Skip to content
This repository has been archived by the owner on Jan 16, 2019. It is now read-only.

Docs Request FiltersBefore130

Jump to bottom
Frank Kleine edited this page Apr 7, 2012 · 1 revision

Table of Contents

Creating filters

Applies to all Stubbles versions smaller than 1.3.0. For Stubbles 1.3.0 or greater please see Filters.

While the net::stubbles::ipo::request::filters package contains a whole bunch of filters where it is difficult to remember which filter to use for what and what they require, there is an easy way to create filter objects with the stubFilterFactory.

Numeric filters

To create a filter that filters values for numeric values, use this piece of code: 

$int = $request->filter()->readInt('paramName');
$float = $request->filter()->readFloat('paramName');

Both filters will cast a given value to the respective type using the native PHP function settype.

Sometimes it is necessary to limit the lower and/or upper border of these values: 

// value must be 1, 2, 3 or 4
$int = $request->filter()->readInt('paramName', 1, 4);
// value must be between 3.03 and 3.13
$float = $request->filter()->readFloat('paramName', 3.03, 3.13);

This will force the filter to do additionally checks, if the value is inside these borders. If you only want an upper border, use null for the first argument, if you only want a lower border use null for the second argument: 

// value must be equal to or smaller than 4
$int = $request->filter()->readInt('paramName', null, 4);
// value must be equal to or greater than 3.03
$float = $request->filter()->readFloat('paramName', 3.03, null);

Please note that the borders are inclusive and therefore valid values itself.

String filters

There are two kind of string filters available: 

$string = $request->filter()->readString('paramName');
$text = $request->filter()->readText('paramName');

While the string filter will remove all line breaks the text filter only removes windows line feeds, leaving unix line breaks. Both remove HTML tags from the value, but the text filter can be configured to allow certain type of tags: 

$textFilter = $request->filter()->create('text')->setAllowedTags(array('b', 'i'));
echo $textFilter->execute('This <b>text</b> <i>contains</i> a <a href="http://stubbles.org/">link</a>.');
The result will be This <b>text</b> <i>contains</i> a link. Please be aware that allowing any tag does not protect you against XSS attacks when using this filter.

Additionally you may sometimes check for the length of the string: 

// only strings with 2, 3, 4 or 5 characters are allowed
$string = $request->filter()->readString('paramName', 2, 5);
$text = $request->filter()->readText('paramName', 2, 5);

If you only want an upper border, use null for the first argument, if you only want a lower border use null for the second argument: 

// string must be at least 2 characters long
$string = $request->filter()->readString('paramName', 2, null);
// string may be maximal 5 characters long
$text = $request->filter()->readText('paramName', null, 5);

Date filter

A date filter supports to change arbitrary date input into an instance of net::stubbles::lang::types::stubDate: 

$date = $request->filter()->readDate('paramName');

Sometimes it is necessary to check if the submitted date is inbetween other dates: 

$dateFilter = $request->filter()->readDate('paramName', new stubDate('-3 days'), new stubDate('+ 5 days'));

Of course it is possible to just set a lower or upper border. This creates a filter which accepts all dates in the past including today: 

$dateFilter = $request->filter()->readDate('paramName', null, stubDate::now());

Here is a filter which accepts future dates only: 

$dateFilter = $request->filter()->readDate('paramName', new stubDate('+ 1 day'), null);

Other filters

HTTP filter

The HTTP filter checks if the given value is a valid URL with scheme HTTP or HTTPS. 

$http = $request->filter()->readHttpUrl('paramName');

It is possible to enable DNS checks, which are carried out by default: 

$httpFilter = $request->filter()->readHttpUrl('paramName', true);

Please note that this does not change the filter behaviour on Windows systems, as PHP before version 5.3 has no support for DNS checks under Windows.

Mail filter

The mail filter checks if the given value is a valid mail address: 

$mail = $request->filter()->readMail('paramName');

Password filter

The password filter is able to do some specialised checks: 

$password = $request->filter()->readPassword('paramName');
If the value to filter is an array the fields with key 0 and 1 are compared. If they are not equal the password is not allowed. This can be used to prevent mistyped passwords in register or password change forms.

Additionally it is possible to set the minimum amount of different characters a password must contain: 

$password = $request->filter()->readPassword('paramName', 3);
A password checked against this filter must contain at least three different characters.

It is possible to check against a list of non-allowed passwords (e.g. the username or the login name): 

$password = $request->filter()->readPassword('paramName', null, array('foo', 'bar', 'baz'));
Now the values foo, bar and baz are not allowed as passwords any more.
Clone this wiki locally