From c62b657dfb8d6ac4f866cc8a6aeabea458154952 Mon Sep 17 00:00:00 2001
From: Isaac Flores <isaac.flores@beeznest.com>
Date: Thu, 30 Apr 2009 00:16:40 +0200
Subject: [PATCH] [svn r20201] logic changes - changed remove_XSS,added support
 for arrays - (partial FS#4122)

---
 main/inc/lib/security.lib.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php
index bceb993ebd..cc50422213 100755
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@@ -245,13 +245,24 @@ class Security{
 	 * 
 	 * Filtering for XSS is very easily done by using the htmlentities() function.
 	 * This kind of filtering prevents JavaScript snippets to be understood as such.
-	 * @param	string	The variable to filter for XSS
+	 * @param	string	The variable to filter for XSS,this params can be an array (example : array(x,y)) 
 	 * @return	string	Filtered string
 	 */
-	function remove_XSS($var)
-	{
+	function remove_XSS($var) {
 		global $charset;
-		return htmlentities($var,ENT_QUOTES,$charset);
+		if (is_array($var)) {
+			if (count($var)>0) {
+				foreach ($var as &$value_var) {
+					$value_var=htmlentities($value_var,ENT_QUOTES,$charset);	
+				}				
+			} else {
+				return '';
+			} 
+			return $var;
+
+		} else {
+			return htmlentities($var,ENT_QUOTES,$charset);	
+		}
 	}
 }
 ?>
\ No newline at end of file