From 4730ce3242d014b5f484b153c23e2178e8beaba3 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sat, 22 Jan 2005 22:36:23 +0000 Subject: [PATCH] Strip registered globals. Make _isso::sanitize _isso::unsanitize behave like they're magically escaping data if magic quotes is enabled. --- kernel.php | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/kernel.php b/kernel.php index fb3a0b7..aad9db9 100644 --- a/kernel.php +++ b/kernel.php @@ -14,6 +14,24 @@ define('ERR_FATAL', E_USER_ERROR); define('ERR_ERROR', E_USER_WARNING); define('ERR_WARNING', E_USER_NOTICE); +if ((bool)ini_get('register_globals') === true) +{ + $superglobals = array('_GET', '_COOKIE', '_FILES', '_POST', '_SERVER', '_ENV'); + foreach ($superglobals AS $global) + { + if (is_array(${$global})) + { + foreach (${$global} AS $_key => $_val) + { + if (isset(${$_key})) + { + unset(${$_key}); + } + } + } + } +} + /** * Iris Studios Shared Object Framework (ISSO) * @@ -307,7 +325,14 @@ class Shared_Object_Framework */ function sanitize($text) { - return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); + if ($this->magicquotes) + { + return str_replace(array('<', '>', '\"', '"'), array('<', '>', '"', '"'), $text); + } + else + { + return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); + } } /** @@ -319,7 +344,14 @@ class Shared_Object_Framework */ function unsanitize($text) { - return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); + if ($this->magicquotes) + { + return str_replace(array('<', '>', '"'), array('<', '>', '\"'), $text); + } + else + { + return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); + } } /** -- 2.43.5