[PHP-DEV] Proporsal for cascadable general HTTP input handler
by Rui Hirokawa other posts by this author
Dec 9 2001 5:19AM messages near this date
[PHP-DEV] CVS Account Request: pgerzson
|
[PHP-DEV] Re: Proporsal for cascadable general HTTP input handler
Hi,
I propose a new idea for HTTP input handler to improve security and
multibyte encoding support.
Currently, user input by POST/GET/Cookie is treated by
internal function php_treat_variables().
Some security related work to prevent some security attack
is preformed in PHP script by htmlspecialchars() and regex().
And multibyte encoding detection and translation which is necessary
for multibyte enable Web application is implemented by
override php_treat_variables().
My idea is to introduce some general input filter/handler
for php_treat_variables().
It is a similar concept as output buffering handler.
For example, if a user defined
input_handler = http_input_check,mb_filter
in php.ini, user defined security check handler and
multibyte encoding translation are perfomed.
Generally, http input check for secure transaction is really
hard work and some programers might make some critical mistake.
And PHP script with http input check is usually hard to read.
If we can use http input handler, we can implemnt separately
http input check and Web application.
--
-----------------------------------------------------
Rui Hirokawa <rui_hirokawa@[...].jp>
<hirokawa@[...].net>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
For additional commands, e-mail: php-dev-help@[...].net
To contact the list administrators, e-mail: php-list-admin@lists.php.net
Thread:
Rui Hirokawa
Yasuo Ohgaki
Zeev Suraski
Rui Hirokawa
|
