Commit c507e462aaee939e438b05f587360d42ce207497
1 parent
f25e6fd2
KTS-2076
"Character encoding issue with document titles" Added more specfic sanitize functions. Committed By: Kevin Reviewed By: Conrad git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6726 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
54 additions
and
0 deletions
lib/util/sanitize.inc
| ... | ... | @@ -50,4 +50,58 @@ function sanitize($string) { |
| 50 | 50 | return ereg_replace($pattern, '', $string); |
| 51 | 51 | } |
| 52 | 52 | |
| 53 | +function sanitizeForSQL($string, $min='', $max='') { | |
| 54 | + | |
| 55 | + $len = strlen($string); | |
| 56 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | |
| 57 | + | |
| 58 | + if(get_magic_quotes_gpc()) $string = stripslashes($string); | |
| 59 | + | |
| 60 | + if(function_exists("mysql_real_escape_string")) { | |
| 61 | + return mysql_real_escape_string($string); | |
| 62 | + } else { | |
| 63 | + return addslashes($string); | |
| 64 | + } | |
| 65 | +} | |
| 66 | + | |
| 67 | +function sanitizeForHTML($string, $min='', $max='') | |
| 68 | +{ | |
| 69 | + $len = strlen($string); | |
| 70 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | |
| 71 | + | |
| 72 | + $pattern[0] = '/\&/'; | |
| 73 | + $pattern[1] = '/</'; | |
| 74 | + $pattern[2] = "/>/"; | |
| 75 | + $pattern[3] = '/\n/'; | |
| 76 | + $pattern[4] = '/"/'; | |
| 77 | + $pattern[5] = "/'/"; | |
| 78 | + $pattern[6] = "/%/"; | |
| 79 | + $pattern[7] = '/\( /'; | |
| 80 | + $pattern[8] = '/\)/'; | |
| 81 | + $pattern[9] = '/\+/'; | |
| 82 | + $pattern[10] = '/-/'; | |
| 83 | + $replacement[0] = '&'; | |
| 84 | + $replacement[1] = '<'; | |
| 85 | + $replacement[2] = '>'; | |
| 86 | + $replacement[3] = '<br>'; | |
| 87 | + $replacement[4] = '"'; | |
| 88 | + $replacement[5] = '''; | |
| 89 | + $replacement[6] = '%'; | |
| 90 | + $replacement[7] = '('; | |
| 91 | + $replacement[8] = ')'; | |
| 92 | + $replacement[9] = '+'; | |
| 93 | + $replacement[10] = '-'; | |
| 94 | + return preg_replace( $pattern, $replacement, $string); | |
| 95 | +} | |
| 96 | + | |
| 97 | +function sanitizeForSYSTEM($string, $min='', $max='') | |
| 98 | +{ | |
| 99 | + $len = strlen($string); | |
| 100 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | |
| 101 | + | |
| 102 | + $pattern = '/( ;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\( )/i'; | |
| 103 | + $string = preg_replace( $pattern, '', $string); | |
| 104 | + return '"'.preg_replace( '/\$/', '\\\$', $string).'"'; | |
| 105 | +} | |
| 106 | + | |
| 53 | 107 | ?> | ... | ... |