> Ok, I know this function is not secure, but could we make it into a secure
> one that maybe could be added to ZF so people who need secure text (meaning
> Alnum + punctuation, could use it. Now I have no idea *how* to write it
> correctly so it's secure but the idea would be to have somehting secure from
> :- sql injections- xss in particularwhile allowing users to write actually
> bits of text
>
> class SecureText implements Zend_Filter_Interface{ public function
> filter($value) { return preg_replace('/[^a-zA-Z0-9
> ;.,?+-_!\(\)\[\]]/e', "", $value); }}
> Does this makes sense ?Z.
You can create re-usable custom filters in the namespace for a module (e.g.
Default_Filter_SecureText) of a specific Zend Framework application or in the
namespace of your own your library files (e.g. Zladivliba_Filter_SecureText),
both implementing the aforementioned interface at least or extending
Zend_Filter_* classes.
Your custom filter classes could then chain filters existing in the Zend
namespace, for example, customise a single filter or provide their own
filtering mechanisms.
As a side note, you can trust the Zend Framework contributors - they know what
they're doing.
Says: Andreas.
