Trim _REQUEST vars mainly to avoid null terminated strings

This commit is contained in:
Deon George 2009-12-23 09:03:13 +11:00
parent efd1860a91
commit 2393c5d5e3
3 changed files with 10 additions and 7 deletions

View File

@ -51,9 +51,12 @@ if (trim($www['cmd'])) {
error(_('You cannot perform updates while server is in read-only mode'),'error','index.php');
# If this command has been disabled by the config.
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd']))
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
system_message(array('title'=>_('Command disabled by the server configuration'),
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
$app['script_cmd'] = null;
}
}
if ($app['script_cmd'])

View File

@ -681,9 +681,9 @@ class Config {
$cmd = $this->getValue('commands',$index);
if (! is_string($a) || ! isset($cmd[$a]))
debug_dump(array('Unknown command '=>$a),1);
return $cmd[$a];
return false;
else
return $cmd[$a];
}
public function configDefinition($key,$index,$config) {

View File

@ -648,11 +648,11 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
function get_request($attr,$type='POST',$die=false,$default=null) {
switch($type) {
case 'GET':
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : rawurldecode($_GET[$attr])) : $default;
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : trim(rawurldecode($_GET[$attr]))) : $default;
break;
case 'REQUEST':
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : rawurldecode($_REQUEST[$attr])) : $default;
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(rawurldecode($_REQUEST[$attr]))) : $default;
break;
case 'SESSION':
@ -661,7 +661,7 @@ function get_request($attr,$type='POST',$die=false,$default=null) {
case 'POST':
default:
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : rawurldecode($_POST[$attr])) : $default;
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(rawurldecode($_POST[$attr]))) : $default;
break;
}