aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--admin/cat_list.php2
-rw-r--r--admin/element_set.php2
-rw-r--r--admin/element_set_global.php8
-rw-r--r--admin/picture_modify.php4
-rw-r--r--comments.php6
-rw-r--r--feed.php2
-rw-r--r--include/functions.inc.php10
-rw-r--r--search.php4
8 files changed, 22 insertions, 16 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php
index 1aac22f0d..426293e7f 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -69,7 +69,7 @@ function save_categories_order($categories)
// | initialization |
// +-----------------------------------------------------------------------+
-check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID);
+check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
$categories = array();
diff --git a/admin/element_set.php b/admin/element_set.php
index bc722887b..d6eec5437 100644
--- a/admin/element_set.php
+++ b/admin/element_set.php
@@ -39,7 +39,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
-check_input_parameter('selection', @$_POST['selection'], true, PATTERN_ID);
+check_input_parameter('selection', $_POST, true, PATTERN_ID);
// +-----------------------------------------------------------------------+
// | caddie management |
diff --git a/admin/element_set_global.php b/admin/element_set_global.php
index 7bc8afe50..4264a0aa5 100644
--- a/admin/element_set_global.php
+++ b/admin/element_set_global.php
@@ -44,10 +44,10 @@ check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// the $_POST['selection'] was already checked in element_set.php
-check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
-check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
-check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
-check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
+check_input_parameter('add_tags', $_POST, true, PATTERN_ID);
+check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
+check_input_parameter('associate', $_POST, false, PATTERN_ID);
+check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
if (isset($_POST['delete']))
{
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index 71b0d7777..60aabc7bf 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -33,8 +33,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
-check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID);
-check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID);
+check_input_parameter('image_id', $_GET, false, PATTERN_ID);
+check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
// +-----------------------------------------------------------------------+
// | synchronize metadata |
diff --git a/comments.php b/comments.php
index b30db9fa8..70f020c73 100644
--- a/comments.php
+++ b/comments.php
@@ -117,7 +117,7 @@ if (!empty($_GET['author']))
// notification email)
if (!empty($_GET['comment_id']))
{
- check_input_parameter('comment_id', $_GET['comment_id'], false, PATTERN_ID);
+ check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
// currently, the $_GET['comment_id'] is only used by admins from email
// for management purpose (validate/delete)
@@ -183,7 +183,7 @@ if (isset($_GET['delete']) or isset($_GET['validate']))
if (isset($_GET['delete']))
{
- check_input_parameter('delete', $_GET['delete'], false, PATTERN_ID);
+ check_input_parameter('delete', $_GET, false, PATTERN_ID);
$query = '
DELETE
@@ -195,7 +195,7 @@ DELETE
if (isset($_GET['validate']))
{
- check_input_parameter('validate', $_GET['validate'], false, PATTERN_ID);
+ check_input_parameter('validate', $_GET, false, PATTERN_ID);
$query = '
UPDATE '.COMMENTS_TABLE.'
diff --git a/feed.php b/feed.php
index 026f6b377..dcfefbad0 100644
--- a/feed.php
+++ b/feed.php
@@ -63,7 +63,7 @@ function ts_to_iso8601($ts)
// | initialization |
// +-----------------------------------------------------------------------+
-check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i');
+check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i');
$feed_id= isset($_GET['feed']) ? $_GET['feed'] : '';
$image_only=isset($_GET['image_only']);
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 02a783854..5b594a512 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1503,14 +1503,20 @@ function get_comment_post_key($image_id)
* pattern. This should happen only during hacking attempts.
*
* @param string param_name
- * @param mixed param_value
+ * @param array param_array
* @param boolean is_array
* @param string pattern
*
* @return void
*/
-function check_input_parameter($param_name, $param_value, $is_array, $pattern)
+function check_input_parameter($param_name, $param_array, $is_array, $pattern)
{
+ $param_value = null;
+ if (isset($param_array[$param_name]))
+ {
+ $param_value = $param_array[$param_name];
+ }
+
// it's ok if the input parameter is null
if (empty($param_value))
{
diff --git a/search.php b/search.php
index 0a9712743..ff6cf2d97 100644
--- a/search.php
+++ b/search.php
@@ -71,7 +71,7 @@ if (isset($_POST['submit']))
if (isset($_POST['tags']))
{
- check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
+ check_input_parameter('tags', $_POST, true, PATTERN_ID);
$search['fields']['tags'] = array(
'words' => $_POST['tags'],
@@ -92,7 +92,7 @@ if (isset($_POST['submit']))
if (isset($_POST['cat']))
{
- check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
+ check_input_parameter('cat', $_POST, true, PATTERN_ID);
$search['fields']['cat'] = array(
'words' => $_POST['cat'],