[geeklog-devel] How to use COM_applyFilter

Dirk Haun dirk at haun-online.de
Thu Feb 26 17:16:38 EST 2004


>The other purpose I had was a stronger version that only allowed "letters
>and numbers"
>     $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );

That may make sense. We should review some of the "freedoms" that Geeklog
is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
one before, I remember) or topic IDs.

>if (isset($HTTP_POST_VARS['op']) ) {
>    $op = clubApplyFilter($HTTP_POST_VARS['op']);
>} elseif (isset($HTTP_GET_VARS['op']) ) {
>    $op = clubApplyFilter($HTTP_GET_VARS['op']);
>} else {
>    $op = '';

I was actually discouraging the use of this in my writings. Although it
probably makes sense to do this for one parameter (the mode of operation,
as in your example) and then, depending on that mode parameter, get the
other parameters ONLY from the array they are supposed to be in. I.e.
something like

    if ($op == 'submit') {
        // 'submit' will always indicate a POST request
        $something = COM_applyFilter ($HTTP_POST_VARS['something']);
    } else if ($op == 'new') {
        $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);

>I have been thinking, it would be nice to be have a common function that
>would filter all the POST and GET vars. It is possible to walk the arrays
>and maybe send it a list of variables to clean  - using array_walk().

array_walk sounds useful, but I'm not sure how you would derive a common
function from it. How would it know which parameters are supposed to be

bye, Dirk


More information about the geeklog-devel mailing list