Excerpt from here
/**
* @usage $var = $this->clean__makesafe_value( $var, array( "urldecode" ), true );
* OR $this->clean__makesafe_value( $var, array( "urldecode" ) );
*/
Class Input
{
/**
* Makesafe
*
* @param mixed REFERENCE: Data to make safe
* @param string KEY [used as parameter-2 in the callback function of array_walk()
* @param array Additional functions to filter the value through, prior to cleaning
* @return mixed VOID if $_output_flag = false; MIXED otherwise.
*/
private function _clean__makesafe ( &$val, $key, $filters = array() )
{
if ( $val === '' ) // Literally empty string, integer 0 excluded
{
return true;
}
# Let's apply additional functions, if any, to clean further
if ( isset( $filters ) and is_array( $filters ) and count( $filters ) )
{
foreach( $filters as $_filter )
{
if ( is_array( $_filter ) and is_object( $_filter[0] ) and method_exists( $_filter[0], $_filter[1] ) )
{
$val = &$_filter[0]->$_filter[1]( $val );
}
elseif ( function_exists( $_filter ) )
{
$val = $_filter( $val );
}
else
{
throw new Exception ("Parameter-2 of Input::_clean__makesafe() must be a valid function/method callback!");
}
}
}
$val = trim( $val );
// $val = $this->clean__stripslashes( $val );
$val = str_replace( " " , " " , $val );
$val = $this->clean__control_characters( $val );
# Convert all carriage return combos
$val = str_replace( array( '\r\n', '\n\r', '\r' ), "\n", $val );
# Continue with cleaning...
$val = str_replace( "&" , "&" , $val );
$val = str_replace( "<!--" , "<!--" , $val );
$val = str_replace( "-->" , "-->" , $val );
$val = preg_replace( "/<script/i" , "<script" , $val );
$val = str_replace( ">" , ">" , $val );
$val = str_replace( "<" , "<" , $val );
$val = str_replace( '"' , """ , $val );
$val = str_replace( '\n' , "<br />" , $val ); // Convert literal newlines
$val = str_replace( '$' , "$" , $val );
$val = str_replace( "!" , "!" , $val );
$val = str_replace( "'" , "'" , $val ); // IMPORTANT: It helps to increase sql query safety.
# Convert HTML entities into friendly versions of them
$_list_of_html_entities__from = array( " ","¡","¢","£","¤","¥","¦","§","¨","©","ª","«","¬","­","®","¯","°","±","²","³","´","µ","¶","·","¸","¹","º","»","¼","½","¾","¿","À","Á","Â","Ã","Ä","Å","Æ","Ç","È","É","Ê","Ë","Ì","Í","Î","Ï","Ð","Ñ","Ò","Ó","Ô","Õ","Ö","×","Ø","Ù","Ú","Û","Ü","Ý","Þ","ß","à","á","â","ã","ä","å","æ","ç","è","é","ê","ë","ì","í","î","ï","ð","ñ","ò","ó","ô","õ","ö","÷","ø","ù","ú","û","ü","ý","þ","ÿ","ƒ","Α","Β","Γ","Δ","Ε","Ζ","Η","Θ","Ι","Κ","Λ","Μ","Ν","Ξ","Ο","Π","Ρ","Σ","Τ","Υ","Φ","Χ","Ψ","Ω","α","β","γ","δ","ε","ζ","η","θ","ι","κ","λ","μ","ν","ξ","ο","π","ρ","ς","σ","τ","υ","φ","χ","ψ","ω","ϑ","ϒ","ϖ","•","…","′","″","‾","⁄","℘","ℑ","ℜ","™","ℵ","←","↑","→","↓","↔","↵","⇐","⇑","⇒","⇓","⇔","∀","∂","∃","∅","∇","∈","∉","∋","∏","∑","−","∗","√","∝","∞","∠","∧","∨","∩","∪","∫","∴","∼","≅","≈","≠","≡","≤","≥","⊂","⊃","⊄","⊆","⊇","⊕","⊗","⊥","⋅","⌈","⌉","⌊","⌋","〈","〉","◊","♠","♣","♥","♦",""","&","<",">","Œ","œ","Š","š","Ÿ","ˆ","˜"," "," "," ","‌","‍","‎","‏","–","—","‘","’","‚","“","”","„","†","‡","‰","‹","›","€" );
$_list_of_html_entities__to = array( " ","¡","¢","£","¤","¥","¦","§","¨","©","ª","«","¬","­","®","¯","°","±","²","³","´","µ","¶","·","¸","¹","º","»","¼","½","¾","¿","À","Á","Â","Ã","Ä","Å","Æ","Ç","È","É","Ê","Ë","Ì","Í","Î","Ï","Ð","Ñ","Ò","Ó","Ô","Õ","Ö","×","Ø","Ù","Ú","Û","Ü","Ý","Þ","ß","à","á","â","ã","ä","å","æ","ç","è","é","ê","ë","ì","í","î","ï","ð","ñ","ò","ó","ô","õ","ö","÷","ø","ù","ú","û","ü","ý","þ","ÿ","ƒ","Α","Β","Γ","Δ","Ε","Ζ","Η","Θ","Ι","Κ","Λ","Μ","Ν","Ξ","Ο","Π","Ρ","Σ","Τ","Υ","Φ","Χ","Ψ","Ω","α","β","γ","δ","ε","ζ","η","θ","ι","κ","λ","μ","ν","ξ","ο","π","ρ","ς","σ","τ","υ","φ","χ","ψ","ω","ϑ","ϒ","ϖ","•","…","′","″","‾","⁄","℘","ℑ","ℜ","™","ℵ","←","↑","→","↓","↔","↵","⇐","⇑","⇒","⇓","⇔","∀","∂","∃","∅","∇","∈","∉","∋","∏","∑","−","∗","√","∝","∞","∠","∧","∨","∩","∪","∫","∴","∼","≅","≈","≠","≡","≤","≥","⊂","⊃","⊄","⊆","⊇","⊕","⊗","⊥","⋅","⌈","⌉","⌊","⌋","⟨","⟩","◊","♠","♣","♥","♦",""","&","<",">","Œ","œ","Š","š","Ÿ","ˆ","˜"," "," "," ","‌","‍","‎","‏","–","—","‘","’","‚","“","”","„","†","‡","‰","‹","›","€");
$val = str_replace( $_list_of_html_entities__from , $_list_of_html_entities__to , $val );
# Ensure unicode chars are OK
$val = preg_replace("/&(#[0-9]+|[a-z]+);/s", "&\\1;", $val );
# Try and fix up HTML entities with missing ;
$val = preg_replace( "/&#(\d+?)([^\d;])/i", "&#\\1;\\2", $val );
return true;
}
/**
* WRAPPER for clean__makesafe(): Clean's incoming values (usually _GET, _POST)
*
* @param mixed REF: Mixed value to parse
* @param array Additional functions to filter the value through, prior to cleaning
* @param boolean Whether to return the result or not, defaults to FALSE
* @return mixed MIXED Cleaned value if output_flag is set on; BOOLEAN otherwise
*/
public function clean__makesafe_value ( &$val, $filters = array(), $do_output = false )
{
# If its an array, 'walk-through-it' recursively with Input::_clean__makesafe() ...
if ( is_array( $val ) )
{
array_walk_recursive( $val, array( $this, "_clean__makesafe" ), $filters );
}
# ... otherwise, just apply Input::clean__makesafe() to it.
else
{
$this->_clean__makesafe( $val, null, $filters );
}
# If explicit return is requested, comply - otherwise go Boolean.
if ( $do_output )
{
return $val;
}
return true;
}
}
