Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Function parse_str respects magic_quotes_gpc (bug #3034575)

  • Loading branch information...
commit 72f4d9e245fad4ae1f74a01ebe54c90ab41f4323 1 parent 6e50eb8
@vrana authored
View
16 adminer/include/bootstrap.inc.php
@@ -38,21 +38,7 @@
}
// disable magic quotes to be able to use database escaping function
-if (get_magic_quotes_gpc()) {
- $process = array(&$_GET, &$_POST, &$_COOKIE);
- while (list($key, $val) = each($process)) {
- foreach ($val as $k => $v) {
- unset($process[$key][$k]);
- if (is_array($v)) {
- $process[$key][stripslashes($k)] = $v;
- $process[] = &$process[$key][stripslashes($k)];
- } else {
- $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
- }
- }
- }
- unset($process);
-}
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
if (function_exists("set_magic_quotes_runtime")) {
set_magic_quotes_runtime(false);
}
View
21 adminer/include/functions.inc.php
@@ -26,6 +26,26 @@ function escape_string($val) {
return substr($connection->quote($val), 1, -1);
}
+/** Disable magic_quotes_gpc
+* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @return null modified in place
+*/
+function remove_slashes($process) {
+ if (get_magic_quotes_gpc()) {
+ while (list($key, $val) = each($process)) {
+ foreach ($val as $k => $v) {
+ unset($process[$key][$k]);
+ if (is_array($v)) {
+ $process[$key][stripslashes($k)] = $v;
+ $process[] = &$process[$key][stripslashes($k)];
+ } else {
+ $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
@juzna
juzna added a note

Is there some kind of magic, or is variable $filter really undefined?

@vrana Owner
vrana added a note

No magic, thanks for spotting this. I've fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ }
+ }
+ }
+ }
+}
+
/** Escape or unescape string to use inside form []
* @param string
* @param bool
@@ -214,6 +234,7 @@ function where($where) {
*/
function where_check($val) {
parse_str($val, $check);
+ remove_slashes(array(&$check));
return where($check);
}
@juzna

Is there some kind of magic, or is variable $filter really undefined?

@vrana

No magic, thanks for spotting this. I've fixed it.

Please sign in to comment.
Something went wrong with that request. Please try again.