TigerZF
🌐English

Chapter 35. Zend_Filter

Table of Contents

35.1. Introduction
35.1.1. What is a filter?
35.1.2. Basic usage of filters
35.1.3. Using the static staticFilter() method
35.1.3.1. Namespaces
35.1.4. Double filtering
35.2. Standard Filter Classes
35.2.1. Alnum
35.2.1.1. Supported options for Zend_Filter_Alnum
35.2.1.2. Basic usage
35.2.1.3. Allow whitespaces
35.2.2. Alpha
35.2.2.1. Supported options for Zend_Filter_Alpha
35.2.2.2. Basic usage
35.2.2.3. Allow whitespace characters
35.2.3. BaseName
35.2.3.1. Supported options for Zend_Filter_BaseName
35.2.3.2. Basic usage
35.2.4. Boolean
35.2.4.1. Supported options for Zend_Filter_Boolean
35.2.4.2. Default behaviour for Zend_Filter_Boolean
35.2.4.3. Changing behaviour for Zend_Filter_Boolean
35.2.4.4. Localized booleans
35.2.4.5. Disable casting
35.2.5. Callback
35.2.5.1. Supported options for Zend_Filter_Callback
35.2.5.2. Basic usage
35.2.5.3. Default parameters within a callback
35.2.6. Compress and Decompress
35.2.6.1. Supported options for Zend_Filter_Compress and Zend_Filter_Decompress
35.2.6.2. Supported compression adapters
35.2.6.3. Generic handling
35.2.6.4. Creating an archive
35.2.6.5. Decompressing an archive
35.2.6.6. Bz2 Adapter
35.2.6.7. Gz Adapter
35.2.6.8. Lzf Adapter
35.2.6.9. Rar Adapter
35.2.6.10. Tar Adapter
35.2.6.11. Zip Adapter
35.2.7. Digits
35.2.7.1. Supported options for Zend_Filter_Digits
35.2.7.2. Basic usage
35.2.8. Dir
35.2.8.1. Supported options for Zend_Filter_Dir
35.2.8.2. Basic usage
35.2.9. Encrypt and Decrypt
35.2.9.1. Supported options for Zend_Filter_Encrypt and Zend_Filter_Decrypt
35.2.9.2. Adapter usage
35.2.9.3. Encryption with Mcrypt
35.2.9.4. Decryption with Mcrypt
35.2.9.5. Encryption with OpenSSL
35.2.9.5.1. Simplified usage with Openssl
35.2.9.5.2. Compressing the content
35.2.9.6. Decryption with OpenSSL
35.2.10. HtmlEntities
35.2.10.1. Supported options for Zend_Filter_HtmlEntities
35.2.10.2. Basic usage
35.2.10.3. Quote Style
35.2.10.4. Helper Methods
35.2.11. Int
35.2.11.1. Supported options for Zend_Filter_Int
35.2.11.2. Basic usage
35.2.12. LocalizedToNormalized and NormalizedToLocalized
35.2.12.1. Supported options for Zend_Filter_LocalizedToNormalized and Zend_Filter_NormalizedToLocalized
35.2.12.2. Workflow
35.2.12.3. Normalization for numbers
35.2.12.4. Normalization for date and time
35.2.12.5. Localization for numbers
35.2.12.6. Localization for date and time
35.2.13. Null
35.2.13.1. Supported options for Zend_Filter_Null
35.2.13.2. Default behaviour for Zend_Filter_Null
35.2.13.3. Changing behaviour for Zend_Filter_Null
35.2.14. PregReplace
35.2.14.1. Supported options for Zend_Filter_PregReplace
35.2.14.2. Basic usage
35.2.15. RealPath
35.2.15.1. Supported options for Zend_Filter_RealPath
35.2.15.2. Basic usage
35.2.15.3. Non existing paths
35.2.16. StringToLower
35.2.16.1. Supported options for Zend_Filter_StringToLower
35.2.16.2. Basic usage
35.2.16.3. Different encoded strings
35.2.17. StringToUpper
35.2.17.1. Supported options for Zend_Filter_StringToUpper
35.2.17.2. Basic usage
35.2.17.3. Different encoded strings
35.2.18. StringTrim
35.2.18.1. Supported options for Zend_Filter_StringTrim
35.2.18.2. Basic usage
35.2.18.3. Default behaviour for Zend_Filter_StringTrim
35.2.19. StripNewLines
35.2.19.1. Supported options for Zend_Filter_StripNewLines
35.2.19.2. Basic usage
35.2.20. StripTags
35.2.20.1. Supported options for Zend_Filter_StripTags
35.2.20.2. Basic usage
35.2.20.3. Allowing defined tags
35.2.20.4. Allowing defined attributes
35.3. Filter Chains
35.3.1. Changing filter chain order
35.4. Writing Filters
35.5. Zend_Filter_Input
35.5.1. Declaring Filter and Validator Rules
35.5.2. Creating the Filter and Validator Processor
35.5.3. Retrieving Validated Fields and other Reports
35.5.3.1. Querying if the input is valid
35.5.3.2. Getting Invalid, Missing, or Unknown Fields
35.5.3.3. Getting Valid Fields
35.5.4. Using Metacommands to Control Filter or Validator Rules
35.5.4.1. The FIELDS metacommand
35.5.4.2. The PRESENCE metacommand
35.5.4.3. The DEFAULT_VALUE metacommand
35.5.4.4. The ALLOW_EMPTY metacommand
35.5.4.5. The BREAK_CHAIN metacommand
35.5.4.6. The MESSAGES metacommand
35.5.4.7. Using options to set metacommands for all rules
35.5.5. Adding Filter Class Namespaces
35.6. Zend_Filter_Inflector
35.6.1. Operation
35.6.2. Setting Paths To Alternate Filters
35.6.3. Setting the Inflector Target
35.6.4. Inflection Rules
35.6.4.1. Static Rules
35.6.4.2. Filter Inflector Rules
35.6.4.3. Setting Many Rules At Once
35.6.5. Utility Methods
35.6.6. Using Zend_Config with Zend_Filter_Inflector

35.1. Introduction

The Zend_Filter component provides a set of commonly needed data filters. It also provides a simple filter chaining mechanism by which multiple filters may be applied to a single datum in a user-defined order.

35.1.1. What is a filter?

In the physical world, a filter is typically used for removing unwanted portions of input, and the desired portion of the input passes through as filter output (e.g., coffee). In such scenarios, a filter is an operator that produces a subset of the input. This type of filtering is useful for web applications - removing illegal input, trimming unnecessary white space, etc.

This basic definition of a filter may be extended to include generalized transformations upon input. A common transformation applied in web applications is the escaping of HTML entities. For example, if a form field is automatically populated with untrusted input (e.g., from a web browser), this value should either be free of HTML entities or contain only escaped HTML entities, in order to prevent undesired behavior and security vulnerabilities. To meet this requirement, HTML entities that appear in the input must either be removed or escaped. Of course, which approach is more appropriate depends on the situation. A filter that removes the HTML entities operates within the scope of the first definition of filter - an operator that produces a subset of the input. A filter that escapes the HTML entities, however, transforms the input (e.g., "&" is transformed to "&"). Supporting such use cases for web developers is important, and "to filter," in the context of using Zend_Filter, means to perform some transformations upon input data.

35.1.2. Basic usage of filters

Having this filter definition established provides the foundation for Zend_Filter_Interface, which requires a single method named filter() to be implemented by a filter class.

Following is a basic example of using a filter upon two input data, the ampersand (&) and double quote (") characters:

$htmlEntities = new Zend_Filter_HtmlEntities();

echo $htmlEntities->filter('&'); // &
echo $htmlEntities->filter('"'); // "

35.1.3. Using the static staticFilter() method

If it is inconvenient to load a given filter class and create an instance of the filter, you can use the static method Zend_Filter::filterStatic() as an alternative invocation style. The first argument of this method is a data input value, that you would pass to the filter() method. The second argument is a string, which corresponds to the basename of the filter class, relative to the Zend_Filter namespace. The staticFilter() method automatically loads the class, creates an instance, and applies the filter() method to the data input.

echo Zend_Filter::filterStatic('&', 'HtmlEntities');

You can also pass an array of constructor arguments, if they are needed for the filter class.

echo Zend_Filter::filterStatic('"',
                               'HtmlEntities',
                               array('quotestyle' => ENT_QUOTES));

The static usage can be convenient for invoking a filter ad hoc, but if you have the need to run a filter for multiple inputs, it's more efficient to follow the first example above, creating an instance of the filter object and calling its filter() method.

Also, the Zend_Filter_Input class allows you to instantiate and run multiple filter and validator classes on demand to process sets of input data. See Zend_Filter_Input.

35.1.3.1. Namespaces

When working with self defined filters you can give a fourth parameter to Zend_Filter::filterStatic() which is the namespace where your filter can be found.

echo Zend_Filter::filterStatic(
    '"',
    'MyFilter',
    array($parameters),
    array('FirstNamespace', 'SecondNamespace')
);

Zend_Filter allows also to set namespaces as default. This means that you can set them once in your bootstrap and have not to give them again for each call of Zend_Filter::filterStatic(). The following code snippet is identical to the above one.

Zend_Filter::setDefaultNamespaces(array('FirstNamespace', 'SecondNamespace'));
echo Zend_Filter::filterStatic('"', 'MyFilter', array($parameters));
echo Zend_Filter::filterStatic('"', 'OtherFilter', array($parameters));

For your convenience there are following methods which allow the handling of namespaces:

  • Zend_Filter::getDefaultNamespaces(): Returns all set default namespaces as array.

  • Zend_Filter::setDefaultNamespaces(): Sets new default namespaces and overrides any previous set. It accepts either a string for a single namespace of an array for multiple namespaces.

  • Zend_Filter::addDefaultNamespaces(): Adds additional namespaces to already set ones. It accepts either a string for a single namespace of an array for multiple namespaces.

  • Zend_Filter::hasDefaultNamespaces(): Returns TRUE when one or more default namespaces are set, and FALSE when no default namespaces are set.

35.1.4. Double filtering

When using two filters after each other you have to keep in mind that it is often not possible to get the original output by using the opposite filter. Take the following example:

$original = "my_original_content";

// Attach a filter
$filter   = new Zend_Filter_Word_UnderscoreToCamelCase();
$filtered = $filter->filter($original);

// Use it's opposite
$filter2  = new Zend_Filter_Word_CamelCaseToUnderscore();
$filtered = $filter2->filter($filtered)

The above code example could lead to the impression that you will get the original output after the second filter has been applied. But thinking logically this is not the case. After applying the first filter my_original_content will be changed to MyOriginalContent. But after applying the second filter the result is My_Original_Content.

As you can see it is not always possible to get the original output by using a filter which seems to be the opposite. It depends on the filter and also on the given input.