|
|
Posted by Tobierre on 10/25/05 17:01
Hi all,
Help, I'm stuck! I've written the below function as part of my form data
filtering steps and for some reason It won't return the right value!
Can someone take a little look and tell me if you can spot any errors?
regards Tobierre
PHP Code:
function Stop_Form_Injection($post, $length)
{
$post = strtolower($post); //change input to lower case for search
purposes
//Check form input is allowable length
$length = strlen($post) - $length;
($length > 0) ? $filter[] = $length: $filter[] = false; //if form input
too long set false
$filter[] = strpos('to:', $post);
$filter[] = strpos('cc:', $post);
$filter[] = strpos('content-type:', $post);
$filter[] = strpos('\r', $post);
$filter[] = strpos('\n', $post);
$filter[] = strpos('charset=', $post);
$filter[] = strpos('mime-version:', $post);
$filter[] = strpos(',', $post);
$filter[] = strpos(':', $post);
$filter[] = strpos(';', $post);
if(isset($filter['0']))
{
$post = 'alert';
}
return $post;
}
//Should return "alert"
$Test1 = 'hello cc:';
$Test1 = Stop_Form_Injection($Test1, '15');
print "$Test1 . '<br>'";
//Should return "hello Joe"
$Test2 = 'hello Joe';
$Test2 = Stop_Form_Injection($Test2, '15');
print "$Test2" . '<br>';
Navigation:
[Reply to this message]
|