You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.4 KiB
42 lines
1.4 KiB
Please note that main.inc.php, which should be called by index.php or main.page, does
|
|
the following:
|
|
|
|
unset($_REQUEST);
|
|
unset($_GET);
|
|
unset($_POST);
|
|
|
|
So, you must use a Sanitizer to get those input vars!!!
|
|
...in your input file:
|
|
use \bs_tts\use_io as IO;
|
|
...
|
|
$required_post_string_field = new IO();
|
|
$required_post_string_field->input_type = INPUTS::post;
|
|
$required_post_string_field->field_filter = FIELD_FILTER::raw_string;
|
|
$required_post_string_field->escape_html = HTML_FLAG::escape;
|
|
$required_post_string_field->validation_rule = 'required';
|
|
$required_post_string_field->use_db_filter = DB_FILTER::OFF;
|
|
$required_post_string_field->skip_the_db = false;
|
|
return [
|
|
'name' => $required_post_string_field,
|
|
'address' => $required_post_string_field,
|
|
];
|
|
|
|
...After that, in your output file, you will pass in the input data of type IO:
|
|
use \bs_tts\safer_io as SafeIO;
|
|
...
|
|
$safer_html = [];
|
|
$errors = [];
|
|
foreach(SafeIO::html_escape_and_sanitize($input) as $html) {
|
|
$key = $html['name'] ?? "";
|
|
$safer_html[$key] = $html['html'];
|
|
|
|
if (\bs_tts\common::get_count($html['errors'])) {
|
|
$errors[$key] = $html['errors'][$key];
|
|
}
|
|
}
|
|
...
|
|
Alternatively; use the built in PHP filter_input function.
|
|
|
|
Likewise, if not using sanitize... then for all HTML output use
|
|
\bs_tts\safer_io::h(...) to escape it.
|
|
|
|
|