force strip_tags() on all user input unless explicitly allowed

[tt-rss.git] / include / functions.php

diff --git a/include/functions.php b/include/functions.php
index 54fa2bd9d140c1ab0deceb1285437306c16ea2e2..0fd8ef61ac05a9cfd82e75b4f9f2d2ca61834a0a 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -725,6 +725,17 @@
                }
        }
 
+       // this is used for user http parameters unless HTML code is actually needed
+       function clean($param) {
+               if (is_array($param)) {
+                       return array_map(strip_tags, $param);
+               } else if (is_string($param)) {
+                       return strip_tags($param);
+               } else {
+                       return $param;
+               }
+       }
+
        function make_password($length = 8) {
 
                $password = "";
@@ -1077,6 +1088,7 @@
                $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
                $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
                $params["bw_limit"] = (int) $_SESSION["bw_limit"];
+               $params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
                $params["label_base_index"] = (int) LABEL_BASE_INDEX;
 
                $theme = get_pref( "USER_CSS_THEME", false, false);
@@ -1931,10 +1943,6 @@
                }
        }
 
-       function feed_has_icon($id) {
-               return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0;
-       }
-
        function init_plugins() {
                PluginHost::getInstance()->load(PLUGINS, PluginHost::KIND_ALL);
 
@@ -2425,6 +2433,9 @@
        }
 
        function get_theme_path($theme) {
+               if ($theme == "default.php")
+                       return "css/default.css";
+
                $check = "themes/$theme";
                if (file_exists($check)) return $check;