Class: PHP Input Filter (xss, sql injection, inputfilter, filter)

Name:	PHP Input Filter Support forum
Base name:	`inputfilter`
Description:	Filter out unwanted PHP / Javascript / HTML tags.
Search tags:	xss, sql injection, inputfilter, filter
Version:	`-`
Required PHP version:	`-`
License:	GNU General Public License (GPL)
All time users:	9267 users
All time rank:	55
Week users:	97 users
Week rank:	21

	Screenshots		Supplied by		Groups		Detailed description		Freshmeat project

	User ratings		Trackback		Applications		Related links		Files

Screenshots:

File Role Description

testsuite.png Screen Shows testsuite script in action.

Supplied by:

Name:	Daniel Morris `<e-mail contact>`
Published packages:	1
Country:	United Kingdom - PHP jobs in United Kingdom
Home page:	`http://rootcube.com/`
Age:	25
All time rank:	127
Week rank:	38

Browse this author's classes

Innovation Award:

March 2005
Number 4

One of the most common security problems of Web sites is the vulnerability to cross-site scripting (XSS) attacks.

It allows to steal values of cookies that can be sent to different sites from those that originated the cookie values. This may allow an attacker to access a site impersonating an authenticated user by taking advantage of a stollen session cookie.

This kind of vulnerability exists on sites that display information provided by the users without properly escaping it before presenting in HTML pages. If the user supplied information to be displayed is unformatted text, it can be easily escaped by using the PHP function HTMLEntities().

However, if an user can submit HTML code to a site that displays it without previous validation and eventual cleaning of malicious Javascript or PHP code, the site is vulnerable to eventual cross-site scripting attacks.

This class provides a solution to perform the necessary cleaning of HTML code from dangerous cross-site scripting attack code.

Manuel Lemos

Groups:

Text processing Manipulating and validating text data View top rated classes

Security Security protection and attack detection View top rated classes

Detailed description:

This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.

I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).

** SQL Injection feature has been added.

Freshmeat project:

Project record:	`inputfilter`
Popularity score:	701.52 (1.14%)
Popularity rank:	5,084 (PHP Classes: 27)
Vitality score:	5.20 (0.00%)
Rating:	8.51 (Votes: 3) Please rate this class in Freshmeat

User ratings:

Ratings	Utility	Consistency	Documentation	Examples	Tests	Videos	Overall	Rank
All time:	`Good (93.8%)`	`Good (85.2%)`	`Good (84.4%)`	`Good (88.3%)`	`-`	`-`	`Sufficient (72.7%)`	85
Month:	Not yet rated by the users

Trackback links:

Link	Description
Cleaning up your inputs	Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you re looking at security of your PHP applications. You can prevent most kinds on Cross Site Scripting (XSS) attacks if you know how to clean up the user inputs. Her...
Cleaning up Your Inputs in PHP	Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications...
Cleaning Up Your Inputs In PHP	Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications...
Filtering Out Unwanted XHTML/HTML Tags	For a project I am working on right now, I wanted to allow users to add a little bit of HTML in a description field, but not too much. I only wanted to allow a few tags and a few attributes. I, never one to reinvent the wheel, headed to Google (a programmer’s best friend) on a code hunt. I tried several php filter functions and classes and I was left wanting. I was just about to give up and write something myself when I stumbled across the PHP Input Filter class on PHP Classes.org (you have to be a member to download code, but membership is free)...
Filtering output with a white list	-
Funktion/Klasse wie htmlentities(), aber gewisse Tags erlauben	Ich benutzte die folgende Klasse dafür:...
PHP Input Cleaning Class	If you need a nice class that will clean pretty much anything for your PHP app, grab this class...
Server Side Validation - Importance	Time and again, there are countless number of articles written on not to trust user input and do a server side validation of all input...
Teketek.com ve XSS açigi	Bugün Türkiye'nin popüler alisveris sitesi Teketek.com'da ürünlere gözatarken, XSS'i (Cross-Site Scripting) test amaciyla arama kutusuna JavaScript kodu yazdim ve çalısti

Latest blog trackback links

Applications that use this class:

Link Description

NextGear Team of dutch IT specialists.

Newsmail PHP simple news ticker

Mambo Server A very popular open source CMS

If you know an application of this package, send a message to the author to add a link here.

Files:

File	Role	Description
`class.inputfilter.php`	Class	PHP4/PHP5 with comments
`class.inputfilter.php5`	Class	PHP5-Strict with comments
`class.inputfilter_clean.php`	Class	PHP4/PHP5 without comments
`class.inputfilter_clean.php5`	Class	PHP5-Strict without comments
`index.php`	Example	Play around with your own examples on the fly.
`readme.txt`	Doc.	Blurb / Instructions / Features

Download all files: inputfilter.tar.gz inputfilter.zip

NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

Copyright (c) Icontem 1999-2008	PHP Classes	- PHP Class Scripts
	PHP Book Reviews	- Reviews of books and other products

Class: PHP Input Filter

Screenshots: