diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-08-08 22:24:55 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-08-08 22:24:55 +0000 |
| commit | 39950fe2e22b479284f758131e7050f36ef83899 (patch) | |
| tree | 498d33a38dc5431bfdd6dab3a0c0d25b68e2ae86 /includes/common.inc | |
| parent | e2f098af854861033d863c2dc304e62f90c0896d (diff) | |
| download | brdo-39950fe2e22b479284f758131e7050f36ef83899.tar.gz brdo-39950fe2e22b479284f758131e7050f36ef83899.tar.bz2 | |
- Committed a modified version of Ulf's input checking changes. Patch #95.
I added an error message, changed a few things around and fixed tw typos.
Diffstat (limited to 'includes/common.inc')
| -rw-r--r-- | includes/common.inc | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/includes/common.inc b/includes/common.inc index 309ea2ff0..929644bcb 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -482,7 +482,7 @@ function referer_load() { } } -function xss_check_input_data($data) { +function valid_input_data($data) { if (is_array($data)) { /* @@ -490,7 +490,9 @@ function xss_check_input_data($data) { */ foreach ($data as $key => $value) { - xss_check_input_data($value); + if (!valid_input_data($value)) { + return 0; + } } } else { @@ -512,9 +514,11 @@ function xss_check_input_data($data) { if ($match) { watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); - die("terminated request because of suspicious input data"); + return 0; } } + + return 1; } function check_url($uri) { @@ -1049,7 +1053,9 @@ function drupal_page_header() { */ if (!user_access("bypass input data check")) { - xss_check_input_data($_REQUEST); + if (!valid_input_data($_REQUEST)) { + die("terminated request because of suspicious input data"); + } } } |