diff options
| -rw-r--r-- | includes/common.inc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/includes/common.inc b/includes/common.inc index 4a029dcc3..7d0ac19fa 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -584,7 +584,7 @@ function valid_input_data($data) { } } } - else { + else if (isset($data)) { // Detect dangerous input data. // Decode all normal character entities. @@ -1805,8 +1805,14 @@ else { // Initialize all enabled modules. module_init(); -if ($_REQUEST && !user_access('bypass input data check')) { - if (!valid_input_data($_REQUEST)) { +if (!user_access('bypass input data check')) { + // We can't use $_REQUEST because it consists of the contents of $_POST, + // $_GET and $_COOKIE: if any of the input arrays share a key, only one + // value will be verified. + if (!valid_input_data($_GET) + || !valid_input_data($_POST) + || !valid_input_data($_COOKIE) + || !valid_input_data($_FILES)) { die('Terminated request because of suspicious input data.'); } } |