public function sanitize(&$INPUT) { if (is_array($INPUT)) { $NEW = array(); if (count($INPUT)) { foreach ($INPUT as $key => $val) { $clean_key = htmlspecialchars($key); if (is_array($INPUT[$key])) { foreach ($INPUT[$key] as $key2 => $value2) { $clean_key2 = htmlspecialchars($key2); unset($INPUT[$key][$key2]); $value2 = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $value2); $NEW[$clean_key][$clean_key2] = q4mSecurity::killJS(htmlspecialchars($value2)); } } else { unset($INPUT[$key]); $val = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $val); $NEW[$clean_key] = q4mSecurity::killJS(htmlspecialchars($val)); //無限ループ } } } $INPUT = $NEW; } else { $INPUT = str_ireplace(array('delete', 'truncate', 'select', ';', '='), array('', '', '', ';', '='), $INPUT); $INPUT = q4mSecurity::killJS(htmlspecialchars($INPUT)); } }
/** * Initialising the class. * @param $is_view: bool, deault value = true. Set this to true if smarty is used. * @param $is_auth: bool, deault value = false. Set this to true if all controllers require Authentication. * @param $is_db: bool, deault value = false. Set this to true if all controllers require database connection. * @return none */ function __construct($is_view = true, $is_auth = false, $is_db = false) { $this->useHelper('q4mSecurity'); q4mSecurity::sanitize($_GET); if (isset($_GET['lang'])) { $this->lang = $_GET['lang']; $_SESSION[_SESS_MY_KEY_]['lang'] = $_GET['lang']; } else { if (isset($_SESSION[_SESS_MY_KEY_]['lang'])) { $this->lang = $_SESSION[_SESS_MY_KEY_]['lang']; } else { $this->lang = _DEFAULT_LANG_; } } //This guy becomes the directory name of the template. $this->class_basename = str_ireplace('Controller', '', get_class($this)); $this->is_view = $is_view; if ($this->is_view) { $this->initView(); } if ($is_db) { $this->connectDB(); } }