diff options
| author | filip <filip.komar@gmail.com> | 2016-07-07 23:51:39 +0200 |
|---|---|---|
| committer | filip <filip.komar@gmail.com> | 2016-07-07 23:51:39 +0200 |
| commit | fd785f3d32d0b299556890e9fa639d5cc1209019 (patch) | |
| tree | 00f2acaeef5e8c7f9e9be8fbbbb3b1acb3c6b16b | |
| parent | e9b2d6d6c51ac27413f09581b4647fbc782476be (diff) | |
| download | www-fd785f3d32d0b299556890e9fa639d5cc1209019.tar www-fd785f3d32d0b299556890e9fa639d5cc1209019.tar.gz www-fd785f3d32d0b299556890e9fa639d5cc1209019.tar.bz2 www-fd785f3d32d0b299556890e9fa639d5cc1209019.tar.xz www-fd785f3d32d0b299556890e9fa639d5cc1209019.zip | |
new function 'get sanitized string from $_GET'
| -rw-r--r-- | langs.inc.php | 12 | ||||
| -rw-r--r-- | langs/diff.php | 11 | ||||
| -rw-r--r-- | langs/missing.php | 6 | ||||
| -rw-r--r-- | langs/report.php | 8 |
4 files changed, 25 insertions, 12 deletions
diff --git a/langs.inc.php b/langs.inc.php index c578dd2ee..bb412f2b8 100644 --- a/langs.inc.php +++ b/langs.inc.php @@ -139,6 +139,18 @@ function locale_underscore_to_hyphen($locale) /** + * Returns sanitized specified $_GET variable by name if it exists and strip tags from it + * + * @param string name of a $_GET vaiable + * + * @return string sanitized string, empty on empty string or on error in filtering +*/ +function get_sane_string($str){ + return (string) filter_input(INPUT_GET, $str, FILTER_SANITIZE_STRING); +} + + +/** */ function show_langs($langs) { diff --git a/langs/diff.php b/langs/diff.php index fcc0f93ff..f3c10b895 100644 --- a/langs/diff.php +++ b/langs/diff.php @@ -6,13 +6,14 @@ define('HLANG', true); include 'lib.php'; -$source_file = isset($_GET['s']) ? strip_tags(trim($_GET['s'])) : null; -$target_lang = isset($_GET['l']) ? strip_tags(trim($_GET['l'])) : null; +$source_file = get_sane_string('s'); +$target_lang = get_sane_string('l'); -if (is_null($source_file) || - is_null($target_lang)) { +if (empty($source_file) || + empty($target_lang)) { - die('kthxbai'); + header('Location: /langs/report.php'); + die; } if (!file_exists($source_file)) { diff --git a/langs/missing.php b/langs/missing.php index 345e9035e..881ed5e99 100644 --- a/langs/missing.php +++ b/langs/missing.php @@ -4,10 +4,10 @@ define('HLANG', true); include 'lib.php'; -$s = isset($_GET['s']) ? strip_tags(trim($_GET['s'])) : null; -$l = isset($_GET['l']) ? strip_tags(trim($_GET['l'])) : null; +$s = get_sane_string('s'); +$l = get_sane_string('l'); -if (is_null($s)) { +if (empty($s) || empty($l)) { header('Location: /langs/report.php'); die; } diff --git a/langs/report.php b/langs/report.php index 74bc56f68..0f0d7c0ed 100644 --- a/langs/report.php +++ b/langs/report.php @@ -42,14 +42,14 @@ define('HLANG', TRUE); include 'lib.php'; - $one_language = isset($_GET['l']) ? strip_tags(trim($_GET['l'])) : NULL; - $one_resource = isset($_GET['r']) ? strip_tags(trim($_GET['r'])) : NULL; + $one_language = get_sane_string('l'); + $one_resource = get_sane_string('r'); $one_language_all_resources = FALSE; $all_languages_only_one_resource = FALSE; $otherLangs = get_other_langs(); - if (isset($one_language) && $one_language != 'all') { + if (!empty($one_language) && $one_language != 'all') { if (in_array($one_language, $otherLangs)) { $one_language_all_resources = TRUE; $otherLangs = array('en', $one_language); @@ -59,7 +59,7 @@ } $enFiles = array_merge(array('../_nav/langs/en.pot'), get_lang_references('*.pot')); // added navigation file - if (isset($one_resource) && $one_resource != 'all') { + if (!empty($one_resource) && $one_resource != 'all') { if (in_array($one_resource, $enFiles)) { $all_languages_only_one_resource = TRUE; $enFiles = array($one_resource); |