always disable magic quotes at runtime.
This commit is contained in:
Taylor Otwell
@@ -46,6 +46,10 @@ function array_get($array, $key, $default = null)
|
||||
{
|
||||
if (is_null($key)) return $array;
|
||||
|
||||
// To retrieve the array item using dot syntax, we'll iterate through
|
||||
// each segment in the key and look for that value. If it exists, we
|
||||
// will return it, otherwise we will set the depth of the array and
|
||||
// look for the next segment.
|
||||
foreach (explode('.', $key) as $segment)
|
||||
{
|
||||
if ( ! is_array($array) or ! array_key_exists($segment, $array))
|
||||
@@ -185,6 +189,46 @@ function array_spin($array, $callback)
|
||||
return array_map($callback, array_keys($array), array_values($array));
|
||||
}
|
||||
|
||||
/**
|
||||
* Recursively remove slashes from array keys and values.
|
||||
*
|
||||
* @param array $array
|
||||
* @return array
|
||||
*/
|
||||
function array_strip_slashes($array)
|
||||
{
|
||||
foreach($array as $key => $value)
|
||||
{
|
||||
unset($array[$key]);
|
||||
|
||||
$key = stripslashes($key);
|
||||
|
||||
// If the value is an array, we will just recurse back into the
|
||||
// function to keep stripping the slashes out of the array,
|
||||
// otherwise we will set the stripped value.
|
||||
if (is_array($value))
|
||||
{
|
||||
$array[$key] = array_strip_slashes($value);
|
||||
}
|
||||
else
|
||||
{
|
||||
$array[$key] = stripslashes($value);
|
||||
}
|
||||
}
|
||||
|
||||
return $array;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if "Magic Quotes" are enabled on the server.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function magic_quotes()
|
||||
{
|
||||
return function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the first element of an array.
|
||||
*
|
||||
|
||||
@@ -58,6 +58,19 @@ error_reporting(-1);
|
||||
|
||||
ini_set('display_errors', 'Off');
|
||||
|
||||
/**
|
||||
* Even though "Magic Quotes" are deprecated in PHP 5.3, they may
|
||||
* still be enabled on the server. To account for this, we will
|
||||
* strip slashes on all input arrays if magic quotes are turned
|
||||
* on for the server environment.
|
||||
*/
|
||||
if (magic_quotes())
|
||||
{
|
||||
$magic = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
|
||||
|
||||
array_walk($magic, 'array_strip_slashes');
|
||||
}
|
||||
|
||||
/**
|
||||
* Load the session using the session manager. The payload will
|
||||
* be registered in the IoC container as an instance so it can
|
||||
@@ -99,6 +112,8 @@ switch (Request::method())
|
||||
else
|
||||
{
|
||||
parse_str(file_get_contents('php://input'), $input);
|
||||
|
||||
if (magic_quotes()) $input = array_strip_slashes($input);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -110,11 +125,6 @@ switch (Request::method())
|
||||
*/
|
||||
unset($input[Request::spoofer]);
|
||||
|
||||
if (function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc())
|
||||
{
|
||||
$input = array_map('stripslashes', $input);
|
||||
}
|
||||
|
||||
Input::$input = $input;
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user