$clean) { $cleaned[$key] = preg_replace("/[^{$allow}a-zA-Z0-9]/", '', $clean); } } else { $cleaned = preg_replace("/[^{$allow}a-zA-Z0-9]/", '', $string); } return $cleaned; } /** * Makes a string SQL-safe. * * @param string $string String to sanitize * @param string $connection Database connection being used * @return string SQL safe string * @access public * @static */ function escape($string, $connection = 'default') { $db =& ConnectionManager::getDataSource($connection); if (is_numeric($string) || $string === null || is_bool($string)) { return $string; } $string = substr($db->value($string), 1); $string = substr($string, 0, -1); return $string; } /** * Returns given string safe for display as HTML. Renders entities. * * @param string $string String from where to strip tags * @param boolean $remove If true, the string is stripped of all HTML tags * @return string Sanitized string * @access public * @static */ function html($string, $remove = false) { if ($remove) { $string = strip_tags($string); } else { $patterns = array('&', '%', '<', '>', '"', "'", '(', ')', '+', '-'); $replacements = array("&", "%", "<", ">", """, "'", "(", ")", "+", "-"); $string = str_replace($patterns, $replacements, $string); } return $string; } /** * Strips extra whitespace from output * * @param string $str String to sanitize * @return string whitespace sanitized string * @access public * @static */ function stripWhitespace($str) { $r = preg_replace('/[\n\r\t]+/', '', $str); return preg_replace('/\s{2,}/', ' ', $r); } /** * Strips image tags from output * * @param string $str String to sanitize * @return string Sting with images stripped. * @access public * @static */ function stripImages($str) { $str = preg_replace('/(]*>)(]+alt=")([^"]*)("[^>]*>)(<\/a>)/i', '$1$3$5
', $str); $str = preg_replace('/(]+alt=")([^"]*)("[^>]*>)/i', '$2
', $str); $str = preg_replace('/]*>/i', '', $str); return $str; } /** * Strips scripts and stylesheets from output * * @param string $str String to sanitize * @return string String with