sanitization

Modify input before validation on Laravel 5.1

半城伤御伤魂 提交于 2019-11-30 22:05:28
问题 I'm trying to modify an user submitted input before validation success. I've followed this easy instructions, but when I test it on Laravel 5.1, It's not working. Am I doing something wrong? This is my Request class on SSHAM\Http\Requests\UserCreateRequest.php <?php namespace SSHAM\Http\Requests; use SSHAM\Http\Requests\Request; class UserCreateRequest extends Request { // Some stuff not related with this problem /** * Get the validation rules that apply to the request. * * @return array */

PHP input sanitizer?

和自甴很熟 提交于 2019-11-30 17:51:13
问题 What are some good PHP html (input) sanitizers? Preferably, if something is built in - I'd like to us that. UPDATE : Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc). 回答1: html purifier -> http://htmlpurifier.org/ 回答2: I've always used PHP's addslashes() and stripslashes() functions, but I also just saw the built-in filter_var() function (link). Looks like there are quite a few built-in filters. 回答3: If you want to run a query that

Sanitizing MySQL user parameters

我怕爱的太早我们不能终老 提交于 2019-11-30 17:25:16
问题 What are the dangerous characters that should be replaced in user input when the users' input will be inserted in a MySQL query? I know about quotes, double quotes, \r and \n. Are there others? (I don't have the option of using a smart connector that accepts parameters so I have to build the query myself and this will be implemented in multiple programming languages, including some obscure ones so solutions such as mysql_real_escape_string in PHP are not valid) 回答1: mysql_real_escape_string()

How to override SQL sanitization in ColdFusion

落花浮王杯 提交于 2019-11-30 14:52:58
I have the unfortunate task of cleaning up a bunch of old ColdFusion code. Queries are all over the place, I am working on moving them all to common CFCs for easier maintenance. I am running into a problem because cfquery is automatically converting the single quotes to double-single-quotes. How can I override that behavior? More specific information is below. So here is the query I started with: <cfquery name="getObjectInfo" datasource="#BaseDS#"> SELECT groupName AS lastname, '[Group]' AS firstname FROM groups WHERE groups.group_id = #objectreference_id# </cfquery> The weird thing here is

Good way to sanitize input in classic asp

风流意气都作罢 提交于 2019-11-30 14:09:12
问题 I have to update old projects at work. I do not have any experience with classic asp, although i'm familiar with php scripting. Are there any functions I should use? Can you provide me with a good function for some basic protection? Is there something like a parameterized query in asp? Thanks! 回答1: Yes you can use parametrized queries in classic ASP (more accurately, classic ADO). Here is a link. As for encoding output, I might be tempted to create a wrapper for the latest Microsoft Anti-XSS

Markdown and XSS

[亡魂溺海] 提交于 2019-11-30 13:56:19
问题 Ok, so I have been reading about markdown here on SO and elsewhere and the steps between user-input and the db are usually given as convert markdown to html sanitize html (w/whitelist) insert into database but to me it makes more sense to do the following: sanitize markdown (remove all tags - no exceptions) convert to html insert into database Am I missing something? This seems to me to be pretty nearly xss-proof 回答1: Please see this link: http://michelf.com/weblog/2010/markdown-and-xss/ >

How best to sanitize fields in ruby on rails

心不动则不痛 提交于 2019-11-30 13:48:22
I currently have a controller capturing some html from TinyMCE on the front end. If I tinker with firebug it is possible to submit script tags and inject alert messages etc on to the screen. edit: Currently I am fixing this in the model by using the sanitize helper: require 'action_view' class NotesController < AuthApplicationController include ActionView::Helpers::SanitizeHelper ... def update params[:note][:content] = sanitize(params[:note][:content], :tags => %w(a object p param h1 h2 h3 h4 h5 h6 br hr ul li img), :attributes => %w(href name src type value width height data) ); @note.update

How do I properly sanitize data received from a text area, when outputting it back into the text area?

老子叫甜甜 提交于 2019-11-30 13:31:57
问题 A user will input text in a textarea. It is then inserted directly into a mySQL database. I use trim, htmlentities, mysql_real_escape_string on it and I have magic quotes enabled. How should I sanitize it when outputting that data back into a textarea? Thanks for your help. I've never been too sure on the correct way of doing this... 回答1: You shouldn't use htmlentities when saving it. You should use htmlentities when displaying it. The rule of thumb is not to encode/sanitize the data until

How can I sanitize a string for use as a filename?

醉酒当歌 提交于 2019-11-30 10:39:36
问题 I've got a routine that converts a file into a different format and saves it. The original datafiles were numbered, but my routine gives the output a filename based on an internal name found in the original. I tried to batch-run it on a whole directory, and it worked fine until I hit one file whose internal name had a slash in it. Oops! And if it does that here, it could easily do it on other files. Is there an RTL (or WinAPI) routine somewhere that will sanitize a string and remove invalid

Detecting a (naughty or nice) URL or link in a text string

人盡茶涼 提交于 2019-11-30 10:22:54
问题 How can I detect (with regular expressions or heuristics) a web site link in a string of text such as a comment? The purpose is to prevent spam. HTML is stripped so I need to detect invitations to copy-and-paste. It should not be economical for a spammer to post links because most users could not successfully get to the page . I would like suggestions, references, or discussion on best-practices. Some objectives: The low-hanging fruit like well-formed URLs ( http://some-fqdn/some/valid/path
订阅 sanitization