xssClean function added

Had 4 different contexts, the first 2 alter parts of strings, the last 2
remove those parts

lib/settings-common.php

@@ -60,6 +60,42 @@ function numClean($var) {
 	return is_numeric($var) ? floatval($var) : false;
 }
 
+// Clean XSS attempts using different contexts
+function xssClean($data,$types) {
+
+	// 'html'
+	if (strpos($types,"html")>-1) {
+		$bad  = array("<", ">", "=", "&", "(");
+		$good = array("&lt;", "&gt;", "&equals;", "&amp;", "&lpar;");
+		$data = str_replace($bad, $good, $data);
+	}
+
+	// 'style'
+	if (strpos($types,"style")>-1) {
+		$bad  = array("\"",  "``", "(", "&", ".", "\\");
+		$good = array("&quot;",  "&#96;&#96;", "&lpar;", "&amp;", "&#46;", "&#92;");
+		$data = str_replace($bad, $good, $data);
+	}
+
+	// 'tags'
+	if (strpos($types,"tags")>-1) {
+		$data = strip_tags($data);
+	}
+
+	// 'multi'
+	if (strpos($types,"multi")>-1) {
+		$bad = array(	'@<script[^>]*?>.*?</script>@si',	// Strip out javascript 
+				'@<[\/\!]*?[^<>]*?>@si',		// Strip out HTML tags 
+				'@<style[^>]*?>.*?</style>@siU',	// Strip style tags properly 
+				'@<![\s\S]*?--[ \t\n\r]*>@'		// Strip multi-line comments including CDATA 
+		);
+		$good = "";
+		$data = preg_replace($bad, $good, $data);
+	}
+
+	return $data;
+}
+
 // returns a UTF8 based string with any UFT8 BOM removed
 function toUTF8noBOM($string,$message) {
 	// Attempt to detect encoding