appdb/include filter.php

WineHQ wineowner at wine.codeweavers.com
Wed Jun 28 12:30:44 CDT 2006 

ChangeSet ID:	26108
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner at winehq.org	2006/06/28 12:30:44

Added files:
	include        : filter.php 

Log message:
	Jonathan Ernst <jonathan at ernstfamily.ch>
	Automatic filtering of $_REQUEST variables

Patch: http://cvs.winehq.org/patch.py?id=26108

Old revision  New revision  Changes     Path
 Added         1.1           +0 -0       appdb/include/filter.php

Index: appdb/include/filter.php
diff -u -p /dev/null appdb/include/filter.php:1.1
--- /dev/null	28 Jun 2006 17:30:44 -0000
+++ appdb/include/filter.php	28 Jun 2006 17:30:44 -0000
@@ -0,0 +1,54 @@
+<?php
+$aClean = array();
+filter_gpc();
+
+/*
+ * Make all get/post/cookies variable clean based on their names.
+ */
+function filter_gpc()
+{
+    global $aClean;
+    $aKeys = array_keys($_REQUEST);
+    for($i=0;$i<sizeof($aKeys);$i++)
+    {
+        switch($aKeys[$i][0])
+        {
+            case "i": // integer
+            case "f": // float
+                if(is_numeric($_REQUEST[$aKeys[$i]]))
+                    $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+                else
+                    util_show_error_page("Fatal error: ".$aKeys[$i]." should be a numeric value.");
+            break;
+            case "b": // boolean
+                if($_REQUEST[$aKeys[$i]]=="true" || $_REQUEST[$aKeys[$i]]=="false")
+                    $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+                else
+                    util_show_error_page("Fatal error: ".$aKeys[$i]." should be a boolean value.");
+            break;
+            case "s": // string
+                switch($aKeys[$i][1])
+                {
+                     case "h": // HTML string
+                         $aClean[$aKeys[$i]] = htmlspecialchars($_REQUEST[$aKeys[$i]]);
+                     break;
+                     default: // normal string (no HTML)
+                          $aClean[$aKeys[$i]] = strip_tags($_REQUEST[$aKeys[$i]]);
+                     break;
+                }
+            break;
+            default:
+                if($aKeys[$i]!="whq_appdb") // that's the name of the session cookie
+                    util_show_error_page("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
+            break;
+        }
+    }
+    
+    /* null out all input data so we can be assured that */
+    /* no unfiltered values are being used */
+    $_REQUEST = array();
+    $_POST = array();
+    $_GET = array();
+    $_COOKIES = array();
+}
+?>

More information about the wine-cvs mailing list