diff options
| author | Peter Kokot <peterkokot@gmail.com> | 2019-04-21 15:33:20 +0200 |
|---|---|---|
| committer | Peter Kokot <peterkokot@gmail.com> | 2019-04-21 15:33:20 +0200 |
| commit | 1c94aac89e0d7dfbd5efc15ec1862214b22603d1 (patch) | |
| tree | d03f294d1354b121d5f8bf0daa681f92c750bed1 /docs/input-filter.md | |
| parent | 80f3c69ae925b09068b0642306a8a14a42c7d25c (diff) | |
| download | php-git-1c94aac89e0d7dfbd5efc15ec1862214b22603d1.tar.gz | |
[ci skip] Fix CS in Markdown files
Checked and quickfixed with Markdown linter
- 80 columns line width (~)
- code highlighting
- ...
Some most obvious outdated content updated a bit more.
Diffstat (limited to 'docs/input-filter.md')
| -rw-r--r-- | docs/input-filter.md | 43 |
1 files changed, 20 insertions, 23 deletions
diff --git a/docs/input-filter.md b/docs/input-filter.md index c5307a2155..29de4380fd 100644 --- a/docs/input-filter.md +++ b/docs/input-filter.md @@ -1,26 +1,23 @@ -# Input Filter Support in PHP 5 - -XSS (Cross Site Scripting) hacks are becoming more and more prevalent, -and can be quite difficult to prevent. Whenever you accept user data -and somehow display this data back to users, you are likely vulnerable -to XSS hacks. - -The Input Filter support in PHP 5 is aimed at providing the framework -through which a company-wide or site-wide security policy can be -enforced. It is implemented as a SAPI hook and is called from the -treat_data and post handler functions. To implement your own security -policy you will need to write a standard PHP extension. There is also -a powerful standard implementation in ext/filter that should suit most -peoples' needs. However, if you want to implement your own security -policy, read on. - -A simple implementation might look like the following. This stores the -original raw user data and adds a my_get_raw() function while the normal -$_POST, $_GET and $_COOKIE arrays are only populated with stripped -data. In this simple example all I am doing is calling strip_tags() on -the data. - -``` +# Input filter support in PHP + +XSS (Cross Site Scripting) hacks are becoming more and more prevalent, and can +be quite difficult to prevent. Whenever you accept user data and somehow display +this data back to users, you are likely vulnerable to XSS hacks. + +The Input Filter support in PHP is aimed at providing the framework through +which a company-wide or site-wide security policy can be enforced. It is +implemented as a SAPI hook and is called from the `treat_data` and post handler +functions. To implement your own security policy you will need to write a +standard PHP extension. There is also a powerful standard implementation in +`ext/filter` that should suit most peoples' needs. However, if you want to +implement your own security policy, read on. + +A simple implementation might look like the following. This stores the original +raw user data and adds a `my_get_raw()` function while the normal `$_POST`, +`$_GET` and `$_COOKIE` arrays are only populated with stripped data. In this +simple example all I am doing is calling `strip_tags()` on the data. + +```c ZEND_BEGIN_MODULE_GLOBALS(my_input_filter) zval *post_array; zval *get_array; |