Cache class rewritten to better convention

[mailer.git] / inc / libs / security_functions.php

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index d1ec3e990f5c2445e2d157f272015dec9d716987..0f34c42e88959f46dccc8be10052ac5b49556668 100644 (file)
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (!defined('__SECURITY')) {
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -41,10 +41,17 @@ if (!defined('__SECURITY')) {
  * Function to secure input strings
  *
  * @param      $str    The unsecured string
+ * @param      $strip  Strip tags
  * @return     $str    A (hopefully) secured string against XSS and other bad things
  */
-function secureString ($str) {
-       $str = trim(strip_tags($str));
+function secureString ($str, $strip=true) {
+       // Shall we strip HTML code?
+       if ($strip) $str = strip_tags($str);
+
+       // Trim string
+       $str = trim($str);
+
+       // Encode in entities
        $str = htmlentities($str, ENT_QUOTES);
        return $str;
 }