diff options
| -rw-r--r-- | functions/init/sanitize.php | 16 | ||||
| -rw-r--r-- | includes/event.php | 6 |
2 files changed, 19 insertions, 3 deletions
diff --git a/functions/init/sanitize.php b/functions/init/sanitize.php index db21021..5d72cad 100644 --- a/functions/init/sanitize.php +++ b/functions/init/sanitize.php @@ -32,6 +32,22 @@ function recursiveSanitize($value) { return $value; } + +function sanitizeForWeb($string) { + $string = preg_replace('/<br\s*\/?>/', "\n", $string); + + $string = str_replace('&', '&', $string); + $string = str_replace('<', '<', $string); + $string = str_replace('>', '>', $string); + $string = str_replace('\'', ''', $string); + $string = str_replace('"', '"', $string); + + $string = str_replace('<br />', "\n", $string); + + return $string; +} + + if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) { $_SERVER = &$HTTP_SERVER_VARS; } diff --git a/includes/event.php b/includes/event.php index 150a0e4..ae9df5c 100644 --- a/includes/event.php +++ b/includes/event.php @@ -27,9 +27,9 @@ if ($_POST['time'] == -1) { if ($start != $end) $event_times = "$start - $end"; } -$event['event_text'] = urldecode($event['event_text']); -$event['description'] = urldecode($event['description']); -$event['location'] = urldecode($event['location']); +$event['event_text'] = sanitizeForWeb(urldecode($event['event_text'])); +$event['description'] = sanitizeForWeb(urldecode($event['description'])); +$event['location'] = sanitizeForWeb(urldecode($event['location'])); $display =''; if (isset($event['description'])) $event['description'] = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",'<a target="_new" href="\0">\0</a>',$event['description']); |