[geeklog-devel] Filtering in GL2

Blaine Lang geeklog at langfamily.ca
Sun Jan 2 13:52:14 EST 2005 

I wanted to send out an update on this and what I am thinking right now.
I've been looking at other projects and how we do the current filtering and 
sanitizing of variables and have the following summary of requirements.

This is a generic list and some functions are now handled by the GL2 DB 
Extraction layer but I am thinking we develop this new class and introduce 
it in GL 1.3.X as well.

We have several requirements
1: Sanitize and filter incoming data variables and remove any potentially 
hostile data
   - Javascript, SQL Injections
   - sanitize numeric id's
2: Filter data that is not allowed
   - Javascript, HTML tags not allowed
   - Censor
3: Prepare data for SQL inserts
   - Create clickable links
   - Validate Email and URL links
   - Handle quotes  (addslashes if necessary)
   - SPAM Filter
4: Prepare data for display
   - Convert HTML entities, Newlines to <br /> tags, BBcode like [code] and 
[quote], autotags
   - stripslashes
   - Create crawler friendly links
5: Prepare data for edit
  - Convert HTML that was added for [code] back to BBcode tag for easier 
editing
  - remove extra <br /> tags but not within [code] tags

A lot of what we need is already in the KSES class and our other COM 
functions.
The KSES Class can be extended to create the missing functions and then 
document the best practices.

Please review and let me know if you agree with this approach.

----- Original Message ----- 
From: "Tony Bibbs" <tony at tonybibbs.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Monday, December 20, 2004 5:17 PM
Subject: Re: [geeklog-devel] Filtering in GL2


Blaine,

Any ETA on when you might get a draft of the class put together?  If it
will be a while, let me know and I can take a stab at it.

--Tony

Blaine Lang wrote:

>
>In addition, there is much more code inside the app that is adding or
>stripping.
>These have been added over time to address common needs but a major task to
>replace and consolidate the core GL 1.3 codebase.
>
>Still, it would be good to create a new OO based class and start to use it
>and slowing migrate scripts.
>The 1.3.x platform and plugins could be used to test such a new common
>class.
>
>I'd like to get more input but would be willing to take the lead on
>developing this.
>
>
>

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel

More information about the geeklog-devel mailing list