- mysql potential injection paranoia + code compaction in common.inc.php

git-svn-id: http://piwigo.org/svn/branches/2.0@2765 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 9 insertions, 52 deletions

diff --git a/include/common.inc.php b/include/common.inc.php
index cbe1d6d89..0b1a2b581 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
 //
 if( !get_magic_quotes_gpc() )
 {
+  function sanitize_mysql_kv(&$v, $k)
+  {
+    $v = addslashes($v);
+  }
   if( is_array( $_GET ) )
   {
-    while( list($k, $v) = each($_GET) )
-    {
-      if( is_array($_GET[$k]) )
-      {
-        while( list($k2, $v2) = each($_GET[$k]) )
-        {
-          $_GET[$k][$k2] = addslashes($v2);
-        }
-        @reset($_GET[$k]);
-      }
-      else
-      {
-        $_GET[$k] = addslashes($v);
-      }
-    }
-    @reset($_GET);
+    array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
   }
-
-  if( is_array($_POST) )
+  if( is_array( $_POST ) )
   {
-    while( list($k, $v) = each($_POST) )
-    {
-      if( is_array($_POST[$k]) )
-      {
-        while( list($k2, $v2) = each($_POST[$k]) )
-        {
-          $_POST[$k][$k2] = addslashes($v2);
-        }
-        @reset($_POST[$k]);
-      }
-      else
-      {
-        $_POST[$k] = addslashes($v);
-      }
-    }
-    @reset($_POST);
+    array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
   }
-
-  if( is_array($_COOKIE) )
+  if( is_array( $_COOKIE ) )
   {
-    while( list($k, $v) = each($_COOKIE) )
-    {
-      if( is_array($_COOKIE[$k]) )
-      {
-        while( list($k2, $v2) = each($_COOKIE[$k]) )
-        {
-          $_COOKIE[$k][$k2] = addslashes($v2);
-        }
-        @reset($_COOKIE[$k]);
-      }
-      else
-      {
-        $_COOKIE[$k] = addslashes($v);
-      }
-    }
-    @reset($_COOKIE);
+    array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
   }
 }
 if ( !empty($_SERVER["PATH_INFO"]) )