lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Code cleaner

Browse Source
This commit is contained in:
Laurent Destailleur 2011-03-07 22:35:35 +00:00
parent 1763d0bf0c
commit 7a37a2ce88
3 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
htdocs/install/inc.php
View File

@ -188,25 +188,25 @@ if (! defined('SYSLOG_FILE_NO_ERROR'))
define('SYSLOG_FILE_NO_ERROR',1);
}
// Forcage du parametrage PHP magic_quotes_gpc et nettoyage des parametres
// (Sinon il faudrait a chaque POST, conditionner
// la lecture de variable par stripslashes selon etat de get_magic_quotes).
// En mode off (recommande il faut juste faire $db->escape au moment d'un insert/update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
//if (! preg_match('/PHP\/6/i', $_SERVER['SERVER_SOFTWARE']))
if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* plus pris en compte dans PHP6
// Removed magic_quotes
if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
{
if (get_magic_quotes_gpc())
{
// Forcing parameter setting magic_quotes_gpc and cleaning parameters
// (Otherwise he would have for each position, condition
// Reading stripslashes variable according to state get_magic_quotes_gpc).
// Off mode (recommended, you just do $db->escape when an insert / update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
@set_magic_quotes_runtime(0);
}
@set_magic_quotes_runtime(0);
}
// Defini objet langs

30
htdocs/main.inc.php
View File

@ -43,18 +43,19 @@ if (! empty($_SERVER['DOL_TUNING']))
if (defined('XDEBUGCOVERAGE')) { xdebug_start_code_coverage(); }
}
// Forcing parameter setting magic_quotes_gpc and cleaning parameters
// (Otherwise he would have for each position, condition
// Reading stripslashes variable according to state get_magic_quotes_gpc).
// Off mode (recommended, you just do $db->escape when an insert / update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
// Removed magic_quotes
if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
{
if (get_magic_quotes_gpc())
{
// Forcing parameter setting magic_quotes_gpc and cleaning parameters
// (Otherwise he would have for each position, condition
// Reading stripslashes variable according to state get_magic_quotes_gpc).
// Off mode (recommended, you just do $db->escape when an insert / update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
@ -62,7 +63,6 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
}
}
// Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST)
function test_sql_and_script_inject($val,$get)
{
@ -112,15 +112,15 @@ function analyse_sql_and_script(&$var,$get)
return (test_sql_and_script_inject($var,$get) <= 0);
}
}
//analyse_sql_and_script($_GET,1);
//analyse_sql_and_script($_POST,0);
$morevaltochecklikeget=array($_SERVER["QUERY_STRING"]);
analyse_sql_and_script($morevaltochecklikeget,1);
// Sanity check on URL
$morevaltochecklikepost=array($_SERVER["PHP_SELF"]);
analyse_sql_and_script($morevaltochecklikepost,0);
// Sanity check on GET parameters
$morevaltochecklikeget=array($_SERVER["QUERY_STRING"]);
analyse_sql_and_script($morevaltochecklikeget,1);
// Sanity check on POST
analyse_sql_and_script($_POST,0);
/*
//print $_SERVER["SCRIPT_NAME"];
//print $_SERVER['PHP_SELF'];
// Clean PHP_SELF for prevent XSS attack
// Get the name of the current file
$phpself = basename($_SERVER["SCRIPT_NAME"]);

22
htdocs/support/inc.php
View File

@ -123,25 +123,25 @@ if (empty($conf->db->user)) $conf->db->user='';
// Forcage du parametrage PHP magic_quotes_gpc et nettoyage des parametres
// (Sinon il faudrait a chaque POST, conditionner
// la lecture de variable par stripslashes selon etat de get_magic_quotes).
// En mode off (recommande il faut juste faire $db->escape au moment d'un insert/update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
//if (! preg_match('/PHP\/6/i', $_SERVER['SERVER_SOFTWARE']))
if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* plus pris en compte dans PHP6
// Removed magic_quotes
if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
{
if (get_magic_quotes_gpc())
{
// Forcing parameter setting magic_quotes_gpc and cleaning parameters
// (Otherwise he would have for each position, condition
// Reading stripslashes variable according to state get_magic_quotes_gpc).
// Off mode (recommended, you just do $db->escape when an insert / update.
function stripslashes_deep($value)
{
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}
$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
@set_magic_quotes_runtime(0);
}
@set_magic_quotes_runtime(0);
}
// Defini objet langs