Commit 0fb0a939 authored by Dries's avatar Dries
Browse files

- Improved the input checking.

parent ddbec122
......@@ -584,7 +584,7 @@ function valid_input_data($data) {
}
}
}
else {
else if (isset($data)) {
// Detect dangerous input data.
// Decode all normal character entities.
......@@ -1805,8 +1805,14 @@ function drupal_get_path($type, $name) {
// Initialize all enabled modules.
module_init();
if ($_REQUEST && !user_access('bypass input data check')) {
if (!valid_input_data($_REQUEST)) {
if (!user_access('bypass input data check')) {
// We can't use $_REQUEST because it consists of the contents of $_POST,
// $_GET and $_COOKIE: if any of the input arrays share a key, only one
// value will be verified.
if (!valid_input_data($_GET)
|| !valid_input_data($_POST)
|| !valid_input_data($_COOKIE)
|| !valid_input_data($_FILES)) {
die('Terminated request because of suspicious input data.');
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment