From 02b0b681935185a1c4d2d64e76fe499f3d438d12 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 8 Oct 2006 12:05:23 +0200
Subject: strip controlchars in fetch.php #935

Fixes a header injection/XSS vulnerability

darcs-hash:20061008100523-7ad00-be06a942badb6a2a9ed862be003ee0050504b4b0.gz
---
 inc/common.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'inc')

diff --git a/inc/common.php b/inc/common.php
index 8b21c0585..845ca3634 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -41,7 +41,16 @@ function hsc($string){
  */
 function ptln($string,$intend=0){
   for($i=0; $i<$intend; $i++) print ' ';
-  print"$string\n";
+  echo "$string\n";
+}
+
+/**
+ * strips control characters (<32) from the given string
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+function stripctl($string){
+  return preg_replace('/[\x00-\x1F]+/s','',$string);
 }
 
 /**
-- 
cgit v1.2.3