Permalink
Browse files

Function parse_str respects magic_quotes_gpc (bug #3034575)

  • Loading branch information...
1 parent 6e50eb8 commit 72f4d9e245fad4ae1f74a01ebe54c90ab41f4323 @vrana committed Jul 26, 2010
Showing with 22 additions and 15 deletions.
  1. +1 −15 adminer/include/bootstrap.inc.php
  2. +21 −0 adminer/include/functions.inc.php
View
16 adminer/include/bootstrap.inc.php
@@ -38,21 +38,7 @@
}
// disable magic quotes to be able to use database escaping function
-if (get_magic_quotes_gpc()) {
- $process = array(&$_GET, &$_POST, &$_COOKIE);
- while (list($key, $val) = each($process)) {
- foreach ($val as $k => $v) {
- unset($process[$key][$k]);
- if (is_array($v)) {
- $process[$key][stripslashes($k)] = $v;
- $process[] = &$process[$key][stripslashes($k)];
- } else {
- $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
- }
- }
- }
- unset($process);
-}
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
if (function_exists("set_magic_quotes_runtime")) {
set_magic_quotes_runtime(false);
}
View
21 adminer/include/functions.inc.php
@@ -26,6 +26,26 @@ function escape_string($val) {
return substr($connection->quote($val), 1, -1);
}
+/** Disable magic_quotes_gpc
+* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @return null modified in place
+*/
+function remove_slashes($process) {
+ if (get_magic_quotes_gpc()) {
+ while (list($key, $val) = each($process)) {
+ foreach ($val as $k => $v) {
+ unset($process[$key][$k]);
+ if (is_array($v)) {
+ $process[$key][stripslashes($k)] = $v;
+ $process[] = &$process[$key][stripslashes($k)];
+ } else {
+ $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
@juzna
juzna added a line comment Jul 22, 2011

Is there some kind of magic, or is variable $filter really undefined?

@vrana
Owner
vrana added a line comment Jul 22, 2011

No magic, thanks for spotting this. I've fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ }
+ }
+ }
+ }
+}
+
/** Escape or unescape string to use inside form []
* @param string
* @param bool
@@ -214,6 +234,7 @@ function where($where) {
*/
function where_check($val) {
parse_str($val, $check);
+ remove_slashes(array(&$check));
return where($check);
}

0 comments on commit 72f4d9e

Please sign in to comment.