claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-05-24. You can view files and clone it, but cannot push or open issues or pull requests.
Files
07d12874d8b3b2e6b42e67cd64cb07915832a3e0
qemudb/include/filter.php

70 lines
2.4 KiB
PHP
Raw Normal View History

Automatic filtering of $_REQUEST variables
2006-06-28 17:30:44 +00:00
<?php
$aClean = array();
filter_gpc();
/*
* Make all get/post/cookies variable clean based on their names.
*/
function filter_gpc()
{
global $aClean;
$aKeys = array_keys($_REQUEST);
for($i=0;$i<sizeof($aKeys);$i++)
{
switch($aKeys[$i][0])
{
case "i": // integer
case "f": // float
if(is_numeric($_REQUEST[$aKeys[$i]]))
$aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
else
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them
2006-07-06 18:44:56 +00:00
util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be a numeric value.");
Automatic filtering of $_REQUEST variables
2006-06-28 17:30:44 +00:00
break;
case "b": // boolean
if($_REQUEST[$aKeys[$i]]=="true" || $_REQUEST[$aKeys[$i]]=="false")
$aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
else
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them
2006-07-06 18:44:56 +00:00
util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be a boolean value.");
Automatic filtering of $_REQUEST variables
2006-06-28 17:30:44 +00:00
break;
case "s": // string
switch($aKeys[$i][1])
{
case "h": // HTML string
$aClean[$aKeys[$i]] = htmlspecialchars($_REQUEST[$aKeys[$i]]);
break;
default: // normal string (no HTML)
$aClean[$aKeys[$i]] = strip_tags($_REQUEST[$aKeys[$i]]);
break;
}
break;
Check for arrays when filtering. MAX_FILE_SIZE should not be filtered
2006-06-29 16:09:29 +00:00
case "a": // array
if(!is_array($_REQUEST[$aKeys[$i]]))
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them
2006-07-06 18:44:56 +00:00
util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be an array.");
Check for arrays when filtering. MAX_FILE_SIZE should not be filtered
2006-06-29 16:09:29 +00:00
break;
Automatic filtering of $_REQUEST variables
2006-06-28 17:30:44 +00:00
default:
filter_gpc() should ignore any bugzilla parameters to avoid errors when these cookies are set
2006-07-07 04:49:32 +00:00
if($aKeys[$i]!="whq_appdb" && // don't filter the appdb session cookie
// or any bugzilla cookies
$aKeys[$i]!="BUGLIST" &&
$aKeys[$i]!="DEFAULTFORMAT" &&
$aKeys[$i]!="Bugzilla_login" &&
$aKeys[$i]!="LASTORDER" &&
$aKeys[$i]!="Bugzilla_logincookie" &&
$aKeys[$i]!="DEFAULTFORMAT" &&
$aKeys[$i]!="MAX_FILE_SIZE")
{
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them
2006-07-06 18:44:56 +00:00
util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
filter_gpc() should ignore any bugzilla parameters to avoid errors when these cookies are set
2006-07-07 04:49:32 +00:00
}
Automatic filtering of $_REQUEST variables
2006-06-28 17:30:44 +00:00
break;
}
}
/* null out all input data so we can be assured that */
/* no unfiltered values are being used */
$_REQUEST = array();
$_POST = array();
$_GET = array();
$_COOKIES = array();
}
?>
Reference in New Issue Copy Permalink