PHP Input Filter
| Recommend this page to a friend! |  Stumble It! |
 Bookmark in del.icio.us |
| Author | ||
 |
|
Innovation award Nominee: 1x | |||||||||||||||||||
This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.
I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).
** SQL Injection feature has been added.
I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).
** SQL Injection feature has been added.
| Classes of Daniel Morris | > | PHP Input Filter | > | Download .zip .tar.gz | > |  Support forum (25) |
> |  Blog |
> |   Latest changes |
||
|
|||||||||||||||||||||||
| Groups |  Screenshots |
Freshmeat project |  User ratings |
|||||
| Trackback | Applications | Related links |  Files |
|||||
| Groups | ||
 |
Text processing | Manipulating and validating text data | View top rated classes |
|
Security | Security protection and attack detection | View top rated classes |
| Innovation Award | ||
 March 2005 Number 4 Prize: One subscription to the PDF edition of the magazine by PHP Architect |
One of the most common security problems of Web sites is the vulnerability to cross-site scripting (XSS) attacks. It allows to steal values of cookies that can be sent to different sites from those that originated the cookie values. This may allow an attacker to access a site impersonating an authenticated user by taking advantage of a stollen session cookie. This kind of vulnerability exists on sites that display information provided by the users without properly escaping it before presenting in HTML pages. If the user supplied information to be displayed is unformatted text, it can be easily escaped by using the PHP function HTMLEntities(). However, if an user can submit HTML code to a site that displays it without previous validation and eventual cleaning of malicious Javascript or PHP code, the site is vulnerable to eventual cross-site scripting attacks. This class provides a solution to perform the necessary cleaning of HTML code from dangerous cross-site scripting attack code. Manuel Lemos |
| Freshmeat project | ||
 |
|
| User ratings | ||
| Ratings | ||||||||
|---|---|---|---|---|---|---|---|---|
| All time: | ||||||||
| Month: | ||||||||
| Trackback links | ||
| Link | Description |
|---|---|
| Classe php per filtrare gli input degli | Classe php per filtrare gli input degli utenti... |
| Cleaning up your inputs | Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you re looking at security of your PHP applications. You can prevent most kinds on Cross Site Scripting (XSS) attacks if you know how to clean up the user inputs. Her... |
| Cleaning up Your Inputs in PHP | Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications... |
| Cleaning Up Your Inputs In PHP | Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications... |
| Filtering Out Unwanted XHTML/HTML Tags | For a project I am working on right now, I wanted to allow users to add a little bit of HTML in a description field, but not too much. I only wanted to allow a few tags and a few attributes. I, never one to reinvent the wheel, headed to Google (a programmer’s best friend) on a code hunt. I tried several php filter functions and classes and I was left wanting. I was just about to give up and write something myself when I stumbled across the PHP Input Filter class on PHP Classes.org (you have to be a member to download code, but membership is free)... |
| Filtering output with a white list | - |
| Filtra tus input con "inputfilter" | Esta clase puede filtrar la entrada de las etiquetas perdidas o malévolas de PHP, del Javascript o del HTML y prevenir ataques scripting del XSS (XSS)... |
| Funktion/Klasse wie htmlentities(), aber gewisse Tags erlauben | Ich benutzte die folgende Klasse dafür:... |
| How to Avoid Cross Site Scripting Attack In PHP? | ...the problem is that, many people are using it and most of the time don’t consider vulnerabilities or attacks going to their sites... |
| InputFilter, Protege tus variables en PHP de XSS | Uno de los problemas más comunes del internet es la vulnerabilidad cross-site scripting XSS, este tipo de vulverabilidad está en que normalmente no se validan correctamente los datos de entrada que son usados en cierta aplicación... |
| Libraries to avoid problems in PHP (Spanish) | We talked to two major errors in web applications and tips to avoid the API was preparing the people of OWASP , ESAPI order to simplify the security issues for Java developers... |
| PHP Input Cleaning Class | If you need a nice class that will clean pretty much anything for your PHP app, grab this class... |
| PHP Security (French) | The current level is charged hack, it's time to leave a small item with different methods of securing PHP applications. I will briefly introduce you to different libraries or classes oriented PHP security... |
| Prevent XSS attacks in PHP (Spanish) | An XSS (Cross Site Scripting) attack is one on which the attacker entered JavaScript in HTML in forms and if these are not filtered properly you will display this code in your site by altering the original content... |
| Sanitizing PHP input values | - |
| Server Side Validation - Importance | Time and again, there are countless number of articles written on not to trust user input and do a server side validation of all input... |
| Teketek.com ve XSS açigi | Bugün Türkiye'nin popüler alisveris sitesi Teketek.com'da ürünlere gözatarken, XSS'i (Cross-Site Scripting) test amaciyla arama kutusuna JavaScript kodu yazdim ve çalısti |
| The text editor (ckeditor, TinyMCE, FCKeditor safety data from ....) | I'm using this... |
| Applications that use this class | ||
| Link | Description |
|---|---|
| NextGear | Team of dutch IT specialists. |
| Newsmail | PHP simple news ticker |
| Mambo Server | A very popular open source CMS |
If you know an application of this package, send a message to the author to add a link here.| Related links | ||
| Link | Description |
|---|---|
| Project Homepage | Project Details and Interactive demonstration |
| Tag and Attribute Blacklist. | Lists what tags etc are blocked if "xssauto" feature is on. |
| XSS Cheat Sheet | Interesting page for reference purposes. |
| Files |
||
| File | Role | Description |
|---|---|---|
 class.inputfilter.php |
Class | PHP4/PHP5 with comments |
| class.inputfilter.php5 |
Class | PHP5-Strict with comments |
| class.inputfilter_clean.php |
Class | PHP4/PHP5 without comments |
| class.inputfilter_clean.php5 |
Class | PHP5-Strict without comments |
| index.php |
Example | Play around with your own examples on the fly. |
| readme.txt |
Doc. | Blurb / Instructions / Features |
| Download all files: inputfilter.tar.gz inputfilter.zip |
For more information send a message to info at phpclasses dot org.
Copyright (c) Icontem 1999-2013