From 39950fe2e22b479284f758131e7050f36ef83899 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 8 Aug 2003 22:24:55 +0000
Subject: - Committed a modified version of Ulf's input checking changes. 
 Patch #95.   I added an error message, changed a few things around and fixed
 tw typos.

---
 includes/common.inc | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'includes/common.inc')

diff --git a/includes/common.inc b/includes/common.inc
index 309ea2ff0..929644bcb 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -482,7 +482,7 @@ function referer_load() {
   }
 }
 
-function xss_check_input_data($data) {
+function valid_input_data($data) {
 
   if (is_array($data)) {
     /*
@@ -490,7 +490,9 @@ function xss_check_input_data($data) {
     */
 
     foreach ($data as $key => $value) {
-      xss_check_input_data($value);
+      if (!valid_input_data($value)) {
+        return 0;
+      }
     }
   }
   else {
@@ -512,9 +514,11 @@ function xss_check_input_data($data) {
 
     if ($match) {
       watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
-      die("terminated request because of suspicious input data");
+      return 0;
     }
   }
+
+  return 1;
 }
 
 function check_url($uri) {
@@ -1049,7 +1053,9 @@ function drupal_page_header() {
   */
 
   if (!user_access("bypass input data check")) {
-    xss_check_input_data($_REQUEST);
+    if (!valid_input_data($_REQUEST)) {
+      die("terminated request because of suspicious input data");
+    }
   }
 }
 
-- 
cgit v1.2.3