Hi,
I propose a new idea for HTTP input handler to improve security and multibyte encoding support. Currently, user input by POST/GET/Cookie is treated by internal function php_treat_variables(). Some security related work to prevent some security attack is preformed in PHP script by htmlspecialchars() and regex(). And multibyte encoding detection and translation which is necessary for multibyte enable Web application is implemented by override php_treat_variables(). My idea is to introduce some general input filter/handler for php_treat_variables(). It is a similar concept as output buffering handler. For example, if a user defined input_handler = http_input_check,mb_filter in php.ini, user defined security check handler and multibyte encoding translation are perfomed. Generally, http input check for secure transaction is really hard work and some programers might make some critical mistake. And PHP script with http input check is usually hard to read. If we can use http input handler, we can implemnt separately http input check and Web application. -- ----------------------------------------------------- Rui Hirokawa <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]