Pass $filter to remove_slashes (thanks to juzna)
This commit is contained in:
parent
a3663066b0
commit
83d82d6eee
|
@ -4,8 +4,8 @@ error_reporting(6135); // errors and warnings
|
||||||
include "../adminer/include/coverage.inc.php";
|
include "../adminer/include/coverage.inc.php";
|
||||||
|
|
||||||
// disable filter.default
|
// disable filter.default
|
||||||
$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
|
$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")));
|
||||||
if ($filter) {
|
if ($filter || ini_get("filter.default_flags")) {
|
||||||
foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
|
foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
|
||||||
$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
|
$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
|
||||||
if ($unsafe) {
|
if ($unsafe) {
|
||||||
|
@ -39,7 +39,7 @@ if (!defined("SID")) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// disable magic quotes to be able to use database escaping function
|
// disable magic quotes to be able to use database escaping function
|
||||||
remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
|
remove_slashes(array(&$_GET, &$_POST, &$_COOKIE), $filter);
|
||||||
if (function_exists("set_magic_quotes_runtime")) { // removed in PHP 6
|
if (function_exists("set_magic_quotes_runtime")) { // removed in PHP 6
|
||||||
set_magic_quotes_runtime(false);
|
set_magic_quotes_runtime(false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,9 +27,10 @@ function escape_string($val) {
|
||||||
|
|
||||||
/** Disable magic_quotes_gpc
|
/** Disable magic_quotes_gpc
|
||||||
* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
|
* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
|
||||||
|
* @param bool whether to leave values as is
|
||||||
* @return null modified in place
|
* @return null modified in place
|
||||||
*/
|
*/
|
||||||
function remove_slashes($process) {
|
function remove_slashes($process, $filter = false) {
|
||||||
if (get_magic_quotes_gpc()) {
|
if (get_magic_quotes_gpc()) {
|
||||||
while (list($key, $val) = each($process)) {
|
while (list($key, $val) = each($process)) {
|
||||||
foreach ($val as $k => $v) {
|
foreach ($val as $k => $v) {
|
||||||
|
|
Loading…
Reference in a new issue