force strip_tags() on all user input unless explicitly allowed

[tt-rss.git] / include / functions.php

diff --git a/include/functions.php b/include/functions.php
index fc0cdec7c67b166aaba9e564738a5c4e173d1f73..0fd8ef61ac05a9cfd82e75b4f9f2d2ca61834a0a 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -725,6 +725,17 @@
                }
        }
 
+       // this is used for user http parameters unless HTML code is actually needed
+       function clean($param) {
+               if (is_array($param)) {
+                       return array_map(strip_tags, $param);
+               } else if (is_string($param)) {
+                       return strip_tags($param);
+               } else {
+                       return $param;
+               }
+       }
+
        function make_password($length = 8) {
 
                $password = "";
@@ -1932,10 +1943,6 @@
                }
        }
 
-       function feed_has_icon($id) {
-               return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0;
-       }
-
        function init_plugins() {
                PluginHost::getInstance()->load(PLUGINS, PluginHost::KIND_ALL);