Menu
▾
▴
[PHPiCalendar-Commits] phpicalendar/functions sanitize.php, 1.3, 1.4
|
From: <bo...@us...> - 2007-07-07 15:07:35
|
Update of /cvsroot/phpicalendar/phpicalendar/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25210 Modified Files: sanitize.php Log Message: Bugfix for 1740062 (https://sourceforge.net/tracker/index.php?func=detail&aid=1740062&group_id=62270&atid=500017) Index: sanitize.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/functions/sanitize.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** sanitize.php 18 May 2007 19:04:23 -0000 1.3 --- sanitize.php 7 Jul 2007 15:07:35 -0000 1.4 *************** *** 1,3 **** --- 1,36 ---- <?php + /** + * Sanitizes variables and arrays in a recursive manner + * + * This method was created as a result of strip_tags() happening on an array + * would destroy the contents of the array. Thus, in order to avoid this from + * happening we need checks to see if something is an array and to process + * it as such. + * + * The only sanitizing this method provides is stripping non-allowed tags. + * + * @author Christopher Weldon <cw...@ta...> + * @param mixed $value Value to be sanitized + * @return mixed + */ + function recursiveSanitize($value) { + if (is_array($value)) { + $valmod = array(); + foreach ($value as $key => $subval) { + if (is_array($subval)) { + $subval = recursiveSanitize($subval); + } else { + $subval = strip_tags($subval); + } + $valmod[$key] = $subval; + } + $value = $valmod; + } else { + $value = strip_tags($value); + } + + return $value; + } + foreach ($_REQUEST as $key=>$val){ switch ($key){ *************** *** 9,13 **** default: # cpath ! $val = strip_tags($val); } --- 42,46 ---- default: # cpath ! $val = recursiveSanitize($val); } *************** *** 25,29 **** break; default: ! $val = strip_tags($val); } $_POST[$key] = $val; --- 58,62 ---- break; default: ! $val = recursiveSanitize($val); } $_POST[$key] = $val; *************** *** 47,51 **** break; default: ! $val = strip_tags($val); } if ($key != 'cal') $_GET[$key] = $val; --- 80,84 ---- break; default: ! $val = recursiveSanitize($val); } if ($key != 'cal') $_GET[$key] = $val; *************** *** 58,62 **** break; default: ! $val = strip_tags($val); } $_COOKIE[$key] = $val; --- 91,95 ---- break; default: ! $val = recursiveSanitize($val); } $_COOKIE[$key] = $val; |
