Commit c507e462aaee939e438b05f587360d42ce207497
1 parent
f25e6fd2
KTS-2076
"Character encoding issue with document titles" Added more specfic sanitize functions. Committed By: Kevin Reviewed By: Conrad git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6726 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
54 additions
and
0 deletions
lib/util/sanitize.inc
| @@ -50,4 +50,58 @@ function sanitize($string) { | @@ -50,4 +50,58 @@ function sanitize($string) { | ||
| 50 | return ereg_replace($pattern, '', $string); | 50 | return ereg_replace($pattern, '', $string); |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | +function sanitizeForSQL($string, $min='', $max='') { | ||
| 54 | + | ||
| 55 | + $len = strlen($string); | ||
| 56 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | ||
| 57 | + | ||
| 58 | + if(get_magic_quotes_gpc()) $string = stripslashes($string); | ||
| 59 | + | ||
| 60 | + if(function_exists("mysql_real_escape_string")) { | ||
| 61 | + return mysql_real_escape_string($string); | ||
| 62 | + } else { | ||
| 63 | + return addslashes($string); | ||
| 64 | + } | ||
| 65 | +} | ||
| 66 | + | ||
| 67 | +function sanitizeForHTML($string, $min='', $max='') | ||
| 68 | +{ | ||
| 69 | + $len = strlen($string); | ||
| 70 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | ||
| 71 | + | ||
| 72 | + $pattern[0] = '/\&/'; | ||
| 73 | + $pattern[1] = '/</'; | ||
| 74 | + $pattern[2] = "/>/"; | ||
| 75 | + $pattern[3] = '/\n/'; | ||
| 76 | + $pattern[4] = '/"/'; | ||
| 77 | + $pattern[5] = "/'/"; | ||
| 78 | + $pattern[6] = "/%/"; | ||
| 79 | + $pattern[7] = '/\( /'; | ||
| 80 | + $pattern[8] = '/\)/'; | ||
| 81 | + $pattern[9] = '/\+/'; | ||
| 82 | + $pattern[10] = '/-/'; | ||
| 83 | + $replacement[0] = '&'; | ||
| 84 | + $replacement[1] = '<'; | ||
| 85 | + $replacement[2] = '>'; | ||
| 86 | + $replacement[3] = '<br>'; | ||
| 87 | + $replacement[4] = '"'; | ||
| 88 | + $replacement[5] = '''; | ||
| 89 | + $replacement[6] = '%'; | ||
| 90 | + $replacement[7] = '('; | ||
| 91 | + $replacement[8] = ')'; | ||
| 92 | + $replacement[9] = '+'; | ||
| 93 | + $replacement[10] = '-'; | ||
| 94 | + return preg_replace( $pattern, $replacement, $string); | ||
| 95 | +} | ||
| 96 | + | ||
| 97 | +function sanitizeForSYSTEM($string, $min='', $max='') | ||
| 98 | +{ | ||
| 99 | + $len = strlen($string); | ||
| 100 | + if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; | ||
| 101 | + | ||
| 102 | + $pattern = '/( ;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\( )/i'; | ||
| 103 | + $string = preg_replace( $pattern, '', $string); | ||
| 104 | + return '"'.preg_replace( '/\$/', '\\\$', $string).'"'; | ||
| 105 | +} | ||
| 106 | + | ||
| 53 | ?> | 107 | ?> |