Ok, I know this function is not secure, but could we make it into a secure one
that maybe could be added to ZF so people who need secure text (meaning Alnum +
punctuation, could use it. Now I have no idea *how* to write it correctly so
it's secure but the idea would be to have somehting secure from :- sql
injections- xss in particularwhile allowing users to write actually bits of text
class SecureText implements Zend_Filter_Interface{ public function
filter($value) { return preg_replace('/[^a-zA-Z0-9
;.,?+-_!\(\)\[\]]/e', "", $value); }}
Does this makes sense ?Z.
--
My dojo & zend framework experience, the good, the bad with code samples ;-)
http://practicalphpajax.wordpress.com/
> CC: [email protected]; [email protected]
> From: [email protected]
> Date: Thu, 3 Mar 2011 07:50:53 +0100
> To: [email protected]
> Subject: Re: [fw-general] Zend guru advise on how to build a secure function
>
> > exploit would be to *VALIDATE* your input as you receive it from the user,
> > and
> > *ESCAPE* all output to any stream.
>
> Answers have been given already: filter and validate your input, escape your
> output.
>
> Check this:
>
> http://xkcd.com/327/
>
> And this:
>
> http://ha.ckers.org/xss.html
>
>
> Says: Andreas.
>
>
> >
