[geeklog-cvs] Geeklog-1.x/public_html lib-common.php,1.690,1.691
Dirk Haun
dhaun at qs1489.pair.com
Sat Apr 26 13:58:39 EDT 2008
- Previous message (by thread): [geeklog-cvs] Geeklog-1.x/language english.php, 1.333, 1.334 english_utf-8.php, 1.117, 1.118 german.php, 1.187, 1.188 german_formal.php, 1.92, 1.93 german_formal_utf-8.php, 1.45, 1.46 german_utf-8.php, 1.76, 1.77
- Next message (by thread): [geeklog-cvs] Geeklog-1.x/language german.php, 1.188, 1.189 german_formal.php, 1.93, 1.94 german_formal_utf-8.php, 1.46, 1.47 german_utf-8.php, 1.77, 1.78
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv20733/public_html
Modified Files:
lib-common.php
Log Message:
Introduced a COM_sanitizeFilename convenience function
Index: lib-common.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/lib-common.php,v
retrieving revision 1.690
retrieving revision 1.691
diff -C2 -d -r1.690 -r1.691
*** lib-common.php 26 Apr 2008 16:18:16 -0000 1.690
--- lib-common.php 26 Apr 2008 17:58:37 -0000 1.691
***************
*** 287,292 ****
if( isset( $_POST['usetheme'] ))
{
! $usetheme = preg_replace( '/[^a-zA-Z0-9\-_\.]/', '', $_POST['usetheme'] );
! $usetheme = str_replace( '..', '', $usetheme );
}
if( !empty( $usetheme ) && is_dir( $_CONF['path_themes'] . $usetheme ))
--- 287,291 ----
if( isset( $_POST['usetheme'] ))
{
! $usetheme = COM_sanitizeFilename($_POST['usetheme'], true);
}
if( !empty( $usetheme ) && is_dir( $_CONF['path_themes'] . $usetheme ))
***************
*** 300,306 ****
if( isset( $_COOKIE[$_CONF['cookie_theme']] ) && empty( $_USER['theme'] ))
{
! $theme = preg_replace( '/[^a-zA-Z0-9\-_\.]/', '',
! $_COOKIE[$_CONF['cookie_theme']] );
! $theme = str_replace( '..', '', $theme );
if( is_dir( $_CONF['path_themes'] . $theme ))
{
--- 299,303 ----
if( isset( $_COOKIE[$_CONF['cookie_theme']] ) && empty( $_USER['theme'] ))
{
! $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if( is_dir( $_CONF['path_themes'] . $theme ))
{
***************
*** 347,352 ****
if( isset( $_COOKIE[$_CONF['cookie_language']] ) && empty( $_USER['language'] ))
{
! $language = preg_replace( '/[^a-z0-9\-_]/', '',
! $_COOKIE[$_CONF['cookie_language']] );
if( is_file( $_CONF['path_language'] . $language . '.php' ) &&
( $_CONF['allow_user_language'] == 1 ))
--- 344,348 ----
if( isset( $_COOKIE[$_CONF['cookie_language']] ) && empty( $_USER['language'] ))
{
! $language = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_language']]);
if( is_file( $_CONF['path_language'] . $language . '.php' ) &&
( $_CONF['allow_user_language'] == 1 ))
***************
*** 5585,5588 ****
--- 5581,5626 ----
/**
+ * Ensure an ID contains only alphanumeric characters, dots, dashes, or underscores
+ *
+ * @param string $id the ID to sanitize
+ * @param boolean $new_id true = create a new ID in case we end up with an empty string
+ * @return string the sanitized ID
+ */
+ function COM_sanitizeID( $id, $new_id = true )
+ {
+ $id = str_replace( ' ', '', $id );
+ $id = str_replace( array( '/', '\\', ':', '+' ), '-', $id );
+ $id = preg_replace( '/[^a-zA-Z0-9\-_\.]/', '', $id );
+ if( empty( $id ) && $new_id )
+ {
+ $id = COM_makesid();
+ }
+
+ return $id;
+ }
+
+ /**
+ * Sanitize a filename.
+ *
+ * @param string $filename the filename to clean up
+ * @param boolean $allow_dots whether to allow dots in the filename or not
+ * @return string sanitized filename
+ * @note This function is pretty strict in what it allows. Meant to be used
+ * for files to be included where part of the filename is dynamic.
+ *
+ */
+ function COM_sanitizeFilename($filename, $allow_dots = false)
+ {
+ if ($allow_dots) {
+ $filename = preg_replace('/[^a-zA-Z0-9\-_\.]/', '', $filename);
+ $filename = str_replace('..', '', $filename);
+ } else {
+ $filename = preg_replace('/[^a-zA-Z0-9\-_]/', '', $filename);
+ }
+
+ return $filename;
+ }
+
+ /**
* Detect links in a plain-ascii text and turn them into clickable links.
* Will detect links starting with "http:", "https:", "ftp:", and "www.".
***************
*** 5881,5904 ****
}
- /**
- * Ensure an ID contains only alphanumeric characters, dots, dashes, or underscores
- *
- * @param string $id the ID to sanitize
- * @param boolean $new_id true = create a new ID in case we end up with an empty string
- * @return string the sanitized ID
- */
- function COM_sanitizeID( $id, $new_id = true )
- {
- $id = str_replace( ' ', '', $id );
- $id = str_replace( array( '/', '\\', ':', '+' ), '-', $id );
- $id = preg_replace( '/[^a-zA-Z0-9\-_\.]/', '', $id );
- if( empty( $id ) && $new_id )
- {
- $id = COM_makesid();
- }
-
- return $id;
- }
-
/** Converts a number for output into a formatted number with thousands-
* separator, comma-separator and fixed decimals if necessary
--- 5919,5922 ----
***************
*** 6200,6204 ****
}
! $langfile = preg_replace( '/[^a-z0-9\-_]/', '', $langfile );
if( !empty( $langfile ))
{
--- 6218,6222 ----
}
! $langfile = COM_sanitizeFilename($langfile);
if( !empty( $langfile ))
{
- Previous message (by thread): [geeklog-cvs] Geeklog-1.x/language english.php, 1.333, 1.334 english_utf-8.php, 1.117, 1.118 german.php, 1.187, 1.188 german_formal.php, 1.92, 1.93 german_formal_utf-8.php, 1.45, 1.46 german_utf-8.php, 1.76, 1.77
- Next message (by thread): [geeklog-cvs] Geeklog-1.x/language german.php, 1.188, 1.189 german_formal.php, 1.93, 1.94 german_formal_utf-8.php, 1.46, 1.47 german_utf-8.php, 1.77, 1.78
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the geeklog-cvs
mailing list