X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsecurity_functions.php;h=a1f681326902fb4041be2cab8ddb58ceada5612d;hp=c42280607d9cb8064074bf6b4aeba616d2916af3;hb=a561ee57ede150edcf7fe57924ab0e60454aa642;hpb=60ec2630bf57400662273ad985c4eaf62d318cf7 diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index c42280607d..a1f6813269 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -51,15 +51,20 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { * @param $strip Strip tags * @return $str A (hopefully) secured string against XSS and other bad things */ -function secureString ($str, $strip=true) { +function secureString ($str, $strip = true, $encode = false) { // Shall we strip HTML code? if ($strip === true) $str = strip_tags($str); // Trim string $str = trim($str); - // Encode in entities - $str = htmlentities($str, ENT_QUOTES); + // Encode in entities if requested + if ($encode === true) { + // Encode in entities (this breakes UTF-8!) + $str = htmlentities($str, ENT_QUOTES); + } // END - if + + // Return result return $str; } @@ -71,17 +76,17 @@ ini_set('magic_quotes_gpc', false); // This may not work on some systems if (!isset($_SERVER)) { global $_SERVER; $_SERVER = $GLOBALS['_SERVER']; -} +} // END - if if (!isset($_GET)) { global $_GET; $_GET = $GLOBALS['_GET']; -} +} // END - if if (!isset($_POST)) { global $_POST; $_POST = $GLOBALS['_POST']; -} +} // END - if // Include IP-Filter here //require("/usr/share/php/ipfilter.php"); @@ -89,7 +94,7 @@ if (!isset($_POST)) { // Generate arrays which holds the relevante chars to replace $GLOBALS['security_chars'] = array( // The chars we are looking for... - 'from' => array('{', '}', '/', '.', "'", "$", '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'), + 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'), // ... and we will replace to. 'to' => array( '{OPEN_ANCHOR2}',