From 5309c9a17a0b0de6d2603a1269ce14f1014595e3 Mon Sep 17 00:00:00 2001
From: Jim Hu <jimhu@users.sourceforge.net>
Date: Thu, 17 May 2007 12:06:40 +0000
Subject: bug fixes for sanitize.php

---
 functions/sanitize.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'functions')

diff --git a/functions/sanitize.php b/functions/sanitize.php
index 5551d44..c318a60 100644
--- a/functions/sanitize.php
+++ b/functions/sanitize.php
@@ -4,7 +4,7 @@ foreach ($_REQUEST as $key=>$val){
 		case 'event_data':
 			# modify this to allow or disallow different HTML tags in event popups
 			$allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
-			$val = strip_tags($val,$allowed)
+			$val = strip_tags($val,$allowed);
 			break;
 		default:	
 			# cpath
@@ -21,7 +21,7 @@ foreach ($_POST as $key=>$val){
 			break;
 		case 'date':
 		case 'time':
-			if (!is_int($val)) $val = '';
+			if (!is_numeric($val)) $val = '';
 			break;
 		default:	
 			$val = strip_tags($val);
@@ -31,8 +31,19 @@ foreach ($_POST as $key=>$val){
 }
 foreach ($_GET as $key=>$val){
 	switch ($key){
+		case 'cal':
+			if (!is_array($val)){
+				$val = strip_tags($val);
+				$_REQUEST['cal'] = strip_tags($val);
+			}else{
+				unset ($_REQUEST['cal']);
+				foreach($val as $cal){
+					$_REQUEST['cal'][]= strip_tags($cal);
+				}
+			}
+			break;
 		case 'getdate':
-			if (!is_int($val)) $val = '';
+			if (!is_numeric($val)) $val = ''; 
 			break;
 		default:	
 			$val = strip_tags($val);
@@ -43,7 +54,7 @@ foreach ($_GET as $key=>$val){
 foreach ($_COOKIE as $key=>$val){
 	switch ($key){
 		case 'time':
-			if (!is_int($val)) $val = '';
+			if (!is_numeric($val)) $val = '';
 			break;
 		default:	
 		$val = strip_tags($val);
-- 
cgit v1.2.3