]> git.mxchange.org Git - mailer.git/blobdiff - inc/libs/security_functions.php
projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Cache class rewritten to better convention
[mailer.git] / inc / libs / security_functions.php
diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index fbd361ed7c18b712d4b13781ab2aad13a0ec895a..0f34c42e88959f46dccc8be10052ac5b49556668 100644 (file)
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -41,10 +41,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
  * Function to secure input strings
  *
  * @param      $str    The unsecured string
+ * @param      $strip  Strip tags
  * @return     $str    A (hopefully) secured string against XSS and other bad things
  */
-function secureString ($str) {
-       $str = trim(strip_tags($str));
+function secureString ($str, $strip=true) {
+       // Shall we strip HTML code?
+       if ($strip) $str = strip_tags($str);
+
+       // Trim string
+       $str = trim($str);
+
+       // Encode in entities
        $str = htmlentities($str, ENT_QUOTES);
        return $str;
 }
@@ -123,13 +130,13 @@ $URL_CHARS = array(
 
 // Overworked security part:
 if (is_array($_GET)) {
-       foreach ($_GET as $seckey=>$secvalue) {
+       foreach ($_GET as $seckey => $secvalue) {
                if (is_array($secvalue)) {
                        // Throw arrays away...
                        unset($_GET[$seckey]);
                } else {
                        // Only variables are allowed (non-array) but we secure them all!
-                       foreach ($SEC_CHARS['from'] as $key=>$char) {
+                       foreach ($SEC_CHARS['from'] as $key => $char) {
                                // Pass all through
                                $_GET[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_GET[$seckey]);
                        }
@@ -142,10 +149,10 @@ if (is_array($_GET)) {
 
 if (basename($_SERVER['PHP_SELF']) != "install.php") {
        // And POST data
-       foreach ($_POST as $seckey=>$secvalue) {
+       foreach ($_POST as $seckey => $secvalue) {
                if (!is_array($secvalue)) {
                        // Only variables are allowed (non-array) to be secured...
-                       foreach ($SEC_CHARS['from'] as $key=>$char) {
+                       foreach ($SEC_CHARS['from'] as $key => $char) {
                                // Pass all through
                                $_POST[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_POST[$seckey]);
                        }
@@ -156,13 +163,13 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") {
        }
 
        // ... and finally cookies
-       foreach ($_COOKIE as $seckey=>$secvalue) {
+       foreach ($_COOKIE as $seckey => $secvalue) {
                if (is_array($secvalue)) {
                        // Throw arrays away...
                        unset($_COOKIE[$seckey]);
                } else {
                        // Only variables are allowed (non-array) but we secure them all!
-                       foreach ($SEC_CHARS['from'] as $key=>$char) {
+                       foreach ($SEC_CHARS['from'] as $key => $char) {
                                // Pass all through
                                $_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
                        }
Mailer-Project repository