What would be the input/output of these input handlers? Zeev
At 07:19 09/12/2001, Rui Hirokawa wrote: >Hi, > >I propose a new idea for HTTP input handler to improve security and >multibyte encoding support. > >Currently, user input by POST/GET/Cookie is treated by >internal function php_treat_variables(). > >Some security related work to prevent some security attack >is preformed in PHP script by htmlspecialchars() and regex(). > >And multibyte encoding detection and translation which is necessary >for multibyte enable Web application is implemented by >override php_treat_variables(). > >My idea is to introduce some general input filter/handler >for php_treat_variables(). > >It is a similar concept as output buffering handler. > >For example, if a user defined > >input_handler = http_input_check,mb_filter > >in php.ini, user defined security check handler and >multibyte encoding translation are perfomed. > >Generally, http input check for secure transaction is really >hard work and some programers might make some critical mistake. >And PHP script with http input check is usually hard to read. > >If we can use http input handler, we can implemnt separately >http input check and Web application. > >-- >----------------------------------------------------- >Rui Hirokawa <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]