/** * This function will undo the damage made by magic quotes. This will go thru the request array and unescape all the data. * Argument : $param_array - [OPTIONAL] The array that must be unescaped. If empty, the function uses $_POST + $_GET * $ignore_magic_quote_setting - [OPTIONAL] If set to true, this will escape the given array no matter what the get_magic_quotes_gpc() returns. Defaults to 'true' * Return : The proper format of the array - unescaped. */ function unescapeQuery($param_array = array(), $ignore_magic_quote_setting = false) { $PARAM = array(); if (!$param_array) { $param_array = $_POST + $_GET; } //Don't use $_REQUEST - it has cookie/session info in it. if (!$ignore_magic_quote_setting and !get_magic_quotes_gpc()) { return $param_array; } //If Magic quotes is disabled, just return the data - it is not escaped. while (list($key, $value) = each($param_array)) { if (is_array($value)) { //UnEscape Arrays recursively $PARAM[$key] = unescapeQuery($value, $ignore_magic_quote_setting); //:RECURSION: } else { $PARAM[$key] = stripslashes($value); } } return $PARAM; }
//If the 'configuration.php' file is found, use that require $rel . "configuration.php"; if ($rel == '') { $config['site_folder'] = realpath('.'); } else { $config['site_folder'] = realpath($rel); } $config['site_relative_path'] = $rel; } else { require $iframe_folder . 'configuration.php'; $config['site_folder'] = $config['iframe_folder']; $config['site_relative_path'] = ''; } $config['iframe_folder'] = $iframe_folder; require $config['iframe_folder'] . "includes/functions.php"; // This is $_REQUERST without the problems asssociated with magic quotes $PARAM = unescapeQuery(); $QUERY = escapeQuery($PARAM, true); if (!isset($QUERY['error'])) { $QUERY['error'] = ''; $PARAM['error'] = ''; } if (!isset($QUERY['success'])) { $QUERY['success'] = ''; $PARAM['success'] = ''; } require joinPath($config['iframe_folder'], "includes", "config.php"); if (!isset($system_installed) or !$system_installed) { header('Location:' . $rel . 'install/'); exit; }