public function sanitize(&$INPUT)
{
if (is_array($INPUT)) {
$NEW = array();
if (count($INPUT)) {
foreach ($INPUT as $key => $val) {
$clean_key = htmlspecialchars($key);
if (is_array($INPUT[$key])) {
foreach ($INPUT[$key] as $key2 => $value2) {
$clean_key2 = htmlspecialchars($key2);
unset($INPUT[$key][$key2]);
$value2 = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $value2);
$NEW[$clean_key][$clean_key2] = q4mSecurity::killJS(htmlspecialchars($value2));
}
} else {
unset($INPUT[$key]);
$val = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $val);
$NEW[$clean_key] = q4mSecurity::killJS(htmlspecialchars($val));
//無限ループ
}
}
}
$INPUT = $NEW;
} else {
$INPUT = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $INPUT);
$INPUT = q4mSecurity::killJS(htmlspecialchars($INPUT));
}
}
/**
* Initialising the class.
* @param $is_view: bool, deault value = true. Set this to true if smarty is used.
* @param $is_auth: bool, deault value = false. Set this to true if all controllers require Authentication.
* @param $is_db: bool, deault value = false. Set this to true if all controllers require database connection.
* @return none
*/
function __construct($is_view = true, $is_auth = false, $is_db = false)
{
$this->useHelper('q4mSecurity');
q4mSecurity::sanitize($_GET);
if (isset($_GET['lang'])) {
$this->lang = $_GET['lang'];
$_SESSION[_SESS_MY_KEY_]['lang'] = $_GET['lang'];
} else {
if (isset($_SESSION[_SESS_MY_KEY_]['lang'])) {
$this->lang = $_SESSION[_SESS_MY_KEY_]['lang'];
} else {
$this->lang = _DEFAULT_LANG_;
}
}
//This guy becomes the directory name of the template.
$this->class_basename = str_ireplace('Controller', '', get_class($this));
$this->is_view = $is_view;
if ($this->is_view) {
$this->initView();
}
if ($is_db) {
$this->connectDB();
}
}
