/**
* Clean _GET _POST value
*
* @access public
* @param string Input
* @param bool Also run postParseCleanValue
* @return string Cleaned Input
* @since 2.1
*/
public static function parseCleanValue($val, $postParse = true)
{
if ($val == "") {
return "";
}
$val = str_replace(" ", " ", IPSText::stripslashes($val));
# Convert all carriage return combos
$val = str_replace(array("\r\n", "\n\r", "\r"), "\n", $val);
$val = str_replace("&", "&", $val);
$val = str_replace("<!--", "<!--", $val);
$val = str_replace("-->", "-->", $val);
$val = str_ireplace("<script", "<script", $val);
$val = str_replace(">", ">", $val);
$val = str_replace("<", "<", $val);
$val = str_replace('"', """, $val);
$val = str_replace("\n", "<br />", $val);
// Convert literal newlines
$val = str_replace("\$", "$", $val);
$val = str_replace("!", "!", $val);
$val = str_replace("'", "'", $val);
// IMPORTANT: It helps to increase sql query safety.
if (IPS_ALLOW_UNICODE) {
$val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val);
//-----------------------------------------
// Try and fix up HTML entities with missing ;
//-----------------------------------------
$val = preg_replace("/&#(\\d+?)([^\\d;])/i", "&#\\1;\\2", $val);
}
//-----------------------------------------
// Shortcut to auto run other cleaning
//-----------------------------------------
if ($postParse) {
$val = IPSText::postParseCleanValue($val);
}
return $val;
}
