Differential D411 Diff 1028 branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/Security.php
Changeset View
Changeset View
Standalone View
Standalone View
branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/Security.php
Show All 37 Lines | |||||
} | } | ||||
if (!empty($_POST)) { | if (!empty($_POST)) { | ||||
$this->stripQuotes($_POST); | $this->stripQuotes($_POST); | ||||
} | } | ||||
if (!empty($_COOKIE)) { | if (!empty($_COOKIE)) { | ||||
$this->stripQuotes($_COOKIE); | $this->stripQuotes($_COOKIE); | ||||
} | } | ||||
if (!empty($_FILES)) { | if (!empty($_FILES)) { | ||||
while (list($k,$v) = each($_FILES)) { | foreach ( array_keys($_FILES) as $k ) { | ||||
if (isset($_FILES[$k]['name'])) { | if (isset($_FILES[$k]['name'])) { | ||||
$this->stripQuotes($_FILES[$k]['name']); | $this->stripQuotes($_FILES[$k]['name']); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
} | } | ||||
} | } | ||||
/** | /** | ||||
* Strip quotes from variable | * Strip quotes from variable | ||||
* | * | ||||
* @access public | * @access public | ||||
* @param mixed $var | * @param mixed $var | ||||
* @param int $depth current depth | * @param int $depth current depth | ||||
* @param int $howDeep maximum depth | * @param int $howDeep maximum depth | ||||
*/ | */ | ||||
public function stripQuotes(&$var, $depth=0, $howDeep=5) | public function stripQuotes(&$var, $depth=0, $howDeep=5) | ||||
{ | { | ||||
if (is_array($var)) { | if (is_array($var)) { | ||||
if ($depth++<$howDeep) { | if ($depth++<$howDeep) { | ||||
while (list($k,$v) = each($var)) { | foreach ( array_keys($var) as $k ) { | ||||
$this->stripQuotes($var[$k], $depth, $howDeep); | $this->stripQuotes($var[$k], $depth, $howDeep); | ||||
} | } | ||||
} | } | ||||
} else { | } else { | ||||
$var = stripslashes($var); | $var = stripslashes($var); | ||||
} | } | ||||
} | } | ||||
} | } |