summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/common.inc12
1 files changed, 9 insertions, 3 deletions
diff --git a/includes/common.inc b/includes/common.inc
index 4a029dcc3..7d0ac19fa 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -584,7 +584,7 @@ function valid_input_data($data) {
}
}
}
- else {
+ else if (isset($data)) {
// Detect dangerous input data.
// Decode all normal character entities.
@@ -1805,8 +1805,14 @@ else {
// Initialize all enabled modules.
module_init();
-if ($_REQUEST && !user_access('bypass input data check')) {
- if (!valid_input_data($_REQUEST)) {
+if (!user_access('bypass input data check')) {
+ // We can't use $_REQUEST because it consists of the contents of $_POST,
+ // $_GET and $_COOKIE: if any of the input arrays share a key, only one
+ // value will be verified.
+ if (!valid_input_data($_GET)
+ || !valid_input_data($_POST)
+ || !valid_input_data($_COOKIE)
+ || !valid_input_data($_FILES)) {
die('Terminated request because of suspicious input data.');
}
}