Rev 3 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 3 | Rev 10 | ||
---|---|---|---|
Line 35... | Line 35... | ||
35 | 35 | ||
36 | // 1. Magic Quotes Sybase abschalten |
36 | // 1. Magic Quotes Sybase abschalten |
37 | @ini_set('magic_quotes_sybase', 'Off'); |
37 | @ini_set('magic_quotes_sybase', 'Off'); |
38 | 38 | ||
39 | // 2. Magic Quotes Runtime abschalten |
39 | // 2. Magic Quotes Runtime abschalten |
40 | set_magic_quotes_runtime(0); |
40 | if (function_exists('set_magic_quotes_runtime')) set_magic_quotes_runtime(0); |
41 | 41 | ||
42 | // 3. variables_order / gpc_order ersetzen |
42 | // 3. variables_order / gpc_order ersetzen |
43 | @ini_set('register_long_arrays', '1'); |
43 | @ini_set('register_long_arrays', '1'); |
44 | $types_to_register = array('ENV', 'GET', 'POST', 'COOKIE', 'SERVER'); // SESSION und FILES werden nicht extrahiert |
44 | $types_to_register = array('ENV', 'GET', 'POST', 'COOKIE', 'SERVER'); // SESSION und FILES werden nicht extrahiert |
45 | foreach ($types_to_register as $rtype) |
45 | foreach ($types_to_register as $rtype) |
46 | { |
46 | { |
47 | // 4. Funktion von "Register Globals" ersetzen, wenn es ausgeschaltet ist |
47 | // 4. Funktion von "Register Globals" ersetzen, wenn es ausgeschaltet ist |
- | 48 | if (!ini_get('register_globals')) { |
|
- | 49 | if (@count(${'_'.$rtype}) > 0) { |
|
- | 50 | extract(${'_'.$rtype}, EXTR_OVERWRITE); |
|
48 | if ((!ini_get('register_globals')) && (@count(${'HTTP_'.$rtype.'_VARS'}) > 0)) |
51 | } else if (@count(${'HTTP_'.$rtype.'_VARS'}) > 0) { |
49 | extract(${'HTTP_'.$rtype.'_VARS'}, EXTR_OVERWRITE); |
52 | extract(${'_'.$rtype}, EXTR_OVERWRITE); |
- | 53 | } |
|
- | 54 | } |
|
50 | 55 | ||
51 | // Workaround, wenn register_long_arrays nicht auf 1 gesetzt werden konnte |
56 | // Workaround, wenn register_long_arrays nicht auf 1 gesetzt werden konnte |
52 | if (ini_get('register_long_arrays') == '1') |
57 | if (ini_get('register_long_arrays') == '1') |
53 | $ch = 'HTTP_'.$rtype.'_VARS'; |
58 | $ch = 'HTTP_'.$rtype.'_VARS'; |
54 | else |
59 | else |
Line 60... | Line 65... | ||
60 | { |
65 | { |
61 | foreach ($$ch AS $m1 => $m2) |
66 | foreach ($$ch AS $m1 => $m2) |
62 | { |
67 | { |
63 | $$m1 = stripslashes($$m1); |
68 | $$m1 = stripslashes($$m1); |
64 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = stripslashes(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
69 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = stripslashes(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
65 | ${'_'.$rtype}[$m1] = stripslashes(${'_'.$rtype}[$m1]); |
70 | # ${'_'.$rtype}[$m1] = stripslashes(${'_'.$rtype}[$m1]); |
66 | } |
71 | } |
67 | 72 | ||
68 | unset($m1); |
73 | unset($m1); |
69 | unset($m2); |
74 | unset($m2); |
70 | } |
75 | } |
Line 75... | Line 80... | ||
75 | if (($rtype == 'GET') || ($rtype == 'POST') || ($rtype == 'COOKIE')) |
80 | if (($rtype == 'GET') || ($rtype == 'POST') || ($rtype == 'COOKIE')) |
76 | { |
81 | { |
77 | foreach ($$ch AS $m1 => $m2) |
82 | foreach ($$ch AS $m1 => $m2) |
78 | { |
83 | { |
79 | $$m1 = encode_critical_html_characters($$m1); |
84 | $$m1 = encode_critical_html_characters($$m1); |
80 | ${'HTTP_'.$rtype.'_VARS'}[$m1] = encode_critical_html_characters(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
85 | # ${'HTTP_'.$rtype.'_VARS'}[$m1] = encode_critical_html_characters(${'HTTP_'.$rtype.'_VARS'}[$m1]); |
81 | ${'_'.$rtype}[$m1] = encode_critical_html_characters(${'_'.$rtype}[$m1]); |
86 | ${'_'.$rtype}[$m1] = encode_critical_html_characters(${'_'.$rtype}[$m1]); |
82 | } |
87 | } |
83 | 88 | ||
84 | unset($m1); |
89 | unset($m1); |
85 | unset($m2); |
90 | unset($m2); |