From c5dd69b30761786ca22878222d42f17e920ae8b2 Mon Sep 17 00:00:00 2001 From: ben Date: Thu, 21 Aug 2008 17:24:13 +0000 Subject: Fixed input for people with magic quotes on. git-svn-id: https://code.elgg.org/elgg/trunk@2037 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/elgglib.php | 15 +++++++++++++ engine/lib/input.php | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) (limited to 'engine') diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 272dd08dc..87fd40172 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1618,6 +1618,21 @@ system_message("Gatekeeper'd function called from {$callstack[1]['file']}:{$callstack[1]['line']}\n\nStack trace:\n\n" . print_r($callstack, true)); return false; + } + + /** + * Returns true or false depending on whether a PHP .ini setting is on or off + * + * @param string $ini_get_arg The INI setting + * @return true|false Depending on whether it's on or off + */ + function ini_get_bool($ini_get_arg) { + $temp = ini_get($ini_get_arg); + + if ($temp == '1' or strtolower($temp) == 'on') { + return true; + } + return false; } /** diff --git a/engine/lib/input.php b/engine/lib/input.php index 4b36393d8..6312ba191 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -142,6 +142,67 @@ } function input_init() { + + if (ini_get_bool('magic_quotes_gpc') ) { + + //do keys as well, cos array_map ignores them + function stripslashes_arraykeys($array) { + if (is_array($array)) { + $array2 = array(); + foreach ($array as $key => $data) { + if ($key != stripslashes($key)) { + $array2[stripslashes($key)] = $data; + } else { + $array2[$key] = $data; + } + } + return $array2; + } else { + return $array; + } + } + + function stripslashes_deep($value) { + if (is_array($value)) { + $value = stripslashes_arraykeys($value); + $value = array_map('stripslashes_deep', $value); + } else { + $value = stripslashes($value); + } + return $value; + } + + $_POST = stripslashes_arraykeys($_POST); + $_GET = stripslashes_arraykeys($_GET); + $_COOKIE = stripslashes_arraykeys($_COOKIE); + $_REQUEST = stripslashes_arraykeys($_REQUEST); + + $_POST = array_map('stripslashes_deep', $_POST); + $_GET = array_map('stripslashes_deep', $_GET); + $_COOKIE = array_map('stripslashes_deep', $_COOKIE); + $_REQUEST = array_map('stripslashes_deep', $_REQUEST); + if (!empty($_SERVER['REQUEST_URI'])) { + $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']); + } + if (!empty($_SERVER['QUERY_STRING'])) { + $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']); + } + if (!empty($_SERVER['HTTP_REFERER'])) { + $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']); + } + if (!empty($_SERVER['PATH_INFO'])) { + $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']); + } + if (!empty($_SERVER['PHP_SELF'])) { + $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']); + } + if (!empty($_SERVER['PATH_TRANSLATED'])) { + $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']); + } + + } + + global $CONFIG; $CONFIG->allowedtags = array( 'address' => array(), -- cgit v1.2.3