* @param $strip Strip tags
* @return $str A (hopefully) secured string against XSS and other bad things
*/
-function secureString ($str, $strip=true) {
+function secureString ($str, $strip = true, $encode = false) {
// Shall we strip HTML code?
if ($strip === true) $str = strip_tags($str);
// Trim string
$str = trim($str);
- // Encode in entities
- $str = htmlentities($str, ENT_QUOTES);
+ // Encode in entities if requested
+ if ($encode === true) {
+ // Encode in entities (this breakes UTF-8!)
+ $str = htmlentities($str, ENT_QUOTES);
+ } // END - if
+
+ // Return result
return $str;
}
if (!isset($_SERVER)) {
global $_SERVER;
$_SERVER = $GLOBALS['_SERVER'];
-}
+} // END - if
if (!isset($_GET)) {
global $_GET;
$_GET = $GLOBALS['_GET'];
-}
+} // END - if
if (!isset($_POST)) {
global $_POST;
$_POST = $GLOBALS['_POST'];
-}
+} // END - if
// Include IP-Filter here
//require("/usr/share/php/ipfilter.php");
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('{', '}', '/', '.', "'", "$", '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
+ 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
// ... and we will replace to.
'to' => array(
'{OPEN_ANCHOR2}',
$content['category'] = getCategory($content['cat_id']);
$content['points'] = translateComma($content['points']);
$content['is_notify'] = translateYesNo($content['is_notify']);
- $content['sender'] = getMessage('_ADMIN_SHORT');
+ $content['sender'] = getMessage('USERNAME_ADMIN_SHORT');
$content['time'] = createFancyTime($content['time']);
$content['userid'] = getUserId();
$sender = bigintval($sender);
} elseif ($type == 'bonusid') {
// Is admin
- $sender = getMessage('_ADMIN_SHORT');
+ $sender = getMessage('USERNAME_ADMIN_SHORT');
} else {
// Deleted
$sender = getMessage('EMAIL_STATUS_DELETED');
projects / mailer.git / commitdiff