Source: php_security.phps - download
<?php
$phpsec = new PHPSecurity();
$phpsec->files[] = '/repos/phpsecurity/demo.php';
$phpsec->rules['_GET'] = 'StripTags,Escape,Html,Number';
$phpsec->rules['_REQUEST'] = 'Escape,Html,StripTags';
$phpsec->Run();
print_r($_GET);
print_r($_REQUEST);
print_r($_SERVER[PHP_SELF]);
class PHPSecurity {
var $files;// phpsecurity files
var $rules;// phpsecurity rules
var $config;// phpsecurity configuration
function PHPSecurity(){
}
//Rule Functions Caller
function Caller($func,&$arr){
if(is_array($arr)){
foreach($arr as $key=>$val){
if(is_array($arr[$key])){
$this->Caller($func,$arr[$key]);
} else {
$this->$func($arr[$key]);
}
}
} else {
$this->$func($arr[$key]);
}
}
//Run All Functions
function Run(){
if(in_array($_SERVER[PHP_SELF],$this->files)){
foreach($this->rules as $var=>$func){
if(strpos($func,',') === false){
$funcs[] = trim($func);
}else{
$funcs = explode(',',$func);
}
foreach($funcs as $func){
if(method_exists($this,$func)){
$this->Caller($func,$GLOBALS[$var]);
}
}
}
}
}
//Filter Functions
function Escape(&$var){
if(get_magic_quotes_gpc()){
$var = mysql_escape_string(stripslashes($var));
}else{
$var = mysql_escape_string($var);
}
}
function Html(&$var){
$var = htmlentities($var);
}
function StripTags(&$var){
$var = strip_tags($var);
}
function Number(&$var){
$var = (float) $var;
}
}
?>