Rev 3 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 3 | Rev 10 | ||
|---|---|---|---|
| Line 35... | Line 35... | ||
| 35 | 35 | ||
| 36 | // 1. Magic Quotes Sybase abschalten |
36 | // 1. Magic Quotes Sybase abschalten |
| 37 | @ini_set('magic_quotes_sybase', 'Off'); |
37 | @ini_set('magic_quotes_sybase', 'Off'); |
| 38 | 38 | ||
| 39 | // 2. Magic Quotes Runtime abschalten |
39 | // 2. Magic Quotes Runtime abschalten |
| 40 | set_magic_quotes_runtime(0); |
40 | if (function_exists('set_magic_quotes_runtime')) set_magic_quotes_runtime(0); |
| 41 | 41 | ||
| 42 | // 3. variables_order / gpc_order ersetzen |
42 | // 3. variables_order / gpc_order ersetzen |
| 43 | @ini_set('register_long_arrays', '1'); |
43 | @ini_set('register_long_arrays', '1'); |
| 44 | $types_to_register = array('ENV', 'GET', 'POST', 'COOKIE', 'SERVER'); // SESSION und FILES werden nicht extrahiert |
44 | $types_to_register = array('ENV', 'GET', 'POST', 'COOKIE', 'SERVER'); // SESSION und FILES werden nicht extrahiert |
| 45 | foreach ($types_to_register as $rtype) |
45 | foreach ($types_to_register as $rtype) |
| 46 | { |
46 | { |
| 47 | // 4. Funktion von "Register Globals" ersetzen, wenn es ausgeschaltet ist |
47 | // 4. Funktion von "Register Globals" ersetzen, wenn es ausgeschaltet ist |
| - | 48 | if (!ini_get('register_globals')) { |
|
| - | 49 | if (@count(${'_'.$rtype}) > 0) { |
|
| - | 50 | extract(${'_'.$rtype}, EXTR_OVERWRITE); |
|
| 48 | if ((!ini_get('register_globals')) && (@count(${'HTTP_'.$rtype.'_VARS'}) > 0)) |
51 | } else if (@count(${'HTTP_'.$rtype.'_VARS'}) > 0) { |
| 49 | extract(${'HTTP_'.$rtype.'_VARS'}, EXTR_OVERWRITE); |
52 | extract(${'_'.$rtype}, EXTR_OVERWRITE); |
| - | 53 | } |
|
| - | 54 | } |
|
| 50 | 55 | ||
| 51 | // Workaround, wenn register_long_arrays nicht auf 1 gesetzt werden konnte |
56 | // Workaround, wenn register_long_arrays nicht auf 1 gesetzt werden konnte |
| 52 | if (ini_get('register_long_arrays') == '1') |
57 | if (ini_get('register_long_arrays') == '1') |
| 53 | $ch = 'HTTP_'.$rtype.'_VARS'; |
58 | $ch = 'HTTP_'.$rtype.'_VARS'; |
| 54 | else |
59 | else |
| Line 60... | Line 65... | ||
| 60 | { |
65 | { |
| 61 | foreach ($$ch AS $m1 => $m2) |
66 | foreach ($$ch AS $m1 => $m2) |
| 62 | { |
67 | { |
| 63 | $$m1 = stripslashes($$m1); |
68 | $$m1 = stripslashes($$m1); |
| 64 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = stripslashes(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
69 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = stripslashes(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
| 65 | ${'_'.$rtype}[$m1] = stripslashes(${'_'.$rtype}[$m1]); |
70 | # ${'_'.$rtype}[$m1] = stripslashes(${'_'.$rtype}[$m1]); |
| 66 | } |
71 | } |
| 67 | 72 | ||
| 68 | unset($m1); |
73 | unset($m1); |
| 69 | unset($m2); |
74 | unset($m2); |
| 70 | } |
75 | } |
| Line 75... | Line 80... | ||
| 75 | if (($rtype == 'GET') || ($rtype == 'POST') || ($rtype == 'COOKIE')) |
80 | if (($rtype == 'GET') || ($rtype == 'POST') || ($rtype == 'COOKIE')) |
| 76 | { |
81 | { |
| 77 | foreach ($$ch AS $m1 => $m2) |
82 | foreach ($$ch AS $m1 => $m2) |
| 78 | { |
83 | { |
| 79 | $$m1 = encode_critical_html_characters($$m1); |
84 | $$m1 = encode_critical_html_characters($$m1); |
| 80 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = encode_critical_html_characters(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
85 | # ${'HTTP_'.$rtype.'_VARS'}[$m1] = encode_critical_html_characters(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
| 81 | ${'_'.$rtype}[$m1] = encode_critical_html_characters(${'_'.$rtype}[$m1]); |
86 | ${'_'.$rtype}[$m1] = encode_critical_html_characters(${'_'.$rtype}[$m1]); |
| 82 | } |
87 | } |
| 83 | 88 | ||
| 84 | unset($m1); |
89 | unset($m1); |
| 85 | unset($m2); |
90 | unset($m2); |