From f713cd7d8dd3d4046716a965fdb083459f57be68 Mon Sep 17 00:00:00 2001
From: Michael Joseph <michael@knowledgetree.com>
Date: Wed, 18 Aug 2004 09:36:14 +0000
Subject: [PATCH] Moved sanitize function to the util directory.

---
 lib/util/sanitize.inc  | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 presentation/login.php |  2 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 lib/util/sanitize.inc

diff --git a/lib/util/sanitize.inc b/lib/util/sanitize.inc
new file mode 100644
index 0000000..ccad431
--- /dev/null
+++ b/lib/util/sanitize.inc
@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * $Id$
+ *
+ * This page is meant to provide functions to prevent XSS cracks.
+ *
+ * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @version $Revision$
+ * @author Andrew Glen-Young <andrew@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
+ */
+
+/**
+ * Accepts a web encoded string and outputs a "clean" string.
+ */
+
+function sanitize($string) {
+	// This should be set if you've read the INSTALL instructions.
+	// Better to be safe though.
+	if (get_magic_quotes_gpc()) {
+        	$string = strip_tags(urldecode(trim($string)));
+ 	} else {
+        	$string = addslashes(strip_tags(urldecode(trim($string))));
+	}
+
+	// This might be a little too aggressive
+	$pattern = "([^[:alpha:]|^_\.\ \:-])";
+	return ereg_replace($pattern, '', $string);
+}
+
+?>
diff --git a/presentation/login.php b/presentation/login.php
index a861ac8..efe38ad 100644
--- a/presentation/login.php
+++ b/presentation/login.php
@@ -2,7 +2,7 @@
 
 // main library routines and defaults
 require_once("../config/dmsDefaults.php");
-require_once("../lib/sanitize.inc");
+require_once("../lib/util/sanitize.inc");
 /**
  * $Id$
  *  
--
libgit2 0.21.4