From 21ff3799a65a4d51595238a67f21e23a042acb33 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 20 Feb 2005 01:43:25 +0000
Subject: [PATCH] Added magic quotes mimicker, except it actually works well.
 Added support for isso::db::escape_string() for when isso::magicquotes is set
 to true.

---
 kernel.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/kernel.php b/kernel.php
index ebe9ec3..4de580f 100644
--- a/kernel.php
+++ b/kernel.php
@@ -91,6 +91,7 @@ class Shared_Object_Framework
 	* @var	i				Short-hand reference to $isso::input
 	* @var	in				Short-hand reference to $isso::input
 	* @var	magicquotes		Status of Magic Quotes GPC
+	* @var	escapestrings	Sets whether or not we escape strings automatically
 	*/
 	var $version = '[#]version[#]';
 	var $sourcepath = '';
@@ -103,6 +104,7 @@ class Shared_Object_Framework
 	var $i = array();
 	var $in = array();
 	var $magicquotes = 0;
+	var $escapestrings = false;
 	
 	/**
 	* Constructor
@@ -116,10 +118,16 @@ class Shared_Object_Framework
 		$this->magicquotes = get_magic_quotes_gpc();
 		set_magic_quotes_runtime(0);
 		
+		if (defined('ISSO_ESCAPE_STRINGS'))
+		{
+			$this->escapestrings = (bool)constant('ISSO_ESCAPE_STRINGS');
+		}
+		
 		// start input sanitize using variable_order GP
-		$this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST));
-		$this->i =& $this->input;
-		$this->in =& $this->input;
+		if (!$this->escapestrings)
+		{
+			$this->exec_sanitize_data();
+		}
 		
 		$this->modules['kernel'] = 'Shared Object Framework Core';
 	}
@@ -357,7 +365,14 @@ class Shared_Object_Framework
 			}
 			else
 			{
-				$data["$key"] = $this->sanitize($value);
+				if ($this->escapestrings)
+				{
+					$data["$key"] = $this->escape($this->sanitize($value));
+				}
+				else
+				{
+					$data["$key"] = $this->sanitize($value);
+				}
 			}
 		}
 		return $data;
@@ -414,7 +429,21 @@ class Shared_Object_Framework
 		
 		if ($this->magicquotes)
 		{
-			return $str;
+			if (isset($_isso->db))
+			{
+				if (is_resource($_isso->db->link_id))
+				{
+					return $_isso->db->escape_string(stripslashes($str));
+				}
+				else
+				{
+					return $str;
+				}
+			}
+			else
+			{
+				return $str;
+			}
 		}
 		else
 		{
@@ -435,6 +464,18 @@ class Shared_Object_Framework
 			}
 		}
 	}
+	
+	/**
+	* Runs through all of the input data and sanitizes it.
+	*/
+	function exec_sanitize_data()
+	{
+		$this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST));
+		$this->i =& $this->input;
+		$this->in =& $this->input;
+		// we're now using magic quotes
+		$this->magicquotes = 1;
+	}
 }
 
 /**
-- 
2.22.5