[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc functions.inc.php,1.121.2.13.2.24
From: |
skwashd |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc functions.inc.php,1.121.2.13.2.24 |
Date: |
Fri, 26 Aug 2005 03:33:00 +0200 |
Update of phpgwapi/inc
Modified Files:
Branch: Version-0_9_16-branch
functions.inc.php lines: +41 -39
Log Message:
fix XSS problems and one admin option being broken
====================================================
Index: phpgwapi/inc/functions.inc.php
diff -u phpgwapi/inc/functions.inc.php:1.121.2.13.2.23
phpgwapi/inc/functions.inc.php:1.121.2.13.2.24
--- phpgwapi/inc/functions.inc.php:1.121.2.13.2.23 Wed Aug 24 13:46:44 2005
+++ phpgwapi/inc/functions.inc.php Fri Aug 26 01:33:15 2005
@@ -25,9 +25,9 @@
include_once(PHPGW_API_INC.'/common_functions.inc.php');
/*!
- @function lang
- @abstract function to handle multilanguage support
- */
+ @function lang
+ @abstract function to handle multilanguage support
+ */
function
lang($key,$m1='',$m2='',$m3='',$m4='',$m5='',$m6='',$m7='',$m8='',$m9='',$m10='')
{
if(is_array($m1))
@@ -42,6 +42,34 @@
return $value;
}
+ function clean_vars($vars)
+ {
+ if ( !is_array($vars) )
+ {
+ $data_cleaner = createObject('phpgwapi.data_cleaner',
$vars);
+ return $data_cleaner->clean();
+ }
+
+ foreach ( $vars as $key => $val )
+ {
+ $vars[$key] = clean_vars($val);
+ }
+ return $vars;
+ }
+
+ // Remove this and I will make sure that you lose important parts of
your anatomy - skwashd
+ $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
+ $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
+ foreach ( $to_cleans as $to_clean )
+ {
+ if ( isset($GLOBALS[$to_clean]) &&
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
+ {
+ $GLOBALS['to_clean'] = clean_vars($GLOBALS['to_clean']);
+ $GLOBALS["HTTP{$to_change}_VARS"] =
$GLOBALS[$to_change];//legacy app support - will be dropped in 18
+ }
+ }
+
+
/* Make sure the header.inc.php is current. */
if ($GLOBALS['phpgw_info']['server']['versions']['header'] <
$GLOBALS['phpgw_info']['server']['versions']['current_header'])
{
@@ -54,20 +82,20 @@
if (!isset($GLOBALS['phpgw_info']['flags']['currentapp']))
{
/* This object does not exist yet. */
- /* $GLOBALS['phpgw']->log->write(array('text'=>'W-MissingFlags,
currentapp flag not set'));*/
+ /*
$GLOBALS['phpgw']->log->write(array('text'=>'W-MissingFlags, currentapp flag
not set'));*/
echo '<b>!!! YOU DO NOT HAVE YOUR
$GLOBALS[\'phpgw_info\'][\'flags\'][\'currentapp\'] SET !!!';
echo '<br />!!! PLEASE CORRECT THIS SITUATION !!!</b>';
}
magic_quotes_runtime(false);
-// Can't use this yet - errorlog hasn't been created.
-// print_debug('sane environment','messageonly','api');
+ // Can't use this yet - errorlog hasn't been created.
+ // print_debug('sane environment','messageonly','api');
/****************************************************************************\
- * Multi-Domain support
*
-
\****************************************************************************/
-
+ * Multi-Domain support
*
+
\****************************************************************************/
+
/* make them fix their header */
if (!isset($GLOBALS['phpgw_domain']))
{
@@ -113,34 +141,8 @@
unset ($GLOBALS['phpgw_domain']); // we kill this for security
reasons
}
-// Can't use this yet - errorlog hasn't been created.
-// print_debug('domain',@$GLOBALS['phpgw_info']['user']['domain'],'api');
-
- // Remove this and you will loose important parts of your anatomy -
skwashd
- $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
- $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
- $data_cleaner = createObject('phpgwapi.data_cleaner', '');
- foreach ( $to_cleans as $to_clean )
- {
- if ( isset($GLOBALS[$to_clean]) &&
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
- {
- foreach ( $GLOBALS[$to_clean] as $key => $val )
- {
- if ( !is_array($val) )
- {
- $GLOBALS[$to_clean][$key] =
$data_cleaner->clean($val);
- }
- else
- {
- foreach ( $val as $skey => $sval )
- {
-
$GLOBALS[$to_clean][$key][$skey] = $data_cleaner->clean($val);
- }
- }
- }
- $GLOBALS["HTTP{$to_change}_VARS"] =
$GLOBALS[$to_change];
- }
- }
+ // Can't use this yet - errorlog hasn't been created.
+ //
print_debug('domain',@$GLOBALS['phpgw_info']['user']['domain'],'api');
/****************************************************************************\
* These lines load up the API, fill up the $phpgw_info array, etc
*
@@ -481,5 +483,5 @@
include_once(PHPGW_APP_INC . '/header.inc.php');
}
}
-
+
error_reporting(E_ERROR | E_WARNING | E_PARSE);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc functions.inc.php,1.121.2.13.2.24,
skwashd <=