I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for $_POST
in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually add strip_tags
to every one of those results, but a replace-all wouldn't do the trick... and I'm a total noob when it comes to things like regular expressions.
Is there any way to make this a little less tedious?
Just use array_map()
.
$Clean = array_map('strip_tags', $_POST);
Or if you want it to go back to the $_POST
variable:
$_POST = array_map('strip_tags', $_POST);
It's probably a better idea though to use a different variable and change all occurrence of $_POST
to $Clean
in your files.