Browse code

input-filtering

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@500 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:10:56
Showing2 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,17 @@
1
+<?php
2
+
3
+
4
+function filter_input_general( $input )
5
+{
6
+        return htmlspecialchars(iconv('UTF-8', 'UTF-8', $input), ENT_QUOTES, 'UTF-8');
7
+}
8
+
9
+
10
+function filter_input_username( $input )
11
+{
12
+        return ereg_replace("[^[:alnum:]\_\.\+\-]", "", $input );
13
+}
14
+
15
+
16
+
17
+?>
... ...
@@ -2,7 +2,7 @@
2 2
 
3 3
 require_once("inc/debug.php");
4 4
 require_once("inc/db_connect.php");
5
-
5
+require_once("inc/security.php");
6 6
 
7 7
 
8 8
 function get_jabber_accounts() {
... ...
@@ -44,7 +44,7 @@ function create_jabber_account($local, $domain, $password)
44 44
   require_role(ROLE_CUSTOMER);
45 45
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
46 46
 
47
-  $local = mysql_real_escape_string($local);
47
+  $local = mysql_real_escape_string( filter_input_username($local) );
48 48
   $domain = (int) $domain;
49 49
   $password = mysql_real_escape_string($password);
50 50