--- a/inc/dns.inc.php Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/dns.inc.php Thu Jan 03 22:30:40 2008 +0000
@@ -518,9 +518,14 @@
return preg_match('!^(http://)(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+([//]([0-9a-z//~#%&\'_\-+=:?.]*))?$!i', $url);
}
- /****************************************
- * *
- * END OF RECORD VALIDATING PART. *
- * *
- ***************************************/
+function is_valid_search($holygrail)
+{
+ // Only allow for alphanumeric, numeric, dot, dash, underscore and
+ // percent in search string. The last two are wildcards for SQL.
+ // Needs extension probably for more usual record types.
+
+ return preg_match('/^[a-z0-9.\-%_]+$/i', $holygrail);
+}
+
+
?>