diff options
| author | Jason Oster <parasytic@users.sourceforge.net> | 2009-02-13 20:52:28 +0000 |
|---|---|---|
| committer | Jason Oster <parasytic@users.sourceforge.net> | 2009-02-13 20:52:28 +0000 |
| commit | f6da67d1980df72e6442f6014012a88103e100ba (patch) | |
| tree | 5dce8684754d35d3081c51c07317b192bfc368dc /functions/init | |
| parent | 665b2657ec42ddcc4bdfcc8fab24de56cab511ca (diff) | |
| download | phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.tar.gz phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.tar.bz2 phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.zip | |
Fix potential XSS issue
Diffstat (limited to 'functions/init')
| -rw-r--r-- | functions/init/sanitize.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/functions/init/sanitize.php b/functions/init/sanitize.php index db21021..5d72cad 100644 --- a/functions/init/sanitize.php +++ b/functions/init/sanitize.php @@ -32,6 +32,22 @@ function recursiveSanitize($value) { return $value; } + +function sanitizeForWeb($string) { + $string = preg_replace('/<br\s*\/?>/', "\n", $string); + + $string = str_replace('&', '&', $string); + $string = str_replace('<', '<', $string); + $string = str_replace('>', '>', $string); + $string = str_replace('\'', ''', $string); + $string = str_replace('"', '"', $string); + + $string = str_replace('<br />', "\n", $string); + + return $string; +} + + if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) { $_SERVER = &$HTTP_SERVER_VARS; } |