aboutsummaryrefslogtreecommitdiffstats
path: root/include/common.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2008-10-17 01:06:00 +0000
committerrvelices <rv-github@modusoptimus.com>2008-10-17 01:06:00 +0000
commit93313d760c7e0db93f00ab2ff972b1495a8d67ae (patch)
tree0d0c82033087fb494cc6bd27d4cd95916846c4f2 /include/common.inc.php
parent376bd21335bacde9ba8afaaa0cdc8b32601e3c7a (diff)
- mysql potential injection paranoia + code compaction in common.inc.php
git-svn-id: http://piwigo.org/svn/branches/2.0@2765 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/common.inc.php61
1 files changed, 9 insertions, 52 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index cbe1d6d89..0b1a2b581 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
//
if( !get_magic_quotes_gpc() )
{
+ function sanitize_mysql_kv(&$v, $k)
+ {
+ $v = addslashes($v);
+ }
if( is_array( $_GET ) )
{
- while( list($k, $v) = each($_GET) )
- {
- if( is_array($_GET[$k]) )
- {
- while( list($k2, $v2) = each($_GET[$k]) )
- {
- $_GET[$k][$k2] = addslashes($v2);
- }
- @reset($_GET[$k]);
- }
- else
- {
- $_GET[$k] = addslashes($v);
- }
- }
- @reset($_GET);
+ array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
}
-
- if( is_array($_POST) )
+ if( is_array( $_POST ) )
{
- while( list($k, $v) = each($_POST) )
- {
- if( is_array($_POST[$k]) )
- {
- while( list($k2, $v2) = each($_POST[$k]) )
- {
- $_POST[$k][$k2] = addslashes($v2);
- }
- @reset($_POST[$k]);
- }
- else
- {
- $_POST[$k] = addslashes($v);
- }
- }
- @reset($_POST);
+ array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
}
-
- if( is_array($_COOKIE) )
+ if( is_array( $_COOKIE ) )
{
- while( list($k, $v) = each($_COOKIE) )
- {
- if( is_array($_COOKIE[$k]) )
- {
- while( list($k2, $v2) = each($_COOKIE[$k]) )
- {
- $_COOKIE[$k][$k2] = addslashes($v2);
- }
- @reset($_COOKIE[$k]);
- }
- else
- {
- $_COOKIE[$k] = addslashes($v);
- }
- }
- @reset($_COOKIE);
+ array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
}
}
if ( !empty($_SERVER["PATH_INFO"]) )