On Jan 21, 2008 11:39 PM, nihilism machine <nihilismmachine@xxxxxxxxx> wrote:
> now my debug shows that with the following code, all of the
> $_POST['whatever'] values are blank.
>
>
> class forms {
>
> var $UserInput;
>
> // Forms to variables
> function forms() {
> if (count($_POST) > 0) {
> foreach($_POST as $curPostKey => $curPostVal) {
> $_POST[$curPostKey] = forms::CleanInput($curPostVal);
> }
> }
> // Debug
> print_r($_POST);
> }
>
> // Clean XSS
> function CleanInput($UserInput) {
> $allowedtags =
> "<strong><em><a><ul><li><pre><hr><blockquote><img><span>";
> $notallowedattribs = array("@javascript:|onclick|ondblclick|
> onmousedown|onmouseup"
> ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
> onkeyup@si");
> $changexssto = '';
> $UserInput = preg_replace($notallowedattribs, $changexssto,
> $UserInput);
> $UserInput = strip_tags($text, $allowedtags);
> $UserInput = nl2br($UserInput);
> return $UserInput;
> }
> }
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Check out htmlPurifier http://htmlpurifier.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
