Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP: How to mass replace $_POST[...] with strip_tags($_POST[...])

I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for $_POST in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually add strip_tags to every one of those results, but a replace-all wouldn't do the trick... and I'm a total noob when it comes to things like regular expressions.

Is there any way to make this a little less tedious?

like image 640
Mike Turley Avatar asked Aug 25 '10 04:08

Mike Turley


1 Answers

Just use array_map().

$Clean = array_map('strip_tags', $_POST);

Or if you want it to go back to the $_POST variable:

$_POST = array_map('strip_tags', $_POST);

It's probably a better idea though to use a different variable and change all occurrence of $_POST to $Clean in your files.

like image 151
matpie Avatar answered Nov 15 '22 05:11

matpie