aboutsummaryrefslogtreecommitdiffstats
path: root/functions/init/sanitize.php
blob: db2102192416461914f4ef761f4de08b9da078da (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php
/**
 * Sanitizes variables and arrays in a recursive manner
 *
 * This method was created as a result of strip_tags() happening on an array
 * would destroy the contents of the array. Thus, in order to avoid this from
 * happening we need checks to see if something is an array and to process
 * it as such.
 *
 * The only sanitizing this method provides is stripping non-allowed tags.
 *
 * @author Christopher Weldon <cweldon@tamu.edu>
 * @param mixed $value Value to be sanitized
 * @return mixed
 */
function recursiveSanitize($value) {
    if (is_array($value)) {
        $valmod = array();
        foreach ($value as $key => $subval) {
            if (is_array($subval)) {
                $subval = recursiveSanitize($subval);
            } else {
                $subval = strip_tags($subval);
            }
            $valmod[$key] = $subval;
        }
        $value = $valmod;
    } else {
        $value = strip_tags($value);
    }
    
    return $value;
}

if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
	$_SERVER = &$HTTP_SERVER_VARS;
}

foreach ($_REQUEST as $key=>$val){
	switch ($key){
		case 'event_data':
			# modify this to allow or disallow different HTML tags in event popups
			$allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
			$val = strip_tags($val,$allowed);
			break;
		default:	
			# cpath
			$val = recursiveSanitize($val);
	}

	$_REQUEST[$key] = $val;
}
foreach ($_POST as $key=>$val){
	switch ($key){
		case 'action':
			$actions = array('login','logout','addupdate','delete');
			if (!in_array($val,$actions)) $val = '';
			break;
		case 'date':
		case 'time':
			if (!is_numeric($val)) $val = '';
			break;
		default:	
			$val = recursiveSanitize($val);
	}
	$_POST[$key] = $val;

}
foreach ($_GET as $key=>$val){
	switch ($key){
		case 'cal':
			if (!is_array($val)){
				$val = strip_tags($val);
				$_GET['cal'] = strip_tags($val);
			}else{
				unset ($_GET['cal']);
				foreach($val as $cal){
					$_GET['cal'][]= strip_tags($cal);
				}
			}
			break;
		case 'getdate':
			if (!is_numeric($val)) $val = ''; 
			break;
		default:	
			$val = recursiveSanitize($val);
	}
	if ($key != 'cal') $_GET[$key] = $val;

}
foreach ($_COOKIE as $key=>$val){
	switch ($key){
		case 'time':
			if (!is_numeric($val)) $val = '';
			break;
		default:	
		$val = recursiveSanitize($val);
	}
	$_COOKIE[$key] = $val;
}
?>

© 2014-2024 Faster IT GmbH | imprint | privacy policy