From c1ccd41248939464f659534dc18201039f4fe1d6 Mon Sep 17 00:00:00 2001
From: andrew <andrew@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Fri, 27 Feb 2004 13:45:19 +0000
Subject: [PATCH] Type:			Functionality change Description:		Includes XSS attack prevention. Behaviour before fix:	XSS attack could be performed on login.php. Behaviour after fix:	XSS attacks seem unsuccessful after patch. Credit:			Thanks to Jonathan E. Hawkins for pointing out this bug.

---
 lib/sanitize.inc | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+), 0 deletions(-)
 create mode 100644 lib/sanitize.inc

diff --git a/lib/sanitize.inc b/lib/sanitize.inc
new file mode 100644
index 0000000..e02beac
--- /dev/null
+++ b/lib/sanitize.inc
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * $Id$
+ *
+ * This page is meant to provide functions to prevent XSS cracks.
+ *
+ * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @version $Revision$
+ * @author Andrew Glen-Young <andrew@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
+ */
+
+/**
+ * Accepts a web encoded string and outputs a "clean" string.
+ */
+
+function sanitize($string) {
+	// Remove '(' and ')'
+        $xss_array = array("(" => "#&40;", ")" => "#&41;");
+	// Remove all HTML tags.
+        $string = strtr(strip_tags(urldecode($string)), $xss_array);
+        return $string;
+}
+
+?>
--
libgit2 0.21.4