Permalink
Browse files

Updating and reformatting docs for Sanitize.

  • Loading branch information...
1 parent 61079f6 commit b47b858355c73845cbeb6b24e3060288930da9a3 @markstory markstory committed Jan 8, 2010
Showing with 23 additions and 11 deletions.
  1. +23 −11 cake/libs/sanitize.php
View
@@ -35,6 +35,7 @@ class Sanitize {
* Removes any non-alphanumeric characters.
*
* @param string $string String to sanitize
+ * @param array $allowed An array of additional characters that are not to be removed.
* @return string Sanitized string
* @access public
* @static
@@ -80,18 +81,17 @@ function escape($string, $connection = 'default') {
/**
* Returns given string safe for display as HTML. Renders entities.
*
- * strip_tags() is not validating HTML, so it might strip whole passages
+ * strip_tags() does not validating HTML syntax or structure, so it might strip whole passages
* with broken HTML.
*
+ * ### Options:
+ *
+ * - remove (boolean) if true strips all HTML tags before encoding
+ * - charset (string) the charset used to encode the string
+ * - quotes (int) see http://php.net/manual/en/function.htmlentities.php
+ *
* @param string $string String from where to strip tags
- * @param array $options
- *
- * possible options:
- *
- * - remove (boolean) if true strips all HTML tags before encoding
- * - charset (string) the charset used to encode the string
- * - quotes (int) see http://php.net/manual/en/function.htmlentities.php
- *
+ * @param array $options Array of options to use.
* @return string Sanitized string
* @access public
* @static
@@ -173,6 +173,10 @@ function stripAll($str) {
* Strips the specified tags from output. First parameter is string from
* where to remove tags. All subsequent parameters are tags.
*
+ * Ex.`$clean = Sanitize::stripTags($dirty, 'b', 'p', 'div');`
+ *
+ * Will remove all `<b>`, `<p>`, and `<div>` tags from the $dirty string.
+ *
* @param string $str String to sanitize
* @param string $tag Tag to remove (add more parameters as needed)
* @return string sanitized String
@@ -193,8 +197,16 @@ function stripTags() {
/**
* Sanitizes given array or value for safe input. Use the options to specify
* the connection to use, and what filters should be applied (with a boolean
- * value). Valid filters: odd_spaces, encode, dollar, carriage, unicode,
- * escape, backslash.
+ * value). Valid filters:
+ *
+ * - odd_spaces - removes any non space whitespace characters
+ * - encode - Encode any html entities. Encode must be true for the `remove_html` to work.
+ * - dollar - Escape `$` with `\$`
+ * - carriage - Remove `\r`
+ * - unicode -
+ * - escape - Should the string be SQL escaped.
+ * - backslash -
+ * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work.
*
* @param mixed $data Data to sanitize
* @param mixed $options If string, DB connection being used, otherwise set of options

0 comments on commit b47b858

Please sign in to comment.