diff options
| author | Andrew Dolgov <[email protected]> | 2019-06-20 08:14:06 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-06-20 08:14:06 +0300 |
| commit | 4fa9aee4e7d187ed0f87d0dc9b88a86ba625c58f (patch) | |
| tree | 9464027189b51e4051d889ad5f1450ce09782f67 /classes/article.php | |
| parent | 6d746453c75e2c482458f687585ef436a28a9888 (diff) | |
move several more global functions to more appropriate classes
Diffstat (limited to 'classes/article.php')
| -rwxr-xr-x | classes/article.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/classes/article.php b/classes/article.php index c23a1b820..43b25f94f 100755 --- a/classes/article.php +++ b/classes/article.php @@ -306,9 +306,9 @@ class Article extends Handler_Protected { $sth->execute([$int_id, $_SESSION['uid']]); foreach ($tags as $tag) { - $tag = sanitize_tag($tag); + $tag = Article::sanitize_tag($tag); - if (!tag_is_valid($tag)) { + if (!Article::tag_is_valid($tag)) { continue; } @@ -800,4 +800,25 @@ class Article extends Handler_Protected { return $rv; } + static function sanitize_tag($tag) { + $tag = trim($tag); + + $tag = mb_strtolower($tag, 'utf-8'); + + $tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag); + + if (DB_TYPE == "mysql") { + $tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag); + } + + return $tag; + } + + static function tag_is_valid($tag) { + if (!$tag || is_numeric($tag) || mb_strlen($tag) > 250) + return false; + + return true; + } + } |