Table of Contents
The Zend_Filter
component provides a set of commonly needed data
filters. It also provides a simple filter chaining mechanism by which
multiple filters may be applied to a single datum in a user-defined
order.
In the physical world, a filter is typically used for removing unwanted portions of input, and the desired portion of the input passes through as filter output (e.g., coffee). In such scenarios, a filter is an operator that produces a subset of the input. This type of filtering is useful for web applications - removing illegal input, trimming unnecessary white space, etc.
This basic definition of a filter may be extended to include
generalized transformations upon input. A common transformation
applied in web applications is the escaping of HTML entities. For
example, if a form field is automatically populated with untrusted
input (e.g., from a web browser), this value should either be free
of HTML entities or contain only escaped HTML entities, in order to
prevent undesired behavior and security vulnerabilities. To meet
this requirement, HTML entities that appear in the input must
either be removed or escaped. Of course, which approach is more
appropriate depends on the situation. A filter that removes the
HTML entities operates within the scope of the first definition of
filter - an operator that produces a subset of the input. A filter
that escapes the HTML entities, however, transforms the input
(e.g., "&
" is transformed to
"&
"). Supporting such use cases for web
developers is important, and "to filter," in the context of using
Zend_Filter
, means to perform some transformations upon input data.
Having this filter definition established provides the foundation
for Zend_Filter_Interface
, which requires a single
method named filter()
to be implemented by a filter
class.
Following is a basic example of using a filter upon two input data,
the ampersand (&
) and double quote
("
) characters:
$htmlEntities = new Zend_Filter_HtmlEntities(); echo $htmlEntities->filter('&'); // & echo $htmlEntities->filter('"'); // "
If it is inconvenient to load a given filter class and create an
instance of the filter, you can use the static method
Zend_Filter::filterStatic()
as an alternative invocation style.
The first argument of this method is a data input value, that you
would pass to the filter()
method. The second
argument is a string, which corresponds to the basename of the
filter class, relative to the Zend_Filter namespace. The
staticFilter()
method automatically loads the class, creates
an instance, and applies the filter()
method to the data
input.
echo Zend_Filter::filterStatic('&', 'HtmlEntities');
You can also pass an array of constructor arguments, if they are needed for the filter class.
echo Zend_Filter::filterStatic('"', 'HtmlEntities', array(ENT_QUOTES));
The static usage can be convenient for invoking a filter ad hoc,
but if you have the need to run a filter for multiple inputs,
it's more efficient to follow the first example above,
creating an instance of the filter object and calling its
filter()
method.
Also, the Zend_Filter_Input
class allows you to instantiate and run
multiple filter and validator classes on demand to process
sets of input data. See Section 22.5, “Zend_Filter_Input”.
When working with self defined filters you can give a forth parameter
to Zend_Filter::filterStatic()
which is the namespace
where your filter can be found.
echo Zend_Filter::filterStatic( '"', 'MyFilter', array($parameters), array('FirstNamespace', 'SecondNamespace') );
Zend_Filter
allows also to set namespaces as default.
This means that you can set them once in your bootstrap and have not to give
them again for each call of Zend_Filter::filterStatic()
.
The following code snippet is identical to the above one.
Zend_Filter::setDefaultNamespaces(array('FirstNamespace', 'SecondNamespace')); echo Zend_Filter::filterStatic('"', 'MyFilter', array($parameters)); echo Zend_Filter::filterStatic('"', 'OtherFilter', array($parameters));
For your convinience there are following methods which allow the handling of namespaces:
Zend_Filter::getDefaultNamespaces()
:
Returns all set default namespaces as array.
Zend_Filter::setDefaultNamespaces()
:
Sets new default namespaces and overrides any previous set. It accepts
eighter a string for a single namespace of an array for multiple namespaces.
Zend_Filter::addDefaultNamespaces()
:
Adds additional namespaces to already set ones. It accepts eighter a string
for a single namespace of an array for multiple namespaces.
Zend_Filter::hasDefaultNamespaces()
:
Returns true when one or more default namespaces are set, and false when no
default namespaces are set.