diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
| commit | 02b0b681935185a1c4d2d64e76fe499f3d438d12 (patch) | |
| tree | 67be0215dcee66121bafd54a9a78fd3e17c5b83c /inc/common.php | |
| parent | 10ffc9dd6a89562ef502baa21f968cf269fe21b0 (diff) | |
| download | rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.gz rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.bz2 | |
strip controlchars in fetch.php #935
Fixes a header injection/XSS vulnerability
darcs-hash:20061008100523-7ad00-be06a942badb6a2a9ed862be003ee0050504b4b0.gz
Diffstat (limited to 'inc/common.php')
| -rw-r--r-- | inc/common.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/inc/common.php b/inc/common.php index 8b21c0585..845ca3634 100644 --- a/inc/common.php +++ b/inc/common.php @@ -41,7 +41,16 @@ function hsc($string){ */ function ptln($string,$intend=0){ for($i=0; $i<$intend; $i++) print ' '; - print"$string\n"; + echo "$string\n"; +} + +/** + * strips control characters (<32) from the given string + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function stripctl($string){ + return preg_replace('/[\x00-\x1F]+/s','',$string); } /** |