What would be the input/output of these input handlers?

Zeev

At 07:19 09/12/2001, Rui Hirokawa wrote:

> Hi,
> 
> I propose a new idea for HTTP input handler to improve security and
> multibyte encoding support.
> 
> Currently, user input by POST/GET/Cookie is treated by
> internal function php_treat_variables().
> 
> Some security related work to prevent some security attack
> is preformed in PHP script by htmlspecialchars() and regex().
> 
> And multibyte encoding detection and translation which is necessary
> for multibyte enable Web application is implemented by
> override php_treat_variables().
> 
> My idea is to introduce some general input filter/handler
> for php_treat_variables().
> 
> It is a similar concept as output buffering handler.
> 
> For example, if a user defined
> 
> input_handler = http_input_check,mb_filter
> 
> in php.ini, user defined security check handler and
> multibyte encoding translation are perfomed.
> 
> Generally, http input check for secure transaction is really
> hard work and some programers might make some critical mistake.
> And PHP script with http input check is usually hard to read.
> 
> If we can use http input handler, we can implemnt separately
> http input check and Web application.
> 
> --
> -----------------------------------------------------
> Rui Hirokawa <rui_hirokawa@[...].jp>
>               <hirokawa@[...].net>
> 
> 
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
> For additional commands, e-mail: php-dev-help@[...].net
> To contact the list administrators, e-mail: php-list-admin@[...].net


-- 
PHP Development Mailing List <http://www.php.net/> 
To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
For additional commands, e-mail: php-dev-help@[...].net
To contact the list administrators, e-mail: php-list-admin@lists.php.net