/** * Save the raw input data * @Developer brandon * @Date Apr 22, 2010 */ public function __construct() { if (!self::$raw) { self::$raw = $_POST; } parent::__construct(); }
public function __construct() { $preserve = array('_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); foreach ($preserve as $input) { if (!isset($GLOBALS[$input])) { continue; } $this->unfiltered_inputs[strtolower($input)] = $GLOBALS[$input]; } parent::__construct(); // loop each of the request vars foreach ($_REQUEST as $key => $value) { // if we find a var that begins with __ that is a marker for a // checkbox if (substr($key, 0, 2) == '__') { // setup and array removing the __ in the key $uncheckedValue = array(substr($key, 2) => $value); // merge this into the request array, NOT replacing any existing value $_REQUEST = arr::merge_recursive_distinct($uncheckedValue, $_REQUEST); // remove our temporary tracker unset($_REQUEST[$key]); // see if this var came from a post if (array_key_exists($key, $_POST)) { // merge this into the post array, NOT replacing any existing value $_POST = arr::merge_recursive_distinct($uncheckedValue, $_POST); unset($_POST[$key]); } // see if this var came from a get if (array_key_exists($key, $_GET)) { // merge this into the get array, NOT replacing any existing value $_GET = arr::merge_recursive_distinct($uncheckedValue, $_GET); unset($_GET[$key]); } } } }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Kohana::config('core.global_xss_filtering'); if (self::$instance === NULL) { // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); Kohana::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { $this->magic_quotes_gpc = TRUE; Kohana::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent GLOBALS override attacks exit('Global variable overload attack.'); } // Destroy the REQUEST global $_REQUEST = array(); // These globals are standard and should not be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // This loop has the same effect as disabling register_globals foreach (array_diff(array_keys($GLOBALS), $preserve) as $key) { global ${$key}; ${$key} = NULL; // Unset the global variable unset($GLOBALS[$key], ${$key}); } // Warn the developer about register globals Kohana::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Ignore special attributes in RFC2109 compliant cookies if ($key == '$Version' or $key == '$Path' or $key == '$Domain') { continue; } // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Kohana::log('debug', 'Global GET, POST and COOKIE data sanitized'); } }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { exit('Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { exit('Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { exit('Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); Eight::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { $this->magic_quotes_gpc = YES; Eight::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent GLOBALS override attacks exit('Global variable overload attack.'); } // Destroy the REQUEST global $_REQUEST = array(); // These globals are standard and should not be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // This loop has the same effect as disabling register_globals foreach ($GLOBALS as $key => $val) { if (!in_array($key, $preserve)) { global ${$key}; ${$key} = nil; // Unset the global variable unset($GLOBALS[$key], ${$key}); } } // Warn the developer about register globals Eight::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }