diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-11-29 20:17:10 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-11-29 20:17:10 +0000 |
| commit | 2d0df351d704ba34d191831f7d4b8cb385555be2 (patch) | |
| tree | b18d02dfa6d075ff540eeffc4ab38393e53a3da0 /includes/common.inc | |
| parent | 236da7af059e6cf3aba6e8ec923e082b1f8fe143 (diff) | |
| download | brdo-2d0df351d704ba34d191831f7d4b8cb385555be2.tar.gz brdo-2d0df351d704ba34d191831f7d4b8cb385555be2.tar.bz2 | |
- Various fixes. Updated CHANGELOG.txt
Diffstat (limited to 'includes/common.inc')
| -rw-r--r-- | includes/common.inc | 67 |
1 files changed, 1 insertions, 66 deletions
diff --git a/includes/common.inc b/includes/common.inc index 84c955eed..08545ce0e 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -616,13 +616,6 @@ function t($string, $args = 0) { } /** - * Encode special characters in a plain-text string for display as HTML. - */ -function check_plain($text) { - return htmlspecialchars($text, ENT_QUOTES); -} - -/** * @defgroup validation Input validation * @{ * Functions to validate user input. @@ -668,54 +661,6 @@ function valid_url($url, $absolute = FALSE) { } /** - * Validate data input by a user. - * - * Ensures that user data cannot be used to perform attacks on the site. - * - * @param $data - * The input to check. - * @return - * TRUE if the input data is acceptable. - */ -function valid_input_data($data) { - if (is_array($data) || is_object($data)) { - // Form data can contain a number of nested arrays. - foreach ($data as $key => $value) { - if (!valid_input_data($key) || !valid_input_data($value)) { - return FALSE; - } - } - } - else if (isset($data)) { - // Detect dangerous input data. - - // Decode all normal character entities. - $data = decode_entities($data, array('<', '&', '"')); - - // Check strings: - $match = preg_match('/\Wjavascript\s*:/i', $data); - $match += preg_match('/\Wexpression\s*\(/i', $data); - $match += preg_match('/\Walert\s*\(/i', $data); - - // Check attributes: - $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data); - - // Check tags: - $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); - - if ($match) { - watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data)))); - return FALSE; - } - } - - return TRUE; -} -/** - * @} End of "defgroup validation". - */ - -/** * Register an event for the current visitor (hostname/IP) to the flood control mechanism. * * @param $name @@ -1366,17 +1311,7 @@ function _drupal_bootstrap_full() { } // Initialize all enabled modules. module_init(); - if (!user_access('bypass input data check')) { - // We can't use $_REQUEST because it consists of the contents of $_POST, - // $_GET and $_COOKIE: if any of the input arrays share a key, only one - // value will be verified. - if (!valid_input_data($_GET) - || !valid_input_data($_POST) - || !valid_input_data($_COOKIE) - || !valid_input_data($_FILES)) { - die('Terminated request because of suspicious input data.'); - } - } + // Undo magic quotes fix_gpc_magic(); // Initialize the localization system. $locale = locale_initialize(); |