I need a PHP script to make sure the inputs from text fields are safe.
I already have set everything up so that I can call a specific function in order to make sure the text fields are safe, but I don't have the function made properly!
Here's what I have now, basically:
Two main problems with the way it is now:
1: It only tries to make unsafe text safe, then continue execution of code; I've decided I want it to call a specific function (which will eventually terminate the execution of code) when it detects an unsafe string.
2: It doesn't work!
You can change anything you want, but these things are imperative:
*It must still be called by the function validate($mode,$string)
*It should have three modes:
text: will call the function ht(getuser(),"You may only type plain text in this field, please go back and try again.") if the $string contains anything other than plain text and html entities such as " special characters should be translated to their html entity form.
html: will call the function ht(getuser(),"You may only use basic html tags in this field, please go back and try again.") if the $string contains anything other than plain text, html entities, and these tags: (<b>,<p>,<i>,<u>,<br>,<hr>,<h1>,<h2>,<h3>,<h4>,<h5>,<h6>) If you make it so that it also blocks users from adding any attributes to these tags (such as color="xxxxx"), I'll add in an extra 200frih$
script: will call the function ht(getuser(),"Server-side scripts are not allowed for security reasons; go back and try again.") if the $string contains any server-side scripts. All html tags are okay.
*It should use the function ht($username,$message) to terminate the code; it should not have any die() or exit() calls within this function. I have already written ht().
*It should not attempt to make strings safe, then continue execution. If it detects any disallowed parts in the string, it should call the function ht()
*If you want this function to call other functions to make your coding convenient, just define your function(s) above function validate().
I'll pay 500frih$ to get this done at all, but you can make much more if you meet a couple conditions:
*You can get an extra 200frih$ for making it block tag attributes in the html mode. for a total of 700frih$
*If you get it done by sept 7th (which is plenty of time, as long as you don't procrastinate) you'll get an extra 500frih$ to bring the total to the advertised 1200frih$.
I already have set everything up so that I can call a specific function in order to make sure the text fields are safe, but I don't have the function made properly!
Here's what I have now, basically:
| Code: |
|
function validate($mode,$string) { switch ($mode) { case "text": $string=strip_tags($string); break; case "html": $string=strip_tags($string,"<b>,<p>,<i>,<u>,<br>,<hr>,<h1>,<h2>,<h3>,<h4>,<h5>,<h6>"); break; case "script": $string=strip_tags($string,"<big>,<small>,<strike>,<applet>,<map>, <area>,<code>, <object>,<dir>,<dl>,<dt>, <dd>,<li>,<menu>,<li>,<ol>,<ul>,<body>,<table>,<td>,<tr>,<div>, <span>,<a>,<img>,<image>, <script>,<font>,<pre>,<sub>,<sup>,<form>,<input>,<textarea>, <select>,<option>,<fieldset>,<style>,<b>,<p>,<i>,<u>,<br>, <hr>,<h1>,<h2>,<h3>,<h4>,<h5>,<h6>"); break; default: die("Validation mode '" . $mode . "' not recognized!"); } If(strstr($string,"<?php") || strstr($string,"<?")) { ht(getuser(),"PHP scripts are not allowed, because they are server-side scripts and pose a security risk!"); } } |
Two main problems with the way it is now:
1: It only tries to make unsafe text safe, then continue execution of code; I've decided I want it to call a specific function (which will eventually terminate the execution of code) when it detects an unsafe string.
2: It doesn't work!
You can change anything you want, but these things are imperative:
*It must still be called by the function validate($mode,$string)
*It should have three modes:
text: will call the function ht(getuser(),"You may only type plain text in this field, please go back and try again.") if the $string contains anything other than plain text and html entities such as " special characters should be translated to their html entity form.
html: will call the function ht(getuser(),"You may only use basic html tags in this field, please go back and try again.") if the $string contains anything other than plain text, html entities, and these tags: (<b>,<p>,<i>,<u>,<br>,<hr>,<h1>,<h2>,<h3>,<h4>,<h5>,<h6>) If you make it so that it also blocks users from adding any attributes to these tags (such as color="xxxxx"), I'll add in an extra 200frih$
script: will call the function ht(getuser(),"Server-side scripts are not allowed for security reasons; go back and try again.") if the $string contains any server-side scripts. All html tags are okay.
*It should use the function ht($username,$message) to terminate the code; it should not have any die() or exit() calls within this function. I have already written ht().
*It should not attempt to make strings safe, then continue execution. If it detects any disallowed parts in the string, it should call the function ht()
*If you want this function to call other functions to make your coding convenient, just define your function(s) above function validate().
I'll pay 500frih$ to get this done at all, but you can make much more if you meet a couple conditions:
*You can get an extra 200frih$ for making it block tag attributes in the html mode. for a total of 700frih$
*If you get it done by sept 7th (which is plenty of time, as long as you don't procrastinate) you'll get an extra 500frih$ to bring the total to the advertised 1200frih$.
