On Mon, 2008-01-21 at 23:39 -0500, nihilism machine wrote:
> now my debug shows that with the following code, all of the
> $_POST['whatever'] values are blank.
>
>
> class forms {
>
> var $UserInput;
>
> // Forms to variables
> function forms() {
> if (count($_POST) > 0) {
> foreach($_POST as $curPostKey => $curPostVal) {
> $_POST[$curPostKey] =
> forms::CleanInput($curPostVal);
> }
> }
> // Debug
> print_r($_POST);
> }
>
> // Clean XSS
> function CleanInput($UserInput) {
> $allowedtags =
> "<strong><em><a><ul><li><pre><hr><blockquote><img><span>";
> $notallowedattribs = array("@javascript:|onclick|ondblclick|
> onmousedown|onmouseup"
> ."|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|
> [EMAIL PROTECTED]");
> $changexssto = '';
> $UserInput = preg_replace($notallowedattribs, $changexssto,
> $UserInput);
> $UserInput = strip_tags($text, $allowedtags);
I think $text should be $UserInput :)
> $UserInput = nl2br($UserInput);
> return $UserInput;
> }
> }
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
