Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25210
Modified Files:
sanitize.php
Log Message:
Bugfix for 1740062 (https://sourceforge.net/tracker/index.php?func=detail&aid=1740062&group_id=62270&atid=500017)
Index: sanitize.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/sanitize.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** sanitize.php 18 May 2007 19:04:23 -0000 1.3
--- sanitize.php 7 Jul 2007 15:07:35 -0000 1.4
***************
*** 1,3 ****
--- 1,36 ----
<?php
+ /**
+ * Sanitizes variables and arrays in a recursive manner
+ *
+ * This method was created as a result of strip_tags() happening on an array
+ * would destroy the contents of the array. Thus, in order to avoid this from
+ * happening we need checks to see if something is an array and to process
+ * it as such.
+ *
+ * The only sanitizing this method provides is stripping non-allowed tags.
+ *
+ * @author Christopher Weldon <cw...@ta...>
+ * @param mixed $value Value to be sanitized
+ * @return mixed
+ */
+ function recursiveSanitize($value) {
+ if (is_array($value)) {
+ $valmod = array();
+ foreach ($value as $key => $subval) {
+ if (is_array($subval)) {
+ $subval = recursiveSanitize($subval);
+ } else {
+ $subval = strip_tags($subval);
+ }
+ $valmod[$key] = $subval;
+ }
+ $value = $valmod;
+ } else {
+ $value = strip_tags($value);
+ }
+
+ return $value;
+ }
+
foreach ($_REQUEST as $key=>$val){
switch ($key){
***************
*** 9,13 ****
default:
# cpath
! $val = strip_tags($val);
}
--- 42,46 ----
default:
# cpath
! $val = recursiveSanitize($val);
}
***************
*** 25,29 ****
break;
default:
! $val = strip_tags($val);
}
$_POST[$key] = $val;
--- 58,62 ----
break;
default:
! $val = recursiveSanitize($val);
}
$_POST[$key] = $val;
***************
*** 47,51 ****
break;
default:
! $val = strip_tags($val);
}
if ($key != 'cal') $_GET[$key] = $val;
--- 80,84 ----
break;
default:
! $val = recursiveSanitize($val);
}
if ($key != 'cal') $_GET[$key] = $val;
***************
*** 58,62 ****
break;
default:
! $val = strip_tags($val);
}
$_COOKIE[$key] = $val;
--- 91,95 ----
break;
default:
! $val = recursiveSanitize($val);
}
$_COOKIE[$key] = $val;
|
