/**
  * Sanitizes given array or value for safe input. Use the options to specify
  * the connection to use, and what filters should be applied (with a boolean
  * value). Valid filters:
  *
  * - odd_spaces - removes any non space whitespace characters
  * - encode - Encode any html entities. Encode must be true for the `remove_html` to work.
  * - dollar - Escape `$` with `\$`
  * - carriage - Remove `\r`
  * - unicode -
  * - escape - Should the string be SQL escaped.
  * - backslash -
  * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work.
  *
  * @param string|array $data Data to sanitize
  * @param string|array $options If string, DB connection being used, otherwise set of options
  * @return mixed Sanitized data
  */
 public static function clean($data, $options = array())
 {
     if (empty($data)) {
         return $data;
     }
     if (is_string($options)) {
         $options = array('connection' => $options);
     } elseif (!is_array($options)) {
         $options = array();
     }
     $options = array_merge(array('connection' => 'default', 'odd_spaces' => true, 'remove_html' => false, 'encode' => true, 'dollar' => true, 'carriage' => true, 'unicode' => true, 'escape' => true, 'backslash' => true), $options);
     if (is_array($data)) {
         foreach ($data as $key => $val) {
             $data[$key] = GummSanitize::clean($val, $options);
         }
         return $data;
     } else {
         if ($options['odd_spaces']) {
             $data = str_replace(chr(0xca), '', $data);
         }
         if ($options['encode']) {
             $data = GummSanitize::html($data, array('remove' => $options['remove_html']));
         }
         if ($options['dollar']) {
             $data = str_replace("\\\$", "\$", $data);
         }
         if ($options['carriage']) {
             $data = str_replace("\r", "", $data);
         }
         if ($options['unicode']) {
             $data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data);
         }
         if ($options['escape']) {
             $data = GummSanitize::escape($data, $options['connection']);
         }
         if ($options['backslash']) {
             $data = preg_replace("/\\\\(?!&#|\\?#)/", "\\", $data);
         }
         return $data;
     }
 }
Esempio n. 2
0
 private function getDayEventsPopupHtml($events, $options = array())
 {
     if (!$events) {
         return;
     }
     $options = array_merge(array('date' => false, 'sanitize' => true), $options);
     $outputHtml = '<ul>';
     foreach ($events as $event) {
         $outputHtml .= '<li>
             <a href="' . $this->getPermalink($event, $options['date']) . '">' . get_the_title($event->ID) . '</a>
             <span>@ ' . $this->getEventTime($event->event_start_time) . '</span>
         </li>';
     }
     $outputHtml .= '</ul>';
     if ($options['sanitize']) {
         $outputHtml = GummSanitize::html($outputHtml);
     }
     return $outputHtml;
 }