X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Frequest-functions.php;h=6879d517d29eebebd3c68da8fdce38160996b77a;hp=62cdacc8c3f6e065f9e550750270a5ee04e2040f;hb=49acdb7a7adbcf25a8e8683b5581bfcec72b23bd;hpb=8fad776382e63b3f73f8dbe289f229d79cfc2c22 diff --git a/inc/request-functions.php b/inc/request-functions.php index 62cdacc8c3..6879d517d2 100644 --- a/inc/request-functions.php +++ b/inc/request-functions.php @@ -10,13 +10,8 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * Copyright (c) 2009 - 2015 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -57,7 +52,7 @@ function getRequestElement ($element) { $value = $GLOBALS['cache_request']['get'][$element]; } elseif (isGetRequestElementSet($element)) { // Then get it directly - $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]); + $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]); // Store it in cache $GLOBALS['cache_request']['get'][$element] = $value; @@ -90,7 +85,7 @@ function getRequestArray () { // Counts entries in $_GET or returns false if not an array function countRequestGet () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $GET = getRequestArray(); @@ -107,8 +102,8 @@ function countRequestGet () { // Setter for element in $_GET function setGetRequestElement ($element, $value) { // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); // Set in $_GET $GLOBALS['raw_request']['get'][$element] = $value; @@ -135,11 +130,11 @@ function postRequestElement ($element, $subElement = NULL) { // Is $subElement set? if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) { // Then use this - $value = SQL_ESCAPE($value[$subElement]); + $value = sqlEscapeString($value[$subElement]); //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!'); - } elseif (!is_array($value)) { + } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) { // Escape it here - $value = SQL_ESCAPE($value); + $value = sqlEscapeString($value); //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!'); } @@ -160,7 +155,8 @@ function isPostRequestElementSet ($element, $subElement = NULL) { * a string as numerical indexes are not wanted in POST data (in this * project). */ - assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)))); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement)); + assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement)))); // Is a sub element set? if (is_null($subElement)) { @@ -191,7 +187,7 @@ function setPostRequestArray ($postData) { // Counts entries in $_POST or returns false if not an array function countRequestPost () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $postData = postRequestArray(); @@ -217,27 +213,33 @@ function setPostRequestElement ($element, $value) { $eval .= implode("']['", $element); // Finish eval() command - $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value)); + $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value)); // And run it eval($eval); } elseif (is_array($value)) { // Escape element - $element = SQL_ESCAPE($element); + $element = sqlEscapeString($element); // Value is an array so set it directly $GLOBALS['raw_request']['post'][$element] = $value; } else { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!'); + // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); + + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!'); // Set regular entry $GLOBALS['raw_request']['post'][$element] = $value; } // Update cache - $GLOBALS['cache_request']['post'][$element][null] = $value; + $GLOBALS['cache_request']['post'][$element][NULL] = $value; } // Checks whether a form was sent. If so, the $_POST['ok'] element must be set @@ -266,7 +268,7 @@ function addAllGetRequestParameters () { // Now add all parameters foreach (getRequestArray() as $key => $value) { // Add it secured - $return .= SQL_ESCAPE($key) . '=' . SQL_ESCAPE($value) . '&'; + $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&'; } // END - foreach // Remove trailing &