gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-04 15:12:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

finally got rid of ancient method sanitizeString()

Browse Source
This commit is contained in:
Uwe Steinmann 2022-07-15 09:32:58 +02:00
parent c31d12b44c
commit 9fcebb898a
1 changed files with 0 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
inc/inc.Utils.php
View File

@ -166,53 +166,6 @@ function getReadableDurationArray($secs) { /* {{{ */
return $units;
} /* }}} */
//
// The original string sanitizer, kept for reference.
//function sanitizeString($string) {
// $string = str_replace("'", "'", $string);
// $string = str_replace("--", "", $string);
// $string = str_replace("<", "&lt;", $string);
// $string = str_replace(">", "&gt;", $string);
// $string = str_replace("/*", "", $string);
// $string = str_replace("*/", "", $string);
// $string = str_replace("\"", "&quot;", $string);
//
// return $string;
//}
/* Deprecated, do not use anymore */
function sanitizeString($string) { /* {{{ */
$string = (string) $string;
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
// The following three are against sql injection. They are not
// needed anymore because strings are quoted propperly when saved into
// the database.
// $string = str_replace("\\", "\\\\", $string);
// $string = str_replace("--", "\-\-", $string);
// $string = str_replace(";", "\;", $string);
// Use HTML entities to represent the other characters that have special
// meaning in SQL. These can be easily converted back to ASCII / UTF-8
// with a decode function if need be.
$string = str_replace("&", "&amp;", $string);
$string = str_replace("%", "&#0037;", $string); // percent
$string = str_replace("\"", "&quot;", $string); // double quote
$string = str_replace("/*", "&#0047;&#0042;", $string); // start of comment
$string = str_replace("*/", "&#0042;&#0047;", $string); // end of comment
$string = str_replace("<", "&lt;", $string);
$string = str_replace(">", "&gt;", $string);
$string = str_replace("=", "&#0061;", $string);
$string = str_replace(")", "&#0041;", $string);
$string = str_replace("(", "&#0040;", $string);
$string = str_replace("'", "&#0039;", $string);
$string = str_replace("+", "&#0043;", $string);
return trim($string);
} /* }}} */
/* Deprecated, do not use anymore, but keep it for upgrading
* older versions
*/