X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsecurity_functions.php;h=02b5132855095765d3d3774993e246b41ca2c5ee;hp=363bca731cd0feae1a4f11ed7a076d092c890b41;hb=3daede4c904e23905c3e48dd6749019deca0a0e0;hpb=9ebbb5d10817b978a59bdb009b3f41b40fdb3c6c

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index 363bca731c..02b5132855 100644
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -41,10 +41,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
  * Function to secure input strings
  *
  * @param	$str	The unsecured string
+ * @param	$strip	Strip tags
  * @return	$str	A (hopefully) secured string against XSS and other bad things
  */
-function secureString ($str) {
-	$str = trim(strip_tags($str));
+function secureString ($str, $strip=true) {
+	// Shall we strip HTML code?
+	if ($strip) $str = strip_tags($str);
+
+	// Trim string
+	$str = trim($str);
+
+	// Encode in entities
 	$str = htmlentities($str, ENT_QUOTES);
 	return $str;
 }
@@ -52,10 +59,6 @@ function secureString ($str) {
 // Run only once this security check/exchange
 if (defined('__SECURITY')) return;
 
-// Fatal messages goes here
-global $FATAL;
-$FATAL = array();
-
 // Runtime/GPC quoting is off now...
 @set_magic_quotes_runtime(false);
 @ini_set('magic_quotes_gpc', false); // This may not work on some systems
@@ -76,11 +79,6 @@ if (!isset($_POST)) {
 	$_POST = $GLOBALS['_POST'];
 }
 
-if (!isset($_COOKIE)) {
-	global $_COOKIE;
-	$_COOKIE = $GLOBALS['_COOKIE'];
-}
-
 // Include IP-Filter here
 //require("/usr/share/php/ipfilter.php");
 
@@ -154,23 +152,6 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") {
 			$_POST[$seckey] = strip_tags($_POST[$seckey]);
 		}
 	}
-
-	// ... and finally cookies
-	foreach ($_COOKIE as $seckey => $secvalue) {
-		if (is_array($secvalue)) {
-			// Throw arrays away...
-			unset($_COOKIE[$seckey]);
-		} else {
-			// Only variables are allowed (non-array) but we secure them all!
-			foreach ($SEC_CHARS['from'] as $key => $char) {
-				// Pass all through
-				$_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
-			}
-
-			// Strip all other out
-			$_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
-		}
-	}
 }
 
 // Activate caching or transparent compressing when it is not already done