[geeklog-cvs] Geeklog-1.x/public_html lib-common.php,1.644,1.645
Dirk Haun
dhaun at qs1489.pair.com
Thu Aug 9 02:59:13 EDT 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv35112/public_html
Modified Files:
lib-common.php
Log Message:
For the webservices and internal APIs, we need a variation of COM_applyFilter that doesn't do COM_stripslashes
Index: lib-common.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/lib-common.php,v
retrieving revision 1.644
retrieving revision 1.645
diff -C2 -d -r1.644 -r1.645
*** lib-common.php 23 Jul 2007 01:36:11 -0000 1.644
--- lib-common.php 9 Aug 2007 06:59:11 -0000 1.645
***************
*** 5194,5200 ****
function COM_applyFilter( $parameter, $isnumeric = false )
{
$log_manipulation = false; // set to true to log when the filter applied
- $p = COM_stripslashes( $parameter );
$p = strip_tags( $p );
$p = COM_killJS( $p ); // doesn't help a lot right now, but still ...
--- 5194,5217 ----
function COM_applyFilter( $parameter, $isnumeric = false )
{
+ $p = COM_stripslashes($parameter);
+
+ return COM_applyBasicFilter($p, $isnumeric);
+ }
+
+ /**
+ * Filter parameters
+ *
+ * @param string $parameter the parameter to test
+ * @param boolean $isnumeric true if $parameter is supposed to be numeric
+ * @return string the filtered parameter (may now be empty or 0)
+ *
+ * @note Use this function instead of COM_applyFilter for parameters
+ * _not_ coming in through a GET or POST request.
+ *
+ */
+ function COM_applyBasicFilter( $parameter, $isnumeric = false )
+ {
$log_manipulation = false; // set to true to log when the filter applied
$p = strip_tags( $p );
$p = COM_killJS( $p ); // doesn't help a lot right now, but still ...
More information about the geeklog-cvs
mailing list