/** * Clean any data before it's returned. * * @param $data * The value of the parameter. * @param $type * The type of data to scrub the input. * * @return bool|float|int|string */ protected static function clean($data, $type = 'text') { if (get_magic_quotes_gpc()) { $data = stripslashes($data); } // Return the value. switch ($type) { case 'int': return Scrub::int($data); break; case 'float': return Scrub::float($data); break; case 'boolean-int': return intval(Scrub::boolean($data)); break; case 'explode': $data = explode(',', trim($data, ',')); case 'array': case 'array_keys': $args = func_get_args(); if (!is_array($data) || count($data) == 0) { return false; } $output = array(); foreach ($data as $k => $v) { $output[] = self::clean($type == 'array_keys' ? $k : $v, !empty($args[2]) ? $args[2] : null); } return $output; break; case 'keyed_array': $args = func_get_args(); if (!is_array($data) || count($data) == 0) { return false; } $output = array(); foreach ($data as $k => $v) { $output[$k] = self::clean($v, !empty($args[2]) ? $args[2] : null); } return $output; break; case 'url': case 'email': case 'boolean': case 'hex': case 'base64': case 'encrypted': case 'html': $args = func_get_args(); // It's possible that a + was changed to a space in URL decoding. if ($type == 'base64' || $type == 'encrypted') { $args[0] = str_replace(' ', '+', $args[0]); } // Remove the second item, the type. if (count($args) > 2) { unset($args[1]); $args = array_values($args); } return call_user_func_array("Lightning\\Tools\\Scrub::{$type}", $args); break; case 'urlencoded': return urldecode($data); break; case 'text': // This still allows some basic HTML. return Scrub::text($data); break; case 'string': default: // This does nothing to the string. Assume it is not sanitized. return $data; break; } }
function input_sanitize($val, $allow_html = false) { $val = stripslashes($val); if ($allow_html === true && $this->trusted) { $clean_html = Scrub::html($val, '', '', TRUE); } elseif ($allow_html === true) { $clean_html = Scrub::html($val); } elseif ($allow_html) { $clean_html = Scrub::html($val, $allow_html); } else { $clean_html = Scrub::text($val); } return $clean_html; }