blob: 4b5e883b4336d34abb0ae316fbc79adb07edf084 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?php
foreach ($_REQUEST as $key=>$val){
switch ($key){
case 'event_data':
# modify this to allow or disallow different HTML tags in event popups
$allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>";
$val = strip_tags($val,$allowed);
break;
default:
# cpath
$val = strip_tags($val);
}
$_REQUEST[$key] = $val;
}
foreach ($_POST as $key=>$val){
switch ($key){
case 'action':
$actions = array('login','logout','addupdate','delete');
if (!in_array($val,$actions)) $val = '';
break;
case 'date':
case 'time':
if (!is_numeric($val)) $val = '';
break;
default:
$val = strip_tags($val);
}
$_POST[$key] = $val;
}
foreach ($_GET as $key=>$val){
switch ($key){
case 'cal':
if (!is_array($val)){
$val = strip_tags($val);
$_GET['cal'] = strip_tags($val);
}else{
unset ($_GET['cal']);
foreach($val as $cal){
$_GET['cal'][]= strip_tags($cal);
}
}
break;
case 'getdate':
if (!is_numeric($val)) $val = '';
break;
default:
$val = strip_tags($val);
}
if ($key != 'cal') $_GET[$key] = $val;
}
foreach ($_COOKIE as $key=>$val){
switch ($key){
case 'time':
if (!is_numeric($val)) $val = '';
break;
default:
$val = strip_tags($val);
}
$_COOKIE[$key] = $val;
}
?>
|