diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php index 19298eb6b..542b2e38c 100644 --- a/libraries/auth/cookie.auth.lib.php +++ b/libraries/auth/cookie.auth.lib.php @@ -86,9 +86,6 @@ function PMA_auth() else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { $default_server = $_COOKIE['pma_cookie_servername-' . $server]; } - if (isset($default_server) && get_magic_quotes_gpc()) { - $default_server = stripslashes($default_server); - } $autocomplete = ''; } diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php index 122ca81a7..df1771fc4 100644 --- a/libraries/auth/http.auth.lib.php +++ b/libraries/auth/http.auth.lib.php @@ -135,10 +135,6 @@ function PMA_auth_check() if (empty($PHP_AUTH_USER)) { return FALSE; } else { - if (get_magic_quotes_gpc()) { - $PHP_AUTH_USER = stripslashes($PHP_AUTH_USER); - $PHP_AUTH_PW = stripslashes($PHP_AUTH_PW); - } return TRUE; } } // end of the 'PMA_auth_check()' function diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 5d63ca166..fdc2d70c0 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -421,7 +421,7 @@ function PMA_dl($module) * merges array recursive like array_merge_recursive() but keyed-values are * always overwritten. * - * array PMA_array_merge_recursive(array array1 [, array array2 [, array ...]]) + * array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]]) * * @see http://php.net/array_merge * @see http://php.net/array_merge_recursive @@ -467,6 +467,23 @@ function PMA_array_merge_recursive() } } +/** + * calls $function vor every element in $array recursively + * + * @param array $array array to walk + * @param string $function function to call for every array element + */ +function PMA_arrayWalkRecursive(&$array, $function) +{ + foreach ($array as $key => $value) { + if (is_array($value)) { + PMA_arrayWalkRecursive($array[$key], $function); + } else { + $array[$key] = $function($value); + } + } +} + /** * include here only libraries which contain only function definitions * no code im main()! @@ -2567,6 +2584,12 @@ if (isset($_POST['usesubform'])) { } // end if (isset($_POST['usesubform'])) // end check if a subform is submitted +if (get_magic_quotes_gpc()) { + PMA_arrayWalkRecursive($_GET, 'stripslashes'); + PMA_arrayWalkRecursive($_POST, 'stripslashes'); + PMA_arrayWalkRecursive($_COOKIE, 'stripslashes'); + PMA_arrayWalkRecursive($_REQUEST, 'stripslashes'); +} require_once './libraries/session.inc.php'; @@ -2677,6 +2700,15 @@ if (isset($_REQUEST['goto']) && in_array($_REQUEST['goto'], $goto_whitelist)) { $GLOBALS['goto'] = ''; } +/** + * @var string $back returning page + */ +if (isset($_REQUEST['back']) && in_array($_REQUEST['back'], $goto_whitelist)) { + $GLOBALS['back'] = $_REQUEST['back']; +} else { + unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']); +} + /** * @var string $convcharset * @see also select_lang.lib.php @@ -2709,6 +2741,13 @@ if (isset($_REQUEST['table'])) { $GLOBALS['table'] = ''; } +/** + * @var string $sql_query sql query to be executed + */ +if (isset($_REQUEST['sql_query'])) { + $GLOBALS['sql_query'] = $_REQUEST['sql_query']; +} + //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup //$_REQUEST['server']; // checked later in this file //$_REQUEST['lang']; // checked by LABEL_loading_language_file diff --git a/libraries/grab_globals.lib.php b/libraries/grab_globals.lib.php index 21e782183..22bae11f0 100644 --- a/libraries/grab_globals.lib.php +++ b/libraries/grab_globals.lib.php @@ -19,7 +19,6 @@ * @uses preg_replace() * @uses array_keys() * @uses array_unique() - * @uses get_magic_quotes_gpc() to check wether stripslashes or not * @uses stripslashes() * @param array $array values from * @param array $target values to @@ -39,8 +38,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true) $valid_variables = array_keys($array); } - $is_magic_quotes = get_magic_quotes_gpc(); - foreach ( $valid_variables as $key ) { if ( strlen($key) === 0 ) { @@ -53,8 +50,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true) unset( $target[$key] ); PMA_gpc_extract($array[$key], $target[$key], false); - } elseif ( $is_magic_quotes ) { - $target[$key] = stripslashes($array[$key]); } else { $target[$key] = $array[$key]; } @@ -69,14 +64,16 @@ function PMA_gpc_extract($array, &$target, $sanitize = true) */ $_import_blacklist = array( '/^cfg$/i', // PMA configuration + '/^server$/i', // selected server '/^db$/i', // page to display '/^table$/i', // page to display '/^goto$/i', // page to display + '/^back$/i', // the page go back '/^lang$/i', // selected language - '/^server$/i', // selected server '/^convcharset$/i', // PMA convert charset '/^collation_connection$/i', // '/^set_theme$/i', // + '/^sql_query$/i', // the query to be executed '/^GLOBALS$/i', // the global scope '/^str.*$/i', // PMA localized strings '/^_.*$/i', // PMA does not use variables starting with _ from extern diff --git a/libraries/relation.lib.php b/libraries/relation.lib.php index bb3254722..541d2a45e 100644 --- a/libraries/relation.lib.php +++ b/libraries/relation.lib.php @@ -537,7 +537,7 @@ function PMA_getComments($db, $table = '') { * @access public */ function PMA_handleSlashes($val) { - return (get_magic_quotes_gpc() ? str_replace('\\"', '"', $val) : PMA_sqlAddslashes($val)); + return PMA_sqlAddslashes($val); } // end of the "PMA_handleSlashes()" function /** diff --git a/scripts/setup.php b/scripts/setup.php index bb66395b6..7a2c532d4 100644 --- a/scripts/setup.php +++ b/scripts/setup.php @@ -16,22 +16,6 @@ $PMA_Config = new PMA_Config(); $script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup script by Michal Čihař '; $script_version = '$Id$'; - -/** - * Removes slashes from string if needed (eg. magic quotes are enabled) - * - * @param string prossibly escaped string - * - * @return string unsescaped string - */ -function remove_slashes($val) { - if (get_magic_quotes_gpc()) { - return stripslashes($val); - } - return $val; -} - - // Grab action if (isset($_POST['action'])) { $action = $_POST['action']; @@ -41,7 +25,7 @@ if (isset($_POST['action'])) { if (isset($_POST['configuration']) && $action != 'clear' ) { // Grab previous configuration, if it should not be cleared - $configuration = unserialize(remove_slashes($_POST['configuration'])); + $configuration = unserialize($_POST['configuration']); } else { // Start with empty configuration $configuration = array(); @@ -538,17 +522,17 @@ function grab_values($list) { break; case 'serialized': if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { - $res[$v[0]] = unserialize(remove_slashes($_POST[$v[0]])); + $res[$v[0]] = unserialize($_POST[$v[0]]); } break; case 'int': if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { - $res[$v[0]] = (int)remove_slashes($_POST[$v[0]]); + $res[$v[0]] = (int)$_POST[$v[0]]; } break; case 'tristate': if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { - $cur = remove_slashes($_POST[$v[0]]); + $cur = $_POST[$v[0]]; if ($cur == 'TRUE') { $res[$v[0]] = TRUE; } else if ($cur == 'FALSE') { @@ -561,7 +545,7 @@ function grab_values($list) { case 'string': default: if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { - $res[$v[0]] = remove_slashes($_POST[$v[0]]); + $res[$v[0]] = $_POST[$v[0]]; } break; }