Changeset 2789

Timestamp:

11/11/08 14:09:27 (2 months ago)

Author:

ringmaster

Message:

Create a branch for default input filtering on superglobals.

Location:

branches/sginput

Files:

• . (copied) (copied from trunk)
• LICENSE (copied) (copied from branches/postgres/LICENSE)
• docs (copied) (copied from branches/postgres/docs)
• htdocs/index.php (modified) (1 diff)
• htdocs/system/classes/controller.php (modified) (2 diffs)
• htdocs/system/classes/utils.php (modified) (2 diffs)

branches/sginput/htdocs/index.php

@@ -112 +112 @@
 Error::handle_errors();
 
+// Replace all of the $_GET, $_POST, and $_COOKIE superglobals with object
+// representations of each.  Unset $_REQUEST, which is evil.
+SuperGlobal::process_gpc();
+
 /* Initiate install verifications */
 

branches/sginput/htdocs/system/classes/controller.php

@@ -119 +119 @@
         $start_url = trim($start_url, '/');
 
-        /* Remove the querystring from the URL */
-        if ( strpos($start_url, '?') !== FALSE ) {
-            list($start_url, $query_string)= explode('?', $start_url);
-        }
-
-        /* Return $_GET values to their proper place */
-        if( !empty($query_string) ) {
-            parse_str($query_string, $_GET);
-        }
-
-        /* Undo what magic_quotes_gpc might have wrought */
-        Utils::revert_magic_quotes_gpc();
-
         /* Allow plugins to rewrite the stub before it's passed through the rules */
         $start_url = Plugins::filter('rewrite_request', $start_url);
@@ -154 +141 @@
 
         /* Also, we musn't forget to add the GET and POST vars into the action's settings array */
-        $controller->handler->handler_vars = array_merge($controller->handler->handler_vars, $_GET, $_POST);
+        $handler_vars = new SuperGlobal($controller->handler->handler_vars);
+        $handler_vars->merge($_GET, $_POST);
+        $controller->handler->handler_vars = $handler_vars;
         return true;
     }

branches/sginput/htdocs/system/classes/utils.php

@@ -169 +169 @@
     public static function revert_magic_quotes_gpc()
     {
-        /* We should only revert the magic quotes once per page hit */
-        static $revert = true;
-        if ( get_magic_quotes_gpc() && $revert) {
-        $_GET = self::stripslashes($_GET);
-        $_POST = self::stripslashes($_POST);
-        $_COOKIE = self::stripslashes($_COOKIE);
-        $revert = false;
-        }
+        /* We should only revert the magic quotes once per page hit */
+        static $revert = true;
+        if ( get_magic_quotes_gpc() && $revert) {
+            $_GET = self::stripslashes($_GET);
+            $_POST = self::stripslashes($_POST);
+            $_COOKIE = self::stripslashes($_COOKIE);
+            $revert = false;
+        }
     }
 
@@ -840 +840 @@
             finfo_close($finfo);
         }
-        
+
         if( empty( $mimetype ) ) {
             $pi = pathinfo($filename);