22.2. Standard Filter Classes

Zend Framework comes with a standard set of filters, which are ready for you to use.

22.2.1. Alnum

Returns the string $value, removing all but alphabetic and digit characters. This filter includes an option to also allow white space characters.

[Note] Note

The alphabetic characters mean characters that makes up words in each language. However, the english alphabet is treated as the alphabetic characters in following languages: Chinese, Japanese, Korean. The language is specified by Zend_Locale.

22.2.2. Alpha

Returns the string $value, removing all but alphabetic characters. This filter includes an option to also allow white space characters.

22.2.3. BaseName

Given a string containing a path to a file, this filter will return the base name of the file

22.2.4. Callback

This filter allows you to use own methods in conjunction with Zend_Filter. You don't have to create a new filter when you already have a method which does the job.

Let's expect we want to create a filter which reverses a string.

$filter = new Zend_Filter_Callback('strrev');

print $filter->filter('Hello!');
// returns "!olleH"

As you can see it's really simple to use a callback to define a own filter. It is also possible to use a method, which is defined within a class, by giving an array as callback.

// Our classdefinition
class MyClass
{
    public function Reverse($param);
}

// The filter definition
$filter = new Zend_Filter_Callback(array('MyClass', 'Reverse'));
print $filter->filter('Hello!');

To get the actual set callback use getCallback() and to set another callback use setCallback().

It is also possible to define default parameters, which are given to the called method as array when the filter is executed. This array will be concatenated with the value which will be filtered.

$filter = new Zend_Filter_Callback(
    'MyMethod',
    array('key' => 'param1', 'key2' => 'param2')
);
$filter->filter(array('value' => 'Hello'));

When you would call the above method definition manually it would look like this:

$value = MyMethod('Hello', 'param1', 'param2');
[Note] Note

You should note that defining a callback method which can not be called will raise an exception.

22.2.5. Decrypt

This filter will decrypt any given string with the provided setting. Therefor it makes use of Adapters. Actually there are adapters for the Mcrypt and OpenSSL extensions from php.

For details about how to encrypt content look at the Encrypt filter. As the basics are covered within the Encrypt filter, we will describe here only the needed additional methods and changes for decryption.

22.2.5.1. Decryption with Mcrypt

For decrypting content which was previously encrypted with Mcrypt you need to have the options with which the encryption has been called.

There is one emminent difference for you. When you did not provide a vector at encryption you need to get it after you encrypted the content by using the getVector() method on the encryption filter. Without the correct vector you will not be able to decrypt the content.

As soon as you have provided all options decryption is as simple as encryption.

// Use the default blowfish settings
$filter = new Zend_Filter_Decrypt('myencryptionkey');

// Set the vector with which the content was encrypted
$filter->setVector('myvector');

$decrypted = $filter->filter('encoded_text_normally_unreadable');
print $decrypted;
[Note] Note

Note that you will get an exception if the mcrypt extension is not available in your environment.

[Note] Note

You should also note that all settings which be checked when you create the instance or when you call setEncryption(). If mcrypt detects problem with your settings an exception will be thrown.

22.2.5.2. Decryption with OpenSSL

Decryption with OpenSSL is as simple as encryption. But you need to have all data from the person who encrypted the content.

For decryption with OpenSSL you need:

  • private: Your private key which will be used for decrypting the content. The private key can be eighter a filename with path of the key file, or just the content of the key file itself.

  • envelope: The encrypted envelope key from the user who encrypted the content. You can eigther provide the path and filename of the key file, or just the content of the key file itself.

// Use openssl and provide a private key
$filter = new Zend_Filter_Decrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the envelope keys at initiation
$filter->setEnvelopeKey(array(
    '/key/from/encoder/first.pem',
    '/key/from/encoder/second.pem'
));
[Note] Note

Note that the OpenSSL adapter will not work when you do not provide valid keys.

Optionally it could be necessary to provide the passphrase for decrypting the keys themself by using the setPassphrase() method.

// Use openssl and provide a private key
$filter = new Zend_Filter_Decrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the envelope keys at initiation
$filter->setEnvelopeKey(array(
    '/key/from/encoder/first.pem',
    '/key/from/encoder/second.pem'
));
$filter->setPassphrase('mypassphrase');

At last, decode the content. Our complete example for decrypting the previously encrypted content looks like this.

// Use openssl and provide a private key
$filter = new Zend_Filter_Decrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the envelope keys at initiation
$filter->setEnvelopeKey(array(
    '/key/from/encoder/first.pem',
    '/key/from/encoder/second.pem'
));
$filter->setPassphrase('mypassphrase');

$decrypted = $filter->filter('encoded_text_normally_unreadable');
print $decrypted;

22.2.6. Digits

Returns the string $value, removing all but digit characters.

22.2.7. Dir

Returns directory name component of path.

22.2.8. Encrypt

This filter will encrypt any given string with the provided setting. Therefor it makes use of Adapters. Actually there are adapters for the Mcrypt and OpenSSL extensions from php.

As these two encryption methodologies work completely different, also the usage of the adapters differ. You have to select the adapter you want to use when initiating the filter.

// Use the Mcrypt adapter
$filter1 = new Zend_Filter_Encrypt(array('adapter' => 'mcrypt'));

// Use the OpenSSL adapter
$filter2 = new Zend_Filter_Encrypt(array('adapter' => 'openssl'));

To set another adapter you can also use setAdapter(), and the getAdapter() method to receive the actual set adapter.

// Use the Mcrypt adapter
$filter = new Zend_Filter_Encrypt();
$filter->setAdapter('openssl');
[Note] Note

When you do not supply the adapter option or do not use setAdapter, then the Mcrypt adapter will be used per default.

22.2.8.1. Encryption with Mcrypt

When you have installed the Mcrypt extension you can use the Mcrypt adapter. This adapter supports the following options at initiation:

  • key: The encryption key with which the input will be encrypted. You need the same key for decryption.

  • algorithm: The algorithm which has to be used. It should be one of the algorithm ciphers which can be found under PHP's mcrypt ciphers. If not set it defaults to blowfish.

  • algorithm_directory: The directory where the algorithm can be found. If not set it defaults to the path set within the mcrypt extension.

  • mode: The encryption mode which has to be used. It should be one of the modes which can be found under PHP's mcrypt modes. If not set it defaults to cbc.

  • mode_directory: The directory where the mode can be found. If not set it defaults to the path set within the mcrypt extension.

  • vector: The initialization vector which shall be used. If not set it will be a random vector.

  • salt: If the key should be used as salt value. The key used for encryption will then itself also be encrypted. Default is false.

If you give a string instead of an array, this string will be used as key.

You can get/set the encryption values also afterwards with the getEncryption() and setEncryption() methods.

[Note] Note

Note that you will get an exception if the mcrypt extension is not available in your environment.

[Note] Note

You should also note that all settings which be checked when you create the instance or when you call setEncryption(). If mcrypt detects problem with your settings an exception will be thrown.

You can get/set the encryption vector by calling getVector() and setVector(). A given string will be truncated or padded to the needed vector size of the used algorithm.

[Note] Note

Note that when you are not using an own vector, you must get the vector and store it. Otherwise you will not be able to decode the encoded string.

// Use the default blowfish settings
$filter = new Zend_Filter_Encrypt('myencryptionkey');

// Set a own vector, otherwise you must call getVector()
// and store this vector for later decryption
$filter->setVector('myvector');
// $filter->getVector();

$encrypted = $filter->filter('text_to_be_encoded');
print $encrypted;

// For decryption look at the Decrypt filter

22.2.8.2. Encryption with OpenSSL

When you have installed the OpenSSL extension you can use the OpenSSL adapter. This adapter supports the following options at initiation:

  • public: The public key of the user whom you want to provide the encrpted content. You can give multiple public keys by using an array. You can eigther provide the path and filename of the key file, or just the content of the key file itself.

  • private: Your private key which will be used for encrypting the content. Also the private key can be eighter a filename with path of the key file, or just the content of the key file itself.

You can get/set the public keys also afterwards with the getPublicKey() and setPublicKey() methods. The private key can also be get and set with the related getPrivateKey() and setPrivateKey() methods.

// Use openssl and provide a private key
$filter = new Zend_Filter_Encrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the public keys at initiation
$filter->setPublicKey(array(
    '/public/key/path/first.pem',
    '/public/key/path/second.pem'
));
[Note] Note

Note that the OpenSSL adapter will not work when you do not provide valid keys.

When you want to encode also the keys, then you have to provide a passphrase with the setPassphrase() method. When you want to decode content which was encoded with a passphrase you will not only need the public key, but also the passphrase to decode the encrypted key.

// Use openssl and provide a private key
$filter = new Zend_Filter_Encrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the public keys at initiation
$filter->setPublicKey(array(
    '/public/key/path/first.pem',
    '/public/key/path/second.pem'
));
$filter->setPassphrase('mypassphrase');

At last, when you use OpenSSL you need to give the receiver the encrypted content, the passphrase when have provided one, and the envelope keys for decryption.

This means for you, that you have to get the envelope keys after the encryption with the getEnvelopeKey() method.

So our complete example for encrypting content with OpenSSL look like this.

// Use openssl and provide a private key
$filter = new Zend_Filter_Encrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem'
));

// of course you can also give the public keys at initiation
$filter->setPublicKey(array(
    '/public/key/path/first.pem',
    '/public/key/path/second.pem'
));
$filter->setPassphrase('mypassphrase');

$encrypted = $filter->filter('text_to_be_encoded');
$envelope  = $filter->getEnvelopeKey();
print $encrypted;

// For decryption look at the Decrypt filter

22.2.9. HtmlEntities

Returns the string $value, converting characters to their corresponding HTML entity equivalents where they exist.

22.2.10. Int

Returns (int) $value

22.2.11. LocalizedToNormalized

This filter will change any given localized input to it's normalized representation. It uses in Background Zend_Locale to do this transformation for you.

This allows your user to enter informations in his own language notation, and you can then store the normalized value into your database for example.

[Note] Note

Please note that normalization is not equal to translation. This filter can not translate strings from one language into another like you could expect with months or names of days.

The following input types can be normalized:

  • integer: Integer numbers, which are localized, will be normalized to the english notation.

  • float: Float numbers, which are localized, will be normalized to the english notation.

  • numbers: Other numbers, like real, will be normalized to the english notation.

  • time: Time values, will be normalized to a named array.

  • date: Date values, will be normalized to a named array.

Any other input will be returned as it, without changing it.

[Note] Note

You should note that normalized output is always given as string. Otherwise your environment would transfor the normalized output automatically to the notation used by the locale your environment is set to.

22.2.11.1. Normalization for numbers

Any given number like integer, float or real value, can be normalized. Note, that numbers in scientific notation, can actually not be handled by this filter.

So how does this normalization work in detail for numbers:

// Initiate the filter
$filter = new Zend_Filter_LocalizedToNormalized();
$filter->filter('123.456,78');
// returns the value '123456.78'

Let's expect you have set the locale 'de' as application wide locale. Zend_Filter_LocalizedToNormalized will take the set locale and use it to detect which sort of input you gave. In our example it was a value with precision. Now the filter will return you the normalized representation for this value as string.

You can also control how your normalized number has to look like. Therefor you can give all options which are also used by Zend_Locale_Format. The most common are:

  • date_format

  • locale

  • precision

For details about how these options are used take a look into this Zend_Locale chapter.

Below is a example with defined precision so you can see how options work:

// Numeric Filter
$filter = new Zend_Filter_LocalizedToNormalized(array('precision' => 2));

$filter->filter('123.456');
// returns the value '123456.00'

$filter->filter('123.456,78901');
// returns the value '123456.79'

22.2.11.2. Normalization for date and time

Input for date and time values can also be normalized. All given date and time values will be returned as array, where each date part is given within a own key.

// Initiate the filter
$filter = new Zend_Filter_LocalizedToNormalized();
$filter->filter('12.April.2009');
// returns array('day' => '12', 'month' => '04', 'year' => '2009')

Let's expect you have set the locale 'de' again. Now the input is automatically detected as date, and you will get a named array in return.

Of course you can also control how your date input looks like with the date_format and the locale option.

// Date Filter
$filter = new Zend_Filter_LocalizedToNormalized(
    array('date_format' => 'ss:mm:HH')
);

$filter->filter('11:22:33');
// returns array('hour' => '33', 'minute' => '22', 'second' => '11')

22.2.12. NormalizedToLocalized

This filter is the reverse of the filter Zend_Filter_LocalizedToNormalized and will change any given normalized input to it's localized representation. It uses in Background Zend_Locale to do this transformation for you.

This allows you to give your user any stored normalised value in a localized manner, your user is more common to.

[Note] Note

Please note that localization is not equal to translation. This filter can not translate strings from one language into another like you could expect with months or names of days.

The following input types can be localized:

  • integer: Integer numbers, which are normalized, will be localized to the set notation.

  • float: Float numbers, which are normalized, will be localized to the set notation.

  • numbers: Other numbers, like real, will be localized to the set notation.

  • time: Time values, will be localized to a string.

  • date: Date values, will be normalized to a string.

Any other input will be returned as it, without changing it.

22.2.12.1. Localization for numbers

Any given number like integer, float or real value, can be localized. Note, that numbers in scientific notation, can actually not be handled by this filter.

So how does localization work in detail for numbers:

// Initiate the filter
$filter = new Zend_Filter_NormalizedToLocalized();
$filter->filter(123456.78);
// returns the value '123.456,78'

Let's expect you have set the locale 'de' as application wide locale. Zend_Filter_NormalizedToLocalized will take the set locale and use it to detect which sort of output you want to have. In our example it was a value with precision. Now the filter will return you the localized representation for this value as string.

You can also control how your localized number has to look like. Therefor you can give all options which are also used by Zend_Locale_Format. The most common are:

  • date_format

  • locale

  • precision

For details about how these options are used take a look into this Zend_Locale chapter.

Below is a example with defined precision so you can see how options work:

// Numeric Filter
$filter = new Zend_Filter_NormalizedToLocalized(array('precision' => 2));

$filter->filter(123456);
// returns the value '123.456,00'

$filter->filter(123456.78901);
// returns the value '123.456,79'

22.2.12.2. Localization for date and time

Normalized for date and time values can also be localized. All given date and time values will be returned as string, with the format defined by the set locale.

// Initiate the filter
$filter = new Zend_Filter_NormalizedToLocalized();
$filter->filter(array('day' => '12', 'month' => '04', 'year' => '2009');
// returns '12.04.2009'

Let's expect you have set the locale 'de' again. Now the input is automatically detected as date, and will be returned in the format defined by the locale 'de'.

Of course you can also control how your date input looks like with the date_format, and the locale option.

// Date Filter
$filter = new Zend_Filter_LocalizedToNormalized(
    array('date_format' => 'ss:mm:HH')
);

$filter->filter(array('hour' => '33', 'minute' => '22', 'second' => '11'));
// returns '11:22:33'

22.2.13. StripNewlines

Returns the string $value without any newline control characters.

22.2.14. RealPath

This filter will resolve given links and pathnames and returns canonicalized absolute pathnames. References to '/./', '/../' and extra '/' characters in the input path will be stripped. The resulting path will not have any symbolic link, '/./' or '/../' character.

Zend_Filter_RealPath will return FALSE on failure, e.g. if the file does not exist. On BSD systems Zend_Filter_RealPath doesn't fail if only the last path component doesn't exist, while other systems will return FALSE.

$filter = new Zend_Filter_RealPath();
$path   = '/www/var/path/../../mypath';
$filtered = $filter->filter($path);

// returns '/www/mypath'

Sometimes it is useful to get also paths when they don't exist, f.e. when you want to get the real path for a path which you want to create. You can then either give a FALSE at initiation, or use setExists() to set it.

$filter = new Zend_Filter_RealPath(false);
$path   = '/www/var/path/../../non/existing/path';
$filtered = $filter->filter($path);

// returns '/www/non/existing/path'
// even when file_exists or realpath would return false

22.2.15. StringToLower

Returns the string $value, converting alphabetic characters to lowercase as necessary.

22.2.16. StringToUpper

Returns the string $value, converting alphabetic characters to uppercase as necessary.

22.2.17. StringTrim

Returns the string $value with characters stripped from the beginning and end.

22.2.18. StripTags

This filter returns the input string, with all HTML and PHP tags stripped from it, except those that have been explicitly allowed. In addition to the ability to specify which tags are allowed, developers can specify which attributes are allowed across all allowed tags and for specific tags only. Finally, this filter offers control over whether comments (e.g., <!-- ... -->) are removed or allowed.