now my debug shows that with the following code, all of the
$_POST['whatever'] values are blank.
class forms {
var $UserInput;
// Forms to variables
function forms() {
if (count($_POST) > 0) {
foreach($_POST as $curPostKey => $curPostVal) {
$_POST[$curPostKey] =
forms::CleanInput($curPostVal);
}
}
// Debug
print_r($_POST);
}
// Clean XSS
function CleanInput($UserInput) {
$allowedtags =
"<strong><em><a><ul><li><pre><hr><blockquote><img><span>";
$notallowedattribs = array("@javascript:|onclick|ondblclick|
onmousedown|onmouseup"
."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
[EMAIL PROTECTED]");
$changexssto = '';
$UserInput = preg_replace($notallowedattribs, $changexssto,
$UserInput);
$UserInput = strip_tags($text, $allowedtags);
$UserInput = nl2br($UserInput);
return $UserInput;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
