$max))) return FALSE; return $string; } // sanitize a string in prep for passing a single argument to system() (or similar) function sanitize_system_string($string, $min='', $max='') { $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // no piping, passing possible environment variables ($), // seperate commands, nested execution, file redirection, // background processing, special commands (backspace, etc.), quotes // newlines, or some other special characters $string = preg_replace($pattern, '', $string); $string = '"'.preg_replace('/\$/', '\\\$', $string).'"'; //make sure this is only interpretted as ONE argument $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return $string; } // sanitize a string for SQL input (simple slash out quotes and slashes) function sanitize_sql_string($string, $min='', $max='') { $pattern[0] = '/(\\\\)/'; $pattern[1] = "/\"/"; $pattern[2] = "/'/"; $replacement[0] = '\\\\\\'; $replacement[1] = '\"'; $replacement[2] = "\\'"; $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return preg_replace($pattern, $replacement, $string); } // sanitize a string for SQL input (simple slash out quotes and slashes) function sanitize_ldap_string($string, $min='', $max='') { $pattern = '/(\)|\(|\||&)/'; $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return preg_replace($pattern, '', $string); } // sanitize a string for HTML (make sure nothing gets interpretted!) function sanitize_html_string($string) { $pattern[0] = '/\&/'; $pattern[1] = '//"; $pattern[3] = '/\n/'; $pattern[4] = '/"/'; $pattern[5] = "/'/"; $pattern[6] = "/%/"; $pattern[7] = '/\(/'; $pattern[8] = '/\)/'; $pattern[9] = '/\+/'; $pattern[10] = '/-/'; $replacement[0] = '&'; $replacement[1] = '<'; $replacement[2] = '>'; $replacement[3] = '
'; $replacement[4] = '"'; $replacement[5] = '''; $replacement[6] = '%'; $replacement[7] = '('; $replacement[8] = ')'; $replacement[9] = '+'; $replacement[10] = '-'; return preg_replace($pattern, $replacement, $string); } // make int int! function sanitize_int($integer, $min='', $max='') { $int = intval($integer); if((($min != '') && ($int < $min)) || (($max != '') && ($int > $max))) return FALSE; return $int; } // make float float! function sanitize_float($float, $min='', $max='') { $float = floatval($float); if((($min != '') && ($float < $min)) || (($max != '') && ($float > $max))) return FALSE; return $float; } // glue together all the other functions function sanitize($input, $flags, $min='', $max='') { if($flags & UTF8) $input = my_utf8_decode($input); if($flags & PARANOID) $input = sanitize_paranoid_string($input, $min, $max); if($flags & INT) $input = sanitize_int($input, $min, $max); if($flags & FLOAT) $input = sanitize_float($input, $min, $max); if($flags & HTML) $input = sanitize_html_string($input, $min, $max); if($flags & SQL) $input = sanitize_sql_string($input, $min, $max); if($flags & LDAP) $input = sanitize_ldap_string($input, $min, $max); if($flags & SYSTEM) $input = sanitize_system_string($input, $min, $max); return $input; } ?> "; $script .= "d=\"".$encodedDomain."\";"; $script .= "n=\"".$encodedName."\";"; if ($isLink) { if ($display == '') $script .= "document.write(''+n+'@'+d+'');"; else $script .= "document.write('".$encodedDisplay."');"; } else { $script .= "document.write(n+'@'+d);"; } $script .= ""; return $script; } ?> Lady Slipper Scenic Byway - Contact the LSSB

  

Contact the LSSB

Please use this form to send a message to the Lady Slipper Scenic Byway!


Name:

E-mail:

Comments: