deon/phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

Trim _REQUEST vars mainly to avoid null terminated strings

Browse Source
This commit is contained in:
Deon George 2009-12-23 09:03:13 +11:00
parent efd1860a91
commit 2393c5d5e3
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/cmd.php
View File

@ -51,9 +51,12 @@ if (trim($www['cmd'])) {
error(_('You cannot perform updates while server is in read-only mode'),'error','index.php'); error(_('You cannot perform updates while server is in read-only mode'),'error','index.php');
# If this command has been disabled by the config. # If this command has been disabled by the config.
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
system_message(array('title'=>_('Command disabled by the server configuration'), system_message(array('title'=>_('Command disabled by the server configuration'),
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php'); _('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
$app['script_cmd'] = null;
}
} }
if ($app['script_cmd']) if ($app['script_cmd'])

6
lib/config_default.php
View File

@ -681,9 +681,9 @@ class Config {
$cmd = $this->getValue('commands',$index); $cmd = $this->getValue('commands',$index);
if (! is_string($a) || ! isset($cmd[$a])) if (! is_string($a) || ! isset($cmd[$a]))
debug_dump(array('Unknown command '=>$a),1); return false;
else
return $cmd[$a]; return $cmd[$a];
} }
public function configDefinition($key,$index,$config) { public function configDefinition($key,$index,$config) {

6
lib/functions.php
View File

@ -648,11 +648,11 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
function get_request($attr,$type='POST',$die=false,$default=null) { function get_request($attr,$type='POST',$die=false,$default=null) {
switch($type) { switch($type) {
case 'GET': case 'GET':
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : rawurldecode($_GET[$attr])) : $default; $value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : trim(rawurldecode($_GET[$attr]))) : $default;
break; break;
case 'REQUEST': case 'REQUEST':
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : rawurldecode($_REQUEST[$attr])) : $default; $value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(rawurldecode($_REQUEST[$attr]))) : $default;
break; break;
case 'SESSION': case 'SESSION':
@ -661,7 +661,7 @@ function get_request($attr,$type='POST',$die=false,$default=null) {
case 'POST': case 'POST':
default: default:
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : rawurldecode($_POST[$attr])) : $default; $value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(rawurldecode($_POST[$attr]))) : $default;
break; break;
} }