span class="src-sym">, </span><span class="src-str">&quot;&lt;/&quot; </span>. <span class="src-var">$tagName</span><span class="src-sym">)) </span><span class="src-var">$preTag </span>.= <span class="src-str">'&gt;'</span><span class="src-sym">;</span></li>
<li><a name="a404"></a>                    <span class="src-key">else </span><span class="src-var">$preTag </span>.= <span class="src-str">' /&gt;'</span><span class="src-sym">;</span></li>
<li><a name="a405"></a>                <span class="src-comm">// just the tagname</span></li>
<li><a name="a406"></a>                <span class="src-sym">} </span><span class="src-key">else </span><span class="src-var">$preTag </span>.= <span class="src-str">'&lt;/' </span>. <span class="src-var">$tagName </span>. <span class="src-str">'&gt;'</span><span class="src-sym">;</span></li>
<li><a name="a407"></a>            <span class="src-sym">}</span></li>
<li><a name="a408"></a>            <span class="src-comm">// find next tag's start</span></li>
<li><a name="a409"></a>            <span class="src-var">$postTag </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-sym">(</span><span class="src-var">$tagLength </span>+ <span class="src-num">2</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a410"></a>            <span class="src-var">$tagOpen_start </span>= <a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><span class="src-var">$postTag</span><span class="src-sym">, </span><span class="src-str">'&lt;'</span><span class="src-sym">)</span><span class="src-sym">;            </span></li>
<li><a name="a411"></a>        <span class="src-sym">}</span></li>
<li><a name="a412"></a>        <span class="src-comm">// append any code after end of tags</span></li>
<li><a name="a413"></a>        <span class="src-var">$preTag </span>.= <span class="src-var">$postTag</span><span class="src-sym">;</span></li>
<li><a name="a414"></a>        <span class="src-key">return </span><span class="src-var">$preTag</span><span class="src-sym">;</span></li>
<li><a name="a415"></a>    <span class="src-sym">}</span></li>
<li><a name="a416"></a>&nbsp;</li>
<li><a name="a417"></a>    <span class="src-doc">/** </span></li>
<li><a name="a418"></a><span class="src-doc">     *  Internal method to strip a tag of certain attributes</span></li>
<li><a name="a419"></a><span class="src-doc">     *</span></li>
<li><a name="a420"></a><span class="src-doc">     *  Remove potentially dangerous attributes from a set of</span></li>
<li><a name="a421"></a><span class="src-doc">     *  &quot;attr=value&quot; strings.  Attributes considered dangerous are:</span></li>
<li><a name="a422"></a><span class="src-doc">     *  &lt;ul&gt;</span></li>
<li><a name="a423"></a><span class="src-doc">     *    &lt;li&gt;Any attribute name containing any non-alphabetic</span></li>
<li><a name="a424"></a><span class="src-doc">     *      character&lt;/li&gt;</span></li>
<li><a name="a425"></a><span class="src-doc">     *    &lt;li&gt;Any attribute name beginning &quot;on...&quot;&lt;/li&gt;</span></li>
<li><a name="a426"></a><span class="src-doc">     *    &lt;li&gt;If </span><span class="src-doc-inlinetag">{@link $xssAuto}</span><span class="src-doc"> is true, any attribute name in</span></li>
<li><a name="a427"></a><span class="src-doc">     *      </span><span class="src-doc-inlinetag">{@link $attrBlacklist}</span><span class="src-doc">&lt;/li&gt;</span></li>
<li><a name="a428"></a><span class="src-doc">     *    &lt;li&gt;Any attribute with a value containing the strings</span></li>
<li><a name="a429"></a><span class="src-doc">     *      'javascript:', 'behaviour:', 'vbscript:', 'mocha:',</span></li>
<li><a name="a430"></a><span class="src-doc">     *      'livescript:'&lt;/li&gt;</span></li>
<li><a name="a431"></a><span class="src-doc">     *    &lt;li&gt;Any attribute whose name contains 'style' and whose</span></li>
<li><a name="a432"></a><span class="src-doc">     *      value contains 'expression'.&lt;/li&gt;</span></li>
<li><a name="a433"></a><span class="src-doc">     *    &lt;li&gt;If there is a user-provided list of attributes in</span></li>
<li><a name="a434"></a><span class="src-doc">     *      </span><span class="src-doc-inlinetag">{@link $attrArray}</span><span class="src-doc">, process according to the value of</span></li>
<li><a name="a435"></a><span class="src-doc">     *      </span><span class="src-doc-inlinetag">{@link $attrMethod}</span><span class="src-doc">.&lt;/li&gt;</span></li>
<li><a name="a436"></a><span class="src-doc">     *  &lt;/ul&gt;</span></li>
<li><a name="a437"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string[] </span><span class="src-doc-var">$attrSet </span><span class="src-doc">Array of strings &quot;attr=value&quot; parsed</span></li>
<li><a name="a438"></a><span class="src-doc">     *                            from a tag.</span></li>
<li><a name="a439"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string[] </span><span class="src-doc">Input with potentially dangerous attributes</span></li>
<li><a name="a440"></a><span class="src-doc">     *                    removed</span></li>
<li><a name="a441"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $attrArray</span></li>
<li><a name="a442"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $attrBlacklist</span></li>
<li><a name="a443"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $attrMethod</span></li>
<li><a name="a444"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> $xssAuto</span></li>
<li><a name="a445"></a><span class="src-doc">     */</span></li>
<li><a name="a446"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodfilterAttr">filterAttr</a><span class="src-sym">(</span><span class="src-var">$attrSet</span><span class="src-sym">) </span><span class="src-sym">{    </span></li>
<li><a name="a447"></a>        <span class="src-var">$newSet </span>= <span class="src-key">array</span><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a448"></a>        <span class="src-comm">// process attributes</span></li>
<li><a name="a449"></a>        <span class="src-key">for </span><span class="src-sym">(</span><span class="src-var">$i </span>= <span class="src-num">0</span><span class="src-sym">; </span><span class="src-var">$i </span>&lt;<a href="http://www.php.net/count">count</a><span class="src-sym">(</span><span class="src-var">$attrSet</span><span class="src-sym">)</span><span class="src-sym">; </span><span class="src-var">$i</span>++<span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a450"></a>            <span class="src-comm">// skip blank spaces in tag</span></li>
<li><a name="a451"></a>            <span class="src-key">if </span><span class="src-sym">(</span><span class="src-sym">!</span><span class="src-var">$attrSet</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">]</span><span class="src-sym">) </span><span class="src-key">continue</span><span class="src-sym">;</span></li>
<li><a name="a452"></a>            <span class="src-comm">// split into attr name and value</span></li>
<li><a name="a453"></a>            <span class="src-var">$attrSubSet </span>= <a href="http://www.php.net/explode">explode</a><span class="src-sym">(</span><span class="src-str">'='</span><span class="src-sym">, </span><a href="http://www.php.net/trim">trim</a><span class="src-sym">(</span><span class="src-var">$attrSet</span><span class="src-sym">[</span><span class="src-var">$i</span><span class="src-sym">]</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a454"></a>            list<span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">) </span>= <a href="http://www.php.net/explode">explode</a><span class="src-sym">(</span><span class="src-str">' '</span><span class="src-sym">, </span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a455"></a>            <span class="src-comm">// removes all &quot;non-regular&quot; attr names AND also attr blacklisted</span></li>
<li><a name="a456"></a>            <span class="src-key">if </span><span class="src-sym">((</span><span class="src-sym">!</span><a href="http://www.php.net/eregi">eregi</a><span class="src-sym">(</span><span class="src-str">&quot;</span><span class="src-str">^<span class="src-sym">[</span><span class="src-id">a</span>-<span class="src-id">z</span><span class="src-sym">]</span>*$</span><span class="src-str">&quot;</span><span class="src-sym">,</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">)) </span>|| <span class="src-sym">((</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$xssAuto</span><span class="src-sym">) </span>&amp;&amp; <span class="src-sym">((</span><span class="src-id">in_array</span><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrBlacklist</span><span class="src-sym">)) </span>|| <span class="src-sym">(</span><span class="src-id">substr</span><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-num">2</span><span class="src-sym">) </span>== <span class="src-str">'on'</span><span class="src-sym">))))</span></li>
<li><a name="a457"></a>                <span class="src-key">continue</span><span class="src-sym">;</span></li>
<li><a name="a458"></a>            <span class="src-comm">// xss attr value filtering</span></li>
<li><a name="a459"></a>            <span class="src-key">if </span><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a460"></a>                <span class="src-comm">// strips unicode, hex, etc</span></li>
<li><a name="a461"></a>                <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>= <a href="http://www.php.net/str_replace">str_replace</a><span class="src-sym">(</span><span class="src-str">'&amp;#'</span><span class="src-sym">, </span><span class="src-str">''</span><span class="src-sym">, </span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a462"></a>                <span class="src-comm">// strip normal newline within attr value</span></li>
<li><a name="a463"></a>                <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>= <a href="http://www.php.net/preg_replace">preg_replace</a><span class="src-sym">(</span><span class="src-str">'/\s+/'</span><span class="src-sym">, </span><span class="src-str">''</span><span class="src-sym">, </span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a464"></a>                <span class="src-comm">// strip double quotes</span></li>
<li><a name="a465"></a>                <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>= <a href="http://www.php.net/str_replace">str_replace</a><span class="src-sym">(</span><span class="src-str">'&quot;'</span><span class="src-sym">, </span><span class="src-str">''</span><span class="src-sym">, </span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a466"></a>                <span class="src-comm">// [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value)</span></li>
<li><a name="a467"></a>                <span class="src-key">if </span><span class="src-sym">((</span><a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">, </span><span class="src-num">0</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">) </span>== <span class="src-str">&quot;'&quot;</span><span class="src-sym">) </span>&amp;&amp; <span class="src-sym">(</span><a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">, </span><span class="src-sym">(</span><a href="http://www.php.net/strlen">strlen</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">) </span>- <span class="src-num">1</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">) </span>== <span class="src-str">&quot;'&quot;</span><span class="src-sym">))</span></li>
<li><a name="a468"></a>                    <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>= <a href="http://www.php.net/substr">substr</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">, </span><span class="src-num">1</span><span class="src-sym">, </span><span class="src-sym">(</span><a href="http://www.php.net/strlen">strlen</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">) </span>- <span class="src-num">2</span><span class="src-sym">))</span><span class="src-sym">;</span></li>
<li><a name="a469"></a>                <span class="src-comm">// strip slashes</span></li>
<li><a name="a470"></a>                <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>= <a href="http://www.php.net/stripslashes">stripslashes</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a471"></a>            <span class="src-sym">}</span></li>
<li><a name="a472"></a>            <span class="src-comm">// auto strip attr's with &quot;javascript:</span></li>
<li><a name="a473"></a>            <span class="src-key">if </span><span class="src-sym">(    ((</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'expression'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span>&amp;&amp;    <span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">) </span>== <span class="src-str">'style'</span><span class="src-sym">)) </span>||</li>
<li><a name="a474"></a>                    <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'javascript:'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span>||</li>
<li><a name="a475"></a>                    <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'behaviour:'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span>||</li>
<li><a name="a476"></a>                    <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'vbscript:'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span>||</li>
<li><a name="a477"></a>                    <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'mocha:'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span>||</li>
<li><a name="a478"></a>                    <span class="src-sym">(</span><a href="http://www.php.net/strpos">strpos</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-str">'livescript:'</span><span class="src-sym">) </span>!== <span class="src-id">false</span><span class="src-sym">) </span></li>
<li><a name="a479"></a>            <span class="src-sym">) </span><span class="src-key">continue</span><span class="src-sym">;</span></li>
<li><a name="a480"></a>&nbsp;</li>
<li><a name="a481"></a>            <span class="src-comm">// if matches user defined array</span></li>
<li><a name="a482"></a>            <span class="src-var">$attrFound </span>= <a href="http://www.php.net/in_array">in_array</a><span class="src-sym">(</span><a href="http://www.php.net/strtolower">strtolower</a><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">]</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrArray</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a483"></a>            <span class="src-comm">// keep this attr on condition</span></li>
<li><a name="a484"></a>            <span class="src-key">if </span><span class="src-sym">((</span><span class="src-sym">!</span><span class="src-var">$attrFound </span>&amp;&amp; <span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrMethod</span><span class="src-sym">) </span>|| <span class="src-sym">(</span><span class="src-var">$attrFound </span>&amp;&amp; <span class="src-sym">!</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-var">$attrMethod</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a485"></a>                <span class="src-comm">// attr has value</span></li>
<li><a name="a486"></a>                <span class="src-key">if </span><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">]</span><span class="src-sym">) </span><span class="src-var">$newSet</span><span class="src-sym">[</span><span class="src-sym">] </span>= <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">] </span>. <span class="src-str">'=&quot;' </span>. <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>. <span class="src-str">'&quot;'</span><span class="src-sym">;</span></li>
<li><a name="a487"></a>                <span class="src-comm">// attr has decimal zero as value</span></li>
<li><a name="a488"></a>                <span class="src-key">else </span><span class="src-key">if </span><span class="src-sym">(</span><span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">1</span><span class="src-sym">] </span>== <span class="src-str">&quot;0&quot;</span><span class="src-sym">) </span><span class="src-var">$newSet</span><span class="src-sym">[</span><span class="src-sym">] </span>= <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">] </span>. <span class="src-str">'=&quot;0&quot;'</span><span class="src-sym">;</span></li>
<li><a name="a489"></a>                <span class="src-comm">// reformat single attributes to XHTML</span></li>
<li><a name="a490"></a>                <span class="src-key">else </span><span class="src-var">$newSet</span><span class="src-sym">[</span><span class="src-sym">] </span>= <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">] </span>. <span class="src-str">'=&quot;' </span>. <span class="src-var">$attrSubSet</span><span class="src-sym">[</span><span class="src-num">0</span><span class="src-sym">] </span>. <span class="src-str">'&quot;'</span><span class="src-sym">;</span></li>
<li><a name="a491"></a>            <span class="src-sym">}    </span></li>
<li><a name="a492"></a>        <span class="src-sym">}</span></li>
<li><a name="a493"></a>        <span class="src-key">return </span><span class="src-var">$newSet</span><span class="src-sym">;</span></li>
<li><a name="a494"></a>    <span class="src-sym">}</span></li>
<li><a name="a495"></a>    </li>
<li><a name="a496"></a>    <span class="src-doc">/** </span></li>
<li><a name="a497"></a><span class="src-doc">     *  Convert HTML entities to characters</span></li>
<li><a name="a498"></a><span class="src-doc">     *</span></li>
<li><a name="a499"></a><span class="src-doc">     *  Convert input string containing HTML entities to the</span></li>
<li><a name="a500"></a><span class="src-doc">     *  corresponding character (&amp;amp; =&gt; &amp;).  ISO 8859-1 character</span></li>
<li><a name="a501"></a><span class="src-doc">     *  set is assumed.</span></li>
<li><a name="a502"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string </span><span class="src-doc-var">$source </span><span class="src-doc">Character string containing HTML entities</span></li>
<li><a name="a503"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string </span><span class="src-doc">Input string, with entities converted to characters</span></li>
<li><a name="a504"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> chr()</span></li>
<li><a name="a505"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> html_entity_decode()</span></li>
<li><a name="a506"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> preg_replace()</span></li>
<li><a name="a507"></a><span class="src-doc">     */</span></li>
<li><a name="a508"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methoddecode">decode</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a509"></a>        <span class="src-comm">// url decode</span></li>
<li><a name="a510"></a>        <span class="src-var">$source </span>= <span class="src-id">html_entity_decode</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">, </span><span class="src-id">ENT_QUOTES</span><span class="src-sym">, </span><span class="src-str">&quot;ISO-8859-1&quot;</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a511"></a>        <span class="src-comm">// convert decimal &amp;#DDD; to character DDD</span></li>
<li><a name="a512"></a>        <span class="src-var">$source </span>= <a href="http://www.php.net/preg_replace">preg_replace</a><span class="src-sym">(</span><span class="src-str">'/&amp;#(\d+);/me'</span><span class="src-sym">,</span><span class="src-str">&quot;chr(\\1)&quot;</span><span class="src-sym">, </span><span class="src-var">$source</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a513"></a>        <span class="src-comm">// convert hex &amp;#xXXX; to character XXX</span></li>
<li><a name="a514"></a>        <span class="src-var">$source </span>= <a href="http://www.php.net/preg_replace">preg_replace</a><span class="src-sym">(</span><span class="src-str">'/&amp;#x([a-f0-9]+);/mei'</span><span class="src-sym">,</span><span class="src-str">&quot;chr(0x\\1)&quot;</span><span class="src-sym">, </span><span class="src-var">$source</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a515"></a>        <span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a516"></a>    <span class="src-sym">}</span></li>
<li><a name="a517"></a>&nbsp;</li>
<li><a name="a518"></a>    <span class="src-doc">/** </span></li>
<li><a name="a519"></a><span class="src-doc">     *  Remove HTML entities and magic quotes, insert SQL special</span></li>
<li><a name="a520"></a><span class="src-doc">     *  character escapes</span></li>
<li><a name="a521"></a><span class="src-doc">     *</span></li>
<li><a name="a522"></a><span class="src-doc">     *  If the input is a string or an array of strings, then each</span></li>
<li><a name="a523"></a><span class="src-doc">     *  string is edited to convert any HTML entities to the</span></li>
<li><a name="a524"></a><span class="src-doc">     *  corresponding character and remove slashes inserted by</span></li>
<li><a name="a525"></a><span class="src-doc">     *  </span><span class="src-doc-inlinetag">{@link http://www.php.net/manual/en/security.magicquotes.php magic quotes}</span><span class="src-doc">,</span></li>
<li><a name="a526"></a><span class="src-doc">     *  then the result has SQL special characters</span></li>
<li><a name="a527"></a><span class="src-doc">     *  escaped.</span></li>
<li><a name="a528"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">mixed </span><span class="src-doc-var">$source </span><span class="src-doc">Input to be 'cleaned'</span></li>
<li><a name="a529"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">resource </span><span class="src-doc-var">$connection </span><span class="src-doc"> An open MySQL connection</span></li>
<li><a name="a530"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">mixed </span><span class="src-doc">$source with HTML entities and GPC magic quotes</span></li>
<li><a name="a531"></a><span class="src-doc">     *                 removed from, and SQL special character escapes</span></li>
<li><a name="a532"></a><span class="src-doc">     *                 inserted in, the string or array of strings.</span></li>
<li><a name="a533"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> decode()</span></li>
<li><a name="a534"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> quoteSmart()</span></li>
<li><a name="a535"></a><span class="src-doc">     */</span></li>
<li><a name="a536"></a>    <span class="src-key">public </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodsafeSQL">safeSQL</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">, </span><span class="src-sym">&amp;</span><span class="src-var">$connection</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a537"></a>        <span class="src-comm">// clean all elements in this array</span></li>
<li><a name="a538"></a>        <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_array">is_array</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a539"></a>            <span class="src-key">foreach</span><span class="src-sym">(</span><span class="src-var">$source </span><span class="src-key">as </span><span class="src-var">$key </span>=&gt; <span class="src-var">$value</span><span class="src-sym">)</span></li>
<li><a name="a540"></a>                <span class="src-comm">// filter element for SQL injection</span></li>
<li><a name="a541"></a>                <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_string">is_string</a><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">)) </span><span class="src-var">$source</span><span class="src-sym">[</span><span class="src-var">$key</span><span class="src-sym">] </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">quoteSmart</span><span class="src-sym">(</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">decode</span><span class="src-sym">(</span><span class="src-var">$value</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-var">$connection</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a542"></a>            <span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a543"></a>        <span class="src-comm">// clean this string</span></li>
<li><a name="a544"></a>        <span class="src-sym">} </span><span class="src-key">else </span><span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_string">is_string</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-sym">{</span></li>
<li><a name="a545"></a>            <span class="src-comm">// filter source for SQL injection</span></li>
<li><a name="a546"></a>            <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/is_string">is_string</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)) </span><span class="src-key">return </span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">quoteSmart</span><span class="src-sym">(</span><span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">decode</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)</span><span class="src-sym">, </span><span class="src-var">$connection</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a547"></a>        <span class="src-comm">// return parameter as given</span></li>
<li><a name="a548"></a>        <span class="src-sym">} </span><span class="src-key">else </span><span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;    </span></li>
<li><a name="a549"></a>    <span class="src-sym">}</span></li>
<li><a name="a550"></a>&nbsp;</li>
<li><a name="a551"></a>    <span class="src-doc">/** </span></li>
<li><a name="a552"></a><span class="src-doc">     *  Remove GPC magic quotes from input string &amp; escape SQL special</span></li>
<li><a name="a553"></a><span class="src-doc">     *  characters</span></li>
<li><a name="a554"></a><span class="src-doc">     *</span></li>
<li><a name="a555"></a><span class="src-doc">     *  The input is a string that came from a GET or POST HTTP</span></li>
<li><a name="a556"></a><span class="src-doc">     *  operation, or a cookie.  If GPC magic quotes are currently in</span></li>
<li><a name="a557"></a><span class="src-doc">     *  effect, the resulting slashes are stripped.  Then any SQL</span></li>
<li><a name="a558"></a><span class="src-doc">     *  special characters in the string are escaped, taking into</span></li>
<li><a name="a559"></a><span class="src-doc">     *  account the character set in use on $connection.</span></li>
<li><a name="a560"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@author</span><span class="src-doc"> Chris Tobin, Daniel Morris</span></li>
<li><a name="a561"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string </span><span class="src-doc-var">$source </span><span class="src-doc">Input string to be converted</span></li>
<li><a name="a562"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">resource </span><span class="src-doc-var">$connection </span><span class="src-doc">An open MySQL connection</span></li>
<li><a name="a563"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string </span><span class="src-doc">Input string with any GPC magic quotes stripped</span></li>
<li><a name="a564"></a><span class="src-doc">     *                  and SQL special characters escaped</span></li>
<li><a name="a565"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> escapeString()</span></li>
<li><a name="a566"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> get_magic_quotes_gpc()</span></li>
<li><a name="a567"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> stripslashes()</span></li>
<li><a name="a568"></a><span class="src-doc">     */</span></li>
<li><a name="a569"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodquoteSmart">quoteSmart</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">, </span><span class="src-sym">&amp;</span><span class="src-var">$connection</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a570"></a>        <span class="src-comm">// strip slashes</span></li>
<li><a name="a571"></a>        <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/get_magic_quotes_gpc">get_magic_quotes_gpc</a><span class="src-sym">(</span><span class="src-sym">)) </span><span class="src-var">$source </span>= <a href="http://www.php.net/stripslashes">stripslashes</a><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a572"></a>        <span class="src-comm">// quote both numeric and text</span></li>
<li><a name="a573"></a>        <span class="src-var">$source </span>= <span class="src-id">self</span><span class="src-sym">::</span><span class="src-id">escapeString</span><span class="src-sym">(</span><span class="src-var">$source</span><span class="src-sym">, </span><span class="src-var">$connection</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a574"></a>        <span class="src-key">return </span><span class="src-var">$source</span><span class="src-sym">;</span></li>
<li><a name="a575"></a>    <span class="src-sym">}</span></li>
<li><a name="a576"></a>    </li>
<li><a name="a577"></a>    <span class="src-doc">/** </span></li>
<li><a name="a578"></a><span class="src-doc">     *  Escape SQL special characters in string</span></li>
<li><a name="a579"></a><span class="src-doc">     *</span></li>
<li><a name="a580"></a><span class="src-doc">     *  Escape SQL special characters in the input string, taking into</span></li>
<li><a name="a581"></a><span class="src-doc">     *  account the character set of the connection.</span></li>
<li><a name="a582"></a><span class="src-doc">     *</span></li>
<li><a name="a583"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt; since we require PHP 5 can't we remove the use</span></li>
<li><a name="a584"></a><span class="src-doc">     *  of mysql_esacape_string()?</span></li>
<li><a name="a585"></a><span class="src-doc">     *</span></li>
<li><a name="a586"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt;Shouldn't we pass the connection to</span></li>
<li><a name="a587"></a><span class="src-doc">     *  mysql_real_escape_string()?</span></li>
<li><a name="a588"></a><span class="src-doc">     *</span></li>
<li><a name="a589"></a><span class="src-doc">     *  &lt;b&gt;FIXME:&lt;/b&gt;Is this really RDBMS independent?</span></li>
<li><a name="a590"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@todo</span><span class="src-doc"> Check FIXMEs</span></li>
<li><a name="a591"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@author</span><span class="src-doc"> Chris Tobin, Daniel Morris</span></li>
<li><a name="a592"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">string </span><span class="src-doc-var">$string </span><span class="src-doc"> String to be protected</span></li>
<li><a name="a593"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@param </span><span class="src-doc-type">resource </span><span class="src-doc-var">$connection </span><span class="src-doc">- An open MySQL connection</span></li>
<li><a name="a594"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@return </span><span class="src-doc-type">string </span><span class="src-doc">Value of $string with characters special in</span></li>
<li><a name="a595"></a><span class="src-doc">     *                  SQL escaped by '\'s</span></li>
<li><a name="a596"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> mysql_escape_string()</span></li>
<li><a name="a597"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> mysql_real_escape_string()</span></li>
<li><a name="a598"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> phpversion()</span></li>
<li><a name="a599"></a><span class="src-doc">     *  </span><span class="src-doc-coretag">@uses</span><span class="src-doc"> version_compare()</span></li>
<li><a name="a600"></a><span class="src-doc">     */    </span></li>
<li><a name="a601"></a>    <span class="src-key">protected </span><span class="src-key">function </span><a href="../PHPonTrax/InputFilter.html#methodescapeString">escapeString</a><span class="src-sym">(</span><span class="src-var">$string</span><span class="src-sym">, </span><span class="src-sym">&amp;</span><span class="src-var">$connection</span><span class="src-sym">) </span><span class="src-sym">{</span></li>
<li><a name="a602"></a>        <span class="src-comm">// depreciated function</span></li>
<li><a name="a603"></a>        <span class="src-key">if </span><span class="src-sym">(</span><a href="http://www.php.net/version_compare">version_compare</a><span class="src-sym">(</span><a href="http://www.php.net/phpversion">phpversion</a><span class="src-sym">(</span><span class="src-sym">)</span><span class="src-sym">,</span><span class="src-str">&quot;4.3.0&quot;</span><span class="src-sym">, </span><span class="src-str">&quot;&lt;&quot;</span><span class="src-sym">))</span></li>
<li><a name="a604"></a>            <span class="src-key">return </span><a href="http://www.php.net/mysql_escape_string">mysql_escape_string</a><span class="src-sym">(</span><span class="src-var">$string</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a605"></a>        <span class="src-comm">// current function</span></li>
<li><a name="a606"></a>        <span class="src-key">else</span></li>
<li><a name="a607"></a>            <span class="src-key">return </span><a href="http://www.php.net/mysql_real_escape_string">mysql_real_escape_string</a><span class="src-sym">(</span><span class="src-var">$string</span><span class="src-sym">)</span><span class="src-sym">;</span></li>
<li><a name="a608"></a>    <span class="src-sym">}</span></li>
<li><a name="a609"></a><span class="src-sym">}</span></li>
<li><a name="a610"></a>&nbsp;</li>
<li><a name="a611"></a><span class="src-comm">// -- set Emacs parameters --</span></li>
<li><a name="a612"></a><span class="src-comm">// Local variables:</span></li>
<li><a name="a613"></a><span class="src-comm">// tab-width: 4</span></li>
<li><a name="a614"></a><span class="src-comm">// c-basic-offset: 4</span></li>
<li><a name="a615"></a><span class="src-comm">// c-hanging-comment-ender-p: nil</span></li>
<li><a name="a616"></a><span class="src-comm">// indent-tabs-mode: nil</span></li>
<li><a name="a617"></a><span class="src-comm">// End:</span></li>
<li><a name="a618"></a><span class="src-php">?&gt;</span></li>
</ol></pre></div>
</div>
        <div class="credit">
		    <hr />
		    Documentation generated on Thu, 04 May 2006 19:47:49 -0600 by <a href="http://www.phpdoc.org">phpDocumentor 1.3.0RC4</a>
	      </div>
      </td></tr></table>
    </td>
  </tr>
</table>

</body>
</html>
Return current item: PHP on Trax