Commit 0fb0a939 authored by Dries's avatar Dries
Browse files

- Improved the input checking.

parent ddbec122
...@@ -584,7 +584,7 @@ function valid_input_data($data) { ...@@ -584,7 +584,7 @@ function valid_input_data($data) {
} }
} }
} }
else { else if (isset($data)) {
// Detect dangerous input data. // Detect dangerous input data.
// Decode all normal character entities. // Decode all normal character entities.
...@@ -1805,8 +1805,14 @@ function drupal_get_path($type, $name) { ...@@ -1805,8 +1805,14 @@ function drupal_get_path($type, $name) {
// Initialize all enabled modules. // Initialize all enabled modules.
module_init(); module_init();
if ($_REQUEST && !user_access('bypass input data check')) { if (!user_access('bypass input data check')) {
if (!valid_input_data($_REQUEST)) { // We can't use $_REQUEST because it consists of the contents of $_POST,
// $_GET and $_COOKIE: if any of the input arrays share a key, only one
// value will be verified.
if (!valid_input_data($_GET)
|| !valid_input_data($_POST)
|| !valid_input_data($_COOKIE)
|| !valid_input_data($_FILES)) {
die('Terminated request because of suspicious input data.'); die('Terminated request because of suspicious input data.');
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment