The input could be an array pointer for the splited and url decoded input by POST/GET/Cookie.
The output could be an array including result or return code of the handler. These handlers should be activated in php_treat_data before php_register_variable_safe(). An example is php_mbstr_encoding_handler() in ext/mbstring.c. The argument of php_mbstr_encoding_handler() is, static void php_mbstr_encoding_handler(zval *arg, char *res, char *separator TSRMLS_DC) But, the array pointer should be better to simplify the handler. On Sun, 09 Dec 2001 20:21:02 +0200 Zeev Suraski <[EMAIL PROTECTED]> wrote: > What would be the input/output of these input handlers? > > Zeev > > At 07:19 09/12/2001, Rui Hirokawa wrote: > > >Hi, > > > >I propose a new idea for HTTP input handler to improve security and > >multibyte encoding support. > > > >Currently, user input by POST/GET/Cookie is treated by > >internal function php_treat_variables(). > > > >Some security related work to prevent some security attack > >is preformed in PHP script by htmlspecialchars() and regex(). > > > >And multibyte encoding detection and translation which is necessary > >for multibyte enable Web application is implemented by > >override php_treat_variables(). > > > >My idea is to introduce some general input filter/handler > >for php_treat_variables(). > > > >It is a similar concept as output buffering handler. > > > >For example, if a user defined > > > >input_handler = http_input_check,mb_filter > > > >in php.ini, user defined security check handler and > >multibyte encoding translation are perfomed. > > > >Generally, http input check for secure transaction is really > >hard work and some programers might make some critical mistake. > >And PHP script with http input check is usually hard to read. > > > >If we can use http input handler, we can implemnt separately > >http input check and Web application. > > > >-- > >----------------------------------------------------- > >Rui Hirokawa <[EMAIL PROTECTED]> > > <[EMAIL PROTECTED]> > > > > > >-- > >PHP Development Mailing List <http://www.php.net/> > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- ----------------------------------------------------- Rui Hirokawa <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
