<?php
# ************************************************************************** #
# Core class
# ************************************************************************** #
# Version: 1.0
# Date Started: May 1st, 2005
# Date Finished: May 2nd, 2005
# Author: Nakor
# Email: hide@address.com
# ************************************************************************** #
# Miscellaneous core methods.
# ************************************************************************** #
# ************************************************************************** #
# Start the core class
# ************************************************************************** #
class nakor_core
{
private $get_magic_quotes;
/**
* Clean Input
*
* Removes harmful tags from $HTTP_REQUEST_VARS
*
* @return array
*/
public function clean_input($type)
{
$this->get_magic_quotes = get_magic_quotes_gpc();
$return = array();
if($type == "GET"){
# ************************************************************************** #
#
# Clean $_GET data
#
# ************************************************************************** #
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if ( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$return[ $this->clean_key($k) ][ $this->clean_key($k2) ] = $this->clean_value($v2);
}
}
else
{
$return[ $this->clean_key($k) ] = $this->clean_value($v);
}
}
}
}
elseif($type == "POST"){
# ************************************************************************** #
#
# Clean $_POST data
#
# ************************************************************************** #
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if ( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$return[ $this->clean_key($k) ][ $this->clean_key($k2) ] = $this->clean_value($v2);
}
}
else
{
$return[ $this->clean_key($k) ] = $this->clean_value($v);
}
}
}
}
$return['request_method'] = strtolower($_SERVER['REQUEST_METHOD']);
return $return;
}
/**
* Clean Key
*
* Removes harmful tags from a variable key
*
* @param string
*
* @return string
*/
private function clean_key($key)
{
if ($key == "")
{
return "";
}
$key = htmlspecialchars(urldecode($key));
$key = preg_replace( "/\.\./" , "" , $key );
$key = preg_replace( "/\_\_(.+?)\_\_/" , "" , $key );
$key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key );
return $key;
}
/**
* Clean Value
*
* Removes harmful tags from a variable value
*
* @param string
*
* @return string
*/
private function clean_value($val)
{
if ($val == "")
{
return "";
}
$val = str_replace( " ", " ", $val );
$val = str_replace( "&" , "&" , $val );
$val = str_replace( "<!--" , "<!--" , $val );
$val = str_replace( "-->" , "-->" , $val );
$val = preg_replace( "/<script/i" , "<script" , $val );
$val = str_replace( ">" , ">" , $val );
$val = str_replace( "<" , "<" , $val );
$val = str_replace( "\"" , """ , $val );
$val = preg_replace( "/\n/" , "<br />" , $val );
$val = preg_replace( "/\\\$/" , "$" , $val );
$val = preg_replace( "/\r/" , "" , $val );
$val = str_replace( "!" , "!" , $val );
$val = str_replace( "'" , "'" , $val );
$val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val );
// Strip slashes if not already done so.
if ( $this->get_magic_quotes )
{
$val = stripslashes($val);
}
// Swap user inputted backslashes
$val = preg_replace( "/\\\(?!&#|\?#)/", "\", $val );
return $val;
}
}
?>