Changeset 2770 for trunk/include/common.inc.php

Timestamp:

Oct 18, 2008, 2:45:45 AM (16 years ago)

Author:

rvelices

Message:

• merge rev 2765,2769 from branch 2.0
• 2765 mysql potential injection paranoia + code compaction in common.inc.php
• 2769 added an image sort order by privacy level (admins only)
• 2769 fix an IE6 display issue with quick search on index page

File:

• trunk/include/common.inc.php (modified) (1 diff)

trunk/include/common.inc.php

@@ -37 +37 @@
 if( !get_magic_quotes_gpc() )
 {
+  function sanitize_mysql_kv(&$v, $k)
+  {
+    $v = addslashes($v);
+  }
   if( is_array( $_GET ) )
   {
-    while( list($k, $v) = each($_GET) )
-    {
-      if( is_array($_GET[$k]) )
-      {
-        while( list($k2, $v2) = each($_GET[$k]) )
-        {
-          $_GET[$k][$k2] = addslashes($v2);
-        }
-        @reset($_GET[$k]);
-      }
-      else
-      {
-        $_GET[$k] = addslashes($v);
-      }
-    }
-    @reset($_GET);
-  }
-
-  if( is_array($_POST) )
-  {
-    while( list($k, $v) = each($_POST) )
-    {
-      if( is_array($_POST[$k]) )
-      {
-        while( list($k2, $v2) = each($_POST[$k]) )
-        {
-          $_POST[$k][$k2] = addslashes($v2);
-        }
-        @reset($_POST[$k]);
-      }
-      else
-      {
-        $_POST[$k] = addslashes($v);
-      }
-    }
-    @reset($_POST);
-  }
-
-  if( is_array($_COOKIE) )
-  {
-    while( list($k, $v) = each($_COOKIE) )
-    {
-      if( is_array($_COOKIE[$k]) )
-      {
-        while( list($k2, $v2) = each($_COOKIE[$k]) )
-        {
-          $_COOKIE[$k][$k2] = addslashes($v2);
-        }
-        @reset($_COOKIE[$k]);
-      }
-      else
-      {
-        $_COOKIE[$k] = addslashes($v);
-      }
-    }
-    @reset($_COOKIE);
+    array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
+  }
+  if( is_array( $_POST ) )
+  {
+    array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
+  }
+  if( is_array( $_COOKIE ) )
+  {
+    array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
   }
 }