protect $import_blacklist from overwriting

2005-12-06 14:51:49 +00:00
parent a49827a084
commit 5f3b086ed2
2 changed files with 25 additions and 24 deletions
--- a/1
+++ b/1
@@ -24,6 +24,7 @@ $Source$
      - added PHP 5 constructor
      - added comments
      - PEAR coding standard
+    * libraries/grab_globals.lib.php: protect $import_blacklist from overwriting

 2005-12-05 Sebastian Mendel <cybot_tm@users.sourceforge.net>
    * libraries/common.lib.php: added PMA_array_merge_recursive()
--- a/libraries/grab_globals.lib.php
+++ b/libraries/grab_globals.lib.php
@@ -74,7 +74,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
    /**
     * copy values from one array to another, usally from a superglobal into $GLOBALS
     *
-     * @uses    $GLOBALS['import_blacklist']
+     * @uses    $GLOBALS['_import_blacklist']
     * @uses    preg_replace()
     * @uses    array_keys()
     * @uses    array_unique()
@@ -82,7 +82,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
     * @uses    stripslashes()
     * @param   array   $array      values from
     * @param   array   $target     values to
-     * @param   boolean $sanitize   prevent importing key names in $import_blacklist
+     * @param   boolean $sanitize   prevent importing key names in $_import_blacklist
     */
    function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
        if (!is_array($array)) {
@@ -90,7 +90,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
        }

        if ( $sanitize ) {
-            $valid_variables = preg_replace( $GLOBALS['import_blacklist'], '',
+            $valid_variables = preg_replace( $GLOBALS['_import_blacklist'], '',
                array_keys( $array ) );
            $valid_variables = array_unique( $valid_variables );
        } else {
@@ -122,10 +122,10 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {


    /**
-     * @var array $import_blacklist variable names that should NEVER be imported
+     * @var array $_import_blacklist variable names that should NEVER be imported
     *                              from superglobals
     */
-    $import_blacklist = array(
+    $_import_blacklist = array(
        '/^cfg$/i',      // PMA configuration
        '/^GLOBALS$/i',  // the global scope
        '/^str.*$/i',    // PMA strings
@@ -173,7 +173,7 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
        unset($goto);
    } // end if

-    unset( $import_blacklist );
+    unset( $_import_blacklist );

    if ( ! empty( $__redirect ) ) {
        // TODO: ensure that PMA_securePath() is defined and available