On 9/18/10 10:31 AM, Ralf Bitter wrote:
For XSS filtering see the rigXssClean() function
in system/libraries/Input.irev.
Unfortunately revIgniter's implementation for escaping database queries
can not be associated with only one handler you could copy and paste.
This subject is a bit more complex, so please bare with me when I point you
to entire libraries like system/database/DBactiveRec.irev,
system/database/DBdriver.irev and
system/database/drivers/mysql/mysqlDriver.irev.
Cheers
Ralf
Aloha, Ralf:
Thanks for the path. I believe I have successfully extracted rigXssClean
and all dependencies
see this little stack:
go stack decompress (url
"http://www.himalayanacademy.com/runrev/stacks/rigXssClean.rev.gz";)
Everything is in the "test" button, which I can now turn into an iRev
include.
I want tothank you for the time you take documenting your code in the
scripts themselves! It made the extraction task quite easy.
The only function not in input.irev was function _rigRawURLDecode and
I found that in Common.irev
I believe I have successfully extracted a working cleaner... a repeat
function to pass all the values from
$_Post through this cleaner should work.
The only thing I am not clear on is the pImage parameter. I assume that
in the case of a regular input form (name address, phone, credit card
info) where all the expected input data is a text string to be later
stored in a varchar column, this will suffice:
put rigXssClean(pKey, false, text) into fld "result"
and I that the option for put rigXssClean(pKey, true, img) is used in
a different context
--where people have the option to upload images files... which is not
what I'm doing here.
Right? or do people actually try to insert images into text input fields?
If you had time to look at it I would appreciate it. This new site area
only has 9 pages total and perhaps i will be brave later and turn them
into views and migrate this to rigIgniter.. but for today I need to go
with this outside...
Cheers from Hawaii
Sivakatirswami
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
