public function testCleanInput()
{
$bad_input = 'Hello!<script>alert("Malicious popup!! Your coding skills suck!")</script>';
$clean_output = Sanitize::purify($bad_input);
$expected_output = 'Hello!';
$this->assertTrue($clean_output === $expected_output);
}
$impure = false;
$input = Input::all();
$bannedInput = array();
$keys = array_keys($input);
for ($i = 0; $i < sizeof($keys); $i++) {
// get input key value pair
//
$key = $keys[$i];
$value = $input[$key];
// sanitize values
//
if (gettype($value) == 'string') {
// use appropriate filtering method
//
if ($key != 'password') {
$input[$key] = Sanitize::purify($value);
} else {
$input[$key] = str_ireplace("<script>", "", $input[$key]);
}
if ($input[$key] != $value) {
$impure = true;
$bannedInput[$key] = $value;
}
}
}
if ($impure) {
// report banned input
//
$userUid = Session::get('user_uid');
syslog(LOG_WARNING, "User {$userUid} attempted to send unsanitary input containing HTML tags or script: " . json_encode($bannedInput));
Input::replace($input);
