Remove and Replace non-alphanumeric Characters from Form Inputs with regex

Remove and Clean up Form inputs on POST and GET

For your contact us forms, you do not want bad people to inject malware into your email, so you need to scrub and slug the posts with regex to remove any html code, and non-alphas that can be used to do nasty things to end users.

Shared on GIST


<?php
function remove_accent($str)
{
$a = array('▒~@', '▒~A', '▒~B', '▒~C', '▒~D', '▒~E', '▒~F', '▒~G', '▒~H', '▒~I', '▒~J', '▒~K', '▒~L', '▒~M', '▒~N', '▒~O', '▒~P', '▒~Q', '▒~R', '▒~S', '▒~T', '▒~U', '▒~V', '▒~X', '▒~Y', '▒~Z', '▒~[', '▒~\', '▒~]', '▒~_', '▒| ', 'á', 'â', 'ã', 'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ñ', 'ò', 'ó', 'ô', 'õ', 'ö''
, 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'ÿ', '▒~@', '▒~A', '▒~B', '▒~C', '▒~D', '▒~E', '▒~F', '▒~G', '▒~H', '▒~I', '▒~J', '▒~K', '▒~L', '▒~M', '▒~N', '▒~O', '▒~P', '▒~Q', '▒~R',
'▒~S', '▒~T', '▒~U', '▒~V', '▒~W', '▒~X', '▒~Y', '▒~Z', '▒~[', '▒~\', '▒~]', '▒~^', '▒~_', '▒| ', 'ġ', 'Ģ', 'ģ', 'Ĥ', 'ĥ', 'Ħ', 'ħ', 'Ĩ', 'ĩ', 'Ī', 'ī', 'Ĭ', 'ĭ', ''
Į', 'į', 'İ', 'ı', 'IJ', 'ij', 'Ĵ', 'ĵ', 'Ķ', 'ķ', 'Ĺ', 'ĺ', 'Ļ', 'ļ', 'Ľ', 'ľ', 'Ŀ', '▒~@', '▒~A', '▒~B', '▒~C', '▒~D', '▒~E', '▒~F', '▒~G', '▒~H', '▒~I', '▒~L',,
'▒~M', '▒~N', '▒~O', '▒~P', '▒~Q', '▒~R', '▒~S', '▒~T', '▒~U', '▒~V', '▒~W', '▒~X', '▒~Y', '▒~Z', '▒~[', '▒~\', '▒~]', '▒~^', '▒~_', '▒| ', 'š', 'Ţ', 'ţ', 'Ť', 'ť', 'Ŧ',
'ŧ', 'Ũ', 'ũ', 'Ū', 'ū', 'Ŭ', 'ŭ', 'Ů', 'ů', 'Ű', 'ű', 'Ų', 'ų', 'Ŵ', 'ŵ', 'Ŷ', 'ŷ', 'Ÿ', 'Ź', 'ź', 'Ż', 'ż', 'Ž', 'ž', 'ſ', '▒~R', '▒| ', 'ơ', 'Ư', ''
ư', '▒~M', '▒~N', '▒~O', '▒~P', '▒~Q', '▒~R', '▒~S', '▒~T', '▒~U', '▒~V', '▒~W', '▒~X', '▒~Y', '▒~Z', '▒~[', '▒~\', 'Ǻ', 'ǻ', 'Ǽ', 'ǽ', 'Ǿ', 'ǿ');
$b = array('A', 'A', 'A', 'A', 'A', 'A', 'AE', 'C', 'E', 'E', 'E', 'E', 'I', 'I', 'I', 'I', 'D', 'N', 'O', 'O', 'O', 'O', 'O', 'O', 'U', 'U', 'U', 'U', 'Y', 's', 'a', 'a', 'a', 'a', 'a', 'a', 'ae', 'c', 'e', 'e', 'e', 'e', 'i', 'i', 'i', 'i', 'n', 'o', 'o', 'o', 'o', 'o', 'o', 'u', 'u', 'u', 'u', 'y', 'y', 'A', 'a', 'A', 'a', 'A', 'a', 'C', 'c', 'C', 'c', 'C', 'c', 'C', 'c', 'D', 'd', 'D', 'd', 'E', 'e', 'E', 'e', 'E', 'e', 'E', 'e', 'E', 'e', 'G', 'g', 'G', 'g', 'G', 'g', 'G', 'g', 'H', 'h', 'H', 'h', 'I', 'i', 'I', 'i', 'I', 'i', 'I', 'i', 'I', 'i', 'IJ', 'ij', 'J', 'j', 'K', 'k', 'L', 'l', 'L', 'l', 'L', 'l', 'L', 'l', 'l', 'l', 'N', 'n', 'N', 'n', 'N', 'n', 'n', 'O', 'o', 'O', 'o', 'O', 'o', 'OE', 'oe', 'R', 'r', 'R', 'r', 'R', 'r', 'S', 's', 'S', 's', 'S', 's', 'S', 's', 'T', 't', 'T', 't', 'T', 't', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'W', 'w', 'Y', 'y', 'Y', 'Z', 'z', 'Z', 'z', 'Z', 'z', 's', 'f', 'O', 'o', 'U', 'u', 'A', 'a', 'I', 'i', 'O', 'o', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'A', 'a', 'AE', 'ae', 'O', 'o');
return str_replace($a, $b, $str);
}
function post_slug($str)
{
return strtolower(preg_replace(array('/[^a-zA-Z0-9 -._@]/', '/[ -]+/', '/^-|-$/'),
array('', '-', ''), remove_accent($str)));
}
function post_slug2($str)
{
return strtolower(preg_replace(array('/[^a-zA-Z0-9 -._@]/', '/[\"\']+/', '/^-|-$/'),
array('', '-', ''), remove_accent($str)));
}
function test_slug()
{
$string = "<HELLO@HELLO.COM>";
echo preg_replace("/^[a-zA-Z0-9@-]/", "", $string);
echo "\n ";
$username="<Joe_Johnson_1234@gmail.com><?>";
$output=post_slug($username);
echo "\n";
echo "\nDIRTY:".$username;
echo "\nCLEAN:".$output;
$message="Hello Mr. O'Leary, I am calling to ask your help with releasing $10000<br/>".
" in lost cash from nigeria. Click Here: <a href=\"http://www.getavirus.com\">Free Virus</a>".
" You gotta \"trust\" \'me\'";
$output=post_slug2($message);
echo "\n";
echo "\nDIRTY:".$message;
echo "\nCLEAN:".$output;
}
?>
view raw post_slug_module.php hosted with ❤ by GitHub
Example: (on ssh console)
$ php slug.php
<HELLO@HELLO.COM>
DIRTY:<Joe_Johnson_1234@gmail.com><?>
CLEAN:joe_johnson_1234@gmail.com
DIRTY:Hello Mr. O'Leary, I am calling to ask your help with releasing $10000<br/> in lost cash from nigeria. Click Here: <a href="http://www.getavirus.com">Free Virus</a> You gotta "trust" \'me\'
CLEAN:hello mr. o-leary, i am calling to ask your help with releasing $10000br in lost cash from nigeria. click here a href-httpwww.getavirus.com-free virusa you gotta -trust- -me


Comments

Post a Comment

Popular posts from this blog

Microsoft Visio 2010 Premium Product Keys

Image
Visio KMS client key from Microsoft You can use these with AutoKMS tool such as Office Toolkit 2.4.9 (office 2010/2013) which will re-arm them once every 180 days. So you are always in the grace period.  At the bottom of this page are keys for Visio 2019.  If you are here to figure out how to get a free copy of Visio activated on your computer, without paying Microsoft for it, then God or Allah will judge you later for your sins. Your soul will be sent to the underworld to be tormented by Satan for these sins. Please pay for your software! Visio Standard 2010 767HD-QGMWX-8QTDB-9G3R2-KHFGJ Visio Professional 2010 7MCW8-VRQVK-G677T-PDJCM-Q8TCP Visio Premium 2010 D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ Keys from our Russian friends. you can only install with these keys, you cannot activate. ========================================================================= Visio Premium 2010: ========================================================================= C383V-HPHM...
Read more

Configure Shoretel Voicemail Notifications to your email inbox using a free SMTP relay

Image
Configure Your Shoretel Voicemail Server to Send Voicemails As Wave Files to your inbox How Can SocketLabs Help You Setup a Free SMTP Relay Socketlabs is a free and paid service that can allow you to send 2000 free SMTP message relays every month from your verified domain. But first you need a real domain with it's own email accounts and a professional looking website on top of that, plus you need to look like a legitimate business with contact numbers and email addresses. It is not for spammers, hackers, phreakers, or junk mail junkies. Once you are ready, you create a free account at SocketLabs.com then allow the admins to verify your email and your web presence.  Once that's done, you get your credentials for their free SMTP relay that you can use in your IIS SMTP gateway to send free emails from your voicemail appliances, and your other IOT things that need to send email out, but cannot authenticate.  Many devices cannot authenticate to SMTP servers such as Shoretel...
Read more

Microsoft Office365 Authentification Methods Settings

 How to Add NewAuthentification Methods to Office365 Using this link. https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/AuthenticationMethods User Admin Center https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/ Password Reset Methods https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/Properties/fromNav/ Entra Admin Center https://entra.microsoft.com/#view/Microsoft_AAD_IAM/EntraDashboard.ReactView
Read more