Filtering class
Posted: Tue Dec 28, 2010 2:29 pm
Please have a look at my filtering functions. Feedback is very appreciated because of security reasons.
Code: Select all
<?php
class Filters
{
static $Regex = array('\\' => '\\\\', '^' => '\^', '$' => '\$', '.' => '\.', '[' => '\[', ']' => '\]', '(' => '\(', ')' => '\)', '?' => '\?', '*' => '\*', '+' => '\+', '{' => '\{', '}' => '\}', '-' => '\-', '|' => '\|');
private static function Filter($Type, $Input, $List = null, $Default = null)
{
$Output = null;
if(is_array($Input))
{
foreach($Input as $Key => $Item)
{
$Output[$Key] = Filters::Filter($Type, $Input, $List, $Default);
}
} else {
switch($Type)
{
case 1:
$Output = strip_tags($Input);
$Output = preg_replace('/(&)(amp|quot|lt|gt);/i', '&$2', htmlspecialchars($Output, ENT_COMPAT, 'UTF-8'));
$Output = trim($Output);
$Output = UTF8::substr($Output, 0, 4096);
break;
case 2:
$Output = preg_replace('/[^a-z0-9\_\-]/i', '', Filters::Sql($Input));
break;
case 3:
$Output = intval($Input);
break;
case 4:
$Output = Filters::Strict($Input);
if(is_array($List) && !in_array($Input, $List))
{
$Output = $Default;
}
break;
case 5:
$Output = preg_replace('/ALTER TABLE|ANALYZE|ATTACH DATABASE|BEGIN TRANSACTION|COMMIT TRANSACTION|CREATE INDEX|CREATE TABLE|CREATE TRIGGER|CREATE VIEW|CREATE VIRTUAL TABLE|DELETE|DETACH DATABASE|DROP INDEX|DROP TABLE|DROP TRIGGER|DROP VIEW|END TRANSACTION|EXPLAIN|INSERT|ON CONFLICT|PRAGMA|REINDEX|REPLACE|ROLLBACK TRANSACTION|SELECT|UPDATE|VACUUM|--|;/i', '', $Input);
break;
case 6:
$Output = preg_replace('/[\\\\<>"\*:]/i', '', $Input);
break;
case 7:
$Output = preg_replace('/[^\:\;\!\#\$\%\&\'\*\+\-\/\=\?\^\_\`\{\|\}\~\@\.\[\]|\w+]/i', '', $Input);
break;
case 8:
$Output = preg_replace('/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i', '', $Input);
break;
case 9:
$Output = str_replace(array_keys(Filters::$Regex), array_values(Filters::$Regex), $Input);
break;
}
}
return $Output;
}
static function Basic($Input)
{
return Filters::Filter(1, $Input);
}
static function Strict($Input)
{
return Filters::Filter(2, $Input);
}
static function Numeric($Input)
{
return Filters::Filter(3, $Input);
}
static function Range($Input, $List, $Default = null)
{
return Filters::Filter(4, $Input, $List, $Default);
}
static function Sql($Input)
{
return Filters::Filter(5, $Input);
}
static function Path($Input)
{
return Filters::Filter(6, $Input);
}
static function Url($Input)
{
return Filters::Filter(7, $Input);
}
static function Mail($Input)
{
return Filters::Filter(8, $Input);
}
static function Regex($Input)
{
return Filters::Filter(9, $Input);
}
}
?>