is |
Subversion Repositories: |
Rev 2 | Rev 3 | |
---|---|---|
Line 10... | Line 10... | |
* $HTTP_AUTHORIZATION variables. |
* $HTTP_AUTHORIZATION variables. | |
* |
* | |
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ |
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ | |
*/ |
*/ | |
|
| |
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { |
include ("config.php"); | |
if (!is_array($array)) { |
| |
return FALSE; |
function sanitize($input){ | |
$output=""; | ||
if(is_array($input)){ | ||
foreach($input as $k=>$i){ | ||
$output[$k]=sanitize($i); | ||
} | ||
} |
} | |
$is_magic_quotes = get_magic_quotes_gpc(); |
else{ | |
foreach ($array AS $key => $value) { |
if(get_magic_quotes_gpc()){ | |
/** |
$input=stripslashes($input); | |
* 2005-02-22, rabus: |
||
* |
||
* This is just an ugly hotfix to avoid changing internal config |
||
* parameters. |
||
* |
||
* Currently, the following variable names are rejected when found in |
||
* $_GET or $_POST: cfg, GLOBALS, str* and _* |
||
*/ |
||
if ($sanitize && is_string($key) && ( |
||
$key == 'cfg' |
||
|| $key == 'GLOBALS' |
||
|| substr($key, 0, 3) == 'str' |
||
|| $key{0} == '_')) { |
||
continue; |
||
} |
} | |
$output=addslashes($input); | ||
# echo "$input san $output<br>"; | ||
} | ||
return $output; | ||
} | ||
|
| |
if (is_array($value)) { |
$_POST=sanitize($_POST); | |
// there could be a variable coming from a cookie of |
$_GET=sanitize($_GET); | |
// another application, with the same name as this array |
$_COOKIE=sanitize($_COOKIE); | |
unset($target[$key]); |
$_REQUEST=sanitize($_REQUEST); | |
|
| |
PMA_gpc_extract($value, $target[$key], FALSE); |
foreach ($_POST as $var => $value) { | |
} else if ($is_magic_quotes) { |
${"$var"}=$value; | |
$target[$key] = stripslashes($value); |
||
} else { |
||
$target[$key] = $value; |
||
} |
||
} |
||
return TRUE; |
||
} |
} | |
|
| |
// check if a subform is submitted |
// check if a subform is submitted | |
$__redirect = NULL; |
$__redirect = NULL; | |
if ( isset( $_POST['usesubform'] ) ) { |
if ( isset( $_POST['usesubform'] ) ) { | |
Line 63... | Line 53... | |
$__redirect = $_POST['redirect']; |
$__redirect = $_POST['redirect']; | |
unset( $_POST['redirect'] ); |
unset( $_POST['redirect'] ); | |
} // end if ( isset( $_POST['redirect'] ) ) |
} // end if ( isset( $_POST['redirect'] ) ) | |
} // end if ( isset( $_POST['usesubform'] ) ) |
} // end if ( isset( $_POST['usesubform'] ) ) | |
// end check if a subform is submitted |
// end check if a subform is submitted | |
|
||
if (!empty($_GET)) { |
||
PMA_gpc_extract($_GET, $GLOBALS); |
||
} // end if |
||
|
||
if (!empty($_POST)) { |
||
PMA_gpc_extract($_POST, $GLOBALS); |
||
} // end if (!empty($_POST)) |
||
|
| |
if (!empty($_FILES)) { |
if (!empty($_FILES)) { | |
foreach ($_FILES AS $name => $value) { |
foreach ($_FILES AS $name => $value) { | |
$$name = $value['tmp_name']; |
$$name = $value['tmp_name']; | |
${$name . '_name'} = $value['name']; |
${$name . '_name'} = $value['name']; |