nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

protect $import_blacklist from overwriting

Browse Source
This commit is contained in:
Sebastian Mendel
2005-12-06 14:51:49 +00:00
parent a49827a084
commit 5f3b086ed2
2 changed files with 25 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -24,6 +24,7 @@ $Source$
- added PHP 5 constructor - added PHP 5 constructor
- added comments - added comments
- PEAR coding standard - PEAR coding standard
* libraries/grab_globals.lib.php: protect $import_blacklist from overwriting
2005-12-05 Sebastian Mendel <cybot_tm@users.sourceforge.net> 2005-12-05 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/common.lib.php: added PMA_array_merge_recursive() * libraries/common.lib.php: added PMA_array_merge_recursive()

12
libraries/grab_globals.lib.php
View File

@@ -74,7 +74,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
/** /**
* copy values from one array to another, usally from a superglobal into $GLOBALS * copy values from one array to another, usally from a superglobal into $GLOBALS
* *
* @uses $GLOBALS['import_blacklist'] * @uses $GLOBALS['_import_blacklist']
* @uses preg_replace() * @uses preg_replace()
* @uses array_keys() * @uses array_keys()
* @uses array_unique() * @uses array_unique()
@@ -82,7 +82,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
* @uses stripslashes() * @uses stripslashes()
* @param array $array values from * @param array $array values from
* @param array $target values to * @param array $target values to
* @param boolean $sanitize prevent importing key names in $import_blacklist * @param boolean $sanitize prevent importing key names in $_import_blacklist
*/ */
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
if (!is_array($array)) { if (!is_array($array)) {
@@ -90,7 +90,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
} }
if ( $sanitize ) { if ( $sanitize ) {
$valid_variables = preg_replace( $GLOBALS['import_blacklist'], '', $valid_variables = preg_replace( $GLOBALS['_import_blacklist'], '',
array_keys( $array ) ); array_keys( $array ) );
$valid_variables = array_unique( $valid_variables ); $valid_variables = array_unique( $valid_variables );
} else { } else {
@@ -122,10 +122,10 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
/** /**
* @var array $import_blacklist variable names that should NEVER be imported * @var array $_import_blacklist variable names that should NEVER be imported
* from superglobals * from superglobals
*/ */
$import_blacklist = array( $_import_blacklist = array(
'/^cfg$/i', // PMA configuration '/^cfg$/i', // PMA configuration
'/^GLOBALS$/i', // the global scope '/^GLOBALS$/i', // the global scope
'/^str.*$/i', // PMA strings '/^str.*$/i', // PMA strings
@@ -173,7 +173,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
unset($goto); unset($goto);
} // end if } // end if
unset( $import_blacklist ); unset( $_import_blacklist );
if ( ! empty( $__redirect ) ) { if ( ! empty( $__redirect ) ) {
// TODO: ensure that PMA_securePath() is defined and available // TODO: ensure that PMA_securePath() is defined and available