Pass $filter to remove_slashes (thanks to juzna)

2011-07-22 13:37:01 +02:00 · 2011-07-22 13:37:01 +02:00 · 83d82d6eee
parent a3663066b0
commit 83d82d6eee
2 changed files with 5 additions and 4 deletions
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@ -4,8 +4,8 @@ error_reporting(6135); // errors and warnings
 include "../adminer/include/coverage.inc.php";

 // disable filter.default
-$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
-if ($filter) {
+$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")));
+if ($filter || ini_get("filter.default_flags")) {
 	foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
 		$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
 		if ($unsafe) {
@ -39,7 +39,7 @@ if (!defined("SID")) {
 }

 // disable magic quotes to be able to use database escaping function
-remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE), $filter);
 if (function_exists("set_magic_quotes_runtime")) { // removed in PHP 6
 	set_magic_quotes_runtime(false);
 }
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@ -27,9 +27,10 @@ function escape_string($val) {

 /** Disable magic_quotes_gpc
 * @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @param bool whether to leave values as is
 * @return null modified in place
 */
-function remove_slashes($process) {
+function remove_slashes($process, $filter = false) {
 	if (get_magic_quotes_gpc()) {
 		while (list($key, $val) = each($process)) {
 			foreach ($val as $k => $v) {