diff options
author | Cash Costello <cash.costello@gmail.com> | 2011-10-30 13:08:20 -0400 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2011-10-30 13:08:20 -0400 |
commit | edec092e1aa616561063214a66620f9b6852875d (patch) | |
tree | 1d4431502696cc317079fa8f85d334fb9bdca817 /engine | |
parent | 56046b11a6ad51c69b72ffffe5d95ce206e64931 (diff) | |
download | elgg-edec092e1aa616561063214a66620f9b6852875d.tar.gz elgg-edec092e1aa616561063214a66620f9b6852875d.tar.bz2 |
Fixes #3370 running the anti-spam option of htmlawed when filtering for output
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/input.php | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php index 4900817a5..2f68195f2 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -8,7 +8,7 @@ */ /** - * Get some input from variables passed on the GET or POST line. + * Get some input from variables passed submitted through GET or POST. * * If using any data obtained from get_input() in a web page, please be aware that * it is a possible vector for a reflected XSS attack. If you are expecting an @@ -18,41 +18,41 @@ * because of the filtering done in htmlawed from the filter_tags call. * @todo Is this ^ still true? * - * @param string $variable The variable we want to return. + * @param string $variable The variable name we want. * @param mixed $default A default value for the variable if it is not found. - * @param bool $filter_result If true then the result is filtered for bad tags. + * @param bool $filter_result If true, then the result is filtered for bad tags. * - * @return string + * @return mixed */ function get_input($variable, $default = NULL, $filter_result = TRUE) { global $CONFIG; + $result = $default; + + elgg_push_context('input'); + if (isset($CONFIG->input[$variable])) { - $var = $CONFIG->input[$variable]; + $result = $CONFIG->input[$variable]; if ($filter_result) { - $var = filter_tags($var); + $result = filter_tags($result); } - - return $var; - } - - if (isset($_REQUEST[$variable])) { + } elseif (isset($_REQUEST[$variable])) { if (is_array($_REQUEST[$variable])) { - $var = $_REQUEST[$variable]; + $result = $_REQUEST[$variable]; } else { - $var = trim($_REQUEST[$variable]); + $result = trim($_REQUEST[$variable]); } if ($filter_result) { - $var = filter_tags($var); + $result = filter_tags($result); } - - return $var; } - return $default; + elgg_pop_context(); + + return $result; } /** |