/**
* cleanRequest
*
* Cleans the request environment from global variables, unescaped slashes and xss in the request string.
*
* @return void
* @access public
* @author Johann-Peter Hartmann <*****@*****.**>
*/
function cleanRequest()
{
$_SERVER['PHP_SELF'] = str_replace('%2F', '/', rawurlencode($_SERVER['PHP_SELF']));
// remove global registered variables to avoid injections
if (ini_get('register_globals')) {
PMF_Init::unregisterGlobalVariables();
}
// clean external variables
$externals = array('_REQUEST', '_GET', '_POST', '_COOKIE');
foreach ($externals as $external) {
if (isset($GLOBALS[$external]) && is_array($GLOBALS[$external])) {
// first clean XSS issues
$newvalues = $GLOBALS[trim($external)];
$newvalues = PMF_Init::removeXSSGPC($newvalues);
// then apply magic quotes
$newvalues = PMF_Init::removeMagicQuotesGPC($newvalues);
// clean old array and insert cleaned data
foreach (array_keys($GLOBALS[$external]) as $key) {
unset($GLOBALS[$external][$key]);
}
foreach (array_keys($newvalues) as $key) {
$GLOBALS[$external][$key] = $newvalues[$key];
}
}
}
}
