* @param $strip Strip tags
* @return $str A (hopefully) secured string against XSS and other bad things
*/
-function secureString ($str, $strip=true) {
+function secureString ($str, $strip = true, $encode = false) {
// Shall we strip HTML code?
if ($strip === true) $str = strip_tags($str);
// Trim string
$str = trim($str);
- // Encode in entities
- $str = htmlentities($str, ENT_QUOTES);
+ // Encode in entities if requested
+ if ($encode === true) {
+ // Encode in entities (this breakes UTF-8!)
+ $str = htmlentities($str, ENT_QUOTES);
+ } // END - if
+
+ // Return result
return $str;
}
if (!isset($_SERVER)) {
global $_SERVER;
$_SERVER = $GLOBALS['_SERVER'];
-}
+} // END - if
if (!isset($_GET)) {
global $_GET;
$_GET = $GLOBALS['_GET'];
-}
+} // END - if
if (!isset($_POST)) {
global $_POST;
$_POST = $GLOBALS['_POST'];
-}
+} // END - if
// Include IP-Filter here
//require("/usr/share/php/ipfilter.php");
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('{', '}', '/', '.', "'", "$", '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
+ 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
// ... and we will replace to.
'to' => array(
'{OPEN_ANCHOR2}',
projects / mailer.git / blobdiff