PHP Classes

File: index.php

Recommend this page to a friend!
  Classes of Daniel Morris   PHP Input Filter   index.php   Download  
File: index.php
Role: Example script
Content type: text/plain
Description: Play around with your own examples on the fly.
Class: PHP Input Filter
Filter out unwanted PHP / Javascript / HTML tags.
Author: By
Last change: Changes:
4 Patches added. (Including new SQL injection feature)
1 Requested feature added.
2 Bugfixes.
Date: 18 years ago
Size: 8,957 bytes


Class file image Download
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<title>PHP Input Filter</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
.small {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    padding-left: 5px;
    font-size: 11px;
    color: #666666;
    font-weight: normal;
.grey {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 11px;
    background-color: #efefef;
    padding: 5px;
    border: thin dotted #999999;
    color: #333333;
    vertical-align: top;
    text-align: left;
.white {
    margin-top: 8px;
    font-weight: bold;
    font-family: Helvetica, sans-serif;
    font-size: 12px;
    padding: 10px;
    border: thin dotted #999999;
    width: auto;
.title {
    font-size: 16;
    color: #aaa;
    margin-bottom: 10px;
<script language="JavaScript" type="text/JavaScript">
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  if (restore) selObj.selectedIndex=0;
<style type="text/css">
a:link {
    color: #666666;
a:visited {
    color: #666666;
<body style="font-size: 14px;">
<table width="100%" border="0" cellpadding="10" cellspacing="0" style="margin-bottom: 5px">
      <td class="grey">
        <div style="font-weight: bold; font-size: 12px; ">PHP Input Filter - 1.2.0</div>
        Copyright 2005 Daniel Morris. (<a href="" alt="GNU General Public Licence">GPL Licence.</a>)
     <td width="30" class="grey">
      <form name="relatedlinks">
       <select name="rlinks" onChange="MM_jumpMenu('parent',this,1)" >
          <option value="" selected>Related Links...</option>
          <option disabled>- - - - - - - - -</option>
          <option value="">Project homepage</option>
          <option value=""> project</option>
          <option value="">Download files as .zip</option>
          <option value="readme.txt">Documentation</option>
          <option value="">Filter Blacklist</option>
          <option value="">Email author</option>
          <option disabled>- - - - - - - - -</option>
          <option value="">Introduction to XSS</option>
          <option value="">XSS Cheat Sheet</option>
      <td width="30" class="grey">
      <form name="examples">
        <select name="exmpl" onChange="MM_jumpMenu('parent',this,1)" >
          <option value="" selected>Online Examples...</option>
          <option disabled>- - - - - - - - -</option>
          <option value="">String</option>
          <option value="">Array-of-Strings</option>
          <option value="">No Parameters</option>
          <option value="">XSS #0</option>
          <option value="">XSS #1</option>
          <option value="">XSS #2</option>
          <option value="">XSS #3</option>
          <option value="">XSS #4</option>
          <option value="">XSS #5</option>
          <option value="">XSS #6</option>
          <option value="">XSS #7</option>
          <option value="">XSS #8</option>
          <option value="">SQL-Injection</option>

// inject sample $_POST data etc..
if ($_GET["use"] == "sample") {
$sample_link = '<span class="small" style="color: #bbb; text-decoration: line-through;">(Inject sample form data)</span>';
$_POST["input"] = 'I like <div good="blah" bad=blah>php</div> but not <br> XSS <img src=javascript:alert(\'bad!\')>';
$_POST["tags"] = 'br';
$_POST["attr"] = 'good, style';
$_POST["tagmethod"] = 1;
$_POST["attrmethod"] = 0;
$_POST["xssauto"] = 'y';
// sample_link as normal
} else $sample_link = '<span class="small">(<a href="index.php?use=sample">Inject sample form data</a>)</span>';

<form class="white" action="index.php" method="post">
  <div class="title">Example Factory: <?php echo $sample_link; ?></div>
    <div style="margin-bottom: 5px;">String to be filtered:</div>
    <textarea name="input" style="width: 500px; height: 80px;"><?php if ($_POST["input"]) echo stripslashes($_POST["input"]); ?></textarea>
    <div style="margin-bottom: 5px; margin-top: 14px;">List Tags: <span class="small">(Comma-delimited. Eg: tag1, tag2, tag3)</span></div>
    <input name="tags" type="text" style="width: 500px;" value="<?php if ($_POST["tags"]) echo $_POST["tags"]; ?>">
    <div style="margin-bottom: 5px; margin-top: 14px;">List Attributes: <span class="small">(Comma-delimited. Eg: attr1, attr2, attr3)</span></div>
    <input name="attr" type="text" style="width: 500px;" value="<?php if ($_POST["attr"]) echo $_POST["attr"]; ?>">
    <div style="margin-bottom: 5px; margin-top: 14px;">Tag method to apply:</div>
    <select name="tagmethod">
        <option value="0" <?php if ((!$_POST["tagmethod"]) || ($_POST["tagmethod"] == 0)) echo "selected"; ?>>Remove all tags but specified</option>
        <option value="1" <?php if ($_POST["tagmethod"] == 1) echo "selected"; ?>>Remove only specified tags</option>
    <div style="margin-bottom: 5px; margin-top: 14px;">Attibute method to apply:</div>
    <select name="attrmethod">
        <option value="0" <?php if ((!$_POST["attrmethod"]) || ($_POST["attrmethod"] == 0)) echo "selected"; ?>>Remove all attibutes but specified</option>
        <option value="1" <?php if ($_POST["attrmethod"] == 1) echo "selected"; ?>>Remove only specified attibutes</option>
    <div style="margin-bottom: 5px; margin-top: 14px;">Strip <a href="">identified</a> problem tags and attributes, regardless of user-defined arrays:</div>
    <select name="xssauto">
        <option value="y" <?php if ((!$_POST["xssauto"]) || ($_POST["xssauto"] == 'y')) echo "selected"; ?>>Auto-strip blacklisted: YES</option>
        <option value="n" <?php if ($_POST["xssauto"] == 'n') echo "selected"; ?>>Auto-strip blacklisted: NO</option>
    <input type="hidden" name="sent" value="yes">
    <input name="submit" type="submit" value="Process Query">

// include class file

// form has been sent empty
if (($_POST["sent"]) && (!$_POST["input"])) {
"<div class=\"white\"><div class=\"title\">View Results:</div>You have not entered any input data!!</div>\n";

// form has been sent and input is not empty
} else if (($_POST["sent"]) && ($_POST["input"])) {
// input text
$_POST["input"] = stripslashes($_POST["input"]);
// tags array
$tags = explode(',', $_POST["tags"]);
    for (
$i = 0; $i < count($tags); $i++) $tags[$i] = trim($tags[$i]);
// attr array
$attr = explode(',', $_POST["attr"]);
    for (
$i = 0; $i < count($attr); $i++) $attr[$i] = trim($attr[$i]);
// select fields
$tag_method = $_POST["tagmethod"];
$attr_method = $_POST["attrmethod"];
    if (
$_POST["xssauto"] == 'n') $xss_auto = 0;
$xss_auto = 1;
// script-timer setup
$sStart = microtime();
// more info on parameters in documentation.
$myFilter = new InputFilter($tags, $attr, $tag_method, $attr_method, $xss_auto);
// process input
$result = $myFilter->process($_POST["input"]);
// script timer stop
$sStop = microtime();
// script-timer display
$time_elapsed = round(($sStop - $sStart), 4);
// display output
echo "<div class=\"white\"><div class=\"title\">View Results:</div>\n";
'<div style="font-size: 11px; font-weight: normal; font-style: italic;"><span style="padding-right: 11px;">(Before)</span> ' . htmlentities($_POST["input"]) . "</div>\n";
'<div style="font-size: 15px; font-weight: normal; padding-top: 10px;"><span style="padding-right: 12px;">(After)</span> ' . htmlentities($result) . "</div>\n";
// echo '<div style="font-size: 15px; font-weight: normal; padding-top: 10px;"><span style="padding-right: 12px;">(Actual)</span> ' . $result . "</div>\n";
echo "</div>\n";
"<div class=\"grey\" style=\"margin-top: 12px;\"><em>Script execution has taken $time_elapsed seconds.</em></div>\n";