Page 1 of 1

Anyone familiar with safehtml?

Posted: Mon Jul 16, 2007 5:44 pm
by stakes
Hello

For you who aren't it can be found here:

http://pixel-apes.com/safehtml/

Now to the issue, which isn't a problem really but it will require alot less code if it works.

Right now i have to do

Code: Select all

$safehtml =& new safehtml();

$_POST['username'] = $safehtml->parse($_POST['username']);
$_POST['password'] = $safehtml->parse($_POST['password']);
$_POST['captcha'] = $safehtml->parse($_POST['captcha']);
I would like to just do

Code: Select all

$_POST= $safehtml->parse($_POST);
However this just returns the value: array in a flat array.. kind of kills everything in it.
Now the actual safeHTML class\script is quite complicated (atleast for me) So i can't really
figure out where it actually returns the input.

So anyone here have any experience or might else have an idea how to solve this by passing the entire $_POST trough the function
without "Killing it"

Thanks in advance.

/Daniel

Posted: Mon Jul 16, 2007 5:50 pm
by hawleyjr

Code: Select all

#IN YOUR SAFEHTML CLASS ADD THIS FUNCTION

function parsePostVars(){

foreach( $_POST as $ak => $tval ){
$_POST[$ak] = $this->parse( $tval );
}

}

Posted: Mon Jul 16, 2007 5:52 pm
by Jenk

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.

Posted: Mon Jul 16, 2007 5:52 pm
by kaszu
I guess you can do something like this:

Code: Select all

class MySafeHTML extends SafeHTML
{
function parseArray( $arr )
{
    $results = Array();

    if (is_array( $arr ))
    {
        foreach( $arr as $k => $v )
        {
            $results[$k] = $this->parse($v);
        }

        return $results;
    } else {  
        return $arr;
    }
}
}

$sagehtml = new MySafeHTML();
Edit: it seems i'm too slow with typing :)

Posted: Mon Jul 16, 2007 5:56 pm
by stereofrog
see also array_map, array_walk, array_walk_recursive ;)

Posted: Mon Jul 16, 2007 6:04 pm
by stakes
Jenk wrote:

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
should be enough to get you started.. it will not work for multidimensional arrays, but I'll leave that to you.
Well that i could have figured out :)

Just curious though, from a perfomance\optimization perspective, this would surely take longer time to execute than
just passing the whole $_POST array? Or is just basicly the same thing as running the whole object x times.

Thanks again!

Posted: Mon Jul 16, 2007 6:11 pm
by hawleyjr
You won't notice a performance issue with that small of an array.

Posted: Mon Jul 16, 2007 6:22 pm
by stakes
Ok well i just used my "Login" array as an example, i have plans though of using the safeHTML class throughout my project
and there will be bigger arrays, say up to 40 values, is this maybe a performance issue?

Also i just noticed:

Code: Select all

foreach ($_POST as $key => $var) {
    $_POST[$key] = $safehtml->parse($var);
}
If i enter $_POST['username'] = "oh noes";

i get following:

Code: Select all

Array
(
    [username] => ohnoes
    [password] => ohnoes
    [captcha] => ohnoes
)
To Kaszu

Thanks alot, nice suggestion, i implemented your little extension to the class

and

Code: Select all

$safehtml = new MySafeHTML(); 
$_POST= $safehtml->parseArray($_POST);
however, like before after $_POST['username'] = "oh noes"; it returns:

Code: Select all

Array
(
    [username] => ohnoes
    [password] => ohnoes
    [captcha] => ohnoes
)
I'm trying to figure out the logic in this but it seems to bypass my logical capabilties right now :P

thanks again! :)

Posted: Mon Jul 16, 2007 8:22 pm
by alex.barylski
Cause it's the cats meow: http://htmlpurifier.org/comparison.html

Posted: Mon Jul 16, 2007 10:04 pm
by stakes
Well that was kind of convincing, thanks for pointing that out Hockey. So i retouched my intial formvalidaton abit to suit HTMLpurifier.

Code: Select all

require_once 'library/HTMLPurifier.auto.php';
    
    $purifier = new HTMLPurifier();
    $config = HTMLPurifier_Config::createDefault();
    $config->set('Core', 'Encoding', 'ISO-8859-1'); 

    $_POST = $purifier->purify($_POST);
Yet again, my $_POST array comes out competely dead empty. But this time it doesn't even return "Array" it's more
like it's been unset()

So changing topic title to. Anyone familiar with HTMLpurifier? :)

/Daniel

Posted: Tue Jul 17, 2007 5:11 am
by vigge89
I've never used HTMLPurifier myself, but according to the docs purify() first parameter is supposed to be a string, so you'll have to do a foreach loop on the $_POST array and purify each key.