[pmwiki-devel] RequestArgs()
Hans
design5 at softflow.co.uk
Sat Dec 1 08:42:10 CST 2007
I noticed in scripts/forms.php the RequestArgs function:
function RequestArgs($req = NULL) {
if (is_null($req)) $req = array_merge($_GET, $_POST);
foreach ($req as $k => $v) $req[$k] = stripmagic($req[$k]);
return $req;
}
I wonder if it could be made more useful by processing
array elements as well, and perhaps also safer by using
htmlspecialcharacters, so all input gets filtered first,
and it is up to the script to decide if it needs raw input values.
The function could perhaps be like this:
function RequestArgs( $req = NULL) {
if (is_null($req)) $req = array_merge($_GET, $_POST);
foreach ($req as $key=>$val) {
if(is_array($val))
foreach($val as $k=>$v)
$req[$key][$k] = htmlspecialchars(stripmagic($v),ENT_NOQUOTES);
else $req[$key] = htmlspecialchars(stripmagic($val),ENT_NOQUOTES);
}
return $req;
}
Hans
More information about the pmwiki-devel
mailing list