source: mysql/libraries/cleanup.lib.php@ 5

Last change on this file since 5 was 5, checked in by george, 18 years ago

import
File size: 1.8 KB
Line 
1<?php
2/* $Id: common.lib.php 9531 2006-10-10 14:06:56Z nijel $ */
3// vim: expandtab sw=4 ts=4 sts=4:
4
5/**
6 * Functions for cleanup of user input.
7 */
8
9/**
10 * Removes all variables from request except whitelisted ones.
11 *
12 * @param string list of variables to allow
13 * @return nothing
14 * @access public
15 * @author Michal Cihar (michal@cihar.com)
16 */
17function PMA_remove_request_vars(&$whitelist) {
18 // do not check only $_REQUEST because it could have been overwritten
19 // and use type casting because the variables could have become
20 // strings
21 $keys = array_keys(array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE));
22
23 foreach($keys as $key) {
24 if (!in_array($key, $whitelist)) {
25 unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]);
26 } else {
27 // allowed stuff could be compromised so escape it
28 // we require it to be a string
29 if (isset($_REQUEST[$key]) && is_string($_REQUEST[$key])) {
30 $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
31 } else {
32 unset($_REQUEST[$key]);
33 }
34 if (isset($_POST[$key]) && is_string($_POST[$key])) {
35 $_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES);
36 } else {
37 unset($_POST[$key]);
38 }
39 if (isset($_COOKIE[$key]) && is_string($_COOKIE[$key])) {
40 $_COOKIE[$key] = htmlspecialchars($_COOKIE[$key], ENT_QUOTES);
41 } else {
42 unset($_COOKIE[$key]);
43 }
44 if (isset($_GET[$key]) && is_string($_GET[$key])) {
45 $_GET[$key] = htmlspecialchars($_GET[$key], ENT_QUOTES);
46 } else {
47 unset($_GET[$key]);
48 }
49 }
50 }
51}
52?>
Note: See TracBrowser for help on using the repository browser.