It checks all input from the user against XSS. You just load it at the start of your page and then use the classes instance variables instead of $_GET and $_POST etc.
Code: Select all
<?php
#####-----------------------------------------------------------------------------------------#####
##### .: Icicle v0.1 :. #####
##### Unleashing The Power Of Frozen Water #####
##### #####
##### Written By Frozensheep Web Solutions. #####
##### http://www.frozensheep.com #####
#####-----------------------------------------------------------------------------------------#####
##### FILE: includes/includes/classes/xss.php #####
##### #####
##### DESCRIPTION: Checks all data against XSS. . #####
##### #####
#####-----------------------------------------------------------------------------------------#####
class XSS {
var $GET = array(); #holds checked $_GET data
var $POST = array(); #holds checked $_POST data
var $COOKIE = array(); #holds checked $_COOKIE data
var $SESSION = array(); #holds checked $_SESSION data
##--------------------------------------------
##CLASS CONSTRUCTOR
##--------------------------------------------
function XSS(){
$this->check_all_input(); #does a XSS on ALL data received
}
##--------------------------------------------
##CHECK ALL INPUT FUNCTION
##Checks all data the user has sent us for XSS
##--------------------------------------------
function check_all_input(){
if(isset($_GET) AND $_GET){$this->GET = $this->check_data_array($_GET);} #Takes all $_GET variables and returns them xss checked
if(isset($_POST) AND $_POST){$this->POST = $this->check_data_array($_POST);} #Takes all $_POST variables and returns them xss checked
if(isset($_COOKIE) AND $_COOKIE){$this->COOKIE = $this->check_data_array($_COOKIE);} #Takes all $_COOKIE variables and returns them xss checked
session_start(); #Starts the session
if(isset($_SESSION) AND $_SESSION){$this->SESSION = $this->check_data_array($_SESSION);} #Takes all $_SESSION variables and returns them xss checked
session_write_close(); #ends the session
}
##--------------------------------------------
##XSS CHECK FUNCTION
##Checks the string for xss
##--------------------------------------------
function xss_check($string){
return htmlspecialchars($string, ENT_QUOTES); #removes the possibilty of XSS
}
##--------------------------------------------
##CHECK DATA ARRAY FUNCTION
##Returns an array of xss checked items
##--------------------------------------------
function check_data_array($array){
$keys = array_keys($array); #gets all the arrays keys
foreach($keys as $key){ #loops through the keys
$array[$key] = $this->xss_check($array[$key]); #performs xss_check on the array value
}
return $array; #returns the array
}
}
?>