{"id":493,"date":"2018-11-15T02:28:12","date_gmt":"2018-11-15T02:28:12","guid":{"rendered":"http:\/\/info.juliusgoh.life\/?p=493"},"modified":"2018-11-19T02:08:15","modified_gmt":"2018-11-19T02:08:15","slug":"php-code-injection-prevention","status":"publish","type":"post","link":"https:\/\/info.juliusgoh.life\/?p=493","title":{"rendered":"PHP Code Injection Prevention"},"content":{"rendered":"

Hi, this would be great if you place @ the very first line of your script.<\/p>\n

\r\nif(isset($_GET)){\r\n    foreach ($_GET as $key => $value) {\r\n        $_GET[$key] = cleanInput(strip_tags(rawurldecode(rawurldecode($value))));\r\n    }\r\n}\r\n\r\n\r\nif(isset($_POST)){\r\n    foreach ($_POST as $key => $value) {\r\n        $_POST[$key] = cleanInput(strip_tags(rawurldecode(rawurldecode($value))));\r\n    }\r\n}\r\n\r\nfunction cleanInput($input) {\r\n\r\n  $search = array(\r\n    '@]*?>.*?<\/script>@si',\r\n    '@<[\\\/\\!]*?[^<>]*?>@si',\r\n    '@]*?>.*?<\/style>@siU',\r\n    '@@'\r\n  );\r\n\r\n    $output = preg_replace($search, '', $input);\r\n    return $output;\r\n}\r\n\r\n<\/pre>\n
In this example , i used rawurldecode() instead of urldecode() because urldecode will make “+” sign missing.
\nRef : http:\/\/php.net\/manual\/en\/function.rawurldecode.php<\/a><\/p>\n
Ref : https:\/\/stackoverflow.com\/questions\/29539985\/override-post-content<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Hi, this would be great if you place @ the very first line of your script. if(isset($_GET)){ foreach ($_GET as $key => $value) { $_GET[$key] = cleanInput(strip_tags(rawurldecode(rawurldecode($value)))); } } if(isset($_POST)){ foreach ($_POST as $key => $value) { $_POST[$key] = cleanInput(strip_tags(rawurldecode(rawurldecode($value)))); } } function cleanInput($input) { $search = array( ‘@@si’, ‘@@si’, ‘@@siU’, ‘@@’ ); $output = […]<\/p>\n","protected":false},"author":1,"featured_media":223,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"image","meta":{"footnotes":""},"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/493"}],"collection":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=493"}],"version-history":[{"count":3,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/493\/revisions"}],"predecessor-version":[{"id":497,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/493\/revisions\/497"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/media\/223"}],"wp:attachment":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}