- Improved the input checking.

0fb0a939 · Dries · ddbec122 · 0fb0a939
Commit 0fb0a939 authored Dec 28, 2004 by Dries
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

includes/common.inc includes/common.inc +9 -3

No files found.
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -584,7 +584,7 @@ function valid_input_data($data) {
      }
    }
  }
-  else {
+  else if (isset($data)) {
    // Detect dangerous input data.

    // Decode all normal character entities.
@@ -1805,8 +1805,14 @@ function drupal_get_path($type, $name) {
 // Initialize all enabled modules.
 module_init();

-if ($_REQUEST && !user_access('bypass input data check')) {
-  if (!valid_input_data($_REQUEST)) {
+if (!user_access('bypass input data check')) {
+  // We can't use $_REQUEST because it consists of the contents of $_POST, 
+  // $_GET and $_COOKIE: if any of the input arrays share a key, only one
+  // value will be verified.
+  if (!valid_input_data($_GET)
+   || !valid_input_data($_POST) 
+   || !valid_input_data($_COOKIE)
+   || !valid_input_data($_FILES)) {
    die('Terminated request because of suspicious input data.');
  }
 }