/** * Outputs data into the template * * @param string $output The String to be output into the template * @param bool $sanitize Flag that will sanitize the output for display */ function out($output, $sanitize = true, $decode_special_entities = false) { if ($sanitize) { $output = owa_sanitize::escapeForDisplay($output); if ($decode_special_entities) { $output = strtr($output, array('&' => '&')); } } echo $output; }
/** * Sanitizes for safe input. Takes an array of options: * * - hidden_spaces - removes any non space whitespace characters * - escape_html - Encode any html entities. Encode must be true for the `remove_html` to work. * - dollar - Escape `$` with `\$` * - carriage - Remove `\r` * - unicode * - backslash - * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work. * * @param mixed $data Data to sanitize * @param array $options * @return mixed Sanitized data * @access public * @static */ function cleanInput($input, $options = array()) { if (empty($input)) { return; } $options = array_merge(array('hidden_spaces' => true, 'remove_html' => false, 'encode' => true, 'dollar' => true, 'carriage' => true, 'unicode' => true, 'escape_html' => true, 'backslash' => true), $options); if (is_array($input)) { $output = array(); foreach ($input as $k => $v) { $output[$k] = owa_sanitize::cleanInput($v, $options); } return $output; } else { if ($options['hidden_spaces']) { $output = owa_sanitize::removeHiddenSpaces($input); } if ($options['remove_html']) { $output = owa_sanitize::stripAllTags($output); } if ($options['dollar']) { $output = owa_sanitize::escapeDollarSigns($output); } if ($options['carriage']) { $output = owa_sanitize::stripCarriageReturns($output); } if ($options['unicode']) { $output = owa_sanitize::escapeUnicode($output); } if ($options['escape_html']) { $output = owa_sanitize::escapeForDisplay($output); } if ($options['backslash']) { $output = owa_sanitize::escapeBackslash($output); } return $output; } }