Re: [PHP] form cleaning class
On Mon, January 21, 2008 10:39 pm, nihilism machine wrote: > $UserInput = strip_tags($text, $allowedtags); $text is not defined, so it's blank, so now $UserInput is blank... This also tells me that you aren't using E_ALL for development, which is a BAD IDEA... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] form cleaning class
On Jan 21, 2008 11:39 PM, nihilism machine <[EMAIL PROTECTED]> wrote:
> now my debug shows that with the following code, all of the
> $_POST['whatever'] values are blank.
>
>
> class forms {
>
> var $UserInput;
>
> // Forms to variables
> function forms() {
> if (count($_POST) > 0) {
> foreach($_POST as $curPostKey => $curPostVal) {
> $_POST[$curPostKey] =
> forms::CleanInput($curPostVal);
> }
> }
> // Debug
> print_r($_POST);
> }
>
> // Clean XSS
> function CleanInput($UserInput) {
> $allowedtags =
> "";
> $notallowedattribs = array("@javascript:|onclick|ondblclick|
> onmousedown|onmouseup"
> ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
> [EMAIL PROTECTED]");
> $changexssto = '';
> $UserInput = preg_replace($notallowedattribs, $changexssto,
> $UserInput);
> $UserInput = strip_tags($text, $allowedtags);
> $UserInput = nl2br($UserInput);
> return $UserInput;
> }
> }
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Check out htmlPurifier http://htmlpurifier.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] form cleaning class
On Mon, 2008-01-21 at 23:39 -0500, nihilism machine wrote:
> now my debug shows that with the following code, all of the
> $_POST['whatever'] values are blank.
>
>
> class forms {
>
> var $UserInput;
>
> // Forms to variables
> function forms() {
> if (count($_POST) > 0) {
> foreach($_POST as $curPostKey => $curPostVal) {
> $_POST[$curPostKey] =
> forms::CleanInput($curPostVal);
> }
> }
> // Debug
> print_r($_POST);
> }
>
> // Clean XSS
> function CleanInput($UserInput) {
> $allowedtags =
> "";
> $notallowedattribs = array("@javascript:|onclick|ondblclick|
> onmousedown|onmouseup"
> ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
> [EMAIL PROTECTED]");
> $changexssto = '';
> $UserInput = preg_replace($notallowedattribs, $changexssto,
> $UserInput);
> $UserInput = strip_tags($text, $allowedtags);
I think $text should be $UserInput :)
> $UserInput = nl2br($UserInput);
> return $UserInput;
> }
> }
Cheers,
Rob.
--
...
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] form cleaning class
now my debug shows that with the following code, all of the
$_POST['whatever'] values are blank.
class forms {
var $UserInput;
// Forms to variables
function forms() {
if (count($_POST) > 0) {
foreach($_POST as $curPostKey => $curPostVal) {
$_POST[$curPostKey] =
forms::CleanInput($curPostVal);
}
}
// Debug
print_r($_POST);
}
// Clean XSS
function CleanInput($UserInput) {
$allowedtags =
"";
$notallowedattribs = array("@javascript:|onclick|ondblclick|
onmousedown|onmouseup"
."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
[EMAIL PROTECTED]");
$changexssto = '';
$UserInput = preg_replace($notallowedattribs, $changexssto,
$UserInput);
$UserInput = strip_tags($text, $allowedtags);
$UserInput = nl2br($UserInput);
return $UserInput;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
