[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.262,1.263
dhaun at geeklog.net
dhaun at geeklog.net
Fri Oct 3 09:00:26 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv10868
Modified Files:
lib-common.php
Log Message:
COM_applyFilter() is a first attempt at a function to filter parameters passed in a GET or POST.
Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.262
retrieving revision 1.263
diff -C2 -d -r1.262 -r1.263
*** lib-common.php 21 Sep 2003 20:07:44 -0000 1.262
--- lib-common.php 3 Oct 2003 13:00:24 -0000 1.263
***************
*** 5059,5062 ****
--- 5059,5107 ----
}
+ /**
+ * Filter parameters passed per GET (URL) or POST.
+ *
+ * @param string $parameter the parameter to test
+ * @param boolean $isnumeric true if $parameter is supposed to be numeric
+ * @return string the filtered parameter (may now be empty or 0)
+ *
+ */
+ function COM_applyFilter( $parameter, $isnumeric = false )
+ {
+ global $HTTP_SERVER_VARS;
+
+ $log_manipulation = false; // set to true to log when the filter applied
+
+ $p = COM_stripslashes( $parameter );
+ $p = strip_tags( $p );
+ $p = COM_killJS( $p ); // doesn't help a lot right now, but still ...
+
+ if( $isnumeric )
+ {
+ // Note: PHP's is_numeric() accepts values like 4e4 as numeric
+ if( !is_numeric( $p ) || ( preg_match( '/^([0-9]+)$/', $p ) == 0 ))
+ {
+ $p = 0;
+ }
+ }
+ else
+ {
+ $pa = explode( "'", $p );
+ $pa = explode( '"', $pa[0] );
+ $pa = explode( '`', $pa[0] );
+ $p = $pa[0];
+ }
+
+ if( $log_manipulation )
+ {
+ if( strcmp( $p, $parameter ) != 0 )
+ {
+ COM_errorLog( "Filter applied: >> $parameter << filtered to $p [IP {$HTTP_SERVER_VARS['REMOTE_ADDR']}]", 1);
+ }
+ }
+
+ return $p;
+ }
+
// Now include all plugin functions
More information about the geeklog-cvs
mailing list