// Some security stuff...\r
if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";\r
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
require($INC);\r
}\r
+
+/**
+ * Function to secure input strings
+ *
+ * @param $str The unsecured string
+ * @return $str A (hopefully) secured string against HTML and other things
+ */
+function secureString ($str) {
+ $str = trim(strip_tags($str));
+ $str = htmlentities($str, ENT_QUOTES);
+ return $str;
+}
\r
// Run only once this security check/exchange\r
if (defined('__SECURITY')) return;\r
}\r
\r
// At last secure the $_SERVER['PHP_SELF'] element\r
-$_SERVER['PHP_SELF'] = htmlentities(strip_tags($_SERVER['PHP_SELF']), ENT_QUOTES);\r
+$_SERVER['PHP_SELF'] = secureString($_SERVER['PHP_SELF']);\r
\r
// Split it up into path and filename\r
$SELF_DIR = dirname($_SERVER['PHP_SELF']);\r