Introduction

Some words about new features in 0.8.X

Filter formats

You can now declare values as regular expressions. Example which will filter all values that does not match NUMBERS or UNDERLINE:

myvalue # gp # REX # /^[0-9_]+$/ # # true # true &

You can now set XSS filtering to "simple" instead of "true" which means, not all characters will be coded. It means that htmlentities(XXXX, ENT_QUOTES) is used.

Example:

myvalue # gp # STR # 0 # # simple # true &

You can now check arrays (not too deep recursion - experimental!).

Filter values inside an array. Example:

myvalue.name # gp # STR # 0 # # true# true &

myvalue.age # gp # INT # 16 # 150 # true # true &

You can now specify the only accepted sources for variables. You can say, variable "name" should only be set in $_COOKIE and nowhere else.

Example:

name # c! # STR # 2 # 100 # true # true &

Have you seen the "!" ? It means, only this source is accepted. ("c" means $_COOKIE)

You can deny any variable that is not named inside the filter. To do so, set _DENY_UNKNOWN_INPUT in seq_lib.php to "1" (still experimental!)

All variables that will not have a match in the defined filter will be removed. Be carefull: most applications will no longer run until you filter all variables that goes through ALL globals!

You can now filter $_SERVER, $_ENV and $_FILES. Their corresponding short names are: "S", "E" and "F"

You have to set the classical "pgcs" (POST, GET, COOKIE, SESSION) to lowercase in filter definitions to work!

This will filter "SCRIPT_FILENAME" out of $_ENV. Example:

SCRIPT_FILENAME # E # STR # 0 # # simple # true &