1 | 2 | simandl | <?php |
2 | | | /* $Id: grab_globals.lib.php,v 2.12 2005/08/14 19:31:55 lem9 Exp $ */ |
3 | | | // vim: expandtab sw=4 ts=4 sts=4: |
4 | | | |
5 | | | |
6 | | | /** |
7 | | | * This library grabs the names and values of the variables sent or posted to a |
8 | | | * script in the $_* arrays and sets simple globals variables from them. It does |
9 | | | * the same work for the $PHP_SELF, $HTTP_ACCEPT_LANGUAGE and |
10 | | | * $HTTP_AUTHORIZATION variables. |
11 | | | * |
12 | | | * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ |
13 | | | */ |
14 | | | |
15 | 3 | simandl | include ("config.php"); |
16 | | | |
17 | | | function sanitize($input){ |
18 | | | $output=""; |
19 | | | if(is_array($input)){ |
20 | | | foreach($input as $k=>$i){ |
21 | | | $output[$k]=sanitize($i); |
22 | | | } |
23 | 2 | simandl | } |
24 | 3 | simandl | else{ |
25 | | | if(get_magic_quotes_gpc()){ |
26 | | | $input=stripslashes($input); |
27 | 2 | simandl | } |
28 | 3 | simandl | $output=addslashes($input); |
29 | | | # echo "$input san $output<br>"; |
30 | | | } |
31 | | | return $output; |
32 | | | } |
33 | 2 | simandl | |
34 | 3 | simandl | $_POST=sanitize($_POST); |
35 | | | $_GET=sanitize($_GET); |
36 | | | $_COOKIE=sanitize($_COOKIE); |
37 | | | $_REQUEST=sanitize($_REQUEST); |
38 | 2 | simandl | |
39 | 3 | simandl | foreach ($_POST as $var => $value) { |
40 | | | ${"$var"}=$value; |
41 | 2 | simandl | } |
42 | | | |
43 | | | // check if a subform is submitted |
44 | | | $__redirect = NULL; |
45 | | | if ( isset( $_POST['usesubform'] ) ) { |
46 | | | // if a subform is present and should be used |
47 | | | // the rest of the form is deprecated |
48 | | | $subform_id = key( $_POST['usesubform'] ); |
49 | | | $subform = $_POST['subform'][$subform_id]; |
50 | | | $_POST = $subform; |
51 | | | if ( isset( $_POST['redirect'] ) |
52 | | | && $_POST['redirect'] != basename( $_SERVER['PHP_SELF'] ) ) { |
53 | | | $__redirect = $_POST['redirect']; |
54 | | | unset( $_POST['redirect'] ); |
55 | | | } // end if ( isset( $_POST['redirect'] ) ) |
56 | | | } // end if ( isset( $_POST['usesubform'] ) ) |
57 | | | // end check if a subform is submitted |
58 | | | |
59 | | | if (!empty($_FILES)) { |
60 | | | foreach ($_FILES AS $name => $value) { |
61 | | | $$name = $value['tmp_name']; |
62 | | | ${$name . '_name'} = $value['name']; |
63 | | | } |
64 | | | } // end if |
65 | | | |
66 | | | if (!empty($_SERVER)) { |
67 | | | $server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION'); |
68 | | | foreach ($server_vars as $current) { |
69 | | | if (isset($_SERVER[$current])) { |
70 | | | $$current = $_SERVER[$current]; |
71 | | | } elseif (!isset($$current)) { |
72 | | | $$current = ''; |
73 | | | } |
74 | | | } |
75 | | | unset($server_vars, $current); |
76 | | | } // end if |
77 | | | |
78 | | | // Security fix: disallow accessing serious server files via "?goto=" |
79 | | | if (isset($goto) && strpos(' ' . $goto, '/') > 0 && substr($goto, 0, 2) != './') { |
80 | | | unset($goto); |
81 | | | } // end if |
82 | | | |
83 | | | if ( ! empty( $__redirect ) ) { |
84 | | | require('./' . $__redirect); |
85 | | | exit(); |
86 | | | } // end if ( ! empty( $__redirect ) ) |
87 | | | ?> |