$language = getLanguageName();
include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
+// check if valid charset\r
+if (!encoding_check(false,false,_CHARSET)) {\r
+ foreach(array($_REQUEST, $_SERVER) as $input) {\r
+ array_walk($input, 'encoding_check');\r
+ }\r
+}\r
+\r
/*
Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
} else {
header('Content-Type: ' . $contenttype);
}
+\r
+ // check if valid charset\r
+ if (!encoding_check(false,false,$charset)) {\r
+ foreach(array($_REQUEST, $_SERVER) as $input) {\r
+ array_walk($input, 'encoding_check');\r
+ }\r
+ }\r
}
}
* Errors before the database connection has been made
*/
function startUpError($msg, $title) {
+ if (!defined('_CHARSET')) define('_CHARSET','iso-8859-1');\r
+ header('Content-Type: text/html; charset=' . _CHARSET);\r
?>
<html xmlns="http://www.w3.org/1999/xhtml">
- <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <head><meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET?>" />\r
<title><?php echo htmlspecialchars($title)?></title></head>
<body>
<h1><?php echo htmlspecialchars($title)?></h1>
}
}
+function encoding_check($val, $key, $encoding=false, $exclude=false) {\r
+ /*\r
+ When 3rd argument is set, return if checked already.\r
+ When 4th argument is set, set the excluded key(s).\r
+ */\r
+ static $search=false, $checked=array(), $excludes=array();\r
+ if ($exclude!==false) {\r
+ if (is_array($exclude)) {\r
+ foreach($exclude as $v) $excludes[$v]=true;\r
+ } else $excludes[$excludes]=true;\r
+ return;\r
+ }\r
+ if ($encoding!==false) {\r
+ switch($encoding=strtolower($encoding)){\r
+ case 'utf-8':\r
+ $search='/^([\x00-\x7F]+'.\r
+ '|[\xC2-\xDF][\x80-\xBF]'.\r
+ '|[\xE0-\xEF][\x80-\xBF][\x80-\xBF]'.\r
+ '|[\xF0-\xF7][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.\r
+ '|[\xF8-\xFB][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.\r
+ '|[\xFC-\xFD][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF])*/';\r
+ break;\r
+ case 'euc-jp':\r
+ $search='/^([\x00-\x7F]+'.\r
+ '|[\x8E][\xA0-\xDF]'.\r
+ '|[\x8F]?[\xA1-\xFE][\xA1-\xFE])*/';\r
+ break;\r
+ case 'gb2312':\r
+ $search='/^([\x00-\x7F]+'.\r
+ '|[\xA1-\xF7][\xA1-\xFE])*/';\r
+ break;\r
+ case 'shift_jis':\r
+ // Note that shift_jis is only supported for output.\r
+ // Using shift_jis in DB is prohibited.\r
+ $search='/^([\x00-\x7F\xA1-\xDF]+'.\r
+ '|[\x81-\x9F\xE0-\xFC][\x40-\xFC])*/';\r
+ break;\r
+ default:\r
+ $search=false;\r
+ if (preg_match('/^iso\-8859\-[0-9]{1,2}$/',$encoding)) break;\r
+ if (preg_match('/^windows\-125[0-8]$/',$encoding)) break;\r
+ startUpError('<p>Unknown or non-supported encoding.</p>', 'Encoding Error');\r
+ exit;\r
+ }\r
+ if (isset($checked[$encoding])) return true; // Already checked.\r
+ $checked[$encoding]=true;\r
+ }\r
+ if ($key===false) return false; // Not yet checked.\r
+ if ($search===false) return true; // non-multibyte encoding\r
+ if (isset($excludes[$key])) return true; // This key isn't checked.\r
+ if (is_array($val)) {\r
+ array_walk($val, 'encoding_check');\r
+ } else {\r
+ preg_match($search,$val,$m);\r
+ $val2 = (string)$m[0];\r
+ if (!($val2 === (string)$val)) {\r
+ startUpError('<p>Invalid input.</p>', 'Input Error');\r
+ exit;\r
+ }\r
+ }\r
+ preg_match($search,$key,$m);\r
+ $key2 = (string)$m[0];\r
+ if (!($key2 === (string)$key)) {\r
+ startUpError('<p>Invalid input.</p>', 'Input Error');\r
+ exit;\r
+ }\r
+ return true;\r
+}\r
+\r
function checkVars($aVars) {
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;