diff options
| -rw-r--r-- | inc/common.php | 11 | ||||
| -rw-r--r-- | lib/exe/fetch.php | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/inc/common.php b/inc/common.php index 8b21c0585..845ca3634 100644 --- a/inc/common.php +++ b/inc/common.php @@ -41,7 +41,16 @@ function hsc($string){ */ function ptln($string,$intend=0){ for($i=0; $i<$intend; $i++) print ' '; - print"$string\n"; + echo "$string\n"; +} + +/** + * strips control characters (<32) from the given string + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function stripctl($string){ + return preg_replace('/[\x00-\x1F]+/s','',$string); } /** diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 343145c54..f33f7b0cc 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -20,7 +20,7 @@ $mimetypes = getMimeTypes(); //get input - $MEDIA = getID('media',false); // no cleaning - maybe external + $MEDIA = stripctl(getID('media',false)); // no cleaning except control chars - maybe external $CACHE = calc_cache($_REQUEST['cache']); $WIDTH = (int) $_REQUEST['w']; $HEIGHT = (int) $_REQUEST['h']; |