/**
* Utility function to "clean" the passed $config. Cleaning consists of two parts:
* * Suppressing really simple XSS attacks by refusing to allow strings
* containing the characters "<script" in upper, lower or mixed case.
* * Unescaping instances of "'" and '"' that have been escaped by the
* lovely magic_quotes_gpc facility, if it's on.
*
* @param $config mixed thing to be cleaned.
* @return a cleaned version of $config.
*/
function config_clean($config)
{
if (is_array($config)) {
foreach ($config as &$item) {
$item = config_clean($item);
}
} elseif (is_string($config)) {
if (strpos(strtolower($config), "<script") !== false) {
$config = '';
}
if (get_magic_quotes_gpc()) {
$config = stripslashes($config);
}
}
return $config;
}
/**
* Store a plugin's configuration in the database.
*
* Serializes the $config parameter and stores in the config
* and config_json columns of the plugins table.
* <code>
* <?php
* $plugin_config['a'] = 1;
* $plugin_config['b'] = 2;
* set_plugin_config('myplugin', $plugin_config);
* ?>
* </code>
*
* @param string $plugin_name Plugin name
* @param mixed $config Configuration variable to store.
* @see get_plugin_config
*/
function set_plugin_config($plugin_name, $config)
{
global $db, $use_mysqli, $mysql_charset;
$config = config_clean($config);
$config_ser_bin = base64_encode(serialize($config));
$config_ser_json = config_json_encode($config);
if (!isset($mysql_charset))
{
$config_ser_json = iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $config_ser_json);
}
if ($use_mysqli)
{
$config_ser_json = mysqli_real_escape_string($db,$config_ser_json);
}
else
{
$config_ser_json = mysql_real_escape_string($config_ser_json);
}
sql_query("UPDATE plugins SET config='$config_ser_bin', config_json='$config_ser_json' WHERE name='$plugin_name'");
return true;
}
