Skip to content

Instantly share code, notes, and snippets.

@voku voku/clear_requests.php
Last active Aug 29, 2015

What would you like to do?
a php-function that will fixing utf-8 problems from inputs and prevent XSS attacks
// require
// "Portable UTF-8" ->
// "HTMLPurifier" ->
use voku\helper\UTF8;
// init HTMLPurifier (TODO: move this e.g. to a WrapperClass)
$allowedElements = false;
$htmlPurifierConfig = HTMLPurifier_Config::createDefault();
if ($allowedElements !== false && is_array($allowedElements)) {
$htmlPurifierConfig->set('HTML.AllowedElements', $allowedElements);
$purifier = new HTMLPurifier($htmlPurifierConfig);
* clear the input-array via HTMLPurifier->purify();
* @param array $requestVariable WARNING: this is a reference not a variable!!!
* @param $purifier HTMLPurifier
function clearRequest(Array &$requestVariable, HTMLPurifier $purifier)
foreach ($requestVariable as &$value) {
if (is_array($value)) {
clearRequest($value, $purifier);
} else {
$value = $purifier->purify(UTF8::urldecode($value));
// clear inputs
clearRequest($_POST, $purifier);
clearRequest($_GET, $purifier);
clearRequest($_REQUEST, $purifier);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.