$v) { $_POST[$k] = stripslashes($v); } ini_set('magic_quotes_gpc', 0); } if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } // Set encoding and anti-CSRF token $_POST['enc'] = (isset($_POST['enc']) and preg_match('`^[-\w]+$`', $_POST['enc'])) ? $_POST['enc'] : 'utf-8'; if (count($_POST)) { if ( ( empty($_GET['pre']) && ( ( !empty($_POST['token']) && !empty($_SESSION['token']) && $_POST['token'] != $_SESSION['token'] ) || empty($_POST[$_sid]) || $_POST[$_sid] != session_id() || empty($_COOKIE[$_sid]) || $_COOKIE[$_sid] != session_id() ) ) || $_POST[$_sid] != session_id() ) { $_POST = array('enc'=>'utf-8'); } } if (empty($_GET['pre'])) { $_SESSION['token'] = md5(uniqid(rand(), 1)); $token = $_SESSION['token']; session_regenerate_id(1); } // Initiate compressed output if ( function_exists('gzencode') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && preg_match('`gzip|deflate`i', $_SERVER['HTTP_ACCEPT_ENCODING']) && !ini_get('zlib.output_compression') ) { ob_start('ob_gzhandler'); } // Output initial HTM for unprocessed input if (isset($_POST['inputH'])) { echo '
Rendering of raw/unprocessed input without an HTML doctype or charset declaration close window | htmLawed test page
Rendering of filtered/processed input without an HTML doctype or charset declaration close window | htmLawed test page
'; $offset = 0; $len = strlen($d); for ($i=$j=0; $i<$len; $i++) { // Convert to hexidecimal $hexi .= sprintf("%02X ", ord($d[$i])); // Replace non-viewable bytes with '.' if (ord($d[$i]) >= 32) { $ascii .= htmlspecialchars($d[$i]); } else { $ascii .= '.'; } // Add extra column spacing if ($j == 7) { $hexi .= ' '; $ascii .= ' '; } // Add row if (++$j == 16 || $i == $len-1) { // Join the hexi / ascii output echo sprintf("%04X %-49s %s", $offset, $hexi, $ascii); // Reset vars $hexi = $ascii = ''; $offset += 16; $j = 0; // Add newline if ($i !== $len-1) { echo "\n"; } } } echo ''; $o = ob_get_contents(); ob_end_clean(); return $o; } ?>