Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/scripts/classes/class.validation.php
<?PHP
/*
 * phpMyAuth
 * Jason Gerfen [hide@address.com]
 *
 * class.validation.php - Class to help with resource permissions
 */

class ValidateStrings
{
 var $data;
 var $string;
 var $integer;
 var $alphachar;
 var $money;
 var $phone;
 var $zipcode;
 var $ip_v4;
 var $ip_v6;
 var $mac_address;
 var $domain;
 var $hostname;
 var $paragraph;
	var $password;
 var $uri;
 var $db;
 var $sql;
 var $xss;

 public function ValidateString( $string )
 {
  if( ( eregi( "^[a-z]{1,35}$", $string ) ) || ( empty( $string ) ) ) {
   $data->string = 0;
  } else {
   $data->string = -1;
  }
  return $data->string;
 }

 public function ValidateInteger( $integer )
 {
  if( ( eregi( "^[0-9]{1,20}$", $integer ) ) || ( empty( $integer ) ) ) {
   $data->integer = 0;
  } else {
   $data->integer = -1;
  }
  return $data->integer;
 }

 public function ValidateAlphaChar( $alphachar )
 {
  if( ( eregi( "^[0-9a-z]{1,45}$", $alphachar ) ) || ( empty( $alphachar ) ) ) {
   $data->alphachar = 0;
  } else {
   $data->alphachar = -1;
  }
  return $data->alphachar;
 }

 public function ValidateMoney( $money )
 {
  if( ( eregi( "^[0-9]{1,4}\.[0-9]{2}$", $money ) ) || ( empty( $money ) ) ) {
   $data->money = 0;
  } else {
   $data->money = -1;
  }
  return $data->money;
 }
	
	public function ValidateDecimal( $decimal )
	{
	 if( ( is_numeric( $decimal ) ) || ( empty( $decimal ) ) ) {
		 $data->decimal = 0;
		} else {
		 $data->decimal = -1;
		}
		return $data->decimal;
	}

 public function ValidatePhone( $phone ) {
  if( ( eregi( "^[0-9]{3}\-[0-9]{3}\-[0-9]{4}$", $phone ) ) || ( empty( $phone ) ) ) {
   $data->phone = 0;
  } else {
   $data->phone = -1;
  }
  return $data->phone;
 }

 public function ValidateZip( $zipcode ) {
  if( ( eregi( "^[0-9]{5}$", $zipcode ) ) || ( empty( $zipcode ) ) ) {
   $data->zipcode = 0;
  } else {
   $data->zipcode = -1;
  }
  return $data->zipcode;
 }

 public function ValidateIPv4( $ip_v4 = NULL )
 {
  $ip_v4 = rtrim( $ip_v4 );
  if( ( eregi( "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip_v4 ) ) || ( empty( $ip_v4 ) ) ) {
   $data->ip_v4 = 0;
   for( $i = 1; $i <= 3; $i++ ) {
    if( !( substr( $ip_v4, 0, strpos( $ip_v4, "." ) ) >= "0" && substr( $ip_v4, 0, strpos( $ip_v4, "." ) ) <= "255" ) ) {
     $data->ip_v4 = -1;
    }
    $ip_v4 = substr( $ip_v4, strpos( $ip_v4, "." ) + 1 );
   }
   if( !( $ip_v4 >= "0" && $ip_v4 <= "255" ) ) {
    $data->ip_v4 = -1;
   }
/*
   $octets = explode( ".", $ip_v4 );
   foreach( $octets as $values ) {
    if( ( intval( $values ) > 255 ) || ( intval( $values ) < 0 ) ) {
     $data->ip_v4 = -1;
    }
   }
*/
  } else {
   $data->ip_v4 = -1;
  }
  return $data->ip_v4;
 }

public function ValidateIPv6( $ip_v6 )
 {
  $data->ip_v6 = 0;
  return $data->ip_v6;
 }

 function ValidateEmail( $email )
 { // "^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$"
	  // "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$"
			// "^[a-z0-9.-_]{1,20}\@[a-z0-9.-_]{1,20}\.[a-z]{2,5}$"
  if( ( eregi( "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,5})$", $email ) ) || ( empty( $email ) ) ) {
   $data = 0;
  } else {
   $data = -1;
  }
  return $data;
 }

 public function ValidateMACFormats( $mac_address = NULL ) {
  $mac_address = rtrim( $mac_address );
  if( eregi( "^[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = $mac_address;
  } elseif( eregi( "^[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = $this->FixMACAddr( $mac_address );
  } elseif( eregi( "^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = $this->FixMACAddr( $mac_address );
  } elseif( eregi( "^[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = $this->FixMACAddr( $mac_address );
  } elseif( eregi( "^[0-9a-f]{12}$", $mac_address ) ) {
   $data->mac_address = $this->FixMACAddr( $mac_address );
  } elseif( ( eregi( "^[0-9a-z/-/_]{1,35}$", $mac_address ) ) || ( eregi( "^[0-9a-z]{1,35}$", $mac_address ) ) ) {
   $data->mac_address = -1;
  } elseif( eregi( "^[0-9a-z%-_:.]{1,45}$", $mac_address ) ) {
   $data->mac_address = -1;
  } elseif( eregi( "[g-z]", $mac_address ) ) {
   $data->mac_address = -1;
  } else {
   $data->mac_address = -1;
  }
  return $data->mac_address;
 }

 public function FixMACAddr( $mac_address = NULL ) {
  if( eregi( "^[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = $mac_address;
  } elseif( eregi( "^[0-9a-f]{12}$", $mac_address ) ) {
   $data->mac_address = str_split( $mac_address, 2 );
   $data->mac_address = implode( ':', $data->mac_address );
  } elseif( eregi( "^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = str_replace( '-', ':', $mac_address );
  } elseif( eregi( "^[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}\_[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = str_replace( '_', ':', $mac_address );
  } elseif( eregi( "^[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}\.[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = str_replace( '.', ':', $mac_address );
  } elseif( eregi( "[g-z]", $mac_address ) ) {
   $data->mac_address = -1;
  } elseif( !eregi( "^[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}\:[0-9a-f]{2}$", $mac_address ) ) {
   $data->mac_address = -1;
  }
  return $data->mac_address;
 }

 public function ValidateDomain( $domain )
 {
  if( ( eregi( "^[a-z0-9.]+$", $domain ) ) || ( empty( $domain ) ) ) {
   if( ( @checkdnsrr( $domain, "A" ) ) || ( $this->ValidateHostname( $domain ) !== -1 ) || ( $this->ValidateIPv4( $domain ) !== -1 ) || ( $this->ValidateHostnameNonRFC( $domain ) !== -1 ) ) {
    $data->domain = 0;
   } else {
    $data->domain = -1;
   }
  } else {
   $data->domain = -1;
  }
  return $data->domain;
 }

 public function ValidateBroadcast2List( $array, $broadcast )
	{
		if( ( !empty( $broadcast ) ) && ( count( $array ) !== 0 ) ) {
			$octets = explode( '.', $broadcast );
   $flag = -1;
			foreach( $array as $key => $value ) {
				$tmp = explode( '.', $value );
				if( ( $octets[0] === $tmp[0] ) && ( $octets[1] === $tmp[1] ) && ( $octets[2] === $tmp[2] ) ) { $flag = 0; }
			}
			if( $flag === 0 ) {
				$data = 0;
			} else {
				$data = $flag;
			}
		} else {
			$data = 0;
		} //echo "<pre>"; print_r( func_get_args() ); echo "</pre><br>" . $broadcast . " => " . $data . "<hr>";
		return $data;
	}

 /* Validate an IP for static host not existing in scope */
 public function ValidateIPvsScope( $array, $ip )
 {
  $ret = 0;
  $ip_octets = explode( '.', $ip );
  foreach( $array as $key => $value ) {
   $scope_1_octets = explode( '.', $value['scope-range-1'] );
   $scope_2_octets = explode( '.', $value['scope-range-2'] );
   if( ( $scope_1_octets[0] === $ip_octets[0] ) && ( $scope_1_octets[1] === $ip_octets[1] ) &&  ( $scope_1_octets[2] === $ip_octets[2] ) && ( $scope_1_octets[3] <= $ip_octets[3] ) && ( $scope_2_octets[3] >= $ip_octets[3] ) || ( $scope_2_octets[0] === $ip_octets[0] ) && ( $scope_2_octets[1] === $ip_octets[1] ) && ( $scope_2_octets[2] === $ip_octets[2] ) && ( $scope_2_octets[3] <= $ip_octets[3] ) && ( $scope_2_octets[1] >= $ip_octets[3] ) ) {
    $ret = -1;
   }
  }
  return $ret;
 }

 /*
  * Follows RFC 608
  */
 public function ValidateHostname( $hostname )
 {
  if( ( eregi( "^[a-z0-9-]{1,48}$", $hostname ) ) || ( empty( $hostname ) ) ) {
   $data->hostname = 0;
  } else {
   $data->hostname = -1;
  }
  return $data->hostname;
 }

 public function ValidateHostnameNonRFC( $hostname )
 {
  if( ( eregi( "^[.a-z0-9-]{1,48}$", $hostname ) ) || ( empty( $hostname ) ) ) {
   $data->hostname = 0;
  } else {
   $data->hostname = -1;
  }
  return $data->hostname;
 }

 public function ValidateParagraph( $paragraph )
 {
  if( ( preg_match_all( "/[ -?@!#$&+0-9=?A-Za-z^_.,]/", $paragraph, $res ) ) || ( empty( $paragraph ) ) ) {
   $data->paragraph = 0;
  } else {
   $data->paragraph = -1;
  }
  return $data->paragraph;
 }
	
	public function ValidatePassword( $password )
	{
		if( ( eregi( "[-!#$%&+.0-9=?A-Z_]", $password ) ) || ( empty( $password ) ) ) {
   $data = 0;
  } else {
   $data = -1;
  }
  return $data;
	}

 public function ValidateDate( $date )
 {
  if( ( eregi( "[0-9]{4}\-[0-9]{2}\-[0-9]{2} [0-9]{2}\:[0-9]{2}\:[0-9]{2}$", $date ) ) || ( empty( $date ) ) ) {
   $data = 0;
  } else {
   $data = -1;
  }
  return $data;
 }
 
 public function ValidateClassOpt( $value, $array )
 {
  preg_match( '/(\w+)\((\d+)\)|(\w+)/', $array[0]['Type'], $matches );
  $ret = 0;
  switch( $matches[1] ) {
   case "varchar":
    if( $this->ValidateParagraph( $value ) === -1 ) { $ret = -1; } break;
   case "text":
    if( $this->ValidateString( $value ) === -1 ) { $ret = -2; } break;
   case "int":
    if( $this->ValidateInteger( $value ) === -1 ) { $ret = -3; } break;
   case "tinyint":
    if( $this->ValidateInteger( $value ) === -1 ) { $ret = -4; } break;
   default:
    $ret = -5;
  }
  return $ret;
 }
 
	public function GenerateRandomPassword( $length, $complexity )
	{
		$normal = "abcdefghijklmnopqrstuvwyxz0123456789";
		$complex = "abcdefghijklmnopqrstuvwyxz0123456789-!#$%&+.0-9=?A-Z_";
		if( $complexity === "normal" ) { $chars = $normal; }
		if( $complexity === "complex" ) { $chars = $complex; }
  $i = 0; $pass = '';
		srand( ( double ) microtime() * 100000000 );
		for( $i = 0; $i <= $length; $i++ ) {
			$num = rand() % 99;
			$tmp = substr( $chars, $num, 2 );
			if( !empty( $tmp ) ) {	$pass = $pass . $tmp; }
		}
		return $pass;
	}
	
 public function ValidatePasswordFields( $password_1, $password_2 )
 {
  $data = 0;
  if( ( $password_1 !== $password_2 ) || ( strcmp( $password_1, $password_2 ) ) ) {
   $data = -1;
  } else {
   if( !eregi( "^[-!#$@%&\'*+\\./0-9=?A-Z^_`a-z{|}~<>]{5,25}$", $password_1 ) ) {
    $data = -2;
   }
   if( ( $password_1 === "************" ) || ( $password_1 === "************" ) ) {
    $data = -3;
   }
  }
  return $data;
 }
 
 public function ValidateUploadedFile( $file, $uploaded, $type, $size, $allowederegi, $allowedtype, $allowedsize )
 {
  if( !empty( $file ) ) {
   if( is_file( $uploaded ) ) {
				//if( eregi( "^[0-9a-z]{1,85}\.[" . $allowederegi . "]$", $file ) ) {
     if( $allowedtype === $type ) {
      if( $allowedsize >= $size ) {
       $data = 0;
      } else {
       $data = -5;
      }
     } else {
      $data = -4;
     }
    //} else {
    // $data = -3;
    //}
   } else {
    $data = -2;
   }
  } else {
   $data = -1;
  }
  return $data;
 }

 public function ValidateURI( $uri )
 {
		$prefix = "[[http://]|[https://]]";
  $domain = "([a-z0-9][-[:alnum:]]*[[:alnum:]] )(\.[[:alpha:]][-[:alnum:]]*[[:alpha:]] )+";
  $dir = "(/[[:alpha:]][-[:alnum:]]*[[:alnum:]] )*";
  $page = "(/[[:alpha:]][-[:alnum:]]*\.[[:alpha:]]{3,5})?";
  $getstring = "(\?([[:alnum:]][-_%[:alnum:]]*=[-_%[:alnum:]]+)(&([[:alnum:]][-_%[:alnum:]]*=[-_%[:alnum:]]+) )*)?";
  $pattern = $prefix . $domain . $dir . $page . $getstring;
  if( eregi( $pattern, $uri ) ) {
   $data->uri = 0;
  } else {
   $data->uri = -1;
  }
  return $data->uri;
 }

 public function ValidateSQL( $sql, $db )
 {
  $data = new InputFilter();
  $data->sql = $data->safeSQL( $sql, $db );
  return $data->sql;
 }

 public function ValidateXSS( $xss )
 {
  $data = new InputFilter();
  $data->xss = $data->process( $xss );
  return $data->xss;
 }

 function html2txt( $document ) {
  $search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript
                  '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
                  '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
                  '@<![\s\S]*?--[ \t\n\r]*>@'        // Strip multi-line comments including CDATA
                 );
  $text = preg_replace( $search, '', $document );
  return $text;
 }
	
	function SafeWriteFile( $path, $file, $string )
 {
  if( ( !empty( $path ) ) && ( !empty( $file ) ) && ( !empty( $string ) ) ) {
   if( is_dir( $path ) ) {
    if( ( $handle = @fopen( $path . $file, "w+b" ) ) !== FALSE ) {
     if( @flock( $handle, LOCK_EX ) ) {
      if( @fwrite( $handle, $string ) !== FALSE ) {
       $data = 0;
       @flock( $handle, LOCK_UN );
      } else {
       $data = -5;
      }
     } else {
      $data = -4;
     }
    } else {
     $data = -3;
    }
   } else {
    $data = -2;
   }
  } else {
   $data = -1;
  }
  return $data;
 }
}

/*
 * class: InputFilter (PHP5-Strict without comments)
 * contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
 * copyright: Daniel Morris
 */
class InputFilter {
 protected $tagsArray;
 protected $attrArray;

 protected $tagsMethod;
 protected $attrMethod;

 protected $xssAuto;
 protected $tagBlacklist = array( 'applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml' );
 protected $attrBlacklist = array( 'action', 'background', 'codebase', 'dynsrc', 'lowsrc' );
  
 public function __construct( $tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1 ) {
  for( $i = 0; $i < count( $tagsArray ); $i++ ) $tagsArray[$i] = strtolower( $tagsArray[$i] );
  for( $i = 0; $i < count( $attrArray ); $i++ ) $attrArray[$i] = strtolower( $attrArray[$i] );
  $this->tagsArray = ( array ) $tagsArray;
  $this->attrArray = ( array ) $attrArray;
  $this->tagsMethod = $tagsMethod;
  $this->attrMethod = $attrMethod;
  $this->xssAuto = $xssAuto;
 }
 
 public function process( $source ) {
  if( is_array( $source ) ) {
   foreach( $source as $key => $value )
    if( is_string( $value) ) $source[$key] = $this->remove( $this->decode( $value ) );
   return $source;
  } elseif( is_string( $source ) ) {
   return $this->remove( $this->decode( $source ) );
  } else return $source;
 }

 protected function remove( $source ) {
  $loopCounter=0;
  while( $source != $this->filterTags( $source ) ) {
   $source = $this->filterTags( $source );
   $loopCounter++;
  }
  return $source;
 } 
 
 protected function filterTags( $source ) {
  $preTag = NULL;
  $postTag = $source;
  $tagOpen_start = strpos( $source, '<' );
  while( $tagOpen_start !== FALSE ) {
   $preTag .= substr( $postTag, 0, $tagOpen_start );
   $postTag = substr( $postTag, $tagOpen_start );
   $fromTagOpen = substr( $postTag, 1 );
   $tagOpen_end = strpos( $fromTagOpen, '>' );
   if( $tagOpen_end === false ) break;
   $tagOpen_nested = strpos( $fromTagOpen, '<' );
   if( ( $tagOpen_nested !== false ) && ( $tagOpen_nested < $tagOpen_end) ) {
    $preTag .= substr( $postTag, 0, ( $tagOpen_nested+1 ) );
    $postTag = substr( $postTag, ( $tagOpen_nested+1 ) );
    $tagOpen_start = strpos( $postTag, '<' );
    continue;
   } 
   $tagOpen_nested = ( strpos( $fromTagOpen, '<' ) + $tagOpen_start + 1 );
   $currentTag = substr( $fromTagOpen, 0, $tagOpen_end );
   $tagLength = strlen( $currentTag );
   if( !$tagOpen_end ) {
    $preTag .= $postTag;
    $tagOpen_start = strpos( $postTag, '<' );
   }
   $tagLeft = $currentTag;
   $attrSet = array( );
   $currentSpace = strpos( $tagLeft, ' ' );
   if(substr( $currentTag, 0, 1) == "/" ) {
    $isCloseTag = TRUE;
    list( $tagName ) = explode( ' ', $currentTag );
    $tagName = substr( $tagName, 1 );
   } else {
    $isCloseTag = FALSE;
    list( $tagName ) = explode( ' ', $currentTag );
   }  
   if( (!preg_match( "/^[a-z][a-z0-9]*$/i", $tagName ) ) || ( !$tagName ) || ( (in_array( strtolower( $tagName ), $this->tagBlacklist ) ) && ( $this->xssAuto ) ) ) {
    $postTag = substr( $postTag, ( $tagLength + 2 ) );
    $tagOpen_start = strpos( $postTag, '<' );
    continue;
   }
   while( $currentSpace !== FALSE ) {
    $fromSpace = substr( $tagLeft, ( $currentSpace + 1 ) );
    $nextSpace = strpos( $fromSpace, ' ' );
    $openQuotes = strpos( $fromSpace, '"' );
    $closeQuotes = strpos( substr( $fromSpace, ( $openQuotes + 1 ) ), '"' ) + $openQuotes + 1;
    if( strpos( $fromSpace, '=' ) !== FALSE ) {
     if( ( $openQuotes !== FALSE ) && ( strpos( substr( $fromSpace, ( $openQuotes + 1 ) ), '"' ) !== FALSE ) )
      $attr = substr( $fromSpace, 0, ( $closeQuotes+1 ) );
     else $attr = substr( $fromSpace, 0, $nextSpace );
    } else $attr = substr( $fromSpace, 0, $nextSpace );
    if( !$attr ) $attr = $fromSpace;
    $attrSet[] = $attr;
    $tagLeft = substr( $fromSpace, strlen( $attr ) );
    $currentSpace = strpos( $tagLeft, ' ' );
   }
   $tagFound = in_array( strtolower( $tagName ), $this->tagsArray );
   if( (!$tagFound && $this->tagsMethod ) || ( $tagFound && !$this->tagsMethod ) ) {
    if( !$isCloseTag ) {
     $attrSet = $this->filterAttr( $attrSet );
     $preTag .= '<' . $tagName;
     for( $i = 0; $i < count( $attrSet ); $i++ )
      $preTag .= ' ' . $attrSet[$i];
     if( strpos( $fromTagOpen, "</" . $tagName ) ) $preTag .= '>';
     else $preTag .= ' />';
       } else $preTag .= '</' . $tagName . '>';
   }
   $postTag = substr( $postTag, ( $tagLength + 2 ) );
   $tagOpen_start = strpos( $postTag, '<' );
  }
  $preTag .= $postTag;
  return $preTag;
 }

 protected function filterAttr( $attrSet ) {
  $newSet = array( );
  for( $i = 0; $i < count( $attrSet ); $i++ ) {
   if( !$attrSet[$i] ) continue;
   $attrSubSet = explode( '=', trim( $attrSet[$i] ) );
   list( $attrSubSet[0] ) = explode( ' ', $attrSubSet[0] );
   if( ( !eregi("^[a-z]*$",$attrSubSet[0] ) ) || ( ( $this->xssAuto ) && ( (in_array( strtolower( $attrSubSet[0] ), $this->attrBlacklist ) ) || ( substr( $attrSubSet[0], 0, 2 ) == 'on' ) ) ) )
    continue;
   if( $attrSubSet[1] ) {
    $attrSubSet[1] = str_replace( '&#', '', $attrSubSet[1] );
    $attrSubSet[1] = preg_replace( '/\s+/', '', $attrSubSet[1] );
    $attrSubSet[1] = str_replace( '"', '', $attrSubSet[1] );
    if( (substr( $attrSubSet[1], 0, 1 ) == "'" ) && ( substr( $attrSubSet[1], ( strlen( $attrSubSet[1] ) - 1 ), 1 ) == "'" ) )
     $attrSubSet[1] = substr( $attrSubSet[1], 1, ( strlen( $attrSubSet[1] ) - 2 ) );
    $attrSubSet[1] = stripslashes( $attrSubSet[1] );
   }
   if( ( ( strpos( strtolower( $attrSubSet[1] ), 'expression' ) !== false ) && ( strtolower( $attrSubSet[0] ) == 'style' ) ) ||
     ( strpos( strtolower( $attrSubSet[1] ), 'javascript:' ) !== false ) ||
     ( strpos( strtolower( $attrSubSet[1] ), 'behaviour:' ) !== false ) ||
     ( strpos( strtolower( $attrSubSet[1] ), 'vbscript:' ) !== false ) ||
     ( strpos( strtolower( $attrSubSet[1] ), 'mocha:' ) !== false ) ||
     ( strpos( strtolower( $attrSubSet[1] ), 'livescript:' ) !== false )
  ) continue;

   $attrFound = in_array( strtolower( $attrSubSet[0] ), $this->attrArray );
   if( (!$attrFound && $this->attrMethod ) || ( $attrFound && !$this->attrMethod) ) {
    if( $attrSubSet[1] ) $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
    elseif( $attrSubSet[1] == "0") $newSet[] = $attrSubSet[0] . '="0"';
    else $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
   } 
  }
  return $newSet;
 }
 
 protected function decode( $source ) {
  $source = html_entity_decode( $source, ENT_QUOTES, "ISO-8859-1" );
  $source = preg_replace( '/&#(\d+ );/me',"chr(\\1)", $source );    // decimal notation
  $source = preg_replace( '/&#x([a-f0-9]+ );/mei',"chr(0x\\1)", $source ); // hex notation
  return $source;
 }

 public function safeSQL( $source, &$connection ) {
  if( is_array( $source ) ) {
   foreach( $source as $key => $value )
    if( is_string( $value) ) $source[$key] = $this->quoteSmart( $this->decode( $value ), $connection );
   return $source;
  } elseif( is_string( $source ) ) {
   if( is_string( $source ) ) return $this->quoteSmart( $this->decode( $source ), $connection );
  } else return $source;
 }

 protected function quoteSmart( $source, &$connection ) {
  if(get_magic_quotes_gpc() ) $source = stripslashes( $source );
  $source = $this->escapeString( $source, $connection );
  return $source;
 }
 
 protected function escapeString( $string, &$connection ) {
  if( version_compare( phpversion(),"4.3.0", "<" ) ) @mysql_escape_string( $string );
  else @mysql_real_escape_string( $string );
  return $string;
 }

}

?>
Return current item: phpMyOrdering