FFFenix
15-08-2011, 06:41
Buenas Noches, queria saber que opinaban acerca de mi forma de limpiar las variables que entran por POST en una aplicacion web mia, Bueno sin mas les dejo el Codigo:
Adicional a eso, utilizo una Clase que encontre por ahi, InputFilter (http://www.phpclasses.org/package/2189-PHP-Filter-out-unwanted-PHP-Javascript-HTML-tags-.html)
function clean($cleans){
$ifilter=new InputFilter();
return htmlentities($ifilter->process(str_ireplace(array('SCRIPT','FUNCTION','IF RAME','DOCUMENT.','GET /','/','\'','RETURN ','HTTP://','.PHP','.HTACCESS','MYSQL_','ALERT','$_POST','$_ GET','$_COOKIE','WINDOW.','String.from','JAVASCRIP T:','ONLOAD','ONUNLOAD','ONERROR',"');",'\"',"/'",'\\','<?PHP','LOCATION.','GETURL(',' SRC=','.cookie','<META','<IMG','','DECLARE','VARCHAR','EXEC','HACK','','SELE CT','FROM','WHERE','GRANT','CREATE','DATABASE','SH OW','USE','AND','DROP','LIKE','DELETE','INSERT','I NTO','UPDATE','SET','USAGE','VALUES','ALTER','FLUS H','MODIFY','JOIN','"',"'",'XSS','UNION','<INPUT','<FORM','%s'),'',trim($cleans))),ENT_QUOTES,'UTF-8');}
Espero su opinion, Gracias desde ya!
Adicional a eso, utilizo una Clase que encontre por ahi, InputFilter (http://www.phpclasses.org/package/2189-PHP-Filter-out-unwanted-PHP-Javascript-HTML-tags-.html)
function clean($cleans){
$ifilter=new InputFilter();
return htmlentities($ifilter->process(str_ireplace(array('SCRIPT','FUNCTION','IF RAME','DOCUMENT.','GET /','/','\'','RETURN ','HTTP://','.PHP','.HTACCESS','MYSQL_','ALERT','$_POST','$_ GET','$_COOKIE','WINDOW.','String.from','JAVASCRIP T:','ONLOAD','ONUNLOAD','ONERROR',"');",'\"',"/'",'\\','<?PHP','LOCATION.','GETURL(',' SRC=','.cookie','<META','<IMG','','DECLARE','VARCHAR','EXEC','HACK','','SELE CT','FROM','WHERE','GRANT','CREATE','DATABASE','SH OW','USE','AND','DROP','LIKE','DELETE','INSERT','I NTO','UPDATE','SET','USAGE','VALUES','ALTER','FLUS H','MODIFY','JOIN','"',"'",'XSS','UNION','<INPUT','<FORM','%s'),'',trim($cleans))),ENT_QUOTES,'UTF-8');}
Espero su opinion, Gracias desde ya!