nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check magic_quotes only once in common.inc.php

Browse Source
This commit is contained in:
Sebastian Mendel
2005-12-12 14:28:28 +00:00
parent 1b47c6c676
commit 5b9cab5a91
6 changed files with 49 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libraries/auth/cookie.auth.lib.php
View File

@@ -86,9 +86,6 @@ function PMA_auth()
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
$default_server = $_COOKIE['pma_cookie_servername-' . $server]; $default_server = $_COOKIE['pma_cookie_servername-' . $server];
} }
if (isset($default_server) && get_magic_quotes_gpc()) {
$default_server = stripslashes($default_server);
}
$autocomplete = ''; $autocomplete = '';
} }

4
libraries/auth/http.auth.lib.php
View File

@@ -135,10 +135,6 @@ function PMA_auth_check()
if (empty($PHP_AUTH_USER)) { if (empty($PHP_AUTH_USER)) {
return FALSE; return FALSE;
} else { } else {
if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
}
return TRUE; return TRUE;
} }
} // end of the 'PMA_auth_check()' function } // end of the 'PMA_auth_check()' function

41
libraries/common.lib.php
View File

@@ -421,7 +421,7 @@ function PMA_dl($module)
* merges array recursive like array_merge_recursive() but keyed-values are * merges array recursive like array_merge_recursive() but keyed-values are
* always overwritten. * always overwritten.
* *
* array PMA_array_merge_recursive(array array1 [, array array2 [, array ...]]) * array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]])
* *
* @see http://php.net/array_merge * @see http://php.net/array_merge
* @see http://php.net/array_merge_recursive * @see http://php.net/array_merge_recursive
@@ -467,6 +467,23 @@ function PMA_array_merge_recursive()
} }
} }
/**
* calls $function vor every element in $array recursively
*
* @param array $array array to walk
* @param string $function function to call for every array element
*/
function PMA_arrayWalkRecursive(&$array, $function)
{
foreach ($array as $key => $value) {
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function);
} else {
$array[$key] = $function($value);
}
}
}
/** /**
* include here only libraries which contain only function definitions * include here only libraries which contain only function definitions
* no code im main()! * no code im main()!
@@ -2567,6 +2584,12 @@ if (isset($_POST['usesubform'])) {
} // end if (isset($_POST['usesubform'])) } // end if (isset($_POST['usesubform']))
// end check if a subform is submitted // end check if a subform is submitted
if (get_magic_quotes_gpc()) {
PMA_arrayWalkRecursive($_GET, 'stripslashes');
PMA_arrayWalkRecursive($_POST, 'stripslashes');
PMA_arrayWalkRecursive($_COOKIE, 'stripslashes');
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes');
}
require_once './libraries/session.inc.php'; require_once './libraries/session.inc.php';
@@ -2677,6 +2700,15 @@ if (isset($_REQUEST['goto']) && in_array($_REQUEST['goto'], $goto_whitelist)) {
$GLOBALS['goto'] = ''; $GLOBALS['goto'] = '';
} }
/**
* @var string $back returning page
*/
if (isset($_REQUEST['back']) && in_array($_REQUEST['back'], $goto_whitelist)) {
$GLOBALS['back'] = $_REQUEST['back'];
} else {
unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
}
/** /**
* @var string $convcharset * @var string $convcharset
* @see also select_lang.lib.php * @see also select_lang.lib.php
@@ -2709,6 +2741,13 @@ if (isset($_REQUEST['table'])) {
$GLOBALS['table'] = ''; $GLOBALS['table'] = '';
} }
/**
* @var string $sql_query sql query to be executed
*/
if (isset($_REQUEST['sql_query'])) {
$GLOBALS['sql_query'] = $_REQUEST['sql_query'];
}
//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
//$_REQUEST['server']; // checked later in this file //$_REQUEST['server']; // checked later in this file
//$_REQUEST['lang']; // checked by LABEL_loading_language_file //$_REQUEST['lang']; // checked by LABEL_loading_language_file

9
libraries/grab_globals.lib.php
View File

@@ -19,7 +19,6 @@
* @uses preg_replace() * @uses preg_replace()
* @uses array_keys() * @uses array_keys()
* @uses array_unique() * @uses array_unique()
* @uses get_magic_quotes_gpc() to check wether stripslashes or not
* @uses stripslashes() * @uses stripslashes()
* @param array $array values from * @param array $array values from
* @param array $target values to * @param array $target values to
@@ -39,8 +38,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
$valid_variables = array_keys($array); $valid_variables = array_keys($array);
} }
$is_magic_quotes = get_magic_quotes_gpc();
foreach ( $valid_variables as $key ) { foreach ( $valid_variables as $key ) {
if ( strlen($key) === 0 ) { if ( strlen($key) === 0 ) {
@@ -53,8 +50,6 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
unset( $target[$key] ); unset( $target[$key] );
PMA_gpc_extract($array[$key], $target[$key], false); PMA_gpc_extract($array[$key], $target[$key], false);
} elseif ( $is_magic_quotes ) {
$target[$key] = stripslashes($array[$key]);
} else { } else {
$target[$key] = $array[$key]; $target[$key] = $array[$key];
} }
@@ -69,14 +64,16 @@ function PMA_gpc_extract($array, &$target, $sanitize = true)
*/ */
$_import_blacklist = array( $_import_blacklist = array(
'/^cfg$/i', // PMA configuration '/^cfg$/i', // PMA configuration
'/^server$/i', // selected server
'/^db$/i', // page to display '/^db$/i', // page to display
'/^table$/i', // page to display '/^table$/i', // page to display
'/^goto$/i', // page to display '/^goto$/i', // page to display
'/^back$/i', // the page go back
'/^lang$/i', // selected language '/^lang$/i', // selected language
'/^server$/i', // selected server
'/^convcharset$/i', // PMA convert charset '/^convcharset$/i', // PMA convert charset
'/^collation_connection$/i', // '/^collation_connection$/i', //
'/^set_theme$/i', // '/^set_theme$/i', //
'/^sql_query$/i', // the query to be executed
'/^GLOBALS$/i', // the global scope '/^GLOBALS$/i', // the global scope
'/^str.*$/i', // PMA localized strings '/^str.*$/i', // PMA localized strings
'/^_.*$/i', // PMA does not use variables starting with _ from extern '/^_.*$/i', // PMA does not use variables starting with _ from extern

2
libraries/relation.lib.php
View File

@@ -537,7 +537,7 @@ function PMA_getComments($db, $table = '') {
* @access public * @access public
*/ */
function PMA_handleSlashes($val) { function PMA_handleSlashes($val) {
return (get_magic_quotes_gpc() ? str_replace('\\"', '"', $val) : PMA_sqlAddslashes($val)); return PMA_sqlAddslashes($val);
} // end of the "PMA_handleSlashes()" function } // end of the "PMA_handleSlashes()" function
/** /**

26
scripts/setup.php
View File

@@ -16,22 +16,6 @@ $PMA_Config = new PMA_Config();
$script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup script by Michal Čihař <michal@cihar.com>'; $script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup script by Michal Čihař <michal@cihar.com>';
$script_version = '$Id$'; $script_version = '$Id$';
/**
* Removes slashes from string if needed (eg. magic quotes are enabled)
*
* @param string prossibly escaped string
*
* @return string unsescaped string
*/
function remove_slashes($val) {
if (get_magic_quotes_gpc()) {
return stripslashes($val);
}
return $val;
}
// Grab action // Grab action
if (isset($_POST['action'])) { if (isset($_POST['action'])) {
$action = $_POST['action']; $action = $_POST['action'];
@@ -41,7 +25,7 @@ if (isset($_POST['action'])) {
if (isset($_POST['configuration']) && $action != 'clear' ) { if (isset($_POST['configuration']) && $action != 'clear' ) {
// Grab previous configuration, if it should not be cleared // Grab previous configuration, if it should not be cleared
$configuration = unserialize(remove_slashes($_POST['configuration'])); $configuration = unserialize($_POST['configuration']);
} else { } else {
// Start with empty configuration // Start with empty configuration
$configuration = array(); $configuration = array();
@@ -538,17 +522,17 @@ function grab_values($list) {
break; break;
case 'serialized': case 'serialized':
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
$res[$v[0]] = unserialize(remove_slashes($_POST[$v[0]])); $res[$v[0]] = unserialize($_POST[$v[0]]);
} }
break; break;
case 'int': case 'int':
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
$res[$v[0]] = (int)remove_slashes($_POST[$v[0]]); $res[$v[0]] = (int)$_POST[$v[0]];
} }
break; break;
case 'tristate': case 'tristate':
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
$cur = remove_slashes($_POST[$v[0]]); $cur = $_POST[$v[0]];
if ($cur == 'TRUE') { if ($cur == 'TRUE') {
$res[$v[0]] = TRUE; $res[$v[0]] = TRUE;
} else if ($cur == 'FALSE') { } else if ($cur == 'FALSE') {
@@ -561,7 +545,7 @@ function grab_values($list) {
case 'string': case 'string':
default: default:
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) { if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
$res[$v[0]] = remove_slashes($_POST[$v[0]]); $res[$v[0]] = $_POST[$v[0]];
} }
break; break;
} }