aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/input.php
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-10-15 04:41:46 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-10-15 04:41:46 +0000
commit54a3c3e7e9e70c4770010e442e95f734200d03f9 (patch)
treef8e2e7e383523bbf28654ec171e57c841ed1910b /engine/lib/input.php
parentba331497c03a51ae4b46b387e5f6773620a98cff (diff)
downloadelgg-54a3c3e7e9e70c4770010e442e95f734200d03f9.tar.gz
elgg-54a3c3e7e9e70c4770010e442e95f734200d03f9.tar.bz2
Standardized gobs of files.
git-svn-id: http://code.elgg.org/elgg/trunk@3548 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/input.php')
-rw-r--r--engine/lib/input.php692
1 files changed, 339 insertions, 353 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 49eb63f13..289542547 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -1,376 +1,362 @@
<?php
- /**
- * Parameter input functions.
- * This file contains functions for getting input from get/post variables.
- *
- * @package Elgg
- * @subpackage Core
-
- * @author Curverider Ltd <info@elgg.com>
-
- * @link http://elgg.org/
- */
-
- /**
- * Get some input from variables passed on the GET or POST line.
- *
- * @param $variable string The variable we want to return.
- * @param $default mixed A default value for the variable if it is not found.
- * @param $filter_result If true then the result is filtered for bad tags.
- */
- function get_input($variable, $default = "", $filter_result = true)
- {
-
- global $CONFIG;
-
- if (isset($CONFIG->input[$variable])) {
- $var = $CONFIG->input[$variable];
-
- if ($filter_result)
- $var = filter_tags($var);
-
- return $var;
+/**
+ * Parameter input functions.
+ * This file contains functions for getting input from get/post variables.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd <info@elgg.com>
+ * @link http://elgg.org/
+ */
+
+/**
+ * Get some input from variables passed on the GET or POST line.
+ *
+ * @param $variable string The variable we want to return.
+ * @param $default mixed A default value for the variable if it is not found.
+ * @param $filter_result If true then the result is filtered for bad tags.
+ */
+function get_input($variable, $default = "", $filter_result = true) {
+
+ global $CONFIG;
+
+ if (isset($CONFIG->input[$variable])) {
+ $var = $CONFIG->input[$variable];
+
+ if ($filter_result) {
+ $var = filter_tags($var);
}
-
- if (isset($_REQUEST[$variable])) {
-
- if (is_array($_REQUEST[$variable])) {
- $var = $_REQUEST[$variable];
- } else {
- $var = trim($_REQUEST[$variable]);
- }
-
- if ($filter_result)
- $var = filter_tags($var);
- return $var;
-
+ return $var;
+ }
+
+ if (isset($_REQUEST[$variable])) {
+ if (is_array($_REQUEST[$variable])) {
+ $var = $_REQUEST[$variable];
+ } else {
+ $var = trim($_REQUEST[$variable]);
}
- return $default;
+ if ($filter_result) {
+ $var = filter_tags($var);
+ }
+ return $var;
}
-
- /**
- * Sets an input value that may later be retrieved by get_input
- *
- * @param string $variable The name of the variable
- * @param string $value The value of the variable
- */
- function set_input($variable, $value) {
-
- global $CONFIG;
- if (!isset($CONFIG->input))
- $CONFIG->input = array();
-
- if (is_array($value))
- {
- foreach ($value as $key => $val)
- $value[$key] = trim($val);
-
- $CONFIG->input[trim($variable)] = $value;
+
+ return $default;
+}
+
+/**
+ * Sets an input value that may later be retrieved by get_input
+ *
+ * @param string $variable The name of the variable
+ * @param string $value The value of the variable
+ */
+function set_input($variable, $value) {
+ global $CONFIG;
+ if (!isset($CONFIG->input)) {
+ $CONFIG->input = array();
+ }
+
+ if (is_array($value)) {
+ foreach ($value as $key => $val) {
+ $value[$key] = trim($val);
}
- else
- $CONFIG->input[trim($variable)] = trim($value);
-
+
+ $CONFIG->input[trim($variable)] = $value;
+ } else {
+ $CONFIG->input[trim($variable)] = trim($value);
}
-
- /**
- * Filter tags from a given string based on registered hooks.
- * @param $var
- * @return mixed The filtered result
- */
- function filter_tags($var)
- {
- return trigger_plugin_hook('validate', 'input', null, $var);
+}
+
+/**
+ * Filter tags from a given string based on registered hooks.
+ * @param $var
+ * @return mixed The filtered result
+ */
+function filter_tags($var) {
+ return trigger_plugin_hook('validate', 'input', null, $var);
+}
+
+/**
+ * Sanitise file paths for input, ensuring that they begin and end with slashes etc.
+ *
+ * @param string $path The path
+ * @return string
+ */
+function sanitise_filepath($path) {
+ // Convert to correct UNIX paths
+ $path = str_replace('\\', '/', $path);
+
+ // Sort trailing slash
+ $path = trim($path);
+ $path = rtrim($path, " /");
+ $path = $path . "/";
+
+ return $path;
+}
+
+
+/**
+ * Takes a string and turns any URLs into formatted links
+ *
+ * @param string $text The input string
+ * @return string The output stirng with formatted links
+ **/
+function parse_urls($text) {
+ return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i',
+ create_function(
+ '$matches',
+ '
+ $url = $matches[1];
+ $urltext = str_replace("/", "/<wbr />", $url);
+ return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
+ '
+ ), $text);
+}
+
+function autop($pee, $br = 1) {
+ $pee = $pee . "\n"; // just to make things a little easier, pad the end
+ $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
+ // Space things out a little
+ $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
+ $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
+ $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
+ $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
+ if ( strpos($pee, '<object') !== false ) {
+ $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
+ $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
}
-
- /**
- * Sanitise file paths for input, ensuring that they begin and end with slashes etc.
- *
- * @param string $path The path
- * @return string
- */
- function sanitise_filepath($path)
- {
- // Convert to correct UNIX paths
- $path = str_replace('\\', '/', $path);
-
- // Sort trailing slash
- $path = trim($path);
- $path = rtrim($path, " /");
- $path = $path . "/";
-
- return $path;
+ $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
+ $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
+ $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
+ $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
+ $pee = preg_replace( '|<p>|', "$1<p>", $pee );
+ $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
+ $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
+ $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
+ $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
+ $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
+ $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
+ if ($br) {
+ $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
+ $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
+ $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
}
-
-
- /**
- * Takes a string and turns any URLs into formatted links
- *
- * @param string $text The input string
- * @return string The output stirng with formatted links
- **/
- function parse_urls($text) {
-
- return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i',
- create_function(
- '$matches',
- '
- $url = $matches[1];
- $urltext = str_replace("/", "/<wbr />", $url);
- return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
- '
- ), $text);
- }
-
- function autop($pee, $br = 1) {
- $pee = $pee . "\n"; // just to make things a little easier, pad the end
- $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
- // Space things out a little
- $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
- $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
- $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
- $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
- if ( strpos($pee, '<object') !== false ) {
- $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
- $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
- }
- $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
- $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
- $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
- $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
- $pee = preg_replace( '|<p>|', "$1<p>", $pee );
- $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
- $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
- $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
- $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
- $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
- $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
- if ($br) {
- $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
- $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
- $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
- }
- $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
- $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
- if (strpos($pee, '<pre') !== false)
- $pee = preg_replace_callback('!(<pre.*?>)(.*?)</pre>!is', 'clean_pre', $pee );
- $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
-
- return $pee;
+ $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
+ $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
+ if (strpos($pee, '<pre') !== false) {
+ $pee = preg_replace_callback('!(<pre.*?>)(.*?)</pre>!is', 'clean_pre', $pee );
}
-
- /**
- * Page handler for autocomplete endpoint.
- *
- * @param $page
- * @return unknown_type
- */
- function input_livesearch_page_handler($page) {
- global $CONFIG;
- // only return results to logged in users.
- if (!$user = get_loggedin_user()) {
- exit;
- }
-
- if (!$q = get_input('q')) {
- exit;
- }
+ $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
- $q = mysql_real_escape_string($q);
+ return $pee;
+}
- // replace mysql vars with escaped strings
- $q = str_replace(array('_', '%'), array('\_', '\%'), $q);
-
- $match_on = get_input('match_on', 'all');
- if ($match_on == 'all' || $match_on[0] == 'all') {
- $match_on = array('users', 'groups');
- }
-
- if (!is_array($match_on)) {
- $match_on = array($match_on);
- }
-
- if (get_input('match_owner', false)) {
- $owner_guid = $user->getGUID();
- $owner_where = 'AND e.owner_guid = ' . $user->getGUID();
- } else {
- $owner_guid = null;
- $owner_where = '';
- }
-
- $limit = get_input('limit', 10);
-
- // grab a list of entities and send them in json.
- $results = array();
- foreach ($match_on as $type) {
- switch ($type) {
- case 'all':
- // only need to pull up title from objects.
-
- if (!$entities = get_entities(null, null, $owner_guid, null, $limit) AND is_array($entities)) {
- $results = array_merge($results, $entities);
- }
- break;
-
- case 'users':
- $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e
- WHERE e.guid = ue.guid
- AND e.enabled = 'yes'
- AND ue.banned = 'no'
- AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
- LIMIT $limit
- ";
-
- if ($entities = get_data($query)) {
- foreach ($entities as $entity) {
- $json = json_encode(array(
- 'type' => 'user',
- 'name' => $entity->name,
- 'desc' => $entity->username,
- 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
- 'guid' => $entity->guid
- ));
- $results[$entity->name . rand(1,100)] = $json;
- }
+/**
+ * Page handler for autocomplete endpoint.
+ *
+ * @param $page
+ * @return unknown_type
+ */
+function input_livesearch_page_handler($page) {
+ global $CONFIG;
+ // only return results to logged in users.
+ if (!$user = get_loggedin_user()) {
+ exit;
+ }
+
+ if (!$q = get_input('q')) {
+ exit;
+ }
+
+ $q = mysql_real_escape_string($q);
+
+ // replace mysql vars with escaped strings
+ $q = str_replace(array('_', '%'), array('\_', '\%'), $q);
+
+ $match_on = get_input('match_on', 'all');
+ if ($match_on == 'all' || $match_on[0] == 'all') {
+ $match_on = array('users', 'groups');
+ }
+
+ if (!is_array($match_on)) {
+ $match_on = array($match_on);
+ }
+
+ if (get_input('match_owner', false)) {
+ $owner_guid = $user->getGUID();
+ $owner_where = 'AND e.owner_guid = ' . $user->getGUID();
+ } else {
+ $owner_guid = null;
+ $owner_where = '';
+ }
+
+ $limit = get_input('limit', 10);
+
+ // grab a list of entities and send them in json.
+ $results = array();
+ foreach ($match_on as $type) {
+ switch ($type) {
+ case 'all':
+ // only need to pull up title from objects.
+
+ if (!$entities = get_entities(null, null, $owner_guid, null, $limit) AND is_array($entities)) {
+ $results = array_merge($results, $entities);
+ }
+ break;
+
+ case 'users':
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e
+ WHERE e.guid = ue.guid
+ AND e.enabled = 'yes'
+ AND ue.banned = 'no'
+ AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
+ LIMIT $limit
+ ";
+
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'user',
+ 'name' => $entity->name,
+ 'desc' => $entity->username,
+ 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ $results[$entity->name . rand(1,100)] = $json;
}
- break;
-
- case 'groups':
- // don't return results if groups aren't enabled.
- if (!is_plugin_enabled('groups')) {
- continue;
+ }
+ break;
+
+ case 'groups':
+ // don't return results if groups aren't enabled.
+ if (!is_plugin_enabled('groups')) {
+ continue;
+ }
+ $query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e
+ WHERE e.guid = ge.guid
+ AND e.enabled = 'yes'
+ $owner_where
+ AND (ge.name LIKE '$q%' OR ge.description LIKE '%$q%')
+ LIMIT $limit
+ ";
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'group',
+ 'name' => $entity->name,
+ 'desc' => strip_tags($entity->description),
+ 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ //$results[$entity->name . rand(1,100)] = "$json|{$entity->guid}";
+ $results[$entity->name . rand(1,100)] = $json;
}
- $query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e
- WHERE e.guid = ge.guid
- AND e.enabled = 'yes'
- $owner_where
- AND (ge.name LIKE '$q%' OR ge.description LIKE '%$q%')
- LIMIT $limit
- ";
- if ($entities = get_data($query)) {
- foreach ($entities as $entity) {
- $json = json_encode(array(
- 'type' => 'group',
- 'name' => $entity->name,
- 'desc' => strip_tags($entity->description),
- 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
- 'guid' => $entity->guid
- ));
- //$results[$entity->name . rand(1,100)] = "$json|{$entity->guid}";
- $results[$entity->name . rand(1,100)] = $json;
- }
+ }
+ break;
+
+ case 'friends':
+ $access = get_access_sql_suffix();
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, {$CONFIG->dbprefix}entities as e
+ WHERE er.relationship = 'friend'
+ AND er.guid_one = {$user->getGUID()}
+ AND er.guid_two = ue.guid
+ AND e.guid = ue.guid
+ AND e.enabled = 'yes'
+ AND ue.banned = 'no'
+ AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
+ LIMIT $limit
+ ";
+
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'user',
+ 'name' => $entity->name,
+ 'desc' => $entity->username,
+ 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ $results[$entity->name . rand(1,100)] = $json;
}
- break;
-
- case 'friends':
- $access = get_access_sql_suffix();
- $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, {$CONFIG->dbprefix}entities as e
- WHERE er.relationship = 'friend'
- AND er.guid_one = {$user->getGUID()}
- AND er.guid_two = ue.guid
- AND e.guid = ue.guid
- AND e.enabled = 'yes'
- AND ue.banned = 'no'
- AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
- LIMIT $limit
- ";
-
- if ($entities = get_data($query)) {
- foreach ($entities as $entity) {
- $json = json_encode(array(
- 'type' => 'user',
- 'name' => $entity->name,
- 'desc' => $entity->username,
- 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
- 'guid' => $entity->guid
- ));
- $results[$entity->name . rand(1,100)] = $json;
- }
+ }
+ break;
+
+ default:
+ // arbitrary subtype.
+ get_entities(null, $type, $owner_guid);
+ break;
+ }
+ }
+
+ ksort($results);
+ echo implode($results, "\n");
+ exit;
+}
+
+
+function input_init() {
+ // register an endpoint for live search / autocomplete.
+ register_page_handler('livesearch', 'input_livesearch_page_handler');
+
+ if (ini_get_bool('magic_quotes_gpc') ) {
+ //do keys as well, cos array_map ignores them
+ function stripslashes_arraykeys($array) {
+ if (is_array($array)) {
+ $array2 = array();
+ foreach ($array as $key => $data) {
+ if ($key != stripslashes($key)) {
+ $array2[stripslashes($key)] = $data;
+ } else {
+ $array2[$key] = $data;
}
- break;
-
- default:
- // arbitrary subtype.
- get_entities(null, $type, $owner_guid);
- break;
+ }
+ return $array2;
+ } else {
+ return $array;
}
}
-
- ksort($results);
- echo implode($results, "\n");
- exit;
- }
-
- function input_init() {
-
- // register an endpoint for live search / autocomplete.
- register_page_handler('livesearch', 'input_livesearch_page_handler');
-
- if (ini_get_bool('magic_quotes_gpc') ) {
-
- //do keys as well, cos array_map ignores them
- function stripslashes_arraykeys($array) {
- if (is_array($array)) {
- $array2 = array();
- foreach ($array as $key => $data) {
- if ($key != stripslashes($key)) {
- $array2[stripslashes($key)] = $data;
- } else {
- $array2[$key] = $data;
- }
- }
- return $array2;
- } else {
- return $array;
- }
- }
-
- function stripslashes_deep($value) {
- if (is_array($value)) {
- $value = stripslashes_arraykeys($value);
- $value = array_map('stripslashes_deep', $value);
- } else {
- $value = stripslashes($value);
- }
- return $value;
- }
-
- $_POST = stripslashes_arraykeys($_POST);
- $_GET = stripslashes_arraykeys($_GET);
- $_COOKIE = stripslashes_arraykeys($_COOKIE);
- $_REQUEST = stripslashes_arraykeys($_REQUEST);
-
- $_POST = array_map('stripslashes_deep', $_POST);
- $_GET = array_map('stripslashes_deep', $_GET);
- $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
- $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
- if (!empty($_SERVER['REQUEST_URI'])) {
- $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
- }
- if (!empty($_SERVER['QUERY_STRING'])) {
- $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
- }
- if (!empty($_SERVER['HTTP_REFERER'])) {
- $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
- }
- if (!empty($_SERVER['PATH_INFO'])) {
- $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
- }
- if (!empty($_SERVER['PHP_SELF'])) {
- $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
- }
- if (!empty($_SERVER['PATH_TRANSLATED'])) {
- $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
- }
-
+ function stripslashes_deep($value) {
+ if (is_array($value)) {
+ $value = stripslashes_arraykeys($value);
+ $value = array_map('stripslashes_deep', $value);
+ } else {
+ $value = stripslashes($value);
+ }
+ return $value;
+ }
+
+ $_POST = stripslashes_arraykeys($_POST);
+ $_GET = stripslashes_arraykeys($_GET);
+ $_COOKIE = stripslashes_arraykeys($_COOKIE);
+ $_REQUEST = stripslashes_arraykeys($_REQUEST);
+
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+ if (!empty($_SERVER['REQUEST_URI'])) {
+ $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
+ }
+ if (!empty($_SERVER['QUERY_STRING'])) {
+ $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
+ }
+ if (!empty($_SERVER['HTTP_REFERER'])) {
+ $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
+ }
+ if (!empty($_SERVER['PATH_INFO'])) {
+ $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
+ }
+ if (!empty($_SERVER['PHP_SELF'])) {
+ $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
+ }
+ if (!empty($_SERVER['PATH_TRANSLATED'])) {
+ $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
}
-
}
-
- register_elgg_event_handler('init','system','input_init');
-
-
-?>
+}
+
+register_elgg_event_handler('init','system','input_init'); \ No newline at end of file