From 21ff3799a65a4d51595238a67f21e23a042acb33 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 20 Feb 2005 01:43:25 +0000 Subject: [PATCH] Added magic quotes mimicker, except it actually works well. Added support for isso::db::escape_string() for when isso::magicquotes is set to true. --- kernel.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/kernel.php b/kernel.php index ebe9ec3..4de580f 100644 --- a/kernel.php +++ b/kernel.php @@ -91,6 +91,7 @@ class Shared_Object_Framework * @var i Short-hand reference to $isso::input * @var in Short-hand reference to $isso::input * @var magicquotes Status of Magic Quotes GPC + * @var escapestrings Sets whether or not we escape strings automatically */ var $version = '[#]version[#]'; var $sourcepath = ''; @@ -103,6 +104,7 @@ class Shared_Object_Framework var $i = array(); var $in = array(); var $magicquotes = 0; + var $escapestrings = false; /** * Constructor @@ -116,10 +118,16 @@ class Shared_Object_Framework $this->magicquotes = get_magic_quotes_gpc(); set_magic_quotes_runtime(0); + if (defined('ISSO_ESCAPE_STRINGS')) + { + $this->escapestrings = (bool)constant('ISSO_ESCAPE_STRINGS'); + } + // start input sanitize using variable_order GP - $this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST)); - $this->i =& $this->input; - $this->in =& $this->input; + if (!$this->escapestrings) + { + $this->exec_sanitize_data(); + } $this->modules['kernel'] = 'Shared Object Framework Core'; } @@ -357,7 +365,14 @@ class Shared_Object_Framework } else { - $data["$key"] = $this->sanitize($value); + if ($this->escapestrings) + { + $data["$key"] = $this->escape($this->sanitize($value)); + } + else + { + $data["$key"] = $this->sanitize($value); + } } } return $data; @@ -414,7 +429,21 @@ class Shared_Object_Framework if ($this->magicquotes) { - return $str; + if (isset($_isso->db)) + { + if (is_resource($_isso->db->link_id)) + { + return $_isso->db->escape_string(stripslashes($str)); + } + else + { + return $str; + } + } + else + { + return $str; + } } else { @@ -435,6 +464,18 @@ class Shared_Object_Framework } } } + + /** + * Runs through all of the input data and sanitizes it. + */ + function exec_sanitize_data() + { + $this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST)); + $this->i =& $this->input; + $this->in =& $this->input; + // we're now using magic quotes + $this->magicquotes = 1; + } } /** -- 2.43.5