diff options
-rw-r--r-- | application/Utils.php | 27 | ||||
-rw-r--r-- | index.php | 17 |
2 files changed, 27 insertions, 17 deletions
diff --git a/application/Utils.php b/application/Utils.php index 737f1502..82220bfc 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
@@ -42,4 +42,31 @@ function endsWith($haystack, $needle, $case=true) | |||
42 | } | 42 | } |
43 | return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0); | 43 | return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0); |
44 | } | 44 | } |
45 | |||
46 | /** | ||
47 | * Same as nl2br(), but escapes < and > | ||
48 | */ | ||
49 | function nl2br_escaped($html) | ||
50 | { | ||
51 | return str_replace('>','>',str_replace('<','<',nl2br($html))); | ||
52 | } | ||
53 | |||
54 | /** | ||
55 | * htmlspecialchars wrapper | ||
56 | */ | ||
57 | function escape($str) | ||
58 | { | ||
59 | return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false); | ||
60 | } | ||
61 | |||
62 | /** | ||
63 | * Link sanitization before templating | ||
64 | */ | ||
65 | function sanitizeLink(&$link) | ||
66 | { | ||
67 | $link['url'] = escape($link['url']); // useful? | ||
68 | $link['title'] = escape($link['title']); | ||
69 | $link['description'] = escape($link['description']); | ||
70 | $link['tags'] = escape($link['tags']); | ||
71 | } | ||
45 | ?> | 72 | ?> |
@@ -269,23 +269,6 @@ function logm($message) | |||
269 | file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND); | 269 | file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND); |
270 | } | 270 | } |
271 | 271 | ||
272 | // Same as nl2br(), but escapes < and > | ||
273 | function nl2br_escaped($html) | ||
274 | { | ||
275 | return str_replace('>','>',str_replace('<','<',nl2br($html))); | ||
276 | } | ||
277 | |||
278 | function escape($str) { | ||
279 | return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false); | ||
280 | } | ||
281 | |||
282 | function sanitizeLink(&$link) { | ||
283 | $link['url'] = escape($link['url']); // useful? | ||
284 | $link['title'] = escape($link['title']); | ||
285 | $link['description'] = escape($link['description']); | ||
286 | $link['tags'] = escape($link['tags']); | ||
287 | } | ||
288 | |||
289 | // In a string, converts URLs to clickable links. | 272 | // In a string, converts URLs to clickable links. |
290 | // Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722 | 273 | // Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722 |
291 | function text2clickable($url) | 274 | function text2clickable($url) |