[PHPiCalendar-Commits] phpicalendar/functions/init sanitize.php, 1.1, 1.2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpicalendar/phpicalendar/functions/init
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv20439/functions/init

Modified Files:
	sanitize.php 
Log Message:
Fix potential XSS issue

Index: sanitize.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/init/sanitize.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** sanitize.php	11 Dec 2008 23:48:39 -0000	1.1
--- sanitize.php	13 Feb 2009 20:52:28 -0000	1.2
***************
*** 33,36 ****
--- 33,52 ----
  }
  
+ 
+ function sanitizeForWeb($string) {
+     $string = preg_replace('/<br\s*\/?>/', "\n", $string);
+ 
+     $string = str_replace('&', '&amp;', $string);
+     $string = str_replace('<', '&lt;', $string);
+     $string = str_replace('>', '&gt;', $string);
+     $string = str_replace('\'', '&#39;', $string);
+     $string = str_replace('"', '&#34;', $string);
+ 
+     $string = str_replace('<br />', "\n", $string);
+     
+     return $string;
+ }
+ 
+ 
  if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
  	$_SERVER = &$HTTP_SERVER_VARS;