Filter lib

This guide provides documentation for the filter class methods used in the AVRO framework.

The filter library is responsible for sanitizing input data, cleaning superglobals, and providing convenient helpers to retrieve values from request-related arrays in a safe way.

Notes:

By default, getters like post(), request(), server(), etc. HTML-encode returned values. Pass $encode_html_entities = false if you need raw values.
XSS-cleaning can be enabled per-call with $clean_xss = true and optionally strip HTML tags with $strip_tags = true.
clean_globals() resets $_GET to an empty array, normalizes/cleans other superglobals, and prepares _PUT and _DELETE for RESTful requests.

`clean_globals()`

Clean framework superglobals at the beginning of a request.

Unsets deprecated PHP globals
Defines and fills _PUT and _DELETE when applicable
Resets $_GET to an empty array
Cleans _SERVER, _POST, _REQUEST, _COOKIE, _FILES, _SESSION, _PUT, _DELETE, and argv
Optionally applies XSS cleaning

Parameters: bool $xss_clean = false

Usage Example:

$this->lib->filter->clean_globals(); // Clean without XSS stripping
$this->lib->filter->clean_globals(true); // Additionally XSS-clean all superglobals

`clean_url()`

Clean URL-related server variables and the configured HTTP GET variable.

Validates and normalizes HTTP_HOST
Cleans REQUEST_URI, QUERY_STRING, REDIRECT_URL, REDIRECT_QUERY_STRING, and argv[0]
Cleans $_REQUEST[$http_get_var] if present

Parameters: string $http_get_var

Usage Example:

// Typically used by URL parsing logic
$this->lib->filter->clean_url('q');
// or
$this->lib->filter->clean_url($this->lib->config->item_get('http_get_var', 'HTTP'));

`clean_data()`

Trim and normalize data (recursively for arrays). For associative arrays, keys are cleaned via strip_chars() allowing only a-z, A-Z, 0-9, -, _, ..

Parameters: mixed $data

Usage Example:

$this->lib->filter->clean_data("  Hello\r\n"); // "Hello\n"
$this->lib->filter->clean_data([' key ' => "  value  "]); // ['key' => 'value']

`clean_xss()`

Clean data from common XSS vectors (recursively for arrays). Replaces/strips dangerous expressions, attributes, tags, and scripts. Optionally strips all HTML tags.

Parameters: mixed $data, bool $clean_tags = false

Usage Example:

$this->lib->filter->clean_xss('<img onerror="alert(1)" src=x>'); // img tag sanitized
$this->lib->filter->clean_xss('<b>Hello</b>', true); // "Hello"

`clean_source()`

Replace calls to certain dangerous functions (php/js) with safe equivalents using HTML entities for parentheses.

Parameters: string $data

Usage Example:

$this->lib->filter->clean_source('eval("echo 123;")'); // 'eval &#40;"echo 123;"&#41;'

`clean_nl()`

Normalize new lines depending on the run mode.

In CLI: convert to \n
Otherwise: apply nl2br()

Parameters: string $data

Usage Example:

$this->lib->filter->clean_nl("Line1\r\nLine2");

`clean_url_string()`

Make a string URL-friendly: lowercase, replace spaces with -, allow only a-z, 0-9, ., -, _, collapse duplicates, trim edges, and limit length.

Parameters: string $data

Usage Example:

$this->lib->filter->clean_url_string('  My Article Title!!!  '); // 'my-article-title'

`strip_chars()`

Remove all characters except alphanumerics and those explicitly allowed.

Parameters: string $data, array|null $allowed_chars = null

Usage Example:

$this->lib->filter->strip_chars('file@name#.jpg', ['.', '-', '_']); // 'filename.jpg'

`strip_attributes()`

Remove attributes starting with on* or xmlns.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_attributes('<div onclick="do()">x</div>'); // '<div >x</div>'

`strip_tabs()`

Convert tabs to the specified character (empty string by default).

Parameters: string $data, string $char = ''

Usage Example:

$this->lib->filter->strip_tabs("A\tB\tC", ' '); // 'A B C'

`strip_image_tags()`

Remove <img> tags. Optionally keep only the src value if $keep_src is true.

Parameters: string $data, bool $keep_src = false

Usage Example:

$this->lib->filter->strip_image_tags('<p><img src="/a.png"> Hi</p>'); // '<p> Hi</p>'
$this->lib->filter->strip_image_tags('<img src="/a.png">', true); // '/a.png'

`strip_hyperlinks()`

Remove <a> tags and their content.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_hyperlinks('<a href="#">Click</a> here'); // ' here'

`strip_meta()`

Remove <meta> tags.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_meta('<meta charset="utf-8"><div>Text</div>'); // '<div>Text</div>'

`strip_styles()`

Remove style definitions: <style>...</style> and <link rel="stylesheet" ...>.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_styles('<style>p{}</style><p>Text</p>'); // '<p>Text</p>'

`strip_scripts()`

Remove <script> blocks and PHP code blocks.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_scripts('<script>alert(1)</script><?php echo 1; ?>'); // ''

`strip_comments()`

Remove HTML comments and, if $non_html is true (default), also remove /* ... */ and // ... code comments.

Parameters: string $data, bool $non_html = true

Usage Example:

$this->lib->filter->strip_comments('<div><!-- c --></div>'); // '<div></div>'

`strip_tags()`

Remove any HTML tags (using the library's internal regex).

Parameters: string $data

Usage Example:

$this->lib->filter->strip_tags('<b>x</b>'); // 'x'

`strip_whitespaces()`

Remove newlines/tabs and collapse multiple spaces into a single space.

Parameters: string $data

Usage Example:

$this->lib->filter->strip_whitespaces("A\n\t  B   C"); // 'A B C'

`encode_html_entities()`

Encode HTML entities (recursively for arrays). Default encoding is UTF-8.

Parameters: mixed $data, string|null $encoding = null

Usage Example:

$this->lib->filter->encode_html_entities('<b>'); // '&lt;b&gt;'

`decode_html_entities()`

Decode HTML entities (recursively for arrays). Default encoding is UTF-8.

Parameters: mixed $data, string|null $encoding = null

Usage Example:

$this->lib->filter->decode_html_entities('&lt;b&gt;'); // '<b>'

`post()`

Return cleaned $_POST array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->post(); // whole POST array (HTML-encoded)
$this->lib->filter->post('username'); // encoded value
$this->lib->filter->post('comment', false, true); // raw value, XSS-cleaned

`put()`

Return cleaned _PUT array or a specific item (for RESTful requests).

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->put();
$this->lib->filter->put('id', false, true);

`delete()`

Return cleaned _DELETE array or a specific item (for RESTful requests).

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->delete();
$this->lib->filter->delete('id');

`request()`

Return cleaned $_REQUEST array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->request();
$this->lib->filter->request('q', false, true); // e.g., for query parameters

`cookie()`

Return cleaned $_COOKIE array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->cookie();
$this->lib->filter->cookie('session');

`files()`

Return cleaned $_FILES array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->files();
$this->lib->filter->files('upload');

`server()`

Return cleaned $_SERVER array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->server();
$this->lib->filter->server('HTTP_HOST');

`session()`

Return cleaned $_SESSION array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->session();
$this->lib->filter->session('user_id');

`argv()`

Return cleaned argv array or a specific item.

Parameters: mixed $item = null, bool $encode_html_entities = true, bool $clean_xss = false, bool $strip_tags = false

Usage Example:

$this->lib->filter->argv();
$this->lib->filter->argv(0);

See also: Lib instance and usage
URL processing: URL lib

clean_globals()​

clean_url()​

clean_data()​

clean_xss()​

clean_source()​

clean_nl()​

clean_url_string()​

strip_chars()​

strip_attributes()​

strip_tabs()​

strip_image_tags()​

strip_hyperlinks()​

strip_meta()​

strip_styles()​

strip_scripts()​

strip_comments()​

strip_tags()​

strip_whitespaces()​

encode_html_entities()​

decode_html_entities()​

post()​

put()​

delete()​

request()​

cookie()​

files()​

server()​

session()​

argv()​

Related​

`clean_globals()`

`clean_url()`

`clean_data()`

`clean_xss()`

`clean_source()`

`clean_nl()`

`clean_url_string()`

`strip_chars()`

`strip_attributes()`

`strip_tabs()`

`strip_image_tags()`

`strip_hyperlinks()`

`strip_meta()`

`strip_styles()`

`strip_scripts()`

`strip_comments()`

`strip_tags()`

`strip_whitespaces()`

`encode_html_entities()`

`decode_html_entities()`

`post()`

`put()`

`delete()`

`request()`

`cookie()`

`files()`

`server()`

`session()`

`argv()`

Related