I'm interning for an NGO in India (Seva Mandir, http://sevamandir.org) and trying to fix their broken "subscribe to newsletter" box. Because the staff isn't very sophisticated and our web host isn't great, I decided to send the relevant data to the publications person via mail() instead of storing it in a MySQL database. I know that it'...
I turned this case into a simple PHP page that submits to itself. My issue is that I am submitting track meet results and one of the girl's names is Echo...a lovely name. The problem text I'm submitting is: Pole vault - Rachel Simons, Tow, 8-6; Echo Wilson, Cit, 8-0; Molly Randall, Tow, 7-0; So you see a semicolon followed by white sp...
Hi, Alright this probably is the worst error I have found ever. I have two projects, both using same code: Sanitize.clean(string, Sanitize::Config::BASIC) but one works and another fails. Problem is similar to this poor guy's post: http://stackoverflow.com/questions/2724342/cant-dup-nilclass-how-to-trace-to-offender Could anybody ...
Hello I've been looking for a method to strip my XML content of apostrophes (') since my DBMS is complaining of receiving those. I need <name> Jim O'Connor</name> to become: <name> Jim O''Connor</name> By looking at the example described here, that is supposed to replace ' with '', I constructed the following script: <xsl:s...
I am writing some code to give live feedback to the user on the validation of a form using AJAX. I have got it checking length and if the field is empty. Now I want it to sanitize the users input and if the sanatized input differs from the users original input then tell them which characters are not allowed. The code I have written so f...
I want my application to sanitize html on input rather than on display, so that the fields saved into the database are sanitized. I've been doing this with strip_tags, and it was working great. However, this has the downside that it means the user can't input anything that's bracketed with < and >. How can I tell Rails in the model to ...
What I am looking for currently is a simple, basic, login credentials sanitation script. I understand that I make a function to do so and I have one...but all it does right now is strip tags... am I doomed to use replace? or is there a way i can just remove all special characters and spaces and limit it to only letters and numbers...th...
Hi All I've been scouring the net and i have found nothing! I am using symfonys form framework to build a simple 'Create' form. Validation is fine. However i'd like to pre-filter my submitted values, so adding ucfirst, strtoupper, and the like. I'm not sure if im missing something crucial here, but the way i see it is the only way to...
Can I use ActionView::Helpers::SanitizeHelper#sanitize on user-entered text that I plan on showing to other users? E.g., will it properly handle all cases described on this site? Also, the documentation mentions: Please note that sanitizing user-provided text does not guarantee that the resulting markup is valid (conforming to...
I have to sanitize a part of sql query. I can do something like this: class << ActiveRecord::Base public :sanitize_sql end str = ActiveRecord::Base.sanitize_sql(["AND column1 = ?", "two's"], '') But it is not safe because I expose protected method. What is a better way to do it? ...
I'm working on sanitizing my Html using Jeff Atwood's code found here But the problem I'm running into is when I input Markdown links into the form (they get removed) <http://www.example.com> Here's the code I'm using. private static Regex _tags = new Regex("<[^>]*(>|$)", RegexOptions.Singleline | RegexOptions.ExplicitCapture ...
Hi all, I'm trying to build a Sanitize transformer that accepts potentially malformed HTML input with elements outside of any tags at all, such as in this example: out of a tag<p>in a tag</p>out again! I want to have the transformer wrap any non-tagged elements in <p> tags so that the above transforms into: <p>out of a tag</p><p>in ...
I would like to use Sanitize in my ruby app. I'm working with a few friends on this project, so making sure the code works when they git it is important too. Anyways, on the console I did >gem install nokogiri Building native extensions. This could take a while... Successfully installed nokogiri-1.4.2 1 gem installed Installi...
Hey, I have a silverlight application that allows the user to modify their username, password, bio etc. This information is stored in a MySQL database and retrieved used a WCF webservice. I need to sanitize all information received from the user before it gets into the database. At the moment I can't store apostrophes in my DB. Where is...
I normally use this function to sanitize my form inputs before storing them into my database: //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } ...
I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for $_POST in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually add strip_tags to every one of those results, but a repl...
I have a partial that contains this sanitize() code: <%= sanitize comment.body, :tags => %w(a b embed i img object p param), :attributes => %w(allowfullscreen allowscriptaccess href name src type value) %> I'd like users to be able to embed videos, links, pictures, use italics, bold, etc. How unsafe is this and if I put this on a liv...
In the recent cakePHP 1.3.4 version I discovered that Sanitize::html returns double encoded html entities - because of the newly added fourth parameter of htmlentities 'double_encode'. Here is a corresponding ticket on cakePHP: http://cakephp.lighthouseapp.com/projects/42648/tickets/1152-sanitizehtml-needs-double_encode-parameter-in-htm...
I'm working on an instant messaging app, where users can receive files from their friends. The names of the files received are set by the sender of the file, and multiple files can be sent together with the possibility of subdirectories. For example, two files sent together might be "1" and "sub/2" such that the downloaded results shoul...
I'm trying to call sanitize within a controller. Here's what I tried: class FooController < ApplicationController include ActionView::Helpers::SanitizeHelper # ... end However, I'm getting this error: undefined method `white_list_sanitizer' for FooController:Class I searched around and people recommended switching the include l...