Page 1 of 1
Anyone familiar with safehtml?
Posted: Mon Jul 16, 2007 5:44 pm
by stakes
Hello
For you who aren't it can be found here:
http://pixel-apes.com/safehtml/
Now to the issue, which isn't a problem really but it will require alot less code if it works.
Right now i have to do
Code: Select all
$safehtml =& new safehtml();
$_POST['username'] = $safehtml->parse($_POST['username']);
$_POST['password'] = $safehtml->parse($_POST['password']);
$_POST['captcha'] = $safehtml->parse($_POST['captcha']);
I would like to just do
However this just returns the value: array in a flat array.. kind of kills everything in it.
Now the actual safeHTML class\script is quite complicated (atleast for me) So i can't really
figure out where it actually returns the input.
So anyone here have any experience or might else have an idea how to solve this by passing the entire $_POST trough the function
without "Killing it"
Thanks in advance.
/Daniel
Posted: Mon Jul 16, 2007 5:50 pm
by hawleyjr
Code: Select all
#IN YOUR SAFEHTML CLASS ADD THIS FUNCTION
function parsePostVars(){
foreach( $_POST as $ak => $tval ){
$_POST[$ak] = $this->parse( $tval );
}
}
Posted: Mon Jul 16, 2007 5:52 pm
by Jenk
Code: Select all
foreach ($_POST as $key => $var) {
$_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.
Posted: Mon Jul 16, 2007 5:52 pm
by kaszu
I guess you can do something like this:
Code: Select all
class MySafeHTML extends SafeHTML
{
function parseArray( $arr )
{
$results = Array();
if (is_array( $arr ))
{
foreach( $arr as $k => $v )
{
$results[$k] = $this->parse($v);
}
return $results;
} else {
return $arr;
}
}
}
$sagehtml = new MySafeHTML();
Edit: it seems i'm too slow with typing

Posted: Mon Jul 16, 2007 5:56 pm
by stereofrog
see also array_map, array_walk, array_walk_recursive

Posted: Mon Jul 16, 2007 6:04 pm
by stakes
Jenk wrote:Code: Select all
foreach ($_POST as $key => $var) {
$_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.
Well that i could have figured out
Just curious though, from a perfomance\optimization perspective, this would surely take longer time to execute than
just passing the whole $_POST array? Or is just basicly the same thing as running the whole object x times.
Thanks again!
Posted: Mon Jul 16, 2007 6:11 pm
by hawleyjr
You won't notice a performance issue with that small of an array.
Posted: Mon Jul 16, 2007 6:22 pm
by stakes
Ok well i just used my "Login" array as an example, i have plans though of using the safeHTML class throughout my project
and there will be bigger arrays, say up to 40 values, is this maybe a performance issue?
Also i just noticed:
Code: Select all
foreach ($_POST as $key => $var) {
$_POST[$key] = $safehtml->parse($var);
}
If i enter $_POST['username'] = "oh noes";
i get following:
Code: Select all
Array
(
[username] => ohnoes
[password] => ohnoes
[captcha] => ohnoes
)
To Kaszu
Thanks alot, nice suggestion, i implemented your little extension to the class
and
Code: Select all
$safehtml = new MySafeHTML();
$_POST= $safehtml->parseArray($_POST);
however, like before after $_POST['username'] = "oh noes"; it returns:
Code: Select all
Array
(
[username] => ohnoes
[password] => ohnoes
[captcha] => ohnoes
)
I'm trying to figure out the logic in this but it seems to bypass my logical capabilties right now
thanks again!

Posted: Mon Jul 16, 2007 8:22 pm
by alex.barylski
Posted: Mon Jul 16, 2007 10:04 pm
by stakes
Well that was kind of convincing, thanks for pointing that out Hockey. So i retouched my intial formvalidaton abit to suit HTMLpurifier.
Code: Select all
require_once 'library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier();
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'ISO-8859-1');
$_POST = $purifier->purify($_POST);
Yet again, my $_POST array comes out competely dead empty. But this time it doesn't even return "Array" it's more
like it's been unset()
So changing topic title to. Anyone familiar with HTMLpurifier?
/Daniel
Posted: Tue Jul 17, 2007 5:11 am
by vigge89
I've never used HTMLPurifier myself, but according to the docs purify() first parameter is supposed to be a string, so you'll have to do a foreach loop on the $_POST array and purify each key.