Index: edit.php =================================================================== --- edit.php (Revision 415) +++ edit.php (Arbeitskopie) @@ -6,12 +6,84 @@ die("missing name"); } + +/* + * Clean up the mess PHP has created with its funky quoting everything! + * This block has been taken from b2evolution's _param.funcs.php file. + */ +if( get_magic_quotes_gpc() ) +{ // That stupid PHP behaviour consisting of adding slashes everywhere is unfortunately on + + if( in_array( strtolower(ini_get('magic_quotes_sybase')), array('on', '1', 'true', 'yes') ) ) + { // overrides "magic_quotes_gpc" and only replaces single quotes with themselves ( "'" => "''" ) + /** + * @ignore + */ + function remove_magic_quotes( $mixed ) + { + if( is_array( $mixed ) ) + { + foreach($mixed as $k => $v) + { + $mixed[$k] = remove_magic_quotes( $v ); + } + } + elseif( is_string($mixed) ) + { + // echo 'Removing slashes '; + $mixed = str_replace( '\'\'', '\'', $mixed ); + } + return $mixed; + } + } + else + { + /** + * Remove quotes from input. + * This handles magic_quotes_gpc and magic_quotes_sybase PHP settings/variants. + * + * NOTE: you should not use it directly, but one of the param-functions! + * + * @param mixed string or array (function is recursive) + * @return mixed Value, with magic quotes removed + */ + function remove_magic_quotes( $mixed ) + { + if( is_array( $mixed ) ) + { + foreach($mixed as $k => $v) + { + $mixed[$k] = remove_magic_quotes( $v ); + } + } + elseif( is_string($mixed) ) + { + // echo 'Removing slashes '; + $mixed = stripslashes( $mixed ); + } + return $mixed; + } + } +} +else +{ + /** + * @ignore + */ + function remove_magic_quotes( $mixed ) + { + return $mixed; + } +} + + + $name = $_GET['name']; // trigger auth $vcnt = xcache_count(XC_TYPE_VAR); if ($_SERVER['REQUEST_METHOD'] == 'POST') { - xcache_set($name, $_POST['value']); + xcache_set($name, remove_magic_quotes($_POST['value'])); header("Location: xcache.php?type=" . XC_TYPE_VAR); exit; }