Code rewritings, load base config improved and many minor fixes...

[mailer.git] / 0.2.1 / inc / libs / security_functions.php

diff --git a/0.2.1/inc/libs/security_functions.php b/0.2.1/inc/libs/security_functions.php
index 763305d213499cbcf0851d0e31001b9f5937180b..09cf73d349a21de1a94c1dfe01aa7370db8c033b 100644 (file)
--- a/0.2.1/inc/libs/security_functions.php
+++ b/0.2.1/inc/libs/security_functions.php
@@ -34,9 +34,21 @@
 // Some security stuff...\r
 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
 {\r
-       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";\r
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
        require($INC);\r
 }\r
+
+/**
+ * Function to secure input strings
+ *
+ * @param      $str    The unsecured string
+ * @return     $str    A (hopefully) secured string against HTML and other things
+ */
+function secureString ($str) {
+       $str = trim(strip_tags($str));
+       $str = htmlentities($str, ENT_QUOTES);
+       return $str;
+}
 \r
 // Run only once this security check/exchange\r
 if (defined('__SECURITY')) return;\r
@@ -207,7 +219,7 @@ if (!defined('_OB_CACHING'))
 }\r
 \r
 // At last secure the $_SERVER['PHP_SELF'] element\r
-$_SERVER['PHP_SELF'] = htmlentities(strip_tags($_SERVER['PHP_SELF']), ENT_QUOTES);\r
+$_SERVER['PHP_SELF'] = secureString($_SERVER['PHP_SELF']);\r
 \r
 // Split it up into path and filename\r
 $SELF_DIR  = dirname($_SERVER['PHP_SELF']);\r