[geeklog-devel] How to use COM_applyFilter
Dirk Haun
dirk at haun-online.de
Thu Feb 26 17:16:38 EST 2004
Blaine,
>The other purpose I had was a stronger version that only allowed "letters
>and numbers"
> $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
That may make sense. We should review some of the "freedoms" that Geeklog
is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
one before, I remember) or topic IDs.
>if (isset($HTTP_POST_VARS['op']) ) {
> $op = clubApplyFilter($HTTP_POST_VARS['op']);
>} elseif (isset($HTTP_GET_VARS['op']) ) {
> $op = clubApplyFilter($HTTP_GET_VARS['op']);
>} else {
> $op = '';
>}
I was actually discouraging the use of this in my writings. Although it
probably makes sense to do this for one parameter (the mode of operation,
as in your example) and then, depending on that mode parameter, get the
other parameters ONLY from the array they are supposed to be in. I.e.
something like
if ($op == 'submit') {
// 'submit' will always indicate a POST request
$something = COM_applyFilter ($HTTP_POST_VARS['something']);
} else if ($op == 'new') {
$whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
}
>I have been thinking, it would be nice to be have a common function that
>would filter all the POST and GET vars. It is possible to walk the arrays
>and maybe send it a list of variables to clean - using array_walk().
array_walk sounds useful, but I'm not sure how you would derive a common
function from it. How would it know which parameters are supposed to be
numeric?
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-devel
mailing list