aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-10-30 13:08:20 -0400
committerCash Costello <cash.costello@gmail.com>2011-10-30 13:08:20 -0400
commitedec092e1aa616561063214a66620f9b6852875d (patch)
tree1d4431502696cc317079fa8f85d334fb9bdca817 /engine/lib
parent56046b11a6ad51c69b72ffffe5d95ce206e64931 (diff)
downloadelgg-edec092e1aa616561063214a66620f9b6852875d.tar.gz
elgg-edec092e1aa616561063214a66620f9b6852875d.tar.bz2
Fixes #3370 running the anti-spam option of htmlawed when filtering for output
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/input.php34
1 files changed, 17 insertions, 17 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 4900817a5..2f68195f2 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -8,7 +8,7 @@
*/
/**
- * Get some input from variables passed on the GET or POST line.
+ * Get some input from variables passed submitted through GET or POST.
*
* If using any data obtained from get_input() in a web page, please be aware that
* it is a possible vector for a reflected XSS attack. If you are expecting an
@@ -18,41 +18,41 @@
* because of the filtering done in htmlawed from the filter_tags call.
* @todo Is this ^ still true?
*
- * @param string $variable The variable we want to return.
+ * @param string $variable The variable name we want.
* @param mixed $default A default value for the variable if it is not found.
- * @param bool $filter_result If true then the result is filtered for bad tags.
+ * @param bool $filter_result If true, then the result is filtered for bad tags.
*
- * @return string
+ * @return mixed
*/
function get_input($variable, $default = NULL, $filter_result = TRUE) {
global $CONFIG;
+ $result = $default;
+
+ elgg_push_context('input');
+
if (isset($CONFIG->input[$variable])) {
- $var = $CONFIG->input[$variable];
+ $result = $CONFIG->input[$variable];
if ($filter_result) {
- $var = filter_tags($var);
+ $result = filter_tags($result);
}
-
- return $var;
- }
-
- if (isset($_REQUEST[$variable])) {
+ } elseif (isset($_REQUEST[$variable])) {
if (is_array($_REQUEST[$variable])) {
- $var = $_REQUEST[$variable];
+ $result = $_REQUEST[$variable];
} else {
- $var = trim($_REQUEST[$variable]);
+ $result = trim($_REQUEST[$variable]);
}
if ($filter_result) {
- $var = filter_tags($var);
+ $result = filter_tags($result);
}
-
- return $var;
}
- return $default;
+ elgg_pop_context();
+
+ return $result;
}
/**