PHP Classes
Icontem

Class: PHP Input Filter


  Search   All class groups All class groups   Latest entries Latest entries   Top 10 charts Top 10 charts   Newsletter Newsletter   Blog Blog   Forums Forums   Help FAQ Help FAQ  
  Login   Register  
Recommend this page to a friend!
      Classes of Daniel Morris  >  PHP Input Filter  >  Download  >  Support forum Support forum  >  RSS 1.0 feed RSS 2.0 feed Latest changes  >  Stumble It! Stumble It!  >  Bookmark in del.icio.us Bookmark in del.icio.us  
  Screenshots Screenshots   Supplied by   Group folder image Groups   Detailed description   Freshmeat project  
  Rate classes User ratings   Trackback   Applications   Related links   Files Files  

  • Screenshots:

    Shows testsuite script in action.
    File Role Description
    Accessible without login Image file testsuite.png Screen Shows testsuite script in action.

  • Supplied by:

    Picture of Daniel Morris
    Name: Daniel Morris <e-mail contact>
    Published packages: 1
    Country: United Kingdom United Kingdom - PHP jobs in United Kingdom
    Home page: http://rootcube.com/
    Age: 25
    All time rank: 122
    Week rank: 84

    Browse this author's classes

  • Innovation Award:

    PHP Programming Innovation award nominee
    March 2005
    Number 4
    		 One of the most common security problems of Web sites is the vulnerability to cross-site scripting (XSS) attacks.

    It allows to steal values of cookies that can be sent to different sites from those that originated the cookie values. This may allow an attacker to access a site impersonating an authenticated user by taking advantage of a stollen session cookie.

    This kind of vulnerability exists on sites that display information provided by the users without properly escaping it before presenting in HTML pages. If the user supplied information to be displayed is unformatted text, it can be easily escaped by using the PHP function HTMLEntities().

    However, if an user can submit HTML code to a site that displays it without previous validation and eventual cleaning of malicious Javascript or PHP code, the site is vulnerable to eventual cross-site scripting attacks.

    This class provides a solution to perform the necessary cleaning of HTML code from dangerous cross-site scripting attack code.

    Manuel Lemos

  • Groups:

    Group folder image Text processing Manipulating and validating text data View top rated classes
    Group folder image Security Security protection and attack detection View top rated classes

  • Detailed description:

    This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.

    I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).

    ** SQL Injection feature has been added.

  • Freshmeat project:

    PHP Input Filter
    Project record: inputfilter
    Popularity score: 720.02 (1.17%)
    Popularity rank: 4,993 (PHP Classes: 27)
    Vitality score: 5.19 (0.00%)
    Rating: 8.51 (Votes: 3) Please rate this class in Freshmeat

  • User ratings:

    Ratings
    Utility
    Consistency
    Documentation
    Examples
    Tests
    Videos
    Overall
    Rank
    All time:
    Good (94.1%)
    Good (86.0%)
    Good (84.6%)
    Good (89.1%)
    -
    -
    Sufficient (73.0%)
    81
    Month:
    There are not enough user ratings to display for this class.

  • Trackback links:

    Link Description
    Cleaning up your inputs Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you re looking at security of your PHP applications. You can prevent most kinds on Cross Site Scripting (XSS) attacks if you know how to clean up the user inputs. Her...
    Cleaning up Your Inputs in PHP Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications...
    Cleaning Up Your Inputs In PHP Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications...
    Filtering Out Unwanted XHTML/HTML Tags For a project I am working on right now, I wanted to allow users to add a little bit of HTML in a description field, but not too much. I only wanted to allow a few tags and a few attributes. I, never one to reinvent the wheel, headed to Google (a programmer’s best friend) on a code hunt. I tried several php filter functions and classes and I was left wanting. I was just about to give up and write something myself when I stumbled across the PHP Input Filter class on PHP Classes.org (you have to be a member to download code, but membership is free)...
    Filtering output with a white list -
    Funktion/Klasse wie htmlentities(), aber gewisse Tags erlauben Ich benutzte die folgende Klasse dafür:...
    InputFilter, Protege tus variables en PHP de XSS Uno de los problemas más comunes del internet es la vulnerabilidad cross-site scripting XSS, este tipo de vulverabilidad está en que normalmente no se validan correctamente los datos de entrada que son usados en cierta aplicación...
    PHP Input Cleaning Class If you need a nice class that will clean pretty much anything for your PHP app, grab this class...
    Server Side Validation - Importance Time and again, there are countless number of articles written on not to trust user input and do a server side validation of all input...
    Teketek.com ve XSS açigi Bugün Türkiye'nin popüler alisveris sitesi Teketek.com'da ürünlere gözatarken, XSS'i (Cross-Site Scripting) test amaciyla arama kutusuna JavaScript kodu yazdim ve çal&#305;sti
    Latest blog trackback links Latest blog trackback links

  • Applications that use this class:

    Link Description
    NextGear Team of dutch IT specialists.
    Newsmail PHP simple news ticker
    Mambo Server A very popular open source CMS
    Add link image If you know an application of this package, send a message to the author to add a link here.

  • Related links:

    Link Description
    Project Homepage Project Details and Interactive demonstration
    Tag and Attribute Blacklist. Lists what tags etc are blocked if "xssauto" feature is on.
    XSS Cheat Sheet Interesting page for reference purposes.

  • Files:

    File Role Description
    Accessible without login Plain text file class.inputfilter.php Class PHP4/PHP5 with comments
    Plain text file class.inputfilter.php5 Class PHP5-Strict with comments
    Accessible without login Plain text file class.inputfilter_clean.php Class PHP4/PHP5 without comments
    Plain text file class.inputfilter_clean.php5 Class PHP5-Strict without comments
    Accessible without login Plain text file index.php Example Play around with your own examples on the fly.
    Accessible without login Plain text file readme.txt Doc. Blurb / Instructions / Features
    Download all files: inputfilter.tar.gz inputfilter.zip
    NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

 
  Advertise on this site Advertise on this site   Site map Site map   Statistics Statistics   Site tips Site tips   Privacy policy Privacy policy   Contact Contact  
For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2009 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products