$value) { $tempRay3 = array(); $tempRay3 = explode("=",$value); $_GET[$tempRay3[0]] = urldecode($tempRay3[1]); $_REQUEST[$tempRay3[0]] = urldecode($tempRay3[1]); } } if(isset($_POST['wysiwyg_html'])){ $_POST['wysiwyg'] = $_POST['wysiwyg_html']; } // Stops XSS bugs and other cross-site hacks from working foreach($_GET as $k=>$v) { $k = AL_SANITIZE::San($k); $v = AL_SANITIZE::San($v); $_GET[$k] = $v; } foreach($_POST as $k=>$v) { $k = AL_SANITIZE::San($k); $v = AL_SANITIZE::San($v); $_POST[$k] = $v; } foreach($_REQUEST as $k=>$v) { $k = AL_SANITIZE::San($k); $v = AL_SANITIZE::San($v); $_REQUEST[$k] = $v; } } function San($Val) { if(!is_array($Val)){ $num = strlen($Val); for ($i = 0; $i <= $num; $i++){ $current = $this->utf8_substr($Val,$i,1); } $trans = get_html_translation_table(HTML_ENTITIES); $Val = strtr($Val, $trans); $Val = preg_replace("|[^a-zA-Z0-9\.\,\!\s\\n\\r\'\\\"()\?\%;\-=_@/:\#\{\}&]|", "", $Val); $Val = str_replace('%%','%%',$Val); }else{ // must be array, so loop through and process the elements foreach($Val as $key=>$thisVal) $Val[$key] = AL_SANITIZE::San($thisVal); } return $Val; } function utf8_substr($str,$from,$len){ # utf8 substr # www.yeap.lv return preg_replace('#^(?:[\x00-\x7F]|[\xC0-\xFF][\x80-\xBF]+){0,'.$from.'}'. '((?:[\x00-\x7F]|[\xC0-\xFF][\x80-\xBF]+){0,'.$len.'}).*#s', '$1',$str); } } ?>