- $_POST = strip_quotes($_POST);
-
-// GET cleanup against XSS. (NB in FA those are mainly numeric transaction numbers)
- foreach($_GET as $name => $value) {
-// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
- $_GET[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
-
- }
- foreach($_POST as $name => $value) {
-// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
- $_POST[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
-
- }