diff options
author | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
commit | e6532439d68234d86176e4d967609d68dd564c1d (patch) | |
tree | 6b5336fc8ea97ab3ecb1db547189b63ae1cd6120 /include/functions.php | |
parent | 7c6f7bb0aa50f42fd697fbe82dc9b8b5931a3a52 (diff) |
force strip_tags() on all user input unless explicitly allowed
Diffstat (limited to 'include/functions.php')
-rw-r--r-- | include/functions.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index 417abfbb8..0fd8ef61a 100644 --- a/include/functions.php +++ b/include/functions.php @@ -725,6 +725,17 @@ } } + // this is used for user http parameters unless HTML code is actually needed + function clean($param) { + if (is_array($param)) { + return array_map(strip_tags, $param); + } else if (is_string($param)) { + return strip_tags($param); + } else { + return $param; + } + } + function make_password($length = 8) { $password = ""; |