From e5d50688df549539cdf62387d1eca4b3c07aac8e Mon Sep 17 00:00:00 2001 From: Christopher Weldon Date: Sat, 7 Jul 2007 15:07:35 +0000 Subject: Bugfix for 1740062 (https://sourceforge.net/tracker/index.php?func=detail&aid=1740062&group_id=62270&atid=500017) --- functions/sanitize.php | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) (limited to 'functions') diff --git a/functions/sanitize.php b/functions/sanitize.php index 4b5e883..a9e72ee 100644 --- a/functions/sanitize.php +++ b/functions/sanitize.php @@ -1,4 +1,37 @@ + * @param mixed $value Value to be sanitized + * @return mixed + */ +function recursiveSanitize($value) { + if (is_array($value)) { + $valmod = array(); + foreach ($value as $key => $subval) { + if (is_array($subval)) { + $subval = recursiveSanitize($subval); + } else { + $subval = strip_tags($subval); + } + $valmod[$key] = $subval; + } + $value = $valmod; + } else { + $value = strip_tags($value); + } + + return $value; +} + foreach ($_REQUEST as $key=>$val){ switch ($key){ case 'event_data': @@ -8,7 +41,7 @@ foreach ($_REQUEST as $key=>$val){ break; default: # cpath - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_REQUEST[$key] = $val; @@ -24,7 +57,7 @@ foreach ($_POST as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_POST[$key] = $val; @@ -46,7 +79,7 @@ foreach ($_GET as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } if ($key != 'cal') $_GET[$key] = $val; @@ -57,7 +90,7 @@ foreach ($_COOKIE as $key=>$val){ if (!is_numeric($val)) $val = ''; break; default: - $val = strip_tags($val); + $val = recursiveSanitize($val); } $_COOKIE[$key] = $val; } -- cgit v1.2.3