library/sanitize.inc.php

   1 <?php
   2 /**
   3 * Function to check and/or sanitize things for security such as
   4 * directories names, file names, etc.
   5 *
   6 * Copyright (C) 2012 by following Brady Miller <brady@sparmy.com>
   7 *
   8 * LICENSE: This program is free software; you can redistribute it and/or
   9 * modify it under the terms of the GNU General Public License
  10 * as published by the Free Software Foundation; either version 3
  11 * of the License, or (at your option) any later version.
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15 * GNU General Public License for more details.
  16 * You should have received a copy of the GNU General Public License
  17 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
  18 *
  19 * @package OpenEMR
  20 * @author Brady Miller <brady@sparmy.com>
  21 * @author Roberto Vasquez <robertogagliotta@gmail.com>
  22 * @link http://www.open-emr.org
  23 */
  24 // If the label contains any illegal characters, then the script will die.
  25 function check_file_dir_name($label) {
  26   if (empty($label) || preg_match('/[^A-Za-z0-9_.-]/', $label))
  27     die(xlt("ERROR: The following variable contains invalid characters").": ". attr($label));
  28 }
  29
  30 // Convert all illegal characters to _
  31 function convert_safe_file_dir_name($label) {
  32   return preg_replace('/[^A-Za-z0-9_.-]/','_',$label);
  33 }
  34
  35 ?>