Function parse_str respects magic_quotes_gpc (bug #3034575)
This commit is contained in:
parent
6e50eb8ec0
commit
72f4d9e245
|
@ -38,21 +38,7 @@ if (!ini_bool("session.auto_start")) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// disable magic quotes to be able to use database escaping function
|
// disable magic quotes to be able to use database escaping function
|
||||||
if (get_magic_quotes_gpc()) {
|
remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
|
||||||
$process = array(&$_GET, &$_POST, &$_COOKIE);
|
|
||||||
while (list($key, $val) = each($process)) {
|
|
||||||
foreach ($val as $k => $v) {
|
|
||||||
unset($process[$key][$k]);
|
|
||||||
if (is_array($v)) {
|
|
||||||
$process[$key][stripslashes($k)] = $v;
|
|
||||||
$process[] = &$process[$key][stripslashes($k)];
|
|
||||||
} else {
|
|
||||||
$process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
unset($process);
|
|
||||||
}
|
|
||||||
if (function_exists("set_magic_quotes_runtime")) {
|
if (function_exists("set_magic_quotes_runtime")) {
|
||||||
set_magic_quotes_runtime(false);
|
set_magic_quotes_runtime(false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,6 +26,26 @@ function escape_string($val) {
|
||||||
return substr($connection->quote($val), 1, -1);
|
return substr($connection->quote($val), 1, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Disable magic_quotes_gpc
|
||||||
|
* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
|
||||||
|
* @return null modified in place
|
||||||
|
*/
|
||||||
|
function remove_slashes($process) {
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
while (list($key, $val) = each($process)) {
|
||||||
|
foreach ($val as $k => $v) {
|
||||||
|
unset($process[$key][$k]);
|
||||||
|
if (is_array($v)) {
|
||||||
|
$process[$key][stripslashes($k)] = $v;
|
||||||
|
$process[] = &$process[$key][stripslashes($k)];
|
||||||
|
} else {
|
||||||
|
$process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** Escape or unescape string to use inside form []
|
/** Escape or unescape string to use inside form []
|
||||||
* @param string
|
* @param string
|
||||||
* @param bool
|
* @param bool
|
||||||
|
@ -214,6 +234,7 @@ function where($where) {
|
||||||
*/
|
*/
|
||||||
function where_check($val) {
|
function where_check($val) {
|
||||||
parse_str($val, $check);
|
parse_str($val, $check);
|
||||||
|
remove_slashes(array(&$check));
|
||||||
return where($check);
|
return where($check);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue