diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-10-18 00:45:45 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-10-18 00:45:45 +0000 |
commit | 90be9fbb84623095a360cfa6e9c1955a891eeba5 (patch) | |
tree | 0b61f9e6a0372b6662866a3bd0dd9b746b0f430a /include/common.inc.php | |
parent | faa543851ba9fc25ffb0d25a7876d4486757f21a (diff) |
- merge rev 2765,2769 from branch 2.0
* 2765 mysql potential injection paranoia + code compaction in common.inc.php
* 2769 added an image sort order by privacy level (admins only)
* 2769 fix an IE6 display issue with quick search on index page
git-svn-id: http://piwigo.org/svn/trunk@2770 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/common.inc.php | 61 |
1 files changed, 9 insertions, 52 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index cbe1d6d89..0b1a2b581 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // if( !get_magic_quotes_gpc() ) { + function sanitize_mysql_kv(&$v, $k) + { + $v = addslashes($v); + } if( is_array( $_GET ) ) { - while( list($k, $v) = each($_GET) ) - { - if( is_array($_GET[$k]) ) - { - while( list($k2, $v2) = each($_GET[$k]) ) - { - $_GET[$k][$k2] = addslashes($v2); - } - @reset($_GET[$k]); - } - else - { - $_GET[$k] = addslashes($v); - } - } - @reset($_GET); + array_walk_recursive( $_GET, 'sanitize_mysql_kv' ); } - - if( is_array($_POST) ) + if( is_array( $_POST ) ) { - while( list($k, $v) = each($_POST) ) - { - if( is_array($_POST[$k]) ) - { - while( list($k2, $v2) = each($_POST[$k]) ) - { - $_POST[$k][$k2] = addslashes($v2); - } - @reset($_POST[$k]); - } - else - { - $_POST[$k] = addslashes($v); - } - } - @reset($_POST); + array_walk_recursive( $_POST, 'sanitize_mysql_kv' ); } - - if( is_array($_COOKIE) ) + if( is_array( $_COOKIE ) ) { - while( list($k, $v) = each($_COOKIE) ) - { - if( is_array($_COOKIE[$k]) ) - { - while( list($k2, $v2) = each($_COOKIE[$k]) ) - { - $_COOKIE[$k][$k2] = addslashes($v2); - } - @reset($_COOKIE[$k]); - } - else - { - $_COOKIE[$k] = addslashes($v); - } - } - @reset($_COOKIE); + array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' ); } } if ( !empty($_SERVER["PATH_INFO"]) ) |