ivo/ponzi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

always disable magic quotes at runtime.

Browse Source
This commit is contained in:
Taylor Otwell
2012-01-24 10:06:48 -06:00
parent 02397c6732
commit 27483835f4
2 changed files with 59 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
laravel/helpers.php
View File

@@ -46,6 +46,10 @@ function array_get($array, $key, $default = null)
{ {
if (is_null($key)) return $array; if (is_null($key)) return $array;
// To retrieve the array item using dot syntax, we'll iterate through
// each segment in the key and look for that value. If it exists, we
// will return it, otherwise we will set the depth of the array and
// look for the next segment.
foreach (explode('.', $key) as $segment) foreach (explode('.', $key) as $segment)
{ {
if ( ! is_array($array) or ! array_key_exists($segment, $array)) if ( ! is_array($array) or ! array_key_exists($segment, $array))
@@ -185,6 +189,46 @@ function array_spin($array, $callback)
return array_map($callback, array_keys($array), array_values($array)); return array_map($callback, array_keys($array), array_values($array));
} }
/**
* Recursively remove slashes from array keys and values.
*
* @param array $array
* @return array
*/
function array_strip_slashes($array)
{
foreach($array as $key => $value)
{
unset($array[$key]);
$key = stripslashes($key);
// If the value is an array, we will just recurse back into the
// function to keep stripping the slashes out of the array,
// otherwise we will set the stripped value.
if (is_array($value))
{
$array[$key] = array_strip_slashes($value);
}
else
{
$array[$key] = stripslashes($value);
}
}
return $array;
}
/**
* Determine if "Magic Quotes" are enabled on the server.
*
* @return bool
*/
function magic_quotes()
{
return function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc();
}
/** /**
* Return the first element of an array. * Return the first element of an array.
* *

20
laravel/laravel.php
View File

@@ -58,6 +58,19 @@ error_reporting(-1);
ini_set('display_errors', 'Off'); ini_set('display_errors', 'Off');
/**
* Even though "Magic Quotes" are deprecated in PHP 5.3, they may
* still be enabled on the server. To account for this, we will
* strip slashes on all input arrays if magic quotes are turned
* on for the server environment.
*/
if (magic_quotes())
{
$magic = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
array_walk($magic, 'array_strip_slashes');
}
/** /**
* Load the session using the session manager. The payload will * Load the session using the session manager. The payload will
* be registered in the IoC container as an instance so it can * be registered in the IoC container as an instance so it can
@@ -99,6 +112,8 @@ switch (Request::method())
else else
{ {
parse_str(file_get_contents('php://input'), $input); parse_str(file_get_contents('php://input'), $input);
if (magic_quotes()) $input = array_strip_slashes($input);
} }
} }
@@ -110,11 +125,6 @@ switch (Request::method())
*/ */
unset($input[Request::spoofer]); unset($input[Request::spoofer]);
if (function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc())
{
$input = array_map('stripslashes', $input);
}
Input::$input = $input; Input::$input = $input;
/** /**