appdb/include filter.php
WineHQ
wineowner at wine.codeweavers.com
Wed Jun 28 12:30:44 CDT 2006
ChangeSet ID: 26108
CVSROOT: /opt/cvs-commit
Module name: appdb
Changes by: wineowner at winehq.org 2006/06/28 12:30:44
Added files:
include : filter.php
Log message:
Jonathan Ernst <jonathan at ernstfamily.ch>
Automatic filtering of $_REQUEST variables
Patch: http://cvs.winehq.org/patch.py?id=26108
Old revision New revision Changes Path
Added 1.1 +0 -0 appdb/include/filter.php
Index: appdb/include/filter.php
diff -u -p /dev/null appdb/include/filter.php:1.1
--- /dev/null 28 Jun 2006 17:30:44 -0000
+++ appdb/include/filter.php 28 Jun 2006 17:30:44 -0000
@@ -0,0 +1,54 @@
+<?php
+$aClean = array();
+filter_gpc();
+
+/*
+ * Make all get/post/cookies variable clean based on their names.
+ */
+function filter_gpc()
+{
+ global $aClean;
+ $aKeys = array_keys($_REQUEST);
+ for($i=0;$i<sizeof($aKeys);$i++)
+ {
+ switch($aKeys[$i][0])
+ {
+ case "i": // integer
+ case "f": // float
+ if(is_numeric($_REQUEST[$aKeys[$i]]))
+ $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+ else
+ util_show_error_page("Fatal error: ".$aKeys[$i]." should be a numeric value.");
+ break;
+ case "b": // boolean
+ if($_REQUEST[$aKeys[$i]]=="true" || $_REQUEST[$aKeys[$i]]=="false")
+ $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+ else
+ util_show_error_page("Fatal error: ".$aKeys[$i]." should be a boolean value.");
+ break;
+ case "s": // string
+ switch($aKeys[$i][1])
+ {
+ case "h": // HTML string
+ $aClean[$aKeys[$i]] = htmlspecialchars($_REQUEST[$aKeys[$i]]);
+ break;
+ default: // normal string (no HTML)
+ $aClean[$aKeys[$i]] = strip_tags($_REQUEST[$aKeys[$i]]);
+ break;
+ }
+ break;
+ default:
+ if($aKeys[$i]!="whq_appdb") // that's the name of the session cookie
+ util_show_error_page("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
+ break;
+ }
+ }
+
+ /* null out all input data so we can be assured that */
+ /* no unfiltered values are being used */
+ $_REQUEST = array();
+ $_POST = array();
+ $_GET = array();
+ $_COOKIES = array();
+}
+?>
More information about the wine-cvs
mailing list