Commit 29172616 authored by Dries's avatar Dries

- Removed valid_input_check().

parent bcb6257b
......@@ -714,16 +714,6 @@ function check_plain($text) {
return htmlspecialchars($text, ENT_QUOTES);
}
/**
* Prepare a URL for use in an HTML attribute. Strips harmful protocols.
*/
function check_url($uri) {
$uri = htmlspecialchars($uri, ENT_QUOTES);
$uri = filter_xss_bad_protocol($uri, FALSE);
return $uri;
}
/**
* Since request_uri() is only available on Apache, we generate an
* equivalent using other environment variables.
......
......@@ -691,6 +691,17 @@ function check_file($filename) {
return is_uploaded_file($filename);
}
/**
* Prepare a URL for use in an HTML attribute. Strips harmful protocols.
*
*/
function check_url($uri) {
$uri = htmlspecialchars($uri, ENT_QUOTES);
$uri = filter_xss_bad_protocol($uri, FALSE);
return $uri;
}
/**
* @defgroup format Formatting
* @{
......
......@@ -391,12 +391,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
}
}
if (!user_access('bypass input data check') && !valid_input_data($file)) {
watchdog('security', t('The file %file has not been saved, because it may contain a possible attempt to exploit or abuse this system.', array('%file' => theme('placeholder', $source))), WATCHDOG_WARNING);
drupal_set_message(t('The file %file has not been saved, because it contains invalid data.', array('%file' => theme('placeholder', $source))), 'error');
return 0;
}
// Check for file upload errors.
switch ($file->error) {
case 0: // UPLOAD_ERR_OK: File uploaded successfully
......@@ -435,12 +429,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
* @return A string containing the resulting filename or 0 on error
*/
function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
if (!user_access('bypass input data check') && !valid_input_data($data)) {
watchdog('security', t('The file has not been saved, because it may contain a possible attempt to exploit or abuse this system.'), WATCHDOG_WARNING);
drupal_set_message(t('The file has not been saved, because it contains invalid data.'), 'error');
return 0;
}
$temp = file_directory_temp();
$file = tempnam($temp, 'file');
if (!$fp = fopen($file, 'wb')) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment