DocMGR PHP Cross Reference Groupware Applications

Source: /lib/sanitize.php - 126 lines - 3394 bytes - Summary - Text - Print

   1  <?php
   2  /********************************************************/
   3  //        FILE: sanitize.php
   4  // DESCRIPTION: Contains functions that handle
   5  //              the preprocessing of the form
   6  //              submitted data so that information
   7  //              may be safely stored in the database.
   8  //
   9  //     HISTORY:
  10  //              04-19-2006
  11  //                  -File created.
  12  //                            04-07-2010
  13  //                  -sanitze updated to use sanitizeArray
  14  //                   to handle multi-dimensional arrays
  15  /********************************************************/
  16  /*********************************************************
  17  //make the data safe to be inserted in the database.
  18  //this will handle strings or multi-level arrays
  19  *********************************************************/
  20  function sanitize($obj,$es=null) {
  21  
  22      if (!$es) $es = array();
  23  
  24      if (is_array($obj)) 
  25        $obj = sanitizeArray($obj,$es);
  26      else 
  27        $obj = sanitizeString($obj);
  28  
  29      return $obj;
  30  
  31  }
  32  
  33  /*********************************************************
  34  //actually perform the sanitation
  35  *********************************************************/
  36  function sanitizeString($str) {
  37  
  38      return pg_escape_string(trim(strip_tags($str)));
  39  
  40  }
  41  /*********************************************************
  42  //cleans sanitize string for display
  43  *********************************************************/
  44  function stripsan($str) {
  45  
  46      return stripslashes(str_replace("''","'",$str));
  47  
  48  }
  49  
  50  /*********************************************************
  51  //sanitizes all get,post,request, and cookie variables
  52  *********************************************************/
  53  function sanitizeRequest($es = null) {
  54  
  55      if (!$es) $es = array();
  56  
  57      //the request sg
  58      $keys = array_keys($_REQUEST);
  59      foreach ($keys AS $key) {
  60          //skip if the variable is marked for exemption
  61          if (in_array($key,$es)) continue;
  62          $_REQUEST[$key] = sanitize($_REQUEST[$key]);
  63      }
  64  
  65      //the post sg
  66      $keys = array_keys($_POST);
  67      foreach ($keys AS $key) {
  68          //skip if the variable is marked for exemption
  69          if (in_array($key,$es)) continue;
  70          $_POST[$key] = sanitize($_POST[$key]);
  71      }
  72  
  73      //the get sg
  74      $keys = array_keys($_GET);
  75      foreach ($keys AS $key) {
  76          //skip if the variable is marked for exemption
  77          if (in_array($key,$es)) continue;
  78          $_GET[$key] = sanitize($_GET[$key]);
  79  
  80      }
  81  
  82      //the cookie sg
  83      $keys = array_keys($_COOKIE);
  84      foreach ($keys AS $key) {
  85  
  86          //skip if the variable is marked for exemption
  87          if (in_array($key,$es)) continue;
  88          $_COOKIE[$key] = sanitize($_COOKIE[$key]);
  89  
  90      }
  91  
  92  }
  93  
  94  
  95  /*********************************************************
  96  //make the data safe to be inserted in the database.
  97  //this will handle multilevel arrays
  98  *********************************************************/
  99  function sanitizeArray($obj,$es=null) 
 100  {
 101  
 102      if (!$es) $es = array();
 103  
 104      //nothing to do, bail
 105      if (!$obj || count($obj)==0) return array();
 106  
 107    //loop through and process    
 108      foreach ($obj AS $key=>$val)
 109    {
 110        
 111        //skip if the variable is marked for exemption
 112        if (!is_numeric($key) && in_array($key,$es)) continue;
 113  
 114        //if an array, resubmit for recursive processing 
 115        if (is_array($val)) 
 116          $obj[$key] = sanitizeArray($val,$es);
 117  
 118        //sanitize the string
 119        else 
 120          $obj[$key] = sanitizeString($val);
 121   
 122      }
 123  
 124      return $obj;
 125  
 126  }

title

Description

title

Description

title

Description

title

title

Body