hardening requests

lib/Froxlor/UI/Request.php

@@ -1,6 +1,9 @@
 <?php
 namespace Froxlor\UI;
 
+use Froxlor\PhpHelper;
+use voku\helper\AntiXSS;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2010 the Froxlor Team (see authors).
@@ -13,11 +16,34 @@ namespace Froxlor\UI;
  * @author     Froxlor team <team@froxlor.org> (2010-)
  * @author     Maurice Preuß <hello@envoyr.com>
  * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    API
+ * @package    Request
  *
  */
 class Request
 {
+    /**
+     * Check for xss attempts and clean important globals and
+     * unsetting every variable registered in $_REQUEST and as variable itself
+     */
+    public static function cleanAll()
+    {
+        foreach ($_REQUEST as $key => $value) {
+            if (isset($$key)) {
+                unset($$key);
+            }
+        }
+        unset($value);
+
+        $antiXss = new AntiXSS();
+
+        // check $_GET
+        PhpHelper::cleanGlobal($_GET, $antiXss);
+        // check $_POST
+        PhpHelper::cleanGlobal($_POST, $antiXss);
+        // check $_COOKIE
+        PhpHelper::cleanGlobal($_COOKIE, $antiXss);
+    }
+
     /**
      * Get key from current request.
      *
@@ -27,6 +53,8 @@ class Request
      */
     public static function get($key, string $default = null)
     {
+        self::cleanAll();
+
         return $_GET[$key] ?? $_POST[$key] ?? $default;
     }