function xss_protect_query($query) { if (!empty($query)) { parse_str($query, $array); $array = xss_protect($array); $query = http_build_query($array); } return $query; }
function xss_protect($data) { static $magic = '__UNDEF__'; if ($magic == '__UNDEF__') { $magic = get_magic_quotes_gpc(); } if (is_array($data)) { foreach ($data as $key => $val) { $data[$key] = xss_protect($val); } } else { if (is_string($data)) { if (!$magic) { $data = addslashes($data); } $data = strip_tags($data); $data = htmlspecialchars($data, ENT_COMPAT | ENT_HTML401, get_config('charset')); } } return $data; }
function get_param($field = null, $default = '') { $query = get_var('qry'); $params = array(); if (!empty($query)) { parse_str($query, $params); $params = xss_protect($params); } if (!empty($field)) { return isset($params[$field]) ? $params[$field] : $default; } return $params; }