On Feb 1, 2005, at 8:10 PM, Sean Coates wrote:
Rasmus Lerdorf wrote:As someone suggested, if the filter function could do $GET = filt(GET,'*',FILTER_TAGS) or something to that effect then an individual script could in one shot filter all GET data even if the default ini filter wasn't in place.
Might I suggest:
foo_filter($type, $keys, FILTER_TAGS);
where $type and $keys are strings (as originally intended), or they could be arrays of types and keys (similar to how str_replace works).
//example
foo_filter(array(FOO_GET, FOO_POST, FOO_ENV), array('bar','baz'), FOO_TYPE_TAGS);
This way we could easily filter a large number (or all) keys from many request types in one command:
/* filter all tags from all get vars */
foo_filter(FOO_GET, array_keys($_GET), FOO_TYPE_TAGS);
//and
/* filter all tags from all POST vars, except $_POST['baz'];
foo_filter(FOO_POST, array_diff(array_keys($_POST), array('baz')), FOO_TYPE_TAGS);
Would also be nice if the third parameter was a bitfield: foo_filter(FOO_POST, 'bar', FOO_TYPE_ALL &~ FOO_TYPE_QUOTES);
Wouldn't this make it more difficult to be extended by a user. The way I imagine it working now is like this:
function my_filter () { //blah blah }
define('FOO_MY_FILTER', 'myfilter');foo_filter(FOO_POST, 'bar', FOO_MY_FILTER);
Then the constant really just becomes a callback and I can add anything in that I want.
Maybe?
-ryan
-- http://theryanking.com/blog
smime.p7s
Description: S/MIME cryptographic signature
