aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-21 17:24:13 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-21 17:24:13 +0000
commitc5dd69b30761786ca22878222d42f17e920ae8b2 (patch)
treeac7770bc2006637bb0926b9f5e8b31ac3b385887
parentb10b63780291e223dc30ece31ea2899ddd8078e1 (diff)
downloadelgg-c5dd69b30761786ca22878222d42f17e920ae8b2.tar.gz
elgg-c5dd69b30761786ca22878222d42f17e920ae8b2.tar.bz2
Fixed input for people with magic quotes on.
git-svn-id: https://code.elgg.org/elgg/trunk@2037 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/elgglib.php15
-rw-r--r--engine/lib/input.php61
2 files changed, 76 insertions, 0 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 272dd08dc..87fd40172 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1618,6 +1618,21 @@
system_message("Gatekeeper'd function called from {$callstack[1]['file']}:{$callstack[1]['line']}\n\nStack trace:\n\n" . print_r($callstack, true));
return false;
+ }
+
+ /**
+ * Returns true or false depending on whether a PHP .ini setting is on or off
+ *
+ * @param string $ini_get_arg The INI setting
+ * @return true|false Depending on whether it's on or off
+ */
+ function ini_get_bool($ini_get_arg) {
+ $temp = ini_get($ini_get_arg);
+
+ if ($temp == '1' or strtolower($temp) == 'on') {
+ return true;
+ }
+ return false;
}
/**
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 4b36393d8..6312ba191 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -142,6 +142,67 @@
}
function input_init() {
+
+ if (ini_get_bool('magic_quotes_gpc') ) {
+
+ //do keys as well, cos array_map ignores them
+ function stripslashes_arraykeys($array) {
+ if (is_array($array)) {
+ $array2 = array();
+ foreach ($array as $key => $data) {
+ if ($key != stripslashes($key)) {
+ $array2[stripslashes($key)] = $data;
+ } else {
+ $array2[$key] = $data;
+ }
+ }
+ return $array2;
+ } else {
+ return $array;
+ }
+ }
+
+ function stripslashes_deep($value) {
+ if (is_array($value)) {
+ $value = stripslashes_arraykeys($value);
+ $value = array_map('stripslashes_deep', $value);
+ } else {
+ $value = stripslashes($value);
+ }
+ return $value;
+ }
+
+ $_POST = stripslashes_arraykeys($_POST);
+ $_GET = stripslashes_arraykeys($_GET);
+ $_COOKIE = stripslashes_arraykeys($_COOKIE);
+ $_REQUEST = stripslashes_arraykeys($_REQUEST);
+
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+ if (!empty($_SERVER['REQUEST_URI'])) {
+ $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
+ }
+ if (!empty($_SERVER['QUERY_STRING'])) {
+ $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
+ }
+ if (!empty($_SERVER['HTTP_REFERER'])) {
+ $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
+ }
+ if (!empty($_SERVER['PATH_INFO'])) {
+ $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
+ }
+ if (!empty($_SERVER['PHP_SELF'])) {
+ $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
+ }
+ if (!empty($_SERVER['PATH_TRANSLATED'])) {
+ $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
+ }
+
+ }
+
+
global $CONFIG;
$CONFIG->allowedtags = array(
'address' => array(),