[Sommaire] [Imprimer]

   1  <?php
   2  # ***** BEGIN LICENSE BLOCK *****
   3  # This file is part of DotClear.
   4  # Copyright (c) 2004 Olivier Meunier and contributors. All rights
   5  # reserved.
   6  #
   7  # DotClear is free software; you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation; either version 2 of the License, or
  10  # (at your option) any later version.
  11  # 
  12  # DotClear is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  # 
  17  # You should have received a copy of the GNU General Public License
  18  # along with DotClear; if not, write to the Free Software
  19  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20  #
  21  # ***** END LICENSE BLOCK *****
  22  
  23  /* cassage des magic_quotes */
  24  function magicStrip(&$k,$key)
  25  {
  26      if(get_magic_quotes_gpc()) {
  27          $k = handleMagicQuotes($k);
  28      }
  29  }
  30  
  31  function handleMagicQuotes(&$value)
  32  {
  33      if (get_magic_quotes_gpc()) {
  34          if (is_array($value)) {
  35              $result = array();
  36              foreach ($value as $k => $v)
  37              {
  38                  if (is_array($v)) {
  39                      $result[$k] = handleMagicQuotes($v);
  40                  } else {
  41                      $result[$k] = stripslashes($v);
  42                  }
  43              }
  44              return $result;
  45          } else {
  46              return stripslashes($value);
  47          }
  48      }
  49      return $value;
  50  }
  51  
  52  /**
  53  @function unsetGlobals
  54  
  55  If register_globals is on, removes every GET, POST, COOKIE, REQUEST, SERVER,
  56  ENV, FILES vars from GLOBALS.
  57  */
  58  function unsetGlobals()
  59  {
  60      if (!ini_get('register_globals')) {
  61          return;
  62      }
  63      
  64      if (isset($_REQUEST['GLOBALS'])) {
  65          die('GLOBALS overwrite attempt detected');
  66      }
  67      
  68      # Variables that shouldn't be unset
  69      $no_unset = array('GLOBALS','_GET','_POST','_COOKIE','_REQUEST',
  70      '_SERVER','_ENV','_FILES');
  71      
  72      $input = array_merge($_GET,$_POST,$_COOKIE,$_SERVER,$_ENV,$_FILES,
  73              (isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()));
  74      
  75      foreach ($input as $k => $v) { 
  76          if (!in_array($k,$no_unset) && isset($GLOBALS[$k]) ) {
  77              unset($GLOBALS[$k]);
  78          }
  79      }
  80  }
  81  
  82  if(!empty($_GET)) {
  83      array_walk($_GET,'magicStrip');
  84  }
  85  if(!empty($_POST)) {
  86      array_walk($_POST,'magicStrip');
  87  }
  88  if(!empty($_REQUEST)) {
  89      array_walk($_REQUEST,'magicStrip');
  90  }
  91  if(!empty($_COOKIE)) {
  92      array_walk($_COOKIE,'magicStrip');
  93  }
  94  
  95  unsetGlobals();
  96  ?>