1 | 2 | simandl | <?php |
2 | | | /* $Id: grab_globals.lib.php,v 2.12 2005/08/14 19:31:55 lem9 Exp $ */ |
3 | | | // vim: expandtab sw=4 ts=4 sts=4: |
4 | | | |
5 | | | |
6 | | | /** |
7 | | | * This library grabs the names and values of the variables sent or posted to a |
8 | | | * script in the $_* arrays and sets simple globals variables from them. It does |
9 | | | * the same work for the $PHP_SELF, $HTTP_ACCEPT_LANGUAGE and |
10 | | | * $HTTP_AUTHORIZATION variables. |
11 | | | * |
12 | | | * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ |
13 | | | */ |
14 | | | |
15 | | | function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { |
16 | | | if (!is_array($array)) { |
17 | | | return FALSE; |
18 | | | } |
19 | | | $is_magic_quotes = get_magic_quotes_gpc(); |
20 | | | foreach ($array AS $key => $value) { |
21 | | | /** |
22 | | | * 2005-02-22, rabus: |
23 | | | * |
24 | | | * This is just an ugly hotfix to avoid changing internal config |
25 | | | * parameters. |
26 | | | * |
27 | | | * Currently, the following variable names are rejected when found in |
28 | | | * $_GET or $_POST: cfg, GLOBALS, str* and _* |
29 | | | */ |
30 | | | if ($sanitize && is_string($key) && ( |
31 | | | $key == 'cfg' |
32 | | | || $key == 'GLOBALS' |
33 | | | || substr($key, 0, 3) == 'str' |
34 | | | || $key{0} == '_')) { |
35 | | | continue; |
36 | | | } |
37 | | | |
38 | | | if (is_array($value)) { |
39 | | | // there could be a variable coming from a cookie of |
40 | | | // another application, with the same name as this array |
41 | | | unset($target[$key]); |
42 | | | |
43 | | | PMA_gpc_extract($value, $target[$key], FALSE); |
44 | | | } else if ($is_magic_quotes) { |
45 | | | $target[$key] = stripslashes($value); |
46 | | | } else { |
47 | | | $target[$key] = $value; |
48 | | | } |
49 | | | } |
50 | | | return TRUE; |
51 | | | } |
52 | | | |
53 | | | // check if a subform is submitted |
54 | | | $__redirect = NULL; |
55 | | | if ( isset( $_POST['usesubform'] ) ) { |
56 | | | // if a subform is present and should be used |
57 | | | // the rest of the form is deprecated |
58 | | | $subform_id = key( $_POST['usesubform'] ); |
59 | | | $subform = $_POST['subform'][$subform_id]; |
60 | | | $_POST = $subform; |
61 | | | if ( isset( $_POST['redirect'] ) |
62 | | | && $_POST['redirect'] != basename( $_SERVER['PHP_SELF'] ) ) { |
63 | | | $__redirect = $_POST['redirect']; |
64 | | | unset( $_POST['redirect'] ); |
65 | | | } // end if ( isset( $_POST['redirect'] ) ) |
66 | | | } // end if ( isset( $_POST['usesubform'] ) ) |
67 | | | // end check if a subform is submitted |
68 | | | |
69 | | | if (!empty($_GET)) { |
70 | | | PMA_gpc_extract($_GET, $GLOBALS); |
71 | | | } // end if |
72 | | | |
73 | | | if (!empty($_POST)) { |
74 | | | PMA_gpc_extract($_POST, $GLOBALS); |
75 | | | } // end if (!empty($_POST)) |
76 | | | |
77 | | | if (!empty($_FILES)) { |
78 | | | foreach ($_FILES AS $name => $value) { |
79 | | | $$name = $value['tmp_name']; |
80 | | | ${$name . '_name'} = $value['name']; |
81 | | | } |
82 | | | } // end if |
83 | | | |
84 | | | if (!empty($_SERVER)) { |
85 | | | $server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION'); |
86 | | | foreach ($server_vars as $current) { |
87 | | | if (isset($_SERVER[$current])) { |
88 | | | $$current = $_SERVER[$current]; |
89 | | | } elseif (!isset($$current)) { |
90 | | | $$current = ''; |
91 | | | } |
92 | | | } |
93 | | | unset($server_vars, $current); |
94 | | | } // end if |
95 | | | |
96 | | | // Security fix: disallow accessing serious server files via "?goto=" |
97 | | | if (isset($goto) && strpos(' ' . $goto, '/') > 0 && substr($goto, 0, 2) != './') { |
98 | | | unset($goto); |
99 | | | } // end if |
100 | | | |
101 | | | if ( ! empty( $__redirect ) ) { |
102 | | | require('./' . $__redirect); |
103 | | | exit(); |
104 | | | } // end if ( ! empty( $__redirect ) ) |
105 | | | ?> |