function sanitise_str($x, $flags = 0)
{
global $EscapeSequencesA, $EscapeSequencesB;
$x = (string) $x;
if ($flags & STR_GPC and PHP_MAJOR_VERSION < 6 and get_magic_quotes_gpc()) {
$x = stripslashes($x);
}
if ($flags & STR_ENSURE_ASCII) {
$x = ensure_valid_ascii($x);
} else {
$x = ensure_valid_utf8($x);
}
if ($flags & STR_TO_UPPERCASE) {
$x = strtoupper($x);
}
if ($flags & STR_TO_LOWERCASE) {
$x = strtolower($x);
}
if (~$flags & STR_NO_TRIM) {
$x = trim($x);
}
if (~$flags & STR_NO_STRIP_CR) {
$x = str_replace("\r", '', $x);
}
if ($flags & (STR_ESCAPE_HTML | STR_PERMIT_FORMATTING | STR_HANDLE_IMAGES | STR_PERMIT_ADMIN_HTML | STR_DISREGARD_GAME_STATUS | STR_EMAIL_FORMATTING)) {
$x = htmlspecialchars($x, ENT_COMPAT, 'UTF-8');
}
if ($flags & STR_CONVERT_ESCAPE_SEQUENCES) {
$x = str_replace($EscapeSequencesA, $EscapeSequencesB, $x);
}
if ($flags & STR_STRIP_TAB_AND_NEWLINE) {
$x = str_replace(array("\n", "\t"), '', $x);
}
return $x;
}
function sanitise_str_fancy($x, $minlength = null, $maxlength = null, $flags = 0)
{
global $Administrator, $EscapeSequencesA, $EscapeSequencesB;
$x = (string) $x;
if ($flags & STR_GPC and PHP_MAJOR_VERSION < 6 and get_magic_quotes_gpc()) {
$x = stripslashes($x);
}
if ($flags & STR_ENSURE_ASCII) {
$x = ensure_valid_ascii($x);
} else {
$x = ensure_valid_utf8($x);
}
if ($flags & STR_TO_UPPERCASE) {
$x = strtoupper($x);
}
if ($flags & STR_TO_LOWERCASE) {
$x = strtolower($x);
}
if (~$flags & STR_NO_TRIM) {
$x = trim($x);
}
if (~$flags & STR_NO_STRIP_CR or $flags & (STR_PERMIT_FORMATTING | STR_EMAIL_FORMATTING)) {
$x = str_replace("\r", '', $x);
}
if ($flags & STR_EMAIL_FORMATTING) {
$x = htmlspecialchars($x, ENT_COMPAT, 'UTF-8');
if ($flags & STR_CONVERT_ESCAPE_SEQUENCES) {
$x = preg_replace('/\\[\\s*([a-zA-Z]+)\\s*\\]/', '[$1]', $x);
}
$x = preg_replace('/(\\s*?\\n){2,}\\s*/', '</p><p>', $x);
$x = str_replace("\n", ' ', $x);
$x = trim(preg_replace('/\\s{2,}/', ' ', $x));
$x = '<p>' . $x . '</p>';
} else {
if ($flags & STR_PERMIT_FORMATTING) {
// NB. HTML escaping is carried out in the class methods called by the following
// code (unless the user is an Administrator and the appropriate flag is set)
$x = preg_replace('/\\n{2,}/', '[multiple_newline]', $x);
$x = str_replace("\n", '[single_newline]', $x);
$x = preg_replace('/(\\[[^\\]])\\[(multiple|single)_newline\\]\\]/', '$1', $x);
$x = preg_split('/(\\[.+?\\])/', $x, null, PREG_SPLIT_DELIM_CAPTURE);
$num_pieces = count($x);
$mymsg = block_sequence::blank();
for ($i = 0; $i < $num_pieces; $i++) {
if ($i % 2) {
$mymsg->handle_tag($x[$i]);
} else {
$mymsg->handle_content($x[$i]);
}
}
$x = msg_serialise($mymsg->finalise($flags));
$y = $x[0];
$x = $x[1];
} else {
if ($flags & STR_ESCAPE_HTML and (!$Administrator or ~$flags & STR_PERMIT_ADMIN_HTML)) {
$x = htmlspecialchars($x, ENT_COMPAT, 'UTF-8');
}
}
}
if ($flags & STR_CONVERT_ESCAPE_SEQUENCES) {
$x = str_ireplace($EscapeSequencesA, $EscapeSequencesB, $x);
}
if ($flags & STR_STRIP_TAB_AND_NEWLINE) {
$x = str_replace(array("\n", "\t"), '', $x);
}
if (!is_null($minlength) and ($flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and mb_strlen($x, 'UTF-8') < $minlength or ~$flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and strlen($x) < $minlength)) {
$lengthindicator = -1;
} else {
if (!is_null($maxlength) and ($flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and mb_strlen($x, 'UTF-8') > $maxlength or ~$flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and strlen($x) > $maxlength)) {
$lengthindicator = 1;
} else {
$lengthindicator = 0;
}
}
if ($flags & STR_PERMIT_FORMATTING) {
$x = $y . $x;
if (!is_null($maxlength) and ($flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and mb_strlen($x, 'UTF-8') > 1.1 * $maxlength or ~$flags & STR_MULTIBYTE_LENGTH_CONSTRAINTS and strlen($x) > 1.1 * $maxlength)) {
$lengthindicator = 1;
}
}
if (is_null($minlength) and is_null($maxlength)) {
return $x;
} else {
return array($x, $lengthindicator);
}
}
