aboutsummaryrefslogtreecommitdiffstats
path: root/functions/init/sanitize.php
diff options
context:
space:
mode:
authorJim Hu <jimhu@users.sourceforge.net>2008-12-11 23:48:39 +0000
committerJim Hu <jimhu@users.sourceforge.net>2008-12-11 23:48:39 +0000
commitb1aaa3b6ca8894ac0422fb3aeadded29c2b83972 (patch)
tree7689417eb311569ffe966c5f60aeb7a8e9ff2035 /functions/init/sanitize.php
parentb8fa9f6a3a0d0bad52babec3573899ba37873477 (diff)
downloadphpicalendar-b1aaa3b6ca8894ac0422fb3aeadded29c2b83972.tar.gz
phpicalendar-b1aaa3b6ca8894ac0422fb3aeadded29c2b83972.tar.bz2
phpicalendar-b1aaa3b6ca8894ac0422fb3aeadded29c2b83972.zip
add new files
Diffstat (limited to 'functions/init/sanitize.php')
-rw-r--r--functions/init/sanitize.php101
1 files changed, 101 insertions, 0 deletions
diff --git a/functions/init/sanitize.php b/functions/init/sanitize.php
new file mode 100644
index 0000000..db21021
--- /dev/null
+++ b/functions/init/sanitize.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * Sanitizes variables and arrays in a recursive manner
+ *
+ * This method was created as a result of strip_tags() happening on an array
+ * would destroy the contents of the array. Thus, in order to avoid this from
+ * happening we need checks to see if something is an array and to process
+ * it as such.
+ *
+ * The only sanitizing this method provides is stripping non-allowed tags.
+ *
+ * @author Christopher Weldon <cweldon@tamu.edu>
+ * @param mixed $value Value to be sanitized
+ * @return mixed
+ */
+function recursiveSanitize($value) {
+ if (is_array($value)) {
+ $valmod = array();
+ foreach ($value as $key => $subval) {
+ if (is_array($subval)) {
+ $subval = recursiveSanitize($subval);
+ } else {
+ $subval = strip_tags($subval);
+ }
+ $valmod[$key] = $subval;
+ }
+ $value = $valmod;
+ } else {
+ $value = strip_tags($value);
+ }
+
+ return $value;
+}
+
+if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
+ $_SERVER = &$HTTP_SERVER_VARS;
+}
+
+foreach ($_REQUEST as $key=>$val){
+ switch ($key){
+ case 'event_data':
+ # modify this to allow or disallow different HTML tags in event popups
+ $allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
+ $val = strip_tags($val,$allowed);
+ break;
+ default:
+ # cpath
+ $val = recursiveSanitize($val);
+ }
+
+ $_REQUEST[$key] = $val;
+}
+foreach ($_POST as $key=>$val){
+ switch ($key){
+ case 'action':
+ $actions = array('login','logout','addupdate','delete');
+ if (!in_array($val,$actions)) $val = '';
+ break;
+ case 'date':
+ case 'time':
+ if (!is_numeric($val)) $val = '';
+ break;
+ default:
+ $val = recursiveSanitize($val);
+ }
+ $_POST[$key] = $val;
+
+}
+foreach ($_GET as $key=>$val){
+ switch ($key){
+ case 'cal':
+ if (!is_array($val)){
+ $val = strip_tags($val);
+ $_GET['cal'] = strip_tags($val);
+ }else{
+ unset ($_GET['cal']);
+ foreach($val as $cal){
+ $_GET['cal'][]= strip_tags($cal);
+ }
+ }
+ break;
+ case 'getdate':
+ if (!is_numeric($val)) $val = '';
+ break;
+ default:
+ $val = recursiveSanitize($val);
+ }
+ if ($key != 'cal') $_GET[$key] = $val;
+
+}
+foreach ($_COOKIE as $key=>$val){
+ switch ($key){
+ case 'time':
+ if (!is_numeric($val)) $val = '';
+ break;
+ default:
+ $val = recursiveSanitize($val);
+ }
+ $_COOKIE[$key] = $val;
+}
+?> \ No newline at end of file

© 2014-2021 Faster IT GmbH | imprint | privacy policy