/** * cleanRequest * * Cleans the request environment from global variables, unescaped slashes and xss in the request string. * * @return void * @access public * @author Johann-Peter Hartmann <*****@*****.**> */ function cleanRequest() { $_SERVER['PHP_SELF'] = str_replace('%2F', '/', rawurlencode($_SERVER['PHP_SELF'])); // remove global registered variables to avoid injections if (ini_get('register_globals')) { PMF_Init::unregisterGlobalVariables(); } // clean external variables $externals = array('_REQUEST', '_GET', '_POST', '_COOKIE'); foreach ($externals as $external) { if (isset($GLOBALS[$external]) && is_array($GLOBALS[$external])) { // first clean XSS issues $newvalues = $GLOBALS[trim($external)]; $newvalues = PMF_Init::removeXSSGPC($newvalues); // then apply magic quotes $newvalues = PMF_Init::removeMagicQuotesGPC($newvalues); // clean old array and insert cleaned data foreach (array_keys($GLOBALS[$external]) as $key) { unset($GLOBALS[$external][$key]); } foreach (array_keys($newvalues) as $key) { $GLOBALS[$external][$key] = $newvalues[$key]; } } } }