function undoMagicQuotes($array, $topLevel = true) { $newArray = array(); foreach ($array as $key => $value) { if (!$topLevel) { $key = stripslashes($key); } if (is_array($value)) { $newArray[$key] = undoMagicQuotes($value, false); } else { $newArray[$key] = stripslashes($value); } } return $newArray; }
function undoMagicQuotes($array, $topLevel = true) { $newArray = array(); foreach ($array as $key => $value) { if (!$topLevel) { $newKey = stripslashes($key); if ($newKey !== $key) { unset($array[$key]); } $key = $newKey; } $newArray[$key] = is_array($value) ? undoMagicQuotes($value, false) : stripslashes($value); } return $newArray; }
//php ids /******************************************/ #phpids sucks a lot, we need explicitely define the include dir, base path has no effect! ;P bad style, doesnt really work as explained, lacks documentation, example is just a fake. needs too much tweaking. if (TM_PHPIDS) { require_once TM_INCLUDEPATH . "/PHPIDS.inc.php"; } /***********************************************************/ //handle magic quotes /***********************************************************/ //http://talks.php.net/show/php-best-practices/26 if (get_magic_quotes_gpc()) { //http://www.php.net/manual/en/security.magicquotes.disabling.php#id2553906 $_GET = undoMagicQuotes($_GET); $_POST = undoMagicQuotes($_POST); $_COOKIE = undoMagicQuotes($_COOKIE); $_REQUEST = undoMagicQuotes($_REQUEST); } //http://www.php.net/manual/en/function.htmlentities.php#77556 foreach ($_POST as $key => $val) { // scrubbing the field NAME... if (preg_match('/%/', urlencode($key))) { die('XSS'); } //'FATAL::XSS hack attempt detected. Your IP has been logged.' } /***********************************************************/ //Errorhandler: /***********************************************************/ require_once TM_INCLUDEPATH . "/Errorhandling.inc.php"; //eigene errorhandler funktion set_error_handler("userErrorHandler");
<?php require_once "report-file-path.php"; function undoMagicQuotes($value) { if (get_magic_quotes_gpc()) { return stripslashes($value); } return $value; } $reportFile = fopen($reportFilePath . ".tmp", 'w'); $httpHeaders = $_SERVER; ksort($httpHeaders, SORT_STRING); foreach ($httpHeaders as $name => $value) { if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE" || $name === "HTTP_HOST" || $name === "REQUEST_URI") { $value = undoMagicQuotes($value); fwrite($reportFile, "{$name}: {$value}\n"); } } fwrite($reportFile, "=== POST DATA ===\n"); fwrite($reportFile, file_get_contents("php://input")); fclose($reportFile); rename($reportFilePath . ".tmp", $reportFilePath); if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) { foreach ($_COOKIE as $name => $value) { setcookie($name, "deleted", time() - 60, "/"); } }
public static function process($url, $history_call = false, $refresh = false) { if (MODULE_TIMES) { $time = microtime(true); } $url = str_replace('&', '&', $url); //do we need this if we set arg_separator.output to &? if ($url) { $_POST = array(); parse_str($url, $_POST); if (get_magic_quotes_gpc()) { $_POST = undoMagicQuotes($_POST); } $_GET = $_REQUEST =& $_POST; } ModuleManager::load_modules(); self::check_firstrun(); if ($history_call === '0') { History::clear(); } elseif ($history_call) { History::set_id($history_call); } //on init call methods... $ret = on_init(null, null, null, true); foreach ($ret as $k) { call_user_func_array($k['func'], $k['args']); } $root =& ModuleManager::create_root(); self::go($root); //go somewhere else? $loc = location(null, true); //on exit call methods... $ret = on_exit(null, null, null, true, $loc === false); foreach ($ret as $k) { call_user_func_array($k['func'], $k['args']); } if ($loc !== false) { if (isset($_REQUEST['__action_module__'])) { $loc['__action_module__'] = $_REQUEST['__action_module__']; } //clean up foreach (self::$content as $k => $v) { unset(self::$content[$k]); } foreach (self::$jses as $k => $v) { if ($v[1]) { unset(self::$jses[$k]); } } //go $loc['__location'] = microtime(true); return self::process(http_build_query($loc), false, true); } $debug = ''; if (DEBUG && ($debug_diff = @(include_once 'tools/Diff.php'))) { require_once 'tools/Text/Diff/Renderer/inline.php'; $diff_renderer = new Text_Diff_Renderer_inline(); } //clean up old modules if (isset($_SESSION['client']['__module_content__'])) { $to_cleanup = array_keys($_SESSION['client']['__module_content__']); foreach ($to_cleanup as $k) { $mod = ModuleManager::get_instance($k); if ($mod === null) { $xx = explode('/', $k); $yy = explode('|', $xx[count($xx) - 1]); $mod = $yy[0]; if (is_callable(array($mod . 'Common', 'destroy'))) { call_user_func(array($mod . 'Common', 'destroy'), $k, isset($_SESSION['client']['__module_vars__'][$k]) ? $_SESSION['client']['__module_vars__'][$k] : null); } if (DEBUG) { $debug .= 'Clearing mod vars & module content ' . $k . '<br>'; } unset($_SESSION['client']['__module_vars__'][$k]); unset($_SESSION['client']['__module_content__'][$k]); } } } $reloaded = array(); foreach (self::$content as $k => $v) { $reload = $v['module']->get_reload(); $parent = $v['module']->get_parent_path(); if (DEBUG && REDUCING_TRANSFER) { $debug .= '<hr style="height: 3px; background-color:black">'; $debug .= '<b> Checking ' . $k . ', parent=' . $v['module']->get_parent_path() . '</b><ul>' . '<li>Force - ' . (isset($reload) ? print_r($reload, true) : 'not set') . '</li>' . '<li>First display - ' . (isset($_SESSION['client']['__module_content__'][$k]) ? 'no</li>' . '<li>Content changed - ' . ($_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] ? 'yes' : 'no') . '</li>' . '<li>JS changed - ' . ($_SESSION['client']['__module_content__'][$k]['js'] !== $v['js'] ? 'yes' : 'no') : 'yes') . '</li>' . '<li>Parent reloaded - ' . (isset($reloaded[$parent]) ? 'yes' : 'no') . '</li>' . '<li>History call - ' . ($history_call ? 'yes' : 'no') . '</li>' . '</ul>'; } if (!REDUCING_TRANSFER || (!isset($reload) && (!isset($_SESSION['client']['__module_content__'][$k]) || $_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] || $_SESSION['client']['__module_content__'][$k]['js'] !== $v['js']) || $history_call || $reload == true || isset($reloaded[$parent]))) { //force reload or parent reloaded if (DEBUG && isset($_SESSION['client']['__module_content__'])) { $debug .= '<b>Reloading: ' . (isset($v['span']) ? '; span=' . $v['span'] . ',' : '') . ' triggered=' . ($reload == true ? 'force' : 'auto') . ', </b><hr><b>New value:</b><br><pre>' . htmlspecialchars($v['value']) . '</pre>' . (isset($_SESSION['client']['__module_content__'][$k]['value']) ? '<hr><b>Old value:</b><br><pre>' . htmlspecialchars($_SESSION['client']['__module_content__'][$k]['value']) . '</pre>' : ''); if ($debug_diff && isset($_SESSION['client']['__module_content__'][$k]['value'])) { $xxx = new Text_Diff(explode("\n", $_SESSION['client']['__module_content__'][$k]['value']), explode("\n", $v['value'])); $debug .= '<hr><b>Diff:</b><br><pre>' . $diff_renderer->render($xxx) . '</pre>'; } $debug .= '<hr style="height: 5px; background-color:black">'; } if (isset($v['span'])) { self::text($v['value'], $v['span']); } if ($v['js']) { self::js(join(";", $v['js'])); } if (REDUCING_TRANSFER) { $_SESSION['client']['__module_content__'][$k]['value'] = $v['value']; $_SESSION['client']['__module_content__'][$k]['js'] = $v['js']; } $_SESSION['client']['__module_content__'][$k]['parent'] = $parent; $reloaded[$k] = true; if (method_exists($v['module'], 'reloaded')) { $v['module']->reloaded(); } } } foreach ($_SESSION['client']['__module_content__'] as $k => $v) { if (!array_key_exists($k, self::$content) && isset($reloaded[$v['parent']])) { if (DEBUG) { $debug .= 'Reloading missing ' . $k . '<hr>'; } if (isset($v['span'])) { self::text($v['value'], $v['span']); } if (isset($v['js']) && $v['js']) { self::js(join(";", $v['js'])); } $reloaded[$k] = true; } } if (DEBUG) { $debug .= 'vars ' . CID . ': ' . print_r($_SESSION['client']['__module_vars__'], true) . '<br>'; $debug .= 'user='******'<br>'; if (isset($_REQUEST['__action_module__'])) { $debug .= 'action module=' . $_REQUEST['__action_module__'] . '<br>'; } } $debug .= self::debug(); if (MODULE_TIMES) { foreach (self::$content as $k => $v) { $style = 'color:red;font-weight:bold'; if ($v['time'] < 0.5) { $style = 'color:orange;font-weight:bold'; } if ($v['time'] < 0.05) { $style = 'color:green;font-weight:bold'; } $debug .= 'Time of loading module <b>' . $k . '</b>: <i>' . '<span style="' . $style . ';">' . number_format($v['time'], 4) . '</span>' . '</i><br>'; } $debug .= 'Page renderered in ' . (microtime(true) - $time) . 's<hr>'; } if (SQL_TIMES) { $debug .= '<font size="+1">QUERIES</font><br>'; $queries = DB::GetQueries(); $sum = 0; $qty = 0; foreach ($queries as $kk => $q) { $style = 'color:red;font-weight:bold'; if ($q['time'] < 0.5) { $style = 'color:orange;font-weight:bold'; } if ($q['time'] < 0.05) { $style = 'color:green'; } for ($kkk = 0; $kkk < $kk; $kkk++) { if ($queries[$kkk]['args'] == $q['args']) { $style .= ';text-decoration:underline'; } } $debug .= '<span style="' . $style . ';">' . '<b>' . $q['func'] . '</b> ' . htmlspecialchars(var_export($q['args'], true)) . ' <i><b>' . number_format($q['time'], 4) . '</b></i>' . (isset($q['caller']) ? ', ' . $q['caller'] : '') . '<br>' . '</span>'; $sum += $q['time']; $qty++; } $debug .= '<b>Number of queries:</b> ' . $qty . '<br>'; $debug .= '<b>Queries times:</b> ' . $sum . '<br>'; } if (!isset($_SESSION['client']['custom_debug']) || $debug != $_SESSION['client']['custom_debug']) { self::text($debug, 'debug'); if ($debug) { Epesi::js("\$('debug_content').style.display='block';"); } $_SESSION['client']['custom_debug'] = $debug; } if (!$history_call && !History::soft_call()) { History::set(); } if (!$history_call) { self::js('Epesi.history_add(' . History::get_id() . ')'); } self::send_output(); }
function undoMagicQuotes($value) { if (!is_array($value)) { return stripslashes($value); } else { foreach ($value as $k => $v) { $value[$k] = undoMagicQuotes($v); } return $value; } }