Util.php

<?php
 class Util extends BaseObject {

  /**
   * bereinigt den output
   *
   * @param string $string  der string
   * @return string
   */
  public static function escape($string) {
    return nl2br(htmlentities($string));
  }

  /**
   * redirect mit optionaler url - HINWEIS - redirection attack möglich!
   *
   * @param string $string  uri optional
   * @return null
   */
  public static function redirect($page = null) {
    if ($page == null) {
      $page = isset($_REQUEST['page']) ?
              $_REQUEST['page'] :
              $_SERVER['REQUEST_URI'];
    }
    header("Location: $page");
  }

  /**
   * GET parameter "page" adds current page to action so that a redirect 
   * back to this page is possible after successful execution of POST action
   * if "page" has been set before then just keep the current value (to avoid 
   * problem with "growing URLs" when a POST form is rendered "a second time" 
   * e.g. during a forward after an unsuccessful POS action)  
   * 
   * Be sure to check for invalid / insecure page redirects!!
   *
   * @param string $action  uri optional
   * @param array $params  array key/value pairs
   * @return null
   */
  public static function action($action, $params = null) {
    $page = isset($_REQUEST['page']) ?
            $_REQUEST['page'] :
            $_SERVER['REQUEST_URI'];

    $res = 'index.php?action=' . rawurlencode($action) . '&page=' . rawurlencode($page);

    if (is_array($params)) {
      foreach ($params as $name => $value) {
        $res .= '&' . rawurlencode($name) . '=' . rawurlencode($value);
      }
    }

    return $res;
  }

}