/**
* Clean the passed parameter
*
* @param mixed $param the variable we are cleaning
* @param int $type expected format of param after cleaning.
* @return mixed
*/
function clean_param($param, $type)
{
global $CFG, $ERROR, $HUB_FLM;
if (is_array($param)) {
$newparam = array();
foreach ($param as $key => $value) {
$newparam[$key] = clean_param($value, $type);
}
return $newparam;
}
switch ($type) {
case PARAM_TEXT:
// leave only tags needed for multilang
if (is_numeric($param)) {
return $param;
}
$param = stripslashes($param);
$param = clean_text($param);
$param = strip_tags($param, '<lang><span>');
$param = str_replace('+', '+', $param);
$param = str_replace('(', '(', $param);
$param = str_replace(')', ')', $param);
$param = str_replace('=', '=', $param);
$param = str_replace('"', '"', $param);
$param = str_replace('\'', ''', $param);
return $param;
case PARAM_HTML:
// keep as HTML, no processing
$param = stripslashes($param);
$param = clean_text($param);
return trim($param);
case PARAM_INT:
return (int) $param;
case PARAM_NUMBER:
return (double) $param;
case PARAM_ALPHA:
// Remove everything not a-z
return preg_replace('/([^a-zA-Z])/i', '', $param);
case PARAM_ALPHANUM:
// Remove everything not a-zA-Z0-9
return preg_replace('/([^A-Za-z0-9])/i', '', $param);
case PARAM_ALPHAEXT:
// Remove everything not a-zA-Z/_-
return preg_replace('/([^a-zA-Z\\/_-])/i', '', $param);
case PARAM_ALPHANUMEXT:
// Remove everything not a-zA-Z0-9-
return preg_replace('/([^a-zA-Z0-9-])/i', '', $param);
case PARAM_BOOL:
// Convert to 1 or 0
$tempstr = strtolower($param);
if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true') {
$param = 1;
} else {
if ($tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false') {
$param = 0;
} else {
$param = empty($param) ? 0 : 1;
}
}
return $param;
case PARAM_BOOLTEXT:
// check is an allowed text type boolean
$tempstr = strtolower($param);
if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true' or $tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false' or $tempstr == '0' or $tempstr == '1') {
$param = $param;
} else {
$param = "";
}
return $param;
case PARAM_PATH:
// Strip all suspicious characters from file path
$param = str_replace('\\\'', '\'', $param);
$param = str_replace('\\"', '"', $param);
$param = str_replace('\\', '/', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"`\\|\':]', '', $param);
$param = ereg_replace('\\.\\.+', '', $param);
$param = ereg_replace('//+', '/', $param);
return ereg_replace('/(\\./)+', '/', $param);
case PARAM_URL:
// allow safe ftp, http, mailto urls
include_once $CFG->dirAddress . 'core/lib/url-validation.class.php';
$URLValidator = new mrsnk_URL_validation($param, MRSNK_URL_DO_NOT_PRINT_ERRORS, MRSNK_URL_DO_NOT_CONNECT_2_URL);
if (!empty($param) && $URLValidator->isValid()) {
// all is ok, param is respected
} else {
$param = '';
// not really ok
}
return $param;
case PARAM_EMAIL:
if (validEmail($param)) {
return $param;
} else {
$ERROR = new error();
$ERROR->createInvalidEmailError();
include_once $HUB_FLM->getCodeDirPath("core/formaterror.php");
die;
}
case PARAM_XML:
$param = parseFromXML($param);
return $param;
default:
include_once $HUB_FLM->getCodeDirPath("core/formaterror.php");
$ERROR = new error();
$ERROR->createInvalidParameterError($type);
die;
}
}
