|
@@ 99-106 (lines=8) @@
|
| 96 |
|
} |
| 97 |
|
|
| 98 |
|
// paranoid sanitization -- only let the alphanumeric set through |
| 99 |
|
function sanitize_paranoid_string($string, $min='', $max='') |
| 100 |
|
{ |
| 101 |
|
$string = preg_replace("/[^a-zA-Z0-9]/", "", $string); |
| 102 |
|
$len = strlen($string); |
| 103 |
|
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) |
| 104 |
|
return FALSE; |
| 105 |
|
return $string; |
| 106 |
|
} |
| 107 |
|
|
| 108 |
|
// sanitize a string in prep for passing a single argument to system() (or similar) |
| 109 |
|
function sanitize_system_string($string, $min='', $max='') |
|
@@ 136-143 (lines=8) @@
|
| 133 |
|
} |
| 134 |
|
|
| 135 |
|
// sanitize a string for SQL input (simple slash out quotes and slashes) |
| 136 |
|
function sanitize_ldap_string($string, $min='', $max='') |
| 137 |
|
{ |
| 138 |
|
$pattern = '/(\)|\(|\||&)/'; |
| 139 |
|
$len = strlen($string); |
| 140 |
|
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) |
| 141 |
|
return FALSE; |
| 142 |
|
return preg_replace($pattern, '', $string); |
| 143 |
|
} |
| 144 |
|
|
| 145 |
|
|
| 146 |
|
// sanitize a string for HTML (make sure nothing gets interpretted!) |
nilsteampassnet /
TeamPass
