From 4ad718027bc022d929aa40e4596204eedf5a3205 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Fri, 26 Jun 2009 20:46:26 +0000 Subject: [PATCH] Disable filter.default git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@761 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- adminer/index.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/adminer/index.php b/adminer/index.php index 5e5a37e2..c904941b 100644 --- a/adminer/index.php +++ b/adminer/index.php @@ -8,6 +8,15 @@ error_reporting(E_ALL & ~E_NOTICE); +// disable filter.default +$filter = (!ereg('^(unsafe_row)?$', ini_get("filter.default")) || ini_get("filter.default_flags")); +if ($filter) { + $_GET = ($_GET ? filter_input_array(INPUT_GET, FILTER_UNSAFE_RAW) : array()); + $_POST = ($_POST ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : array()); + $_COOKIE = ($_COOKIE ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : array()); + $_SERVER = ($_SERVER ? filter_input_array(INPUT_SERVER, FILTER_UNSAFE_RAW) : array()); +} + // used only in compiled file if (isset($_GET["file"])) { header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT"); @@ -39,6 +48,7 @@ if (!ini_get("session.auto_start")) { session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5 session_start(); } + if (isset($_SESSION["coverage"])) { // coverage is used in tests and removed in compilation function save_coverage() { @@ -53,6 +63,7 @@ if (isset($_SESSION["coverage"])) { xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE); register_shutdown_function('save_coverage'); } + // disable magic quotes to be able to use database escaping function if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE); @@ -63,7 +74,7 @@ if (get_magic_quotes_gpc()) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { - $process[$key][stripslashes($k)] = stripslashes($v); + $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v)); } } } @@ -163,5 +174,6 @@ if (isset($_GET["download"])) { include "./db.inc.php"; } } + // each page calls its own page_header(), if the footer should not be called then the page exits page_footer();