check magic_quotes only once in common.inc.php
This commit is contained in:
Sebastian Mendel
@@ -86,9 +86,6 @@ function PMA_auth()
|
||||
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
|
||||
$default_server = $_COOKIE['pma_cookie_servername-' . $server];
|
||||
}
|
||||
if (isset($default_server) && get_magic_quotes_gpc()) {
|
||||
$default_server = stripslashes($default_server);
|
||||
}
|
||||
|
||||
$autocomplete = '';
|
||||
}
|
||||
|
||||
@@ -135,10 +135,6 @@ function PMA_auth_check()
|
||||
if (empty($PHP_AUTH_USER)) {
|
||||
return FALSE;
|
||||
} else {
|
||||
if (get_magic_quotes_gpc()) {
|
||||
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
|
||||
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
} // end of the 'PMA_auth_check()' function
|
||||
|
||||
@@ -421,7 +421,7 @@ function PMA_dl($module)
|
||||
* merges array recursive like array_merge_recursive() but keyed-values are
|
||||
* always overwritten.
|
||||
*
|
||||
* array PMA_array_merge_recursive(array array1 [, array array2 [, array ...]])
|
||||
* array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]])
|
||||
*
|
||||
* @see http://php.net/array_merge
|
||||
* @see http://php.net/array_merge_recursive
|
||||
@@ -467,6 +467,23 @@ function PMA_array_merge_recursive()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* calls $function vor every element in $array recursively
|
||||
*
|
||||
* @param array $array array to walk
|
||||
* @param string $function function to call for every array element
|
||||
*/
|
||||
function PMA_arrayWalkRecursive(&$array, $function)
|
||||
{
|
||||
foreach ($array as $key => $value) {
|
||||
if (is_array($value)) {
|
||||
PMA_arrayWalkRecursive($array[$key], $function);
|
||||
} else {
|
||||
$array[$key] = $function($value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* include here only libraries which contain only function definitions
|
||||
* no code im main()!
|
||||
@@ -2567,6 +2584,12 @@ if (isset($_POST['usesubform'])) {
|
||||
} // end if (isset($_POST['usesubform']))
|
||||
// end check if a subform is submitted
|
||||
|
||||
if (get_magic_quotes_gpc()) {
|
||||
PMA_arrayWalkRecursive($_GET, 'stripslashes');
|
||||
PMA_arrayWalkRecursive($_POST, 'stripslashes');
|
||||
PMA_arrayWalkRecursive($_COOKIE, 'stripslashes');
|
||||
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes');
|
||||
}
|
||||
|
||||
require_once './libraries/session.inc.php';
|
||||
|
||||
@@ -2677,6 +2700,15 @@ if (isset($_REQUEST['goto']) && in_array($_REQUEST['goto'], $goto_whitelist)) {
|
||||
$GLOBALS['goto'] = '';
|
||||
}
|
||||
|
||||
/**
|
||||
* @var string $back returning page
|
||||
*/
|
||||
if (isset($_REQUEST['back']) && in_array($_REQUEST['back'], $goto_whitelist)) {
|
||||
$GLOBALS['back'] = $_REQUEST['back'];
|
||||
} else {
|
||||
unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @var string $convcharset
|
||||
* @see also select_lang.lib.php
|
||||
@@ -2709,6 +2741,13 @@ if (isset($_REQUEST['table'])) {
|
||||
$GLOBALS['table'] = '';
|
||||
}
|
||||
|
||||
/**
|
||||
* @var string $sql_query sql query to be executed
|
||||
*/
|
||||
if (isset($_REQUEST['sql_query'])) {
|
||||
$GLOBALS['sql_query'] = $_REQUEST['sql_query'];
|
||||
}
|
||||
|
||||
//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
|
||||
//$_REQUEST['server']; // checked later in this file
|
||||
//$_REQUEST['lang']; // checked by LABEL_loading_language_file
|
||||
|
||||
@@ -19,7 +19,6 @@
|
||||
* @uses preg_replace()
|
||||
* @uses array_keys()
|
||||
* @uses array_unique()
|
||||
* @uses get_magic_quotes_gpc() to check wether stripslashes or not
|
||||
* @uses stripslashes()
|
||||
* @param array $array values from
|
||||
* @param array $target values to
|
||||
@@ -39,8 +38,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
|
||||
$valid_variables = array_keys($array);
|
||||
}
|
||||
|
||||
$is_magic_quotes = get_magic_quotes_gpc();
|
||||
|
||||
foreach ( $valid_variables as $key ) {
|
||||
|
||||
if ( strlen($key) === 0 ) {
|
||||
@@ -53,8 +50,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
|
||||
unset( $target[$key] );
|
||||
|
||||
PMA_gpc_extract($array[$key], $target[$key], false);
|
||||
} elseif ( $is_magic_quotes ) {
|
||||
$target[$key] = stripslashes($array[$key]);
|
||||
} else {
|
||||
$target[$key] = $array[$key];
|
||||
}
|
||||
@@ -69,14 +64,16 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
|
||||
*/
|
||||
$_import_blacklist = array(
|
||||
'/^cfg$/i', // PMA configuration
|
||||
'/^server$/i', // selected server
|
||||
'/^db$/i', // page to display
|
||||
'/^table$/i', // page to display
|
||||
'/^goto$/i', // page to display
|
||||
'/^back$/i', // the page go back
|
||||
'/^lang$/i', // selected language
|
||||
'/^server$/i', // selected server
|
||||
'/^convcharset$/i', // PMA convert charset
|
||||
'/^collation_connection$/i', //
|
||||
'/^set_theme$/i', //
|
||||
'/^sql_query$/i', // the query to be executed
|
||||
'/^GLOBALS$/i', // the global scope
|
||||
'/^str.*$/i', // PMA localized strings
|
||||
'/^_.*$/i', // PMA does not use variables starting with _ from extern
|
||||
|
||||
@@ -537,7 +537,7 @@ function PMA_getComments($db, $table = '') {
|
||||
* @access public
|
||||
*/
|
||||
function PMA_handleSlashes($val) {
|
||||
return (get_magic_quotes_gpc() ? str_replace('\\"', '"', $val) : PMA_sqlAddslashes($val));
|
||||
return PMA_sqlAddslashes($val);
|
||||
} // end of the "PMA_handleSlashes()" function
|
||||
|
||||
/**
|
||||
|
||||
@@ -16,22 +16,6 @@ $PMA_Config = new PMA_Config();
|
||||
$script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup script by Michal Čihař <michal@cihar.com>';
|
||||
$script_version = '$Id$';
|
||||
|
||||
|
||||
/**
|
||||
* Removes slashes from string if needed (eg. magic quotes are enabled)
|
||||
*
|
||||
* @param string prossibly escaped string
|
||||
*
|
||||
* @return string unsescaped string
|
||||
*/
|
||||
function remove_slashes($val) {
|
||||
if (get_magic_quotes_gpc()) {
|
||||
return stripslashes($val);
|
||||
}
|
||||
return $val;
|
||||
}
|
||||
|
||||
|
||||
// Grab action
|
||||
if (isset($_POST['action'])) {
|
||||
$action = $_POST['action'];
|
||||
@@ -41,7 +25,7 @@ if (isset($_POST['action'])) {
|
||||
|
||||
if (isset($_POST['configuration']) && $action != 'clear' ) {
|
||||
// Grab previous configuration, if it should not be cleared
|
||||
$configuration = unserialize(remove_slashes($_POST['configuration']));
|
||||
$configuration = unserialize($_POST['configuration']);
|
||||
} else {
|
||||
// Start with empty configuration
|
||||
$configuration = array();
|
||||
@@ -538,17 +522,17 @@ function grab_values($list) {
|
||||
break;
|
||||
case 'serialized':
|
||||
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
|
||||
$res[$v[0]] = unserialize(remove_slashes($_POST[$v[0]]));
|
||||
$res[$v[0]] = unserialize($_POST[$v[0]]);
|
||||
}
|
||||
break;
|
||||
case 'int':
|
||||
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
|
||||
$res[$v[0]] = (int)remove_slashes($_POST[$v[0]]);
|
||||
$res[$v[0]] = (int)$_POST[$v[0]];
|
||||
}
|
||||
break;
|
||||
case 'tristate':
|
||||
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
|
||||
$cur = remove_slashes($_POST[$v[0]]);
|
||||
$cur = $_POST[$v[0]];
|
||||
if ($cur == 'TRUE') {
|
||||
$res[$v[0]] = TRUE;
|
||||
} else if ($cur == 'FALSE') {
|
||||
@@ -561,7 +545,7 @@ function grab_values($list) {
|
||||
case 'string':
|
||||
default:
|
||||
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
|
||||
$res[$v[0]] = remove_slashes($_POST[$v[0]]);
|
||||
$res[$v[0]] = $_POST[$v[0]];
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user