Commit ccab3ee8 authored by Dries's avatar Dries

- Improved the input checking.

parent d0755828
......@@ -580,7 +580,7 @@ function valid_input_data($data) {
}
}
}
else {
else if (isset($data)) {
// Detect dangerous input data.
// Decode all normal character entities.
......@@ -1909,8 +1909,14 @@ function drupal_eval($code) {
// Initialize all enabled modules.
module_init();
if ($_REQUEST && !user_access('bypass input data check')) {
if (!valid_input_data($_REQUEST)) {
if (!user_access('bypass input data check')) {
// We can't use $_REQUEST because it consists of the contents of $_POST,
// $_GET and $_COOKIE: if any of the input arrays share a key, only one
// value will be verified.
if (!valid_input_data($_GET)
|| !valid_input_data($_POST)
|| !valid_input_data($_COOKIE)
|| !valid_input_data($_FILES)) {
die('Terminated request because of suspicious input data.');
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment