Re: [PHP] form cleaning class
On Mon, January 21, 2008 10:39 pm, nihilism machine wrote: > $UserInput = strip_tags($text, $allowedtags); $text is not defined, so it's blank, so now $UserInput is blank... This also tells me that you aren't using E_ALL for development, which is a BAD IDEA... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] form cleaning class
On Jan 21, 2008 11:39 PM, nihilism machine <[EMAIL PROTECTED]> wrote: > now my debug shows that with the following code, all of the > $_POST['whatever'] values are blank. > > > class forms { > > var $UserInput; > > // Forms to variables > function forms() { > if (count($_POST) > 0) { > foreach($_POST as $curPostKey => $curPostVal) { > $_POST[$curPostKey] = > forms::CleanInput($curPostVal); > } > } > // Debug > print_r($_POST); > } > > // Clean XSS > function CleanInput($UserInput) { > $allowedtags = > ""; > $notallowedattribs = array("@javascript:|onclick|ondblclick| > onmousedown|onmouseup" > ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown| > [EMAIL PROTECTED]"); > $changexssto = ''; > $UserInput = preg_replace($notallowedattribs, $changexssto, > $UserInput); > $UserInput = strip_tags($text, $allowedtags); > $UserInput = nl2br($UserInput); > return $UserInput; > } > } > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Check out htmlPurifier http://htmlpurifier.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] form cleaning class
On Mon, 2008-01-21 at 23:39 -0500, nihilism machine wrote: > now my debug shows that with the following code, all of the > $_POST['whatever'] values are blank. > > > class forms { > > var $UserInput; > > // Forms to variables > function forms() { > if (count($_POST) > 0) { > foreach($_POST as $curPostKey => $curPostVal) { > $_POST[$curPostKey] = > forms::CleanInput($curPostVal); > } > } > // Debug > print_r($_POST); > } > > // Clean XSS > function CleanInput($UserInput) { > $allowedtags = > ""; > $notallowedattribs = array("@javascript:|onclick|ondblclick| > onmousedown|onmouseup" > ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown| > [EMAIL PROTECTED]"); > $changexssto = ''; > $UserInput = preg_replace($notallowedattribs, $changexssto, > $UserInput); > $UserInput = strip_tags($text, $allowedtags); I think $text should be $UserInput :) > $UserInput = nl2br($UserInput); > return $UserInput; > } > } Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] form cleaning class
now my debug shows that with the following code, all of the $_POST['whatever'] values are blank. class forms { var $UserInput; // Forms to variables function forms() { if (count($_POST) > 0) { foreach($_POST as $curPostKey => $curPostVal) { $_POST[$curPostKey] = forms::CleanInput($curPostVal); } } // Debug print_r($_POST); } // Clean XSS function CleanInput($UserInput) { $allowedtags = ""; $notallowedattribs = array("@javascript:|onclick|ondblclick| onmousedown|onmouseup" ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown| [EMAIL PROTECTED]"); $changexssto = ''; $UserInput = preg_replace($notallowedattribs, $changexssto, $UserInput); $UserInput = strip_tags($text, $allowedtags); $UserInput = nl2br($UserInput); return $UserInput; } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php