diff --git a/reference/filter/configure.xml b/reference/filter/configure.xml new file mode 100644 index 0000000000..f9174e4823 --- /dev/null +++ b/reference/filter/configure.xml @@ -0,0 +1,34 @@ + + +
+ &reftitle.install; + + A short installation note: just type + +$ pear install filter + + in your console. + +
+ + + diff --git a/reference/filter/constants.xml b/reference/filter/constants.xml new file mode 100644 index 0000000000..a223b4f38f --- /dev/null +++ b/reference/filter/constants.xml @@ -0,0 +1,537 @@ + + + +
+ &reftitle.constants; + &extension.constants; + + + + INPUT_POST + (integer) + + + + POST variables. + + + + + + INPUT_GET + (integer) + + + + GET variables. + + + + + + INPUT_COOKIE + (integer) + + + + COOKIE variables. + + + + + + INPUT_ENV + (integer) + + + + ENV variables. + + + + + + INPUT_SERVER + (integer) + + + + SERVER variables. + + + + + + INPUT_SESSION + (integer) + + + + SESSION variables. + + + + + + FILTER_FLAG_NONE + (integer) + + + + No flags. + + + + + + FILTER_VALIDATE_INT + (integer) + + + + ID of "int" filter. + + + + + + FILTER_VALIDATE_BOOLEAN + (integer) + + + + ID of "boolean" filter. + + + + + + FILTER_VALIDATE_FLOAT + (integer) + + + + ID of "float" filter. + + + + + + FILTER_VALIDATE_REGEXP + (integer) + + + + ID of "validate_regexp" filter. + + + + + + FILTER_VALIDATE_URL + (integer) + + + + ID of "validate_url" filter. + + + + + + FILTER_VALIDATE_EMAIL + (integer) + + + + ID of "validate_email" filter. + + + + + + FILTER_VALIDATE_IP + (integer) + + + + ID of "validate_ip" filter. + + + + + + FILTER_DEFAULT + (integer) + + + + ID of default ("string") filter. + + + + + + FILTER_UNSAFE_RAW + (integer) + + + + ID of "unsafe_raw" filter. + + + + + + FILTER_SANITIZE_STRING + (integer) + + + + ID of "string" filter. + + + + + + FILTER_SANITIZE_STRIPPED + (integer) + + + + ID of "stripped" filter. + + + + + + FILTER_SANITIZE_ENCODED + (integer) + + + + ID of "encoded" filter. + + + + + + FILTER_SANITIZE_SPECIAL_CHARS + (integer) + + + + ID of "special_chars" filter. + + + + + + FILTER_SANITIZE_EMAIL + (integer) + + + + ID of "email" filter. + + + + + + FILTER_SANITIZE_URL + (integer) + + + + ID of "url" filter. + + + + + + FILTER_SANITIZE_NUMBER_INT + (integer) + + + + ID of "number_int" filter. + + + + + + FILTER_SANITIZE_NUMBER_FLOAT + (integer) + + + + ID of "number_float" filter. + + + + + + FILTER_SANITIZE_MAGIC_QUOTES + (integer) + + + + ID of "magic_quotes" filter. + + + + + + FILTER_CALLBACK + (integer) + + + + ID of "callback" filter. + + + + + + FILTER_FLAG_ALLOW_OCTAL + (integer) + + + + Allow octal notation (0[0-7]+) in "int" filter. + + + + + + FILTER_FLAG_ALLOW_HEX + (integer) + + + + Allow hex notation (0x[0-9a-fA-F]+) in "int" filter. + + + + + + FILTER_FLAG_STRIP_LOW + (integer) + + + + Strip characters with ASCII value less than 32. + + + + + + FILTER_FLAG_STRIP_HIGH + (integer) + + + + Strip characters with ASCII value greater than 127. + + + + + + FILTER_FLAG_ENCODE_LOW + (integer) + + + + Encode characters with ASCII value less than 32. + + + + + + FILTER_FLAG_ENCODE_HIGH + (integer) + + + + Encode characters with ASCII value greater than 127. + + + + + + FILTER_FLAG_ENCODE_AMP + (integer) + + + + Encode &. + + + + + + FILTER_FLAG_NO_ENCODE_QUOTES + (integer) + + + + Don't encode ' and ". + + + + + + FILTER_FLAG_EMPTY_STRING_NULL + (integer) + + + + (No use for now.) + + + + + + FILTER_FLAG_ALLOW_FRACTION + (integer) + + + + Allow fractional part in "number_float" filter. + + + + + + FILTER_FLAG_ALLOW_THOUSAND + (integer) + + + + Allow thousand separator (,) in "number_float" filter. + + + + + + FILTER_FLAG_ALLOW_SCIENTIFIC + (integer) + + + + Allow scientific notation (e, E) in + "number_float" filter. + + + + + + FILTER_FLAG_SCHEME_REQUIRED + (integer) + + + + Require scheme in "validate_url" filter. + + + + + + FILTER_FLAG_HOST_REQUIRED + (integer) + + + + Require host in "validate_url" filter. + + + + + + FILTER_FLAG_PATH_REQUIRED + (integer) + + + + Require path in "validate_url" filter. + + + + + + FILTER_FLAG_QUERY_REQUIRED + (integer) + + + + Require query in "validate_url" filter. + + + + + + FILTER_FLAG_IPV4 + (integer) + + + + Allow only IPv4 address in "validate_ip" filter. + + + + + + FILTER_FLAG_IPV6 + (integer) + + + + Allow only IPv6 address in "validate_ip" filter. + + + + + + FILTER_FLAG_NO_RES_RANGE + (integer) + + + + Deny reserved addresses in "validate_ip" filter. + + + + + + FILTER_FLAG_NO_PRIV_RANGE + (integer) + + + + Deny private addresses in "validate_ip" filter. + + + + +
+ + diff --git a/reference/filter/functions/filter-data.xml b/reference/filter/functions/filter-data.xml new file mode 100644 index 0000000000..9ef1e46f54 --- /dev/null +++ b/reference/filter/functions/filter-data.xml @@ -0,0 +1,126 @@ + + + + + + filter_data + Filters data with a specified filter + + + &reftitle.description; + + mixedfilter_data + mixedvariable + intfilter + mixedfilter_options + stringcharset + + + &warn.experimental.func; + + + + &reftitle.parameters; + + + + variable + + + Value to filter, arrays are filtered resursivelly. + + + + + filter + + + ID of a filter to use. + + + + + filter_options + + + Associative array of options or bitwise disjunction of flags. If filter + accepts options, flags can be provided in "flags" field of array. For + the "callback" filter, callback type should be passed. + + + + + charset + + + Character set used for filtering. Currently no filter uses this + parameter. + + + + + + + + &reftitle.returnvalues; + + Returns filtered data or &null; if filter fails. + + + + + &reftitle.examples; + + + A <function>filter_data</function> example + + +]]> + + &example.outputs; + + + + + + + + + &reftitle.seealso; + + + input_get + &seealso.callback; + + + + + + + diff --git a/reference/filter/functions/input-filters-list.xml b/reference/filter/functions/input-filters-list.xml new file mode 100644 index 0000000000..4de03e7e17 --- /dev/null +++ b/reference/filter/functions/input-filters-list.xml @@ -0,0 +1,96 @@ + + + + + + input_filters_list + Returns a list of all supported filters + + + &reftitle.description; + + arrayinput_filters_list + + + + &warn.experimental.func; + + + + &reftitle.parameters; + + + + + &reftitle.returnvalues; + + Returns an array of names of all supported filters, empty array if there + are no such filters. Indexes of this array are not filter IDs, they can be + obtained with input_name_to_filter from a name instead. + + + + + &reftitle.examples; + + + A <function>input_filters_list</function> example + + +]]> + + &example.outputs.similar; + + int + [1] => boolean + [2] => float + [3] => validate_regexp + [4] => validate_url + [5] => validate_email + [6] => validate_ip + [7] => string + [8] => stripped + [9] => encoded + [10] => special_chars + [11] => unsafe_raw + [12] => email + [13] => url + [14] => number_int + [15] => number_float + [16] => magic_quotes + [17] => callback +) +]]> + + + + + + + + diff --git a/reference/filter/functions/input-get.xml b/reference/filter/functions/input-get.xml new file mode 100644 index 0000000000..7befd8ff95 --- /dev/null +++ b/reference/filter/functions/input-get.xml @@ -0,0 +1,139 @@ + + + + + + input_get + Gets variable from outside PHP and optionally filters it + + + &reftitle.description; + + mixedinput_get + inttype + stringvariable_name + intfilter + mixedflags + stringcharset + + + &warn.experimental.func; + + + + &reftitle.parameters; + + + + type + + + One of INPUT_GET, INPUT_POST, + INPUT_COOKIE, INPUT_SERVER, + INPUT_ENV, INPUT_SESSION (not + implemented yet) and 99 (serves for REQUEST for now). + + + + + variable_name + + + Name of a variable to get. + + + + + filter + + + Filter to apply. + + + + + flags + + + Associative array of options or bitwise disjunction of flags. If filter + accepts options, flags can be provided in "flags" field of array. + + + + + charset + + + Character set used for filtering. Currently no filter uses this + parameter. + + + + + + + + &reftitle.returnvalues; + + Value of the requested variable on success or &false; if variable has not + been found. + + + + + &reftitle.examples; + + + A <function>input_get</function> example + +Search again."; +?> +]]> + + &example.outputs.similar; + +Search again. +]]> + + + + + + + &reftitle.seealso; + + + filter_data + + + + + + + diff --git a/reference/filter/functions/input-has-variable.xml b/reference/filter/functions/input-has-variable.xml new file mode 100644 index 0000000000..b3b382afd5 --- /dev/null +++ b/reference/filter/functions/input-has-variable.xml @@ -0,0 +1,73 @@ + + + + + + input_has_variable + Checks if variable of specified type exists + + + &reftitle.description; + + boolinput_has_variable + inttype + stringvariable_name + + + &warn.experimental.func; + + + + &reftitle.parameters; + + + + type + + + One of INPUT_GET, INPUT_POST, + INPUT_COOKIE, INPUT_SERVER, + INPUT_ENV. + + + + + variable_name + + + Name of a variable to check. + + + + + + + + &reftitle.returnvalues; + + &return.success; + + + + + + diff --git a/reference/filter/functions/input-name-to-filter.xml b/reference/filter/functions/input-name-to-filter.xml new file mode 100644 index 0000000000..9eb9bdb79c --- /dev/null +++ b/reference/filter/functions/input-name-to-filter.xml @@ -0,0 +1,71 @@ + + + + + + input_name_to_filter + Returns the filter ID belonging to a named filter + + + &reftitle.description; + + intinput_name_to_filter + stringfiltername + + + &warn.experimental.func; + + + + &reftitle.parameters; + + + + filtername + + + Name of a filter to get. + + + + + + + + &reftitle.returnvalues; + + ID of a filter on success or &null; if filter doesn't exist. + + + + + &reftitle.seealso; + + + input_filters_list + + + + + + + diff --git a/reference/filter/ini.xml b/reference/filter/ini.xml new file mode 100644 index 0000000000..e833b3f09a --- /dev/null +++ b/reference/filter/ini.xml @@ -0,0 +1,88 @@ + + +
+ &reftitle.runtime; + &extension.runtime; + + + Filter Configuration Options + + + + Name + Default + Changeable + Changelog + + + + + filter.default + string + PHP_INI_ALL + + + + filter.default-flags + + PHP_INI_ALL + + + + +
+ &ini.php.constants; +
+ +&ini.descriptions.title; + + + + + + filter.default + string + + + + Filter all GET, POST, COOKIE (and REQUEST) data by this filter. + + + + + + + filter.default_flags + integer + + + + Default flags for filter_data. + + + + + + +
+ + diff --git a/reference/filter/reference.xml b/reference/filter/reference.xml new file mode 100644 index 0000000000..3e586599aa --- /dev/null +++ b/reference/filter/reference.xml @@ -0,0 +1,265 @@ + + + + + + + Filter Functions + Filter + + +
+ &reftitle.intro; + + This extension serves for validating and filtering data coming usually + from some insecure source such as user input. + + &warn.experimental; + + Following filters currently exist: + + Existing filters + + + + ID + Name + Options + Flags + Description + + + + + FILTER_VALIDATE_INT + int + + min_range, + max_range + + + FILTER_FLAG_ALLOW_OCTAL, + FILTER_FLAG_ALLOW_HEX + + Validates value as integer, optionally from the specified range. + + + FILTER_VALIDATE_BOOLEAN + boolean + + + + Returns &true; for "1", "true", "on" and "yes", + &false; for "0", "false", "off", "no", and "", + &null; otherwise. + + + + FILTER_VALIDATE_FLOAT + float + + + Validates value as float. + + + + FILTER_VALIDATE_REGEXP + validate_regexp + + regexp + + + Validates value against regexp. + + + FILTER_VALIDATE_URL + validate_url + + + FILTER_FLAG_SCHEME_REQUIRED, + FILTER_FLAG_HOST_REQUIRED, + FILTER_FLAG_PATH_REQUIRED, + FILTER_FLAG_QUERY_REQUIRED + + Validates value as URL, optionally with required components. + + + FILTER_VALIDATE_EMAIL + validate_email + + + Validates value as e-mail. + + + FILTER_VALIDATE_IP + validate_ip + + + FILTER_FLAG_IPV4, + FILTER_FLAG_IPV6, + FILTER_FLAG_NO_PRIV_RANGE, + FILTER_FLAG_NO_RES_RANGE + + + Validates value as IP address, optionally only IPv4 or IPv6 or not + from private or reserved ranges. + + + + + FILTER_SANITIZE_STRING + string + + + FILTER_FLAG_NO_ENCODE_QUOTES, + FILTER_FLAG_STRIP_LOW, + FILTER_FLAG_STRIP_HIGH, + FILTER_FLAG_ENCODE_LOW, + FILTER_FLAG_ENCODE_HIGH, + FILTER_FLAG_ENCODE_AMP + + Strip tags, optionally strip or encode special characters. + + + FILTER_SANITIZE_STRIPPED + stripped + + + Alias of "string" filter. + + + FILTER_SANITIZE_ENCODED + encoded + + + FILTER_FLAG_STRIP_LOW, + FILTER_FLAG_STRIP_HIGH, + FILTER_FLAG_ENCODE_LOW, + FILTER_FLAG_ENCODE_HIGH + + URL-encode string, optionally strip or encode special characters. + + + FILTER_SANITIZE_SPECIAL_CHARS + special_chars + + + FILTER_FLAG_STRIP_LOW, + FILTER_FLAG_STRIP_HIGH, + FILTER_FLAG_ENCODE_HIGH + + + HTML-escape '"<>& and characters with + ASCII value less than 32, optionally strip or encode other special + characters. + + + + FILTER_UNSAFE_RAW + unsafe_raw + + + FILTER_FLAG_STRIP_LOW, + FILTER_FLAG_STRIP_HIGH, + FILTER_FLAG_ENCODE_LOW, + FILTER_FLAG_ENCODE_HIGH, + FILTER_FLAG_ENCODE_AMP + + Do nothing, optionally strip or encode special characters. + + + FILTER_SANITIZE_EMAIL + email + + + + Remove all characters except letters, digits and + !#$%&'*+-/=?^_`{|}~@.[]. + + + + FILTER_SANITIZE_URL + url + + + + Remove all characters except, letters, digits and + $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=. + + + + FILTER_SANITIZE_NUMBER_INT + number_int + + + + Remove all characters except digits and +-. + + + + FILTER_SANITIZE_NUMBER_FLOAT + number_float + + + + Remove all characters except digits, +- and + optionally .,eE. + + + + FILTER_SANITIZE_MAGIC_QUOTES + magic_quotes + + + Apply addslashes. + + + + FILTER_CALLBACK + callback + + callback function or method + Call user-defined function to filter data. + + + +
+
+
+
+ &reftitle.required; + &no.requirement; +
+ + &reference.filter.configure; + &reference.filter.ini; + +
+ &reftitle.resources; + &no.resource; +
+ &reference.filter.constants; +
+ &reference.filter.functions; +
+ +