Re: [PHP-DEV] Proporsal for cascadable general HTTP input handler :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> php-Dev

php-Dev

Re: [PHP-DEV] Proporsal for cascadable general HTTP input handler
by Rui Hirokawa other posts by this author
Dec 9 2001 10:53PM messages near this date

Re: [PHP-DEV] Proporsal for cascadable general HTTP input handler | [PHP-DEV] Bug #14392: Problem #13593 also present in 4.1.0RC4

The input could be an array pointer for the splited and url decoded input by POST/GET/Cookie
.

The output could be an array including result or return code of 
the handler.

These handlers should be activated in php_treat_data before
php_register_variable_safe().

An example is php_mbstr_encoding_handler() in ext/mbstring.c.
The argument of php_mbstr_encoding_handler() is,

static void
php_mbstr_encoding_handler(zval *arg, char *res, char *separator TSRMLS_DC)

But, the array pointer should be better to simplify the handler.


On Sun, 09 Dec 2001 20:21:02 +0200
Zeev Suraski <zeev@[...].com>  wrote:

>  What would be the input/output of these input handlers?
>  
>  Zeev
>  
>  At 07:19 09/12/2001, Rui Hirokawa wrote:
>  
>  >Hi,
>  >
>  >I propose a new idea for HTTP input handler to improve security and
>  >multibyte encoding support.
>  >
>  >Currently, user input by POST/GET/Cookie is treated by
>  >internal function php_treat_variables().
>  >
>  >Some security related work to prevent some security attack
>  >is preformed in PHP script by htmlspecialchars() and regex().
>  >
>  >And multibyte encoding detection and translation which is necessary
>  >for multibyte enable Web application is implemented by
>  >override php_treat_variables().
>  >
>  >My idea is to introduce some general input filter/handler
>  >for php_treat_variables().
>  >
>  >It is a similar concept as output buffering handler.
>  >
>  >For example, if a user defined
>  >
>  >input_handler = http_input_check,mb_filter
>  >
>  >in php.ini, user defined security check handler and
>  >multibyte encoding translation are perfomed.
>  >
>  >Generally, http input check for secure transaction is really
>  >hard work and some programers might make some critical mistake.
>  >And PHP script with http input check is usually hard to read.
>  >
>  >If we can use http input handler, we can implemnt separately
>  >http input check and Web application.
>  >
>  >--
>  >-----------------------------------------------------
>  >Rui Hirokawa <rui_hirokawa@[...].jp>
>  >              <hirokawa@[...].net>
>  >
>  >
>  >--
>  >PHP Development Mailing List <http://www.php.net/>
>  >To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
>  >For additional commands, e-mail: php-dev-help@[...].net
>  >To contact the list administrators, e-mail: php-list-admin@[...].net
>  
>  
>  -- 
>  PHP Development Mailing List <http://www.php.net/>
>  To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
>  For additional commands, e-mail: php-dev-help@[...].net
>  To contact the list administrators, e-mail: php-list-admin@[...].net


-- 
-----------------------------------------------------
Rui Hirokawa <rui_hirokawa@[...].jp> 
             <hirokawa@[...].net> 


-- 
PHP Development Mailing List <http://www.php.net/> 
To unsubscribe, e-mail: php-dev-unsubscribe@[...].net
For additional commands, e-mail: php-dev-help@[...].net
To contact the list administrators, e-mail: php-list-admin@lists.php.net

Thread:

Rui Hirokawa

Yasuo Ohgaki

Zeev Suraski

Rui Hirokawa