Disable filter.default
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@761 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
9ee9cf08e1
commit
4ad718027b
|
@ -8,6 +8,15 @@
|
||||||
|
|
||||||
error_reporting(E_ALL & ~E_NOTICE);
|
error_reporting(E_ALL & ~E_NOTICE);
|
||||||
|
|
||||||
|
// disable filter.default
|
||||||
|
$filter = (!ereg('^(unsafe_row)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
|
||||||
|
if ($filter) {
|
||||||
|
$_GET = ($_GET ? filter_input_array(INPUT_GET, FILTER_UNSAFE_RAW) : array());
|
||||||
|
$_POST = ($_POST ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : array());
|
||||||
|
$_COOKIE = ($_COOKIE ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : array());
|
||||||
|
$_SERVER = ($_SERVER ? filter_input_array(INPUT_SERVER, FILTER_UNSAFE_RAW) : array());
|
||||||
|
}
|
||||||
|
|
||||||
// used only in compiled file
|
// used only in compiled file
|
||||||
if (isset($_GET["file"])) {
|
if (isset($_GET["file"])) {
|
||||||
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT");
|
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT");
|
||||||
|
@ -39,6 +48,7 @@ if (!ini_get("session.auto_start")) {
|
||||||
session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
|
session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
|
||||||
session_start();
|
session_start();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_SESSION["coverage"])) {
|
if (isset($_SESSION["coverage"])) {
|
||||||
// coverage is used in tests and removed in compilation
|
// coverage is used in tests and removed in compilation
|
||||||
function save_coverage() {
|
function save_coverage() {
|
||||||
|
@ -53,6 +63,7 @@ if (isset($_SESSION["coverage"])) {
|
||||||
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
|
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
|
||||||
register_shutdown_function('save_coverage');
|
register_shutdown_function('save_coverage');
|
||||||
}
|
}
|
||||||
|
|
||||||
// disable magic quotes to be able to use database escaping function
|
// disable magic quotes to be able to use database escaping function
|
||||||
if (get_magic_quotes_gpc()) {
|
if (get_magic_quotes_gpc()) {
|
||||||
$process = array(&$_GET, &$_POST, &$_COOKIE);
|
$process = array(&$_GET, &$_POST, &$_COOKIE);
|
||||||
|
@ -63,7 +74,7 @@ if (get_magic_quotes_gpc()) {
|
||||||
$process[$key][stripslashes($k)] = $v;
|
$process[$key][stripslashes($k)] = $v;
|
||||||
$process[] = &$process[$key][stripslashes($k)];
|
$process[] = &$process[$key][stripslashes($k)];
|
||||||
} else {
|
} else {
|
||||||
$process[$key][stripslashes($k)] = stripslashes($v);
|
$process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -163,5 +174,6 @@ if (isset($_GET["download"])) {
|
||||||
include "./db.inc.php";
|
include "./db.inc.php";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// each page calls its own page_header(), if the footer should not be called then the page exits
|
// each page calls its own page_header(), if the footer should not be called then the page exits
|
||||||
page_footer();
|
page_footer();
|
||||||
|
|
Loading…
Reference in a new issue