Startseite Erkunden Hilfe
Anmelden
TC
/
TeaBag
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: bd6cc200ae
Branches Tags
TeaBag
/
run
/
phpapps
/
phpmyadmin
/
libraries
/
cleanup.lib.php

cleanup.lib.php 1.4 KB
Verlauf Originalformat

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  * Functions for cleanup of user input.
    5. 

  5.  *
    6. 

  6.  * @package PhpMyAdmin
    7. 

  7.  */
    8. 

  8. if (! defined('PHPMYADMIN')) {
    9. 

  9.     exit;
    10. 

  10. }
    11. 

  11. 

  12. /**
    13. 

  13.  * Removes all variables from request except whitelisted ones.
    14. 

  14.  *
    15. 

  15.  * @param string &$whitelist list of variables to allow
    16. 

  16.  *
    17. 

  17.  * @return void
    18. 

  18.  * @access public
    19. 

  19.  */
    20. 

  20. function PMA_removeRequestVars(&$whitelist)
    21. 

  21. {
    22. 

  22.     // do not check only $_REQUEST because it could have been overwritten
    23. 

  23.     // and use type casting because the variables could have become
    24. 

  24.     // strings
    25. 

  25.     $keys = array_keys(
    26. 

  26.         array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE)
    27. 

  27.     );
    28. 

  28. 

  29.     foreach ($keys as $key) {
    30. 

  30.         if (! in_array($key, $whitelist)) {
    31. 

  31.             unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]);
    32. 

  32.         } else {
    33. 

  33.             // allowed stuff could be compromised so escape it
    34. 

  34.             // we require it to be a string
    35. 

  35.             if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) {
    36. 

  36.                 unset($_REQUEST[$key]);
    37. 

  37.             }
    38. 

  38.             if (isset($_POST[$key]) && ! is_string($_POST[$key])) {
    39. 

  39.                 unset($_POST[$key]);
    40. 

  40.             }
    41. 

  41.             if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) {
    42. 

  42.                 unset($_COOKIE[$key]);
    43. 

  43.             }
    44. 

  44.             if (isset($_GET[$key]) && ! is_string($_GET[$key])) {
    45. 

  45.                 unset($_GET[$key]);
    46. 

  46.             }
    47. 

  47.         }
    48. 

  48.     }
    49. 

  49. }
    50. 

  50. ?>
    51.