PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
OK, it's just been drummed into me that i should NOT trust data that's submitted by a user.
so, my questions are:
Is it generally a bad idea to allow urls to be submitted in a form?
I am thinking of creating a 'News' script to add-on to another script i recently completed. So members can post their latest website news through their account. Generally, I expect urls to be included in the 'news' text. How would i handle this so that it's NOT exploited, yet published as working links?
i can't think of a way off the top of my head how you would use anchors to exploit things, i guess if you got really fancy you could use some javascript to annoy people... but it's highly unlikely
<?php
print highlight_urls('We have a contest going on at http://www.example.com. Please submit before 19/07/2002!');
function highlight_urls($text)
{
// Characters to exclude in URL (you could add more)
$chars = '\r\n \t\x0B<>''"\\]\\ї';
$re = '/(їa-z]+:\/\/|www\.)ї^'.$chars.']+/i';
return preg_replace_callback($re,
'highlight_urls_callback', $text);
}
function highlight_urls_callback($matches)
{
$url = $matchesї0];
if ($matchesї1] == 'www.') $url = "http://$url";
// Characters to ignore at end of URL
$chars = '!)}:\\.\\?';
$punc = '';
if (preg_match("/ї$chars]+\$/", $url, $matches))
{
$url = preg_replace("/ї$chars]+\$/", '', $url);
$punc = $matchesї0];
}
return "<a href="$url">$url</a>$punc";
// Or you could have it open a new window
return "<a href="$url" target="_blank">$url</a>$punc";
}
?>