sanitize.inc
3.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
/**
* $Id$
*
* This page is meant to provide functions to prevent XSS cracks.
*
* The contents of this file are subject to the KnowledgeTree Public
* License Version 1.1.2 ("License"); You may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.knowledgetree.com/KPL
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
* See the License for the specific language governing rights and
* limitations under the License.
*
* All copies of the Covered Code must include on each user interface screen:
* (i) the "Powered by KnowledgeTree" logo and
* (ii) the KnowledgeTree copyright notice
* in the same form as they appear in the distribution. See the License for
* requirements.
*
* The Original Code is: KnowledgeTree Open Source
*
* The Initial Developer of the Original Code is The Jam Warehouse Software
* (Pty) Ltd, trading as KnowledgeTree.
* Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
* (C) 2007 The Jam Warehouse Software (Pty) Ltd;
* All Rights Reserved.
* Contributor( s): ______________________________________
*/
/**
* Accepts a web encoded string and outputs a "clean" string.
*/
function sanitize($string) {
// This should be set if you've read the INSTALL instructions.
// Better to be safe though.
if (get_magic_quotes_gpc()) {
$string = strip_tags(urldecode(trim($string)));
} else {
$string = addslashes(strip_tags(urldecode(trim($string))));
}
// This might be a little too aggressive
//$pattern = "([^[:alpha:]|^_\.\ \:-])";
// Allow numeric characters
$pattern = "([^[:alnum:]|^_\.\ \:-])";
return ereg_replace($pattern, '', $string);
}
function sanitizeForSQL($string, $min='', $max='') {
$string = trim($string);
if(get_magic_quotes_gpc()) $string = stripslashes($string);
$len = strlen($string);
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false;
if(function_exists("mysql_real_escape_string")) {
return mysql_real_escape_string($string);
} else {
return addslashes($string);
}
}
function sanitizeForSQLtoHTML($string, $min='', $max='') {
return stripslashes(trim($string));
}
function sanitizeForHTML($string, $min='', $max='')
{
$string = trim($string);
if(get_magic_quotes_gpc()) $string = stripslashes($string);
$len = strlen($string);
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false;
if(function_exists("htmlspecialchars")) {
return htmlspecialchars($string);
} else {
$pattern[0] = '/\&/';
$pattern[1] = '/</';
$pattern[2] = "/>/";
$pattern[3] = '/\n/';
$pattern[4] = '/"/';
$pattern[5] = "/'/";
$pattern[6] = "/%/";
$pattern[7] = '/\( /';
$pattern[8] = '/\)/';
$pattern[9] = '/\+/';
$pattern[10] = '/-/';
$replacement[0] = '&';
$replacement[1] = '<';
$replacement[2] = '>';
$replacement[3] = '<br>';
$replacement[4] = '"';
$replacement[5] = ''';
$replacement[6] = '%';
$replacement[7] = '(';
$replacement[8] = ')';
$replacement[9] = '+';
$replacement[10] = '-';
return preg_replace( $pattern, $replacement, $string);
}
}
function sanitizeForSYSTEM($string, $min='', $max='')
{
$string = trim($string);
if(get_magic_quotes_gpc()) $string = stripslashes($string);
$len = strlen($string);
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false;
$pattern = '/( ;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\( )/i';
$string = preg_replace( $pattern, '', $string);
return '"'.preg_replace( '/\$/', '\\\$', $string).'"';
}
?>