Resolve remote subscribe and omb problems with quotes (Tickets #604 and #567)

author CiaranG <ciaran@ciarang.com>

Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)

committer CiaranG <ciaran@ciarang.com>

Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)
author CiaranG <ciaran@ciarang.com>
Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)
committer CiaranG <ciaran@ciarang.com>
Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)
diff --git a/actions/accesstoken.php b/actions/accesstoken.php

index 80c4477d030e14f991480189c144525e9edb5ddc..4907749ce0519dda5a8a6f1f8a38f9e6280caee0 100644 (file)
--- a/actions/accesstoken.php
+++ b/actions/accesstoken.php
@@ -26,6 +26,7 @@ class AccesstokenAction extends Action {
                 parent::handle($args);
                 try {
                         common_debug('getting request from env variables', __FILE__);
+                       common_remove_magic_from_request();
                         $req = OAuthRequest::from_request();
                         common_debug('getting a server', __FILE__);
                         $server = omb_oauth_server();
diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php

index c9bdf26da871bdf4cf48dcb6cb125b7731340dda..80c259c3d71f0d4963840db21ae2436cc37c9ed5 100644 (file)
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -41,6 +41,8 @@ class FinishremotesubscribeAction extends Action {
  
                 common_debug('stored request: '.print_r($omb,true), __FILE__);
  
+
+               commom_remove_magic_from_request();
                 $req = OAuthRequest::from_request();
  
                 $token = $req->get_parameter('oauth_token');
@@ -248,4 +250,4 @@ class FinishremotesubscribeAction extends Action {
  
                 return array($return['oauth_token'], $return['oauth_token_secret']);
         }
-}
-\ No newline at end of file
+}
diff --git a/actions/postnotice.php b/actions/postnotice.php

index a04fca20acdcd0fc9f5bdc0056dc61bff40e2fbf..c1a5e0d5bc95d758d38d987446d54246dda258df 100644 (file)
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@@ -25,6 +25,7 @@ class PostnoticeAction extends Action {
         function handle($args) {
                 parent::handle($args);
                 try {
+                       common_remove_magic_from_request();
                         $req = OAuthRequest::from_request();
                         # Note: server-to-server function!
                         $server = omb_oauth_server();
diff --git a/actions/requesttoken.php b/actions/requesttoken.php

index 4a23215323fd767a28f412e106e575807470e637..76019a92995126db827b7394ed55bf3588235166 100644 (file)
--- a/actions/requesttoken.php
+++ b/actions/requesttoken.php
@@ -30,6 +30,7 @@ class RequesttokenAction extends Action {
         function handle($args) {
                 parent::handle($args);
                 try {
+                       common_remove_magic_from_request();
                         $req = OAuthRequest::from_request();
                         $server = omb_oauth_server();
                         $token = $server->fetch_request_token($req);
diff --git a/actions/updateprofile.php b/actions/updateprofile.php

index 7e604f6b10fdd04ca8fcf238bc08f11dbcd6bb4d..921e88e635408f54aa51495aa0723a172beec632 100644 (file)
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@@ -26,6 +26,7 @@ class UpdateprofileAction extends Action {
         function handle($args) {
                 parent::handle($args);
                 try {
+                       common_remove_magic_from_request();
                         $req = OAuthRequest::from_request();
                         # Note: server-to-server function!
                         $server = omb_oauth_server();
diff --git a/actions/userauthorization.php b/actions/userauthorization.php

index 6208113981d313ec4e87c8570c018ab05f58b3cb..111b54085c6009820ce88d6f2a061ff0073cb7ab 100644 (file)
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -350,6 +350,7 @@ class UserauthorizationAction extends Action {
         }
  
         function get_new_request() {
+               common_remove_magic_from_request();
                 $req = OAuthRequest::from_request();
                 return $req;
         }
diff --git a/lib/util.php b/lib/util.php

index 15300921265d431bded7e15b7da3d801756c5fcc..df64e74be8cc2f10e29d67b8e1c2970715b11c07 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -1424,6 +1424,15 @@ function common_copy_args($from) {
         return $to;
  }
  
+// Neutralise the evil effects of magic_quotes_gpc in the current request.
+// This is used before handing a request off to OAuthRequest::from_request.
+function common_remove_magic_from_request() {
+       if(get_magic_quotes_gpc()) {
+               $_POST=array_map('stripslashes',$_POST);
+               $_GET=array_map('stripslashes',$_GET);
+       }
+}
+
  function common_user_uri(&$user) {
         return common_local_url('userbyid', array('id' => $user->id));
  }
author	CiaranG <ciaran@ciarang.com>
	Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)
committer	CiaranG <ciaran@ciarang.com>
	Thu, 4 Sep 2008 06:55:04 +0000 (02:55 -0400)
actions/accesstoken.php		patch \| blob \| history
actions/finishremotesubscribe.php		patch \| blob \| history
actions/postnotice.php		patch \| blob \| history
actions/requesttoken.php		patch \| blob \| history
actions/updateprofile.php		patch \| blob \| history
actions/userauthorization.php		patch \| blob \| history
lib/util.php		patch \| blob \| history