"Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]> tapota :
> Hi, >> > Hi, >> > I am planning to use kses ( gpl ) for provide the needed filter related >> > with some kinds of attacks protection. >> > More information at sourceforge.net/projects/kses >> >> What does it implies? Adding a dependancy is a serious deal, and >> unless it really makes a difference, it is not a good >> thing. Especially when it is about a project still in beta stage, not >> in debian. > > Adding kses implies to add special functions to security.php . > It is only a class , the functions will be in security.php and that > functions > will need to be called from the scripot that receives the variables. > There is another way to protect variables, is using eregi , the method is > this: > we want to protect GET variables ( because we are using globals we need to > set GET variables and POST variables ) , just use foreach to asign GET > variables to $example. > we will use $example with eregi to search for matching characters or entites > and then making something if it matches. > it is a basic filter. Why not just using appropriate $_POST, $_GET variables when needed, and allows register globals to be off. It seems to me like a workaround to fix a problem that should not be there in the first place. A bugfix should not fix the symptoms but the root of the problems. I would definitely prefer to see register_globals set to off, we would not have to bother with all that stuff. -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+
