From f6da67d1980df72e6442f6014012a88103e100ba Mon Sep 17 00:00:00 2001
From: Jason Oster <parasytic@users.sourceforge.net>
Date: Fri, 13 Feb 2009 20:52:28 +0000
Subject: Fix potential XSS issue

---
 functions/init/sanitize.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'functions/init/sanitize.php')

diff --git a/functions/init/sanitize.php b/functions/init/sanitize.php
index db21021..5d72cad 100644
--- a/functions/init/sanitize.php
+++ b/functions/init/sanitize.php
@@ -32,6 +32,22 @@ function recursiveSanitize($value) {
     return $value;
 }
 
+
+function sanitizeForWeb($string) {
+    $string = preg_replace('/<br\s*\/?>/', "\n", $string);
+
+    $string = str_replace('&', '&amp;', $string);
+    $string = str_replace('<', '&lt;', $string);
+    $string = str_replace('>', '&gt;', $string);
+    $string = str_replace('\'', '&#39;', $string);
+    $string = str_replace('"', '&#34;', $string);
+
+    $string = str_replace('<br />', "\n", $string);
+    
+    return $string;
+}
+
+
 if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
 	$_SERVER = &$HTTP_SERVER_VARS;
 }
-- 
cgit v1.2.3