PHP: How to mass replace $_POST[...] with strip_tags($_POST[...])
Solution 1
Just use array_map()
.
$Clean = array_map('strip_tags', $_POST);
Or if you want it to go back to the $_POST
variable:
$_POST = array_map('strip_tags', $_POST);
It's probably a better idea though to use a different variable and change all occurrence of $_POST
to $Clean
in your files.
Solution 2
Hmm, I think array_walk_recursive
would do the trick:
function custom_strip(&$val, $index) {
$val = strip_tags($val);
}
array_walk_recursive($_POST, 'custom_strip');
Solution 3
you can put this in a file (e.g safe.php)
foreach ($_POST as $key => $value) {
$_POST[$key] = is_array($key) ? $_POST[$key]: strip_tags($_POST[$key]);
}
Then put require_once("safe.php");
in every each of your php files (or a file that all of your php file already included )
It's an ugly hack.. but it may save your time.
Mike Turley
Updated on June 18, 2022Comments
-
Mike Turley almost 2 years
I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for
$_POST
in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually addstrip_tags
to every one of those results, but a replace-all wouldn't do the trick... and I'm a total noob when it comes to things like regular expressions.Is there any way to make this a little less tedious?