WebSVN - is - Diff - Rev 3 and 2 - /trunk/html/grab

is	Subversion Repositories:

[/] [trunk/] [html/] [grab_globals.lib.php] - Diff between revs 2 and 3

Show entire file Ignore whitespace

Rev 2 Rev 3

Line 10... Line 10...

* $HTTP_AUTHORIZATION variables. * $HTTP_AUTHORIZATION variables.

* *

* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+

*/ */

function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { include ("config.php");

if (!is_array($array)) {

return FALSE; function sanitize($input){

$output="";

if(is_array($input)){

foreach($input as $k=>$i){

$output[$k]=sanitize($i);

}

} }

$is_magic_quotes = get_magic_quotes_gpc(); else{

foreach ($array AS $key => $value) { if(get_magic_quotes_gpc()){

/** $input=stripslashes($input);

* 2005-02-22, rabus:

*

* This is just an ugly hotfix to avoid changing internal config

* parameters.

*

* Currently, the following variable names are rejected when found in

* $_GET or $_POST: cfg, GLOBALS, str* and _*

*/

if ($sanitize && is_string($key) && (

$key == 'cfg'

|| $key == 'GLOBALS'

|| substr($key, 0, 3) == 'str'

|| $key{0} == '_')) {

continue;

} }

$output=addslashes($input);

# echo "$input san $output<br>";

}

return $output;

}

if (is_array($value)) { $_POST=sanitize($_POST);

// there could be a variable coming from a cookie of $_GET=sanitize($_GET);

// another application, with the same name as this array $_COOKIE=sanitize($_COOKIE);

unset($target[$key]); $_REQUEST=sanitize($_REQUEST);

PMA_gpc_extract($value, $target[$key], FALSE); foreach ($_POST as $var => $value) {

} else if ($is_magic_quotes) { ${"$var"}=$value;

$target[$key] = stripslashes($value);

} else {

$target[$key] = $value;

}

}

return TRUE;

} }

// check if a subform is submitted // check if a subform is submitted

$__redirect = NULL; $__redirect = NULL;

if ( isset( $_POST['usesubform'] ) ) { if ( isset( $_POST['usesubform'] ) ) {

Line 63... Line 53...

$__redirect = $_POST['redirect']; $__redirect = $_POST['redirect'];

unset( $_POST['redirect'] ); unset( $_POST['redirect'] );

} // end if ( isset( $_POST['redirect'] ) ) } // end if ( isset( $_POST['redirect'] ) )

} // end if ( isset( $_POST['usesubform'] ) ) } // end if ( isset( $_POST['usesubform'] ) )

// end check if a subform is submitted // end check if a subform is submitted

if (!empty($_GET)) {

PMA_gpc_extract($_GET, $GLOBALS);

} // end if

if (!empty($_POST)) {

PMA_gpc_extract($_POST, $GLOBALS);

} // end if (!empty($_POST))

if (!empty($_FILES)) { if (!empty($_FILES)) {

foreach ($_FILES AS $name => $value) { foreach ($_FILES AS $name => $value) {

$$name = $value['tmp_name']; $$name = $value['tmp_name'];

${$name . '_name'} = $value['name']; ${$name . '_name'} = $value['name'];

-Rev 2
+Rev 3
 Line 10...
  * $HTTP_AUTHORIZATION variables.
  *
  * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
  */
-function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
+include ("config.php");
-    if (!is_array($array)) {
-        return FALSE;
+function sanitize($input){
+    $output="";
+    if(is_array($input)){
+        foreach($input as $k=>$i){
+            $output[$k]=sanitize($i);
+        }
     }
-    $is_magic_quotes = get_magic_quotes_gpc();
+    else{
-    foreach ($array AS $key => $value) {
+        if(get_magic_quotes_gpc()){
-        /**
+            $input=stripslashes($input);
-         * 2005-02-22, rabus:
-         *
-         * This is just an ugly hotfix to avoid changing internal config
-         * parameters.
-         *
-         * Currently, the following variable names are rejected when found in
-         * $_GET or $_POST: cfg, GLOBALS, str* and _*
-         */
-        if ($sanitize && is_string($key) && (
-            $key == 'cfg'
-            || $key == 'GLOBALS'
-            || substr($key, 0, 3) == 'str'
-            || $key{0} == '_')) {
-            continue;
         }
+        $output=addslashes($input);
+#       echo "$input san $output<br>";
+    }
+    return $output;
+}
-        if (is_array($value)) {
+$_POST=sanitize($_POST);
-            // there could be a variable coming from a cookie of
+$_GET=sanitize($_GET);
-            // another application, with the same name as this array
+$_COOKIE=sanitize($_COOKIE);
-            unset($target[$key]);
+$_REQUEST=sanitize($_REQUEST);
-            PMA_gpc_extract($value, $target[$key], FALSE);
+foreach ($_POST as $var => $value) {
-        } else if ($is_magic_quotes) {
+${"$var"}=$value;
-            $target[$key] = stripslashes($value);
-        } else {
-            $target[$key] = $value;
-        }
-    }
-    return TRUE;
 }
 // check if a subform is submitted
 $__redirect = NULL;
 if ( isset( $_POST['usesubform'] ) ) {
-Line 63...
+Line 53...
         $__redirect = $_POST['redirect'];
         unset( $_POST['redirect'] );
     } // end if ( isset( $_POST['redirect'] ) )
 } // end if ( isset( $_POST['usesubform'] ) )
 // end check if a subform is submitted
-if (!empty($_GET)) {
-    PMA_gpc_extract($_GET, $GLOBALS);
-} // end if
-if (!empty($_POST)) {
-    PMA_gpc_extract($_POST, $GLOBALS);
-} // end if (!empty($_POST))
 if (!empty($_FILES)) {
     foreach ($_FILES AS $name => $value) {
         $$name = $value['tmp_name'];
         ${$name . '_name'} = $value['name'];