[geeklog-devel] Filtering in GL2

Tue Jan 4 14:45:06 EST 2005

Blaine, looks good.  I have already ported kses to PHP5 and started the 
PHP5 port of your class.  So far my only comment is that you should 
remove the use of global variables and, instead, send them as options 
into your constructor:

class sanitize {
    function sanitize($options)
    {
        $this->censorMode = $options['censorMode'];
        ...
     }
}

That way the class isn't GL specific (i.e. to need to use "global $_CONF").

--Tony

Blaine Lang wrote:

>Update: I have just submitted to the 1.3.x CVS my initial version of this 
>new class for review.
>I've done some initial testing but not all functions and it's working and 
>shows the direction of this work-in-process.
>
>I think the function names and such can still be cleaned up and I don't 
>have all the functions created yet.
>
>Let me know if you have any comments once it's approved for your review.
>
>Blaine
>----- Original Message ----- 
>From: "Blaine Lang" <geeklog at langfamily.ca>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Sunday, January 02, 2005 1:52 PM
>Subject: Re: [geeklog-devel] Filtering in GL2
>
>
>I wanted to send out an update on this and what I am thinking right now.
>I've been looking at other projects and how we do the current filtering and
>sanitizing of variables and have the following summary of requirements.
>
>This is a generic list and some functions are now handled by the GL2 DB
>Extraction layer but I am thinking we develop this new class and introduce
>it in GL 1.3.X as well.
>
>We have several requirements
>1: Sanitize and filter incoming data variables and remove any potentially
>hostile data
>   - Javascript, SQL Injections
>   - sanitize numeric id's
>2: Filter data that is not allowed
>   - Javascript, HTML tags not allowed
>   - Censor
>3: Prepare data for SQL inserts
>   - Create clickable links
>   - Validate Email and URL links
>   - Handle quotes  (addslashes if necessary)
>   - SPAM Filter
>4: Prepare data for display
>   - Convert HTML entities, Newlines to <br /> tags, BBcode like [code] and
>[quote], autotags
>   - stripslashes
>   - Create crawler friendly links
>5: Prepare data for edit
>  - Convert HTML that was added for [code] back to BBcode tag for easier
>editing
>  - remove extra <br /> tags but not within [code] tags
>
>A lot of what we need is already in the KSES class and our other COM
>functions.
>The KSES Class can be extended to create the missing functions and then
>document the best practices.
>
>Please review and let me know if you agree with this approach.
>
>----- Original Message ----- 
>From: "Tony Bibbs" <tony at tonybibbs.com>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Monday, December 20, 2004 5:17 PM
>Subject: Re: [geeklog-devel] Filtering in GL2
>
>
>Blaine,
>
>Any ETA on when you might get a draft of the class put together?  If it
>will be a while, let me know and I can take a stab at it.
>
>--Tony
>
>Blaine Lang wrote:
>
>  
>
>>In addition, there is much more code inside the app that is adding or
>>stripping.
>>These have been added over time to address common needs but a major task to
>>replace and consolidate the core GL 1.3 codebase.
>>
>>Still, it would be good to create a new OO based class and start to use it
>>and slowing migrate scripts.
>>The 1.3.x platform and plugins could be used to test such a new common
>>class.
>>
>>I'd like to get more input but would be willing to take the lead on
>>developing this.
>>
>>
>>
>>    
>>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>  
>