Trim _REQUEST vars mainly to avoid null terminated strings
This commit is contained in:
parent
efd1860a91
commit
2393c5d5e3
@ -51,9 +51,12 @@ if (trim($www['cmd'])) {
|
||||
error(_('You cannot perform updates while server is in read-only mode'),'error','index.php');
|
||||
|
||||
# If this command has been disabled by the config.
|
||||
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd']))
|
||||
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
|
||||
system_message(array('title'=>_('Command disabled by the server configuration'),
|
||||
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
|
||||
|
||||
$app['script_cmd'] = null;
|
||||
}
|
||||
}
|
||||
|
||||
if ($app['script_cmd'])
|
||||
|
@ -681,9 +681,9 @@ class Config {
|
||||
$cmd = $this->getValue('commands',$index);
|
||||
|
||||
if (! is_string($a) || ! isset($cmd[$a]))
|
||||
debug_dump(array('Unknown command '=>$a),1);
|
||||
|
||||
return $cmd[$a];
|
||||
return false;
|
||||
else
|
||||
return $cmd[$a];
|
||||
}
|
||||
|
||||
public function configDefinition($key,$index,$config) {
|
||||
|
@ -648,11 +648,11 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
|
||||
function get_request($attr,$type='POST',$die=false,$default=null) {
|
||||
switch($type) {
|
||||
case 'GET':
|
||||
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : rawurldecode($_GET[$attr])) : $default;
|
||||
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : trim(rawurldecode($_GET[$attr]))) : $default;
|
||||
break;
|
||||
|
||||
case 'REQUEST':
|
||||
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : rawurldecode($_REQUEST[$attr])) : $default;
|
||||
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(rawurldecode($_REQUEST[$attr]))) : $default;
|
||||
break;
|
||||
|
||||
case 'SESSION':
|
||||
@ -661,7 +661,7 @@ function get_request($attr,$type='POST',$die=false,$default=null) {
|
||||
|
||||
case 'POST':
|
||||
default:
|
||||
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : rawurldecode($_POST[$attr])) : $default;
|
||||
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(rawurldecode($_POST[$attr]))) : $default;
|
||||
break;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user