[PHPiCalendar-Commits] phpicalendar/functions sanitize.php, 1.3, 1.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25210

Modified Files:
	sanitize.php 
Log Message:
Bugfix for 1740062 (https://sourceforge.net/tracker/index.php?func=detail&aid=1740062&group_id=62270&atid=500017)

Index: sanitize.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/sanitize.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** sanitize.php	18 May 2007 19:04:23 -0000	1.3
--- sanitize.php	7 Jul 2007 15:07:35 -0000	1.4
***************
*** 1,3 ****
--- 1,36 ----
  <?php
+ /**
+  * Sanitizes variables and arrays in a recursive manner
+  *
+  * This method was created as a result of strip_tags() happening on an array
+  * would destroy the contents of the array. Thus, in order to avoid this from
+  * happening we need checks to see if something is an array and to process
+  * it as such.
+  *
+  * The only sanitizing this method provides is stripping non-allowed tags.
+  *
+  * @author Christopher Weldon <cw...@ta...>
+  * @param mixed $value Value to be sanitized
+  * @return mixed
+  */
+ function recursiveSanitize($value) {
+     if (is_array($value)) {
+         $valmod = array();
+         foreach ($value as $key => $subval) {
+             if (is_array($subval)) {
+                 $subval = recursiveSanitize($subval);
+             } else {
+                 $subval = strip_tags($subval);
+             }
+             $valmod[$key] = $subval;
+         }
+         $value = $valmod;
+     } else {
+         $value = strip_tags($value);
+     }
+     
+     return $value;
+ }
+ 
  foreach ($_REQUEST as $key=>$val){
  	switch ($key){
***************
*** 9,13 ****
  		default:	
  			# cpath
! 			$val = strip_tags($val);
  	}
  
--- 42,46 ----
  		default:	
  			# cpath
! 			$val = recursiveSanitize($val);
  	}
  
***************
*** 25,29 ****
  			break;
  		default:	
! 			$val = strip_tags($val);
  	}
  	$_POST[$key] = $val;
--- 58,62 ----
  			break;
  		default:	
! 			$val = recursiveSanitize($val);
  	}
  	$_POST[$key] = $val;
***************
*** 47,51 ****
  			break;
  		default:	
! 			$val = strip_tags($val);
  	}
  	if ($key != 'cal') $_GET[$key] = $val;
--- 80,84 ----
  			break;
  		default:	
! 			$val = recursiveSanitize($val);
  	}
  	if ($key != 'cal') $_GET[$key] = $val;
***************
*** 58,62 ****
  			break;
  		default:	
! 		$val = strip_tags($val);
  	}
  	$_COOKIE[$key] = $val;
--- 91,95 ----
  			break;
  		default:	
! 		$val = recursiveSanitize($val);
  	}
  	$_COOKIE[$key] = $val;