-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsanitize.php
57 lines (53 loc) · 1.25 KB
/
sanitize.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
// COLLECTED FROM INTERNET
// SOURCE: UNKNOWN :(
// PREVENT CODE INJECTON
function cleanInput($text) {
$text = trim(preg_replace(
array(
'@<script[^>]*?>.*?</script>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@<style[^>]*?>.*?</style>@si',
'@<![\s\S]*?--[ \t\n\r]*>@',
'@<object[^>]*?>.*?</object>@si',
'@<embed[^>]*?>.*?</embed>@si',
'@<iframe[^>]*?>.*?</iframe>@si',
'@<applet[^>]*?>.*?</applet>@si',
'@<noframes[^>]*?>.*?</noframes>@si',
'@<noscript[^>]*?>.*?</noscript>@si',
'@<noembed[^>]*?>.*?</noembeded>@si'
),
array('','','','','','','','','','',''),
$text
));
return $text;
}
// SQL INJECTION WITH
function sanitize($text) {
if (is_array($text)) {
foreach($text as $var=>$val) {
$output[$var] = sanitize($val);
}
} else {
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
$text = cleanInput($text);
$output = mysql_real_escape_string($text);
}
return $output;
}
function sanitizeLite($text) {
if (is_array($text)) {
foreach($text as $var=>$val) {
$output[$var] = sanitizeLite($val);
}
} else {
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
$output = mysql_real_escape_string($text);
}
return $output;
}
?>