diff options
author | Christopher Weldon <bowzer@users.sourceforge.net> | 2007-07-07 15:07:35 +0000 |
---|---|---|
committer | Christopher Weldon <bowzer@users.sourceforge.net> | 2007-07-07 15:07:35 +0000 |
commit | e5d50688df549539cdf62387d1eca4b3c07aac8e (patch) | |
tree | 1041dcabccfdc2324edf6cc395ad85f188b5a656 /functions | |
parent | 72c5208463e9af43e0f7ae2287e3132ee25df033 (diff) | |
download | phpicalendar-e5d50688df549539cdf62387d1eca4b3c07aac8e.tar.gz phpicalendar-e5d50688df549539cdf62387d1eca4b3c07aac8e.tar.bz2 phpicalendar-e5d50688df549539cdf62387d1eca4b3c07aac8e.zip |
Bugfix for 1740062 (https://sourceforge.net/tracker/index.php?func=detail&aid=1740062&group_id=62270&atid=500017)
Diffstat (limited to 'functions')
-rw-r--r-- | functions/sanitize.php | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/functions/sanitize.php b/functions/sanitize.php index 4b5e883..a9e72ee 100644 --- a/functions/sanitize.php +++ b/functions/sanitize.php @@ -1,4 +1,37 @@ <?php +/** + * Sanitizes variables and arrays in a recursive manner + * + * This method was created as a result of strip_tags() happening on an array + * would destroy the contents of the array. Thus, in order to avoid this from + * happening we need checks to see if something is an array and to process + * it as such. + * + * The only sanitizing this method provides is stripping non-allowed tags. + * + * @author Christopher Weldon <cweldon@tamu.edu> + * @param mixed $value Value to be sanitized + * @return mixed + */ +function recursiveSanitize($value) { + if (is_array($value)) { + $valmod = array(); + foreach ($value as $key => $subval) { + if (is_array($subval)) { + $subval = recursiveSanitize($subval); + } else { + $subval = strip_tags($subval); + } + $valmod[$key] = $subval; + } + $value = $valmod; + } else { + $value = strip_tags($value); + } + + return $value; +} + foreach ($_REQUEST as $key=>$val){ switch ($key){ case 'event_data': @@ -8,7 +41,7 @@ foreach ($_REQUEST as $key=>$val){ break; default: # cpath - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_REQUEST[$key] = $val; @@ -24,7 +57,7 @@ foreach ($_POST as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_POST[$key] = $val; @@ -46,7 +79,7 @@ foreach ($_GET as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } if ($key != 'cal') $_GET[$key] = $val; @@ -57,7 +90,7 @@ foreach ($_COOKIE as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_COOKIE[$key] = $val; } |