[geeklog-devel] Filtering in GL2
Blaine Lang
geeklog at langfamily.ca
Sun Jan 2 22:06:09 EST 2005
Update: I have just submitted to the 1.3.x CVS my initial version of this
new class for review.
I've done some initial testing but not all functions and it's working and
shows the direction of this work-in-process.
I think the function names and such can still be cleaned up and I don't
have all the functions created yet.
Let me know if you have any comments once it's approved for your review.
Blaine
----- Original Message -----
From: "Blaine Lang" <geeklog at langfamily.ca>
To: <geeklog-devel at lists.geeklog.net>
Sent: Sunday, January 02, 2005 1:52 PM
Subject: Re: [geeklog-devel] Filtering in GL2
I wanted to send out an update on this and what I am thinking right now.
I've been looking at other projects and how we do the current filtering and
sanitizing of variables and have the following summary of requirements.
This is a generic list and some functions are now handled by the GL2 DB
Extraction layer but I am thinking we develop this new class and introduce
it in GL 1.3.X as well.
We have several requirements
1: Sanitize and filter incoming data variables and remove any potentially
hostile data
- Javascript, SQL Injections
- sanitize numeric id's
2: Filter data that is not allowed
- Javascript, HTML tags not allowed
- Censor
3: Prepare data for SQL inserts
- Create clickable links
- Validate Email and URL links
- Handle quotes (addslashes if necessary)
- SPAM Filter
4: Prepare data for display
- Convert HTML entities, Newlines to <br /> tags, BBcode like [code] and
[quote], autotags
- stripslashes
- Create crawler friendly links
5: Prepare data for edit
- Convert HTML that was added for [code] back to BBcode tag for easier
editing
- remove extra <br /> tags but not within [code] tags
A lot of what we need is already in the KSES class and our other COM
functions.
The KSES Class can be extended to create the missing functions and then
document the best practices.
Please review and let me know if you agree with this approach.
----- Original Message -----
From: "Tony Bibbs" <tony at tonybibbs.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Monday, December 20, 2004 5:17 PM
Subject: Re: [geeklog-devel] Filtering in GL2
Blaine,
Any ETA on when you might get a draft of the class put together? If it
will be a while, let me know and I can take a stab at it.
--Tony
Blaine Lang wrote:
>
>In addition, there is much more code inside the app that is adding or
>stripping.
>These have been added over time to address common needs but a major task to
>replace and consolidate the core GL 1.3 codebase.
>
>Still, it would be good to create a new OO based class and start to use it
>and slowing migrate scripts.
>The 1.3.x platform and plugins could be used to test such a new common
>class.
>
>I'd like to get more input but would be willing to take the lead on
>developing this.
>
>
>
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
More information about the geeklog-devel
mailing list