| [ Index ] |
|
Code source de phpMyAdmin 2.10.3 |
1 <?php 2 /* $Id: common.lib.php 9531 2006-10-10 14:06:56Z nijel $ */ 3 // vim: expandtab sw=4 ts=4 sts=4: 4 5 /** 6 * Functions for cleanup of user input. 7 */ 8 9 /** 10 * Removes all variables from request except whitelisted ones. 11 * 12 * @param string list of variables to allow 13 * @return nothing 14 * @access public 15 * @author Michal Cihar (michal@cihar.com) 16 */ 17 function PMA_remove_request_vars(&$whitelist) { 18 // do not check only $_REQUEST because it could have been overwritten 19 // and use type casting because the variables could have become 20 // strings 21 $keys = array_keys(array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE)); 22 23 foreach($keys as $key) { 24 if (!in_array($key, $whitelist)) { 25 unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]); 26 } else { 27 // allowed stuff could be compromised so escape it 28 // we require it to be a string 29 if (isset($_REQUEST[$key]) && is_string($_REQUEST[$key])) { 30 $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES); 31 } else { 32 unset($_REQUEST[$key]); 33 } 34 if (isset($_POST[$key]) && is_string($_POST[$key])) { 35 $_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES); 36 } else { 37 unset($_POST[$key]); 38 } 39 if (isset($_COOKIE[$key]) && is_string($_COOKIE[$key])) { 40 $_COOKIE[$key] = htmlspecialchars($_COOKIE[$key], ENT_QUOTES); 41 } else { 42 unset($_COOKIE[$key]); 43 } 44 if (isset($_GET[$key]) && is_string($_GET[$key])) { 45 $_GET[$key] = htmlspecialchars($_GET[$key], ENT_QUOTES); 46 } else { 47 unset($_GET[$key]); 48 } 49 } 50 } 51 } 52 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 15:18:20 2007 | par Balluche grâce à PHPXref 0.7 |
|
|