diff options
Diffstat (limited to '')
-rw-r--r-- | admin/cat_list.php | 2 | ||||
-rw-r--r-- | admin/element_set.php | 2 | ||||
-rw-r--r-- | admin/element_set_global.php | 8 | ||||
-rw-r--r-- | admin/picture_modify.php | 4 | ||||
-rw-r--r-- | comments.php | 6 | ||||
-rw-r--r-- | feed.php | 2 | ||||
-rw-r--r-- | include/functions.inc.php | 10 | ||||
-rw-r--r-- | search.php | 4 |
8 files changed, 22 insertions, 16 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php index 1aac22f0d..426293e7f 100644 --- a/admin/cat_list.php +++ b/admin/cat_list.php @@ -69,7 +69,7 @@ function save_categories_order($categories) // | initialization | // +-----------------------------------------------------------------------+ -check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID); +check_input_parameter('parent_id', $_GET, false, PATTERN_ID); $categories = array(); diff --git a/admin/element_set.php b/admin/element_set.php index bc722887b..d6eec5437 100644 --- a/admin/element_set.php +++ b/admin/element_set.php @@ -39,7 +39,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); -check_input_parameter('selection', @$_POST['selection'], true, PATTERN_ID); +check_input_parameter('selection', $_POST, true, PATTERN_ID); // +-----------------------------------------------------------------------+ // | caddie management | diff --git a/admin/element_set_global.php b/admin/element_set_global.php index 7bc8afe50..4264a0aa5 100644 --- a/admin/element_set_global.php +++ b/admin/element_set_global.php @@ -44,10 +44,10 @@ check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // the $_POST['selection'] was already checked in element_set.php -check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID); -check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID); -check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID); -check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID); +check_input_parameter('add_tags', $_POST, true, PATTERN_ID); +check_input_parameter('del_tags', $_POST, true, PATTERN_ID); +check_input_parameter('associate', $_POST, false, PATTERN_ID); +check_input_parameter('dissociate', $_POST, false, PATTERN_ID); if (isset($_POST['delete'])) { diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 71b0d7777..60aabc7bf 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -33,8 +33,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); -check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID); -check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID); +check_input_parameter('image_id', $_GET, false, PATTERN_ID); +check_input_parameter('cat_id', $_GET, false, PATTERN_ID); // +-----------------------------------------------------------------------+ // | synchronize metadata | diff --git a/comments.php b/comments.php index b30db9fa8..70f020c73 100644 --- a/comments.php +++ b/comments.php @@ -117,7 +117,7 @@ if (!empty($_GET['author'])) // notification email) if (!empty($_GET['comment_id'])) { - check_input_parameter('comment_id', $_GET['comment_id'], false, PATTERN_ID); + check_input_parameter('comment_id', $_GET, false, PATTERN_ID); // currently, the $_GET['comment_id'] is only used by admins from email // for management purpose (validate/delete) @@ -183,7 +183,7 @@ if (isset($_GET['delete']) or isset($_GET['validate'])) if (isset($_GET['delete'])) { - check_input_parameter('delete', $_GET['delete'], false, PATTERN_ID); + check_input_parameter('delete', $_GET, false, PATTERN_ID); $query = ' DELETE @@ -195,7 +195,7 @@ DELETE if (isset($_GET['validate'])) { - check_input_parameter('validate', $_GET['validate'], false, PATTERN_ID); + check_input_parameter('validate', $_GET, false, PATTERN_ID); $query = ' UPDATE '.COMMENTS_TABLE.' @@ -63,7 +63,7 @@ function ts_to_iso8601($ts) // | initialization | // +-----------------------------------------------------------------------+ -check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i'); +check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i'); $feed_id= isset($_GET['feed']) ? $_GET['feed'] : ''; $image_only=isset($_GET['image_only']); diff --git a/include/functions.inc.php b/include/functions.inc.php index 02a783854..5b594a512 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1503,14 +1503,20 @@ function get_comment_post_key($image_id) * pattern. This should happen only during hacking attempts. * * @param string param_name - * @param mixed param_value + * @param array param_array * @param boolean is_array * @param string pattern * * @return void */ -function check_input_parameter($param_name, $param_value, $is_array, $pattern) +function check_input_parameter($param_name, $param_array, $is_array, $pattern) { + $param_value = null; + if (isset($param_array[$param_name])) + { + $param_value = $param_array[$param_name]; + } + // it's ok if the input parameter is null if (empty($param_value)) { diff --git a/search.php b/search.php index 0a9712743..ff6cf2d97 100644 --- a/search.php +++ b/search.php @@ -71,7 +71,7 @@ if (isset($_POST['submit'])) if (isset($_POST['tags'])) { - check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID); + check_input_parameter('tags', $_POST, true, PATTERN_ID); $search['fields']['tags'] = array( 'words' => $_POST['tags'], @@ -92,7 +92,7 @@ if (isset($_POST['submit'])) if (isset($_POST['cat'])) { - check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID); + check_input_parameter('cat', $_POST, true, PATTERN_ID); $search['fields']['cat'] = array( 'words' => $_POST['cat'], |