PHP Class Contao\Input

The class functions as an adapter for the global input arrays ($_GET, $_POST, $_COOKIE) and safely returns their values. To prevent XSS vulnerabilities, you should always use the class when reading user input. Usage: if (Input::get('action') == 'register') { $username = Input::post('username'); $password = Input::post('password'); }
Show file Open project: contao/core-bundle Class Usage Examples

Protected Properties

Property Type Description
$arrCache array Cache
$arrUnusedGet array Unused $_GET parameters
$blnMagicQuotes boolean Magic quotes setting
$objInstance Input Object instance (Singleton)

Public Methods

Method Description
__clone ( ) Prevent cloning of the object (Singleton)
cleanKey ( mixed $varValue ) : mixed Sanitize the variable names (thanks to Andreas Schempp)
cookie ( string $strKey, boolean $blnDecodeEntities = false ) : mixed Return a $_COOKIE variable
decodeEntities ( mixed $varValue ) : mixed Decode HTML entities
encodeInsertTags ( string $varValue ) : string Encode the opening and closing delimiters of insert tags
encodeSpecialChars ( mixed $varValue ) : mixed Encode special characters which are potentially dangerous
findPost ( string $strKey ) : mixed Fallback to the session form data if there is no post data
get ( string $strKey, boolean $blnDecodeEntities = false, boolean $blnKeepUnused = false ) : mixed Return a $_GET variable
getInstance ( ) : Input Return the object instance (Singleton)
getUnusedGet ( ) : array Return the unused GET parameters as array
hasUnusedGet ( ) : boolean Return whether there are unused GET parameters
initialize ( ) Clean the global GPC arrays
post ( string $strKey, boolean $blnDecodeEntities = false ) : mixed Return a $_POST variable
postHtml ( string $strKey, boolean $blnDecodeEntities = false ) : mixed Return a $_POST variable preserving allowed HTML tags
postRaw ( string $strKey ) : mixed Return a raw, unsafe $_POST variable
postUnsafeRaw ( string $strKey ) : mixed Return a raw, unsafe and unfiltered $_POST variable
preserveBasicEntities ( mixed $varValue ) : mixed Preserve basic entities by replacing them with square brackets (e.g. & becomes [amp])
resetCache ( ) Reset the internal cache
setCookie ( string $strKey, mixed $varValue ) Set a $_COOKIE variable
setGet ( string $strKey, mixed $varValue, boolean $blnAddUnused = false ) Set a $_GET variable
setPost ( string $strKey, mixed $varValue ) Set a $_POST variable
setUnusedGet ( string $strKey, mixed $varValue ) Set an unused GET parameter
stripSlashes ( mixed $varValue ) : mixed Strip slashes
stripTags ( mixed $varValue, string $strAllowedTags = '' ) : mixed Strip HTML and PHP tags preserving HTML comments
xssClean ( mixed $varValue, boolean $blnStrictMode = false ) : mixed Clean a value and try to prevent XSS attacks

Protected Methods

Method Description
__construct ( ) Clean the keys of the request arrays

Method Details

__clone() final public method

Prevent cloning of the object (Singleton)
Deprecation: Deprecated since Contao 4.0, to be removed in Contao 5.0. The Input class is now static.
final public __clone ( )

__construct() protected method

Clean the keys of the request arrays
Deprecation: Deprecated since Contao 4.0, to be removed in Contao 5.0. The Input class is now static.
protected __construct ( )

cleanKey() public static method

Sanitize the variable names (thanks to Andreas Schempp)
public static cleanKey ( mixed $varValue ) : mixed
$varValue mixed A variable name or an array of variable names
return mixed The clean name or array of names

decodeEntities() public static method

Decode HTML entities
public static decodeEntities ( mixed $varValue ) : mixed
$varValue mixed A string or array
return mixed The decoded string or array

encodeInsertTags() public static method

Encode the opening and closing delimiters of insert tags
public static encodeInsertTags ( string $varValue ) : string
$varValue string The input string
return string The encoded input string

encodeSpecialChars() public static method

Encode special characters which are potentially dangerous
public static encodeSpecialChars ( mixed $varValue ) : mixed
$varValue mixed A string or array
return mixed The encoded string or array

findPost() public static method

Fallback to the session form data if there is no post data
public static findPost ( string $strKey ) : mixed
$strKey string The variable name
return mixed The variable value

get() public static method

Return a $_GET variable
public static get ( string $strKey, boolean $blnDecodeEntities = false, boolean $blnKeepUnused = false ) : mixed
$strKey string The variable name
$blnDecodeEntities boolean If true, all entities will be decoded
$blnKeepUnused boolean If true, the parameter will not be marked as used (see #4277)
return mixed The cleaned variable value

getInstance() public static method

Return the object instance (Singleton)
Deprecation: Deprecated since Contao 4.0, to be removed in Contao 5.0. The Input class is now static.
public static getInstance ( ) : Input
return Input The object instance

getUnusedGet() public static method

Return the unused GET parameters as array
public static getUnusedGet ( ) : array
return array The unused GET parameter array

hasUnusedGet() public static method

Return whether there are unused GET parameters
public static hasUnusedGet ( ) : boolean
return boolean True if there are unused GET parameters

initialize() public static method

Clean the global GPC arrays
public static initialize ( )

post() public static method

Return a $_POST variable
public static post ( string $strKey, boolean $blnDecodeEntities = false ) : mixed
$strKey string The variable name
$blnDecodeEntities boolean If true, all entities will be decoded
return mixed The cleaned variable value

postHtml() public static method

Return a $_POST variable preserving allowed HTML tags
public static postHtml ( string $strKey, boolean $blnDecodeEntities = false ) : mixed
$strKey string The variable name
$blnDecodeEntities boolean If true, all entities will be decoded
return mixed The cleaned variable value

postRaw() public static method

Return a raw, unsafe $_POST variable
public static postRaw ( string $strKey ) : mixed
$strKey string The variable name
return mixed The raw variable value

postUnsafeRaw() public static method

Return a raw, unsafe and unfiltered $_POST variable
public static postUnsafeRaw ( string $strKey ) : mixed
$strKey string The variable name
return mixed The raw variable value

preserveBasicEntities() public static method

Preserve basic entities by replacing them with square brackets (e.g. & becomes [amp])
public static preserveBasicEntities ( mixed $varValue ) : mixed
$varValue mixed A string or array
return mixed The string or array with the converted entities

resetCache() public static method

Reset the internal cache
public static resetCache ( )

setCookie() public static method

Set a $_COOKIE variable
public static setCookie ( string $strKey, mixed $varValue )
$strKey string The variable name
$varValue mixed The variable value

setGet() public static method

Set a $_GET variable
public static setGet ( string $strKey, mixed $varValue, boolean $blnAddUnused = false )
$strKey string The variable name
$varValue mixed The variable value
$blnAddUnused boolean If true, the value usage will be checked

setPost() public static method

Set a $_POST variable
public static setPost ( string $strKey, mixed $varValue )
$strKey string The variable name
$varValue mixed The variable value

setUnusedGet() public static method

Set an unused GET parameter
public static setUnusedGet ( string $strKey, mixed $varValue )
$strKey string The array key
$varValue mixed The array value

stripSlashes() public static method

Strip slashes
Deprecation: Deprecated since Contao 3.5, to be removed in Contao 5. Since get_magic_quotes_gpc() always returns false in PHP 5.4+, the method was never actually executed.
public static stripSlashes ( mixed $varValue ) : mixed
$varValue mixed A string or array
return mixed The string or array without slashes

stripTags() public static method

Strip HTML and PHP tags preserving HTML comments
public static stripTags ( mixed $varValue, string $strAllowedTags = '' ) : mixed
$varValue mixed A string or array
$strAllowedTags string A string of tags to preserve
return mixed The cleaned string or array

xssClean() public static method

Clean a value and try to prevent XSS attacks
public static xssClean ( mixed $varValue, boolean $blnStrictMode = false ) : mixed
$varValue mixed A string or array
$blnStrictMode boolean If true, the function removes also JavaScript event handlers
return mixed The cleaned string or array

Property Details

$arrCache protected static property

Cache
protected static array $arrCache
return array

$arrUnusedGet protected static property

Unused $_GET parameters
protected static array $arrUnusedGet
return array

$blnMagicQuotes protected static property

Magic quotes setting
protected static bool $blnMagicQuotes
return boolean

$objInstance protected static property

Object instance (Singleton)
protected static Input,contao $objInstance
return Input