1 files changed, 27 insertions, 0 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 737f1502..82220bfc 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -42,4 +42,31 @@ function endsWith($haystack, $needle, $case=true)
    }
    return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
 }
+/**
+ * Same as nl2br(), but escapes < and >
+ */
+function nl2br_escaped($html)
+{
+    return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
+}
+/**
+ * htmlspecialchars wrapper
+ */
+function escape($str)
+{
+    return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
+}
+/**
+ * Link sanitization before templating
+ */
+function sanitizeLink(&$link)
+{
+    $link['url'] = escape($link['url']); // useful?
+    $link['title'] = escape($link['title']);
+    $link['description'] = escape($link['description']);
+    $link['tags'] = escape($link['tags']);
+}
 ?>

diff --git a/application/Utils.php b/application/Utils.php index 737f1502..82220bfc 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -42,4 +42,31 @@ function endsWith($haystack, $needle, $case=true)
42	}	42	}
43	return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);	43	return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
44	}	44	}
		45
		46	/**
		47	* Same as nl2br(), but escapes < and >
		48	*/
		49	function nl2br_escaped($html)
		50	{
		51	return str_replace('>','>',str_replace('<','<',nl2br($html)));
		52	}
		53
		54	/**
		55	* htmlspecialchars wrapper
		56	*/
		57	function escape($str)
		58	{
		59	return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
		60	}
		61
		62	/**
		63	* Link sanitization before templating
		64	*/
		65	function sanitizeLink(&$link)
		66	{
		67	$link['url'] = escape($link['url']); // useful?
		68	$link['title'] = escape($link['title']);
		69	$link['description'] = escape($link['description']);
		70	$link['tags'] = escape($link['tags']);
		71	}
45	?>	72	?>