Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Disallowing HTML input from textareas - how to do?
Disallowing HTML input from textareas - how to do?
  • El Forum
    Guest
  •  
#5
05-26-2009, 04:35 PM

[eluser]skunkbad[/eluser]
I'm new to CI, so I'm certainly no expert, but on my website I use both javascript and php to search for the presence of > or < characters in all form fields, and disable the submit button (javascript), or send the user back to the form with an error message. Other sub-strings are searched for to determine if a link is trying to be made. The javascript is quite simple, and you might go to my site and view the javascript for an example. I use a callback function during regular CI form validation to look for the special symbols or words I want to ban.

Code:
public function _validateEmail($email) {
        # Check email syntax with regex
        $emailClean = 1;
        if (preg_match('/^([a-zA-Z0-9\._\+-]+)\@((\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,7}|[0-9]{1,3})(\]?))$/', $email, $matches)) {
            $user = $matches[1];
            $domain = $matches[2];
            # Check availability of DNS MX records
            if (function_exists('getmxrr')) {
                # Construct array of available mailservers
                if(getmxrr($domain, $mxhosts, $mxweight)) {
                    for($i=0;$i<count($mxhosts);$i++){
                        $mxs[$mxhosts[$i]] = $mxweight[$i];
                    }
                    asort($mxs);
                    $mailers = array_keys($mxs);
                } elseif(checkdnsrr($domain, 'A')) {
                    $mailers[0] = gethostbyname($domain);
                } else {
                    $mailers=array();
                }
                $total = count($mailers);
                if($total <= 0) {
                    $emailClean = 0;
                }
            }else{
                //debug only for localhost (wampserver)
                $emailClean = 0;
            }
        } else {
            $emailClean = 0;
        }
        if($emailClean == 0){
            $this->form_validation->set_message('_validateEmail', 'Supplied %s was rejected, and has been deleted.');
            return FALSE;
        }else{
            return $email;
        }
    }

    public function _cleanField($string) {
        $stringClean = 1;
        $badWord = array(
            'cytoreticulum',
            'viagra',
            'ringtones',
            'http:',
            'href=',
            '[url]'
        );
        foreach ($badWord as $unwanted){
            $testedString = strpos($string,$unwanted);
            if ($testedString !== FALSE){
                $stringClean = 0;
            }
        }
        // The following checks and makes sure that each field has no Russian, Hebrew, Chinese, or odd characters of any kind that aren't on MY keyboard
        if($stringClean == 1){
            if (preg_match('/[^-\s A-Z0-9~!@#$%^&*()_+=;:\'",.?|}{[\]\/\\\\]/i', $string)) {
                $stringClean = 0;
            }
        }
        if($stringClean == 0){
            $this->form_validation->set_message('_cleanField', 'The %s field contains links, words, foreign characters, or other data that was rejected, and has been deleted.');
            return FALSE;
        }else{
            return $string;
        }
    }


Messages In This Thread
Disallowing HTML input from textareas - how to do? - by El Forum - 05-26-2009, 03:32 PM
Disallowing HTML input from textareas - how to do? - by El Forum - 05-26-2009, 03:41 PM
Disallowing HTML input from textareas - how to do? - by El Forum - 05-26-2009, 03:55 PM
Disallowing HTML input from textareas - how to do? - by El Forum - 05-26-2009, 03:57 PM
Disallowing HTML input from textareas - how to do? - by El Forum - 05-26-2009, 04:35 PM



Theme © iAndrew 2016 - Forum software by © MyBB