Anyone familiar with safehtml?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

Anyone familiar with safehtml?

Post by stakes »

Hello

For you who aren't it can be found here:

http://pixel-apes.com/safehtml/

Now to the issue, which isn't a problem really but it will require alot less code if it works.

Right now i have to do

Code: Select all

$safehtml =& new safehtml();

$_POST['username'] = $safehtml->parse($_POST['username']);
$_POST['password'] = $safehtml->parse($_POST['password']);
$_POST['captcha'] = $safehtml->parse($_POST['captcha']);
I would like to just do

Code: Select all

$_POST= $safehtml->parse($_POST);
However this just returns the value: array in a flat array.. kind of kills everything in it.
Now the actual safeHTML class\script is quite complicated (atleast for me) So i can't really
figure out where it actually returns the input.

So anyone here have any experience or might else have an idea how to solve this by passing the entire $_POST trough the function
without "Killing it"

Thanks in advance.

/Daniel
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Code: Select all

#IN YOUR SAFEHTML CLASS ADD THIS FUNCTION

function parsePostVars(){

foreach( $_POST as $ak => $tval ){
$_POST[$ak] = $this->parse( $tval );
}

}
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.
Last edited by Jenk on Mon Jul 16, 2007 5:52 pm, edited 1 time in total.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Post by kaszu »

I guess you can do something like this:

Code: Select all

class MySafeHTML extends SafeHTML
{
function parseArray( $arr )
{
    $results = Array();

    if (is_array( $arr ))
    {
        foreach( $arr as $k => $v )
        {
            $results[$k] = $this->parse($v);
        }

        return $results;
    } else {  
        return $arr;
    }
}
}

$sagehtml = new MySafeHTML();
Edit: it seems i'm too slow with typing :)
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

see also array_map, array_walk, array_walk_recursive ;)
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

Post by stakes »

Jenk wrote:

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.
Well that i could have figured out :)

Just curious though, from a perfomance\optimization perspective, this would surely take longer time to execute than
just passing the whole $_POST array? Or is just basicly the same thing as running the whole object x times.

Thanks again!
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

You won't notice a performance issue with that small of an array.
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

Post by stakes »

Ok well i just used my "Login" array as an example, i have plans though of using the safeHTML class throughout my project
and there will be bigger arrays, say up to 40 values, is this maybe a performance issue?

Also i just noticed:

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
If i enter $_POST['username'] = "oh noes";

i get following:

Code: Select all

Array
(
    [username] => ohnoes
    [password] => ohnoes
    [captcha] => ohnoes
)
To Kaszu

Thanks alot, nice suggestion, i implemented your little extension to the class

and

Code: Select all

$safehtml = new MySafeHTML(); 
$_POST= $safehtml->parseArray($_POST);
however, like before after $_POST['username'] = "oh noes"; it returns:

Code: Select all

Array
(
    [username] => ohnoes
    [password] => ohnoes
    [captcha] => ohnoes
)
I'm trying to figure out the logic in this but it seems to bypass my logical capabilties right now :P

thanks again! :)
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Cause it's the cats meow: http://htmlpurifier.org/comparison.html
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

Post by stakes »

Well that was kind of convincing, thanks for pointing that out Hockey. So i retouched my intial formvalidaton abit to suit HTMLpurifier.

Code: Select all

require_once 'library/HTMLPurifier.auto.php';
    
    $purifier = new HTMLPurifier();
    $config = HTMLPurifier_Config::createDefault();
    $config->set('Core', 'Encoding', 'ISO-8859-1'); 

    $_POST = $purifier->purify($_POST);
Yet again, my $_POST array comes out competely dead empty. But this time it doesn't even return "Array" it's more
like it's been unset()

So changing topic title to. Anyone familiar with HTMLpurifier? :)

/Daniel
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

I've never used HTMLPurifier myself, but according to the docs purify() first parameter is supposed to be a string, so you'll have to do a foreach loop on the $_POST array and purify each key.
Post Reply