Browse code

accept integer parameters in filter_*() and use filter_output_html() in html_* functions

Bernd Wurst authored on14/10/2019 11:50:19
Showing3 changed files
... ...
@@ -422,8 +422,8 @@ function html_select($name, $options, $default='', $free='')
422 422
         if ($default == $key) {
423 423
             $selected = ' selected="selected" ';
424 424
         }
425
-        $key = filter_input_general($key);
426
-        $value = filter_input_general($value);
425
+        $key = filter_output_html($key);
426
+        $value = filter_output_html($value);
427 427
         $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
428 428
     }
429 429
     $ret .= '</select>';
... ...
@@ -75,7 +75,7 @@ function get_messages()
75 75
     <ul>
76 76
     ';
77 77
         foreach ($input_error as $error) {
78
-            $messages .= '<li>'.nl2br(filter_input_general($error))."</li>\n";
78
+            $messages .= '<li>'.nl2br(filter_output_html($error))."</li>\n";
79 79
         }
80 80
         $messages .= '</ul>
81 81
     </div>';
... ...
@@ -85,7 +85,7 @@ function get_messages()
85 85
     <ul>
86 86
     ';
87 87
         foreach ($_SESSION['warning'] as $msg) {
88
-            $messages .= '<li>'.nl2br(filter_input_general($msg))."</li>\n";
88
+            $messages .= '<li>'.nl2br(filter_output_html($msg))."</li>\n";
89 89
         }
90 90
         $messages .= '</ul>
91 91
     </div>';
... ...
@@ -96,7 +96,7 @@ function get_messages()
96 96
     <ul>
97 97
     ';
98 98
         foreach ($_SESSION['success_msg'] as $msg) {
99
-            $messages .= '<li>'.nl2br(filter_input_general($msg))."</li>\n";
99
+            $messages .= '<li>'.nl2br(filter_output_html($msg))."</li>\n";
100 100
         }
101 101
         $messages .= '</ul>
102 102
     </div>';
... ...
@@ -59,6 +59,7 @@ function filter_input_general($input)
59 59
     if ($input === null) {
60 60
         return null;
61 61
     }
62
+    $input = (string) $input;
62 63
     $filtered = preg_replace('/[\x00-\x09\x0b-\x0c\x0e-\x1f]/', '', $input);
63 64
     if ($filtered !== $input) {
64 65
         system_failure("Ihre Daten enthielten ungültige Zeichen!");
... ...
@@ -72,10 +73,11 @@ function filter_input_oneline($input)
72 73
     if ($input === null) {
73 74
         return null;
74 75
     }
76
+    $input = (string) $input;
75 77
     $filtered = preg_replace('/[\x00-\x1f]/', '', $input);
76 78
     if ($filtered !== $input) {
77 79
         system_failure("Ihre Daten enthielten ungültige Zeichen!");
78
-        logger(LOG_WARNING, 'inc/security', 'filter_input_general', 'Ungültige Daten!');
80
+        logger(LOG_WARNING, 'inc/security', 'filter_input_oneline', 'Ungültige Daten!');
79 81
     }
80 82
     return $filtered;
81 83
 }
... ...
@@ -89,6 +91,7 @@ function filter_output_html($data)
89 91
 
90 92
 function verify_input_ascii($data)
91 93
 {
94
+    $data = (string) $data;
92 95
     $filtered = filter_var($data, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
93 96
     if ($filtered != $data) {
94 97
         logger(LOG_WARNING, 'inc/security', 'verify_input_ascii', 'Ungültige Daten: '.$data);
... ...
@@ -100,6 +103,7 @@ function verify_input_ascii($data)
100 103
 
101 104
 function verify_input_identifier($data)
102 105
 {
106
+    $data = (string) $data;
103 107
     if ($data === "") {
104 108
         system_failure("Leerer Bezeichner");
105 109
     }