SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Threaded View

  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2007
    0 Post(s)
    0 Thread(s)

    Checking a location encode is safe

    I've created two functions to use on a site that uses a "send to" variable (like you go to a logged in only page, which sends you to the log in page with a get variable of whatever that other page, so when you log in it sends you to the original page).

    PHP Code:
     * Encodes page and uri query information
     * page_encode('search', array('key' => 'value', 'foo' => 'bar')) will return "search/key:value/foo:bar"
     * @param string $page
     * @param array $arguements
     * @return string
    function page_encode ($page$arguements = array())
    $array = array();
    $array[] = $page;
        if (!empty(
            foreach (
    $arguements as $k => $v)
    $array[] = $k.':'.$v;

     * Decondes page and uri query information to a usable location
     * page_decode('search/key:value/foo:bar') will return "search.php?key=value&foo=bar"
     * @param string $page
     * @return string
    function page_decode ($page)
    $part explode('/'$page);
    $parts count($part);
    $link $part[0].'.php';
        if (
    $parts 1)
    $link .= '?';
    $arguements = array();
            for (
    $i 1$i $parts$i++)
    $split explode(':'$part[$i]);
    $arguements[] = $split[0].'='.$split[1];
    $link .= implode('&'$arguements);

    But i want to create a function that will validate the 'sendto' value as safe.

    Not sure which way to go about it ? What's most effective ?

    If it's with regular expressions i'm completely useless at them.
    Would it be effective and just as fast to explode the whole thing and check each part bit by bit than to create one complex regular expression for it ?

    Basicly i want to make sure there's no domain for anything on the page bit, and no file extention, then no dodgy stuff in the rest, and that it's all formed properly etc.

    thanks ! : )

    PS if you have any tips on improving the encode / decode functions that'd be wonderful ! ^^
    Last edited by WakeMeWithAKiss; Jun 2, 2009 at 17:29. Reason: typo


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts