aRequestVars = array_merge($aGet, $aPost, $aCookies); foreach($this->aRequestVars as $key => $val) { // Check for base64 URL encoded paramater and split to load RC. if($key == 'encoded_url') { $decoded = $this->Decode($val); $vars = explode("&", $decoded); foreach($vars as $var) { list($k, $v) = explode("=", $var); $this->aRequestVars[$k] = htmlentities($v, ENT_QUOTES, 'utf-8'); } unset($this->aRequestVars[$key]); // Or if we just passed simple enocded ID number. } elseif($key == 'encoded_id') { $decoded = $this->Decode($val); $this->aRequestVars['id'] = htmlentities($this->Decode($val), ENT_QUOTES, 'utf-8'); unset($this->aRequestVars[$key]); } elseif(is_array($val)) { foreach ($val as $k => $v) { if(!is_array($val)) { // Note the use of HTMLEntities to encode any HTML tags. Important to restrict XSS attacks. // Cross Site Scripting attacks can take advantage of form inputs to embed malicious HTML or Javascript. $this->aRequestVars[$key][htmlentities($k, ENT_QUOTES, 'utf-8')] = htmlentities($v, ENT_QUOTES, 'utf-8'); } } } else { // Note the use of HTMLEntities to encode any HTML tags. Important to restrict XSS attacks. // Cross Site Scripting attacks can take advantage of form inputs to embed malicious HTML or Javascript. $this->aRequestVars[$key] = htmlentities($val, ENT_QUOTES, 'utf-8' ); } } } function GetVar($sVarName) { reset($this->aRequestVars); if(array_key_exists($sVarName, $this->aRequestVars)) { return $this->aRequestVars[$sVarName]; } else { return false; } } function SetVar($sName, $sValue) { $this->aRequestVars[$sName] = htmlentities($sValue, ENT_QUOTES, 'utf-8'); } // Base64 URL encode function Encode($data) { return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); } // Base64 URL decode function Decode($data) { return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); } } ?>