Typo Class

categoryAPI edit_calendar31 Mar 2026

Typography & Security Sanitization Class

The Typo class is the primary security filter and data manipulation engine for GeniXCMS. It provides comprehensive utilities for input sanitization (XSS protection), cryptographic token generation, URI slugification, and automated content formatting.

🛡️ Security & Sanitization

GeniXCMS implements a "Sanitize on Input, Escape on Output" philosophy using the following methods:

`Typo::cleanX(string $input)`

The primary, high-level sanitizer used for every form submission in the dashboard.

Process: Employs HTMLPurifier to recursively strip malicious JavaScript, handles deep HTML encoding, and executes secondary XSS attribute filtering.
Best Use Case: Processing post content, comments, and site settings.

`Typo::filterXss(string $raw_html)`

A lightweight, fast filter targeted specifically at removing dangerous event listeners (e.g., onclick, alert) and URI schemes (e.g., javascript:, data:) while preserving safe HTML structure.

⚡ Data Manipulation & Slugs

Convert raw text into SEO-friendly identifiers or legible document fragments.

Method	Role	Logic
`slugify($text)`	SEO Utility	Transforms "Hello World!" into "hello-world" with ASCII normalization.
`url2link($text)`	Auto-Linker	Scans content for URIs and automatically wraps them in `<a>` tags.
`nl2p($text)`	Formatting	Converts double-newlines into semantic `<p>` paragraphs.
`translate($str)`	Localization	Wrapper for the internal `_()` Gettext localization engine.

🔐 Cryptography & Handshakes

The Typo class provides several layers of randomness for security tokens and password resets.

Typo::getToken(int $len): Generates a standard, high-entropy alphanumeric token.
Typo::crypto_rand_secure($min, $max): Returns a cryptographically secure random integer suitable for sensitive operations.
Typo::createToken(...): An advanced generator with granular control over uppercase, lowercase, numbers, and symbols.

✅ Validation Utilities

Typo::validateEmail(string $email): Returns a bool based on strict RFC format verification.
Typo::int($var): Force casts and cleanses a variable into a valid integer.
Typo::float($var): Formats a numerical value as a float with 2 decimal precision.

warning

CautionData Integrity: When using Typo::Xclean() to decode content for editing, remember that the data is no longer "safe" for direct browser rendering. Always re-apply Typo::cleanX() before committing the edited content back to the database.

priority_high

ImportantLocalisation Integrity: The Typo::translate() method relies on the theme's .mo or .po files. If a translation is missing, it will gracefully fall back to the original English string.