diff options
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/elgglib.php | 15 | ||||
-rw-r--r-- | engine/lib/input.php | 61 |
2 files changed, 76 insertions, 0 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 272dd08dc..87fd40172 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1618,6 +1618,21 @@ system_message("Gatekeeper'd function called from {$callstack[1]['file']}:{$callstack[1]['line']}\n\nStack trace:\n\n" . print_r($callstack, true)); return false; + }
+
+ /**
+ * Returns true or false depending on whether a PHP .ini setting is on or off
+ *
+ * @param string $ini_get_arg The INI setting
+ * @return true|false Depending on whether it's on or off
+ */
+ function ini_get_bool($ini_get_arg) {
+ $temp = ini_get($ini_get_arg);
+
+ if ($temp == '1' or strtolower($temp) == 'on') {
+ return true;
+ }
+ return false;
} /** diff --git a/engine/lib/input.php b/engine/lib/input.php index 4b36393d8..6312ba191 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -142,6 +142,67 @@ }
function input_init() {
+
+ if (ini_get_bool('magic_quotes_gpc') ) {
+
+ //do keys as well, cos array_map ignores them
+ function stripslashes_arraykeys($array) {
+ if (is_array($array)) {
+ $array2 = array();
+ foreach ($array as $key => $data) {
+ if ($key != stripslashes($key)) {
+ $array2[stripslashes($key)] = $data;
+ } else {
+ $array2[$key] = $data;
+ }
+ }
+ return $array2;
+ } else {
+ return $array;
+ }
+ }
+
+ function stripslashes_deep($value) {
+ if (is_array($value)) {
+ $value = stripslashes_arraykeys($value);
+ $value = array_map('stripslashes_deep', $value);
+ } else {
+ $value = stripslashes($value);
+ }
+ return $value;
+ }
+
+ $_POST = stripslashes_arraykeys($_POST);
+ $_GET = stripslashes_arraykeys($_GET);
+ $_COOKIE = stripslashes_arraykeys($_COOKIE);
+ $_REQUEST = stripslashes_arraykeys($_REQUEST);
+
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+ if (!empty($_SERVER['REQUEST_URI'])) {
+ $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
+ }
+ if (!empty($_SERVER['QUERY_STRING'])) {
+ $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
+ }
+ if (!empty($_SERVER['HTTP_REFERER'])) {
+ $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
+ }
+ if (!empty($_SERVER['PATH_INFO'])) {
+ $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
+ }
+ if (!empty($_SERVER['PHP_SELF'])) {
+ $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
+ }
+ if (!empty($_SERVER['PATH_TRANSLATED'])) {
+ $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
+ }
+
+ }
+
+
global $CONFIG;
$CONFIG->allowedtags = array(
'address' => array(),
|