How to sanitize $_POST

system · March 10, 2009, 10:01pm

I am just learning Yii. I'm writing my very first application but I cannot find how to sanitize the $_POST contents.

I've used KohanaPHP and with it you can get post values as $this->input->post('name', true) that already comes sanitized (the true on the second parameter does the trick) or configure the framework to sanitize all the input variables by itself.

I cannot find how I can do something like that on Yii. The closest thing I found on the forums was the use of CHtmlPurifier::purify($_POST) but it doesn't works for me:

CException

Description

Property "CalculadoraController.options" is not defined.

Source File

/home/jimezam/yii/yii-1.0.3.r780/framework/web/widgets/CHtmlPurifier.php(59)

00047: {

00048: $output=$this->purify($output);

00049: parent::processOutput($output);

00050: }

00051:

00052: /**

00053: * Purifies the HTML content by removing malicious code.

00054: * @param string the content to be purified.

00055: * @return string the purified content

00056: */

00057: public function purify($content)

00058: {

00059: $purifier=new HTMLPurifier($this->options);

00060: $purifier->config->set('Cache','SerializerPath',Yii::app()->getRuntimePath());

00061: return $purifier->purify($content);

00062: }

00063: }

Could somebody give me a light about it ?

Thank you for your help.

jimezam.

qiang · March 11, 2009, 12:05am

Yii doesn't provide input sanitization feature. The CHtmlPurifier component is used used to sanitize the data to be displayed to end-users.

You can use PHP filter_input() function directly (http://us3.php.net/manual/en/function.filter-input.php) if you want to sanitize the input.

system · March 11, 2009, 12:18am

Thank you for the quick response. I'll use the filter_input function then.

canglan · March 11, 2009, 12:43am

Alternatively, you may check out my Yii-Kohana bridging class:

http://www.beyondcod…helpers-in-yii/

Then you may use the Kohana helpers such as:

<?php


security::xss_clean($_POST['name'])

system · March 12, 2009, 2:25am

@canglan, good to hear that. I saw your web page when I was searching a solution to my question. I've used a little more Kohana than Yii. I think I'll try the Kohana Bridge very soon.

Thank you for answering.

jimezam.