If magic_quotes_gpc is enabled, grab_globals calls stripslashes when extracting the arrays $_GET and $_POST.

2003-03-02 17:26:41 +00:00
parent d5a2bef78d
commit 2183740b05
29 changed files with 149 additions and 295 deletions
--- a/db_search.php3
+++ b/db_search.php3
@@ -93,7 +93,7 @@ if (isset($submit_search)) {
                for ($j = 0; $j < $tblfields_cnt; $j++) {
                    $thefieldlikevalue[] = $tblfields[$j]
                                         . ' ' . $like_or_regex
-                                         . ' \'' 
+                                         . ' \''
                                         . $automatic_wildcard
                                         . $search_words[$i]
                                         . $automatic_wildcard . '\'';
@@ -119,24 +119,6 @@ if (isset($submit_search)) {
    } // end of the "PMA_getSearchSqls()" function


-    /**
-     * Strip slashes if necessary
-     */
-    if (get_magic_quotes_gpc()) {
-        $search_str               = stripslashes($search_str);
-        if (isset($table)) {
-            $table                = stripslashes($table);
-        }
-        else if (isset($table_select)) {
-            $table_select_cnt     = count($table_select);
-            reset($table_select);
-            for ($i = 0; $i < $table_select_cnt; $i++) {
-                $table_select[$i] = stripslashes($table_select[$i]);
-            } // end for
-        } // end if... else if...
-    } // end if
-
-
    /**
     * Displays the results
     */
@@ -220,11 +202,11 @@ if (isset($submit_search)) {
                 . '    <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($onetable)) . "</td>\n";

            if ($res_cnt > 0) {
-                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query 
+                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
                    . '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
                    $strBrowse, '') .  "</td>\n";

-                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query 
+                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
                    . '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
                    $strDelete, $newsearchsqls['delete']) .  "</td>\n";

@@ -259,11 +241,11 @@ if (isset($submit_search)) {
                     . '            <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($table_select[$i])) . "</td>\n";

                if ($res_cnt > 0) {
-                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query 
+                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
                    . '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
                    $strBrowse, '') .  "</td>\n";

-                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query 
+                   echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
                    . '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
                    $strDelete, $newsearchsqls['delete']) .  "</td>\n";