************************************************************************/
// Some security stuff...
-if (!defined('__SECURITY')) {
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
* Function to secure input strings
*
* @param $str The unsecured string
+ * @param $strip Strip tags
* @return $str A (hopefully) secured string against XSS and other bad things
*/
-function secureString ($str) {
- $str = trim(strip_tags($str));
+function secureString ($str, $strip=true) {
+ // Shall we strip HTML code?
+ if ($strip) $str = strip_tags($str);
+
+ // Trim string
+ $str = trim($str);
+
+ // Encode in entities
$str = htmlentities($str, ENT_QUOTES);
return $str;
}