. * * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, * California 94120-7775, or email info@knowledgetree.com. * * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU General Public License version 3. * * In accordance with Section 7(b) of the GNU General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * KnowledgeTree" logo and retain the original copyright notice. If the display of the * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices * must display the words "Powered by KnowledgeTree" and retain the original * copyright notice. * Contributor( s): ______________________________________ */ /** * Accepts a web encoded string and outputs a "clean" string. */ function sanitize($string) { // This should be set if you've read the INSTALL instructions. // Better to be safe though. if (get_magic_quotes_gpc()) { $string = strip_tags(urldecode(trim($string))); } else { $string = addslashes(strip_tags(urldecode(trim($string)))); } // This might be a little too aggressive //$pattern = "([^[:alpha:]|^_\.\ \:-])"; // Allow numeric characters $pattern = "([^[:alnum:]|^_\.\ \:-])"; return ereg_replace($pattern, '', $string); } function sanitizeForSQL($string, $min='', $max='') { $string = trim($string); if(get_magic_quotes_gpc()) $string = stripslashes($string); $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; if(function_exists("mysql_real_escape_string")) { return mysql_real_escape_string($string); } else { return addslashes($string); } } function sanitizeForSQLtoHTML($string, $min='', $max='') { $string = str_replace(array("\r","\n"), array('',''), $string); return $string; } function sanitizeForHTML($string, $min='', $max='') { $string = trim($string); if(get_magic_quotes_gpc()) $string = stripslashes($string); $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; if(function_exists("htmlspecialchars")) { return htmlspecialchars($string); } else { $pattern[0] = '/\&/'; $pattern[1] = '//"; $pattern[3] = '/\n/'; $pattern[4] = '/"/'; $pattern[5] = "/'/"; $pattern[6] = "/%/"; $pattern[7] = '/\( /'; $pattern[8] = '/\)/'; $pattern[9] = '/\+/'; $pattern[10] = '/-/'; $replacement[0] = '&'; $replacement[1] = '<'; $replacement[2] = '>'; $replacement[3] = '
'; $replacement[4] = '"'; $replacement[5] = '''; $replacement[6] = '%'; $replacement[7] = '('; $replacement[8] = ')'; $replacement[9] = '+'; $replacement[10] = '-'; return preg_replace( $pattern, $replacement, $string); } } function sanitizeForSYSTEM($string, $min='', $max='') { $string = trim($string); if(get_magic_quotes_gpc()) $string = stripslashes($string); $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return false; $pattern = '/( ;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\( )/i'; $string = preg_replace( $pattern, '', $string); return '"'.preg_replace( '/\$/', '\\\$', $string).'"'; } ?>