ChangeSet ID: 26108 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2006/06/28 12:30:44
Added files: include : filter.php
Log message: Jonathan Ernst jonathan@ernstfamily.ch Automatic filtering of $_REQUEST variables
Patch: http://cvs.winehq.org/patch.py?id=26108
Old revision New revision Changes Path Added 1.1 +0 -0 appdb/include/filter.php
Index: appdb/include/filter.php diff -u -p /dev/null appdb/include/filter.php:1.1 --- /dev/null 28 Jun 2006 17:30:44 -0000 +++ appdb/include/filter.php 28 Jun 2006 17:30:44 -0000 @@ -0,0 +1,54 @@ +<?php +$aClean = array(); +filter_gpc(); + +/* + * Make all get/post/cookies variable clean based on their names. + */ +function filter_gpc() +{ + global $aClean; + $aKeys = array_keys($_REQUEST); + for($i=0;$i<sizeof($aKeys);$i++) + { + switch($aKeys[$i][0]) + { + case "i": // integer + case "f": // float + if(is_numeric($_REQUEST[$aKeys[$i]])) + $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]]; + else + util_show_error_page("Fatal error: ".$aKeys[$i]." should be a numeric value."); + break; + case "b": // boolean + if($_REQUEST[$aKeys[$i]]=="true" || $_REQUEST[$aKeys[$i]]=="false") + $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]]; + else + util_show_error_page("Fatal error: ".$aKeys[$i]." should be a boolean value."); + break; + case "s": // string + switch($aKeys[$i][1]) + { + case "h": // HTML string + $aClean[$aKeys[$i]] = htmlspecialchars($_REQUEST[$aKeys[$i]]); + break; + default: // normal string (no HTML) + $aClean[$aKeys[$i]] = strip_tags($_REQUEST[$aKeys[$i]]); + break; + } + break; + default: + if($aKeys[$i]!="whq_appdb") // that's the name of the session cookie + util_show_error_page("Fatal error: type of variable ".$aKeys[$i]." is not recognized."); + break; + } + } + + /* null out all input data so we can be assured that */ + /* no unfiltered values are being used */ + $_REQUEST = array(); + $_POST = array(); + $_GET = array(); + $_COOKIES = array(); +} +?>
-
WineHQ