iRev Input Validation Libraries

Web Admin Himalayan Academy katir at hindu.org
Sun Sep 19 17:16:23 EDT 2010 

  On 9/18/10 10:31 AM, Ralf Bitter wrote:
> For XSS filtering see the rigXssClean() function
> in system/libraries/Input.irev.
>
> Unfortunately revIgniter's implementation for escaping database queries
> can not be associated with only one handler you could copy and paste.
> This subject is a bit more complex, so please bare with me when I  point you
> to entire libraries like system/database/DBactiveRec.irev,
> system/database/DBdriver.irev and system/database/drivers/mysql/mysqlDriver.irev.
>
> Cheers
>
> Ralf

Aloha, Ralf:

Thanks for the path. I believe I have successfully extracted rigXssClean 
and all dependencies

see this little stack:

  go stack  decompress (url  
"http://www.himalayanacademy.com/runrev/stacks/rigXssClean.rev.gz")

Everything is in the "test" button, which I can now turn into an iRev 
include.

I want tothank you for the time you take documenting your code in the 
scripts themselves! It made the extraction task quite easy.

The only function not in input.irev  was function _rigRawURLDecode  and 
I found that in  Common.irev

I believe I have successfully extracted a working cleaner... a repeat 
function to pass all the values from

$_Post   through this cleaner should work.

The only thing I am not clear on is the pImage parameter.  I assume that 
in the case of a regular input form (name address, phone, credit card 
info) where all the expected input data is a text string to be later 
stored in a varchar column, this will suffice:

put rigXssClean(pKey, false, text) into fld "result"

and I that the option for put rigXssClean(pKey, true, img)   is used in 
a different context
--where people have the option to upload images files... which is not 
what I'm doing here.

Right?  or do people actually try to insert images into text input fields?

If you had time to look at it I would appreciate it.  This new site area 
only has  9 pages total and perhaps i will be brave later and turn them 
into views and migrate this to rigIgniter.. but for today I need to go 
with this outside...

Cheers from Hawaii

Sivakatirswami

More information about the use-livecode mailing list