Mercurial > hg > fapweb
comparison msitegen.inc.php @ 1003:668fd0ea4e08
Add check for request items that might not be strings.
Only "trim" the value if it's a string.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 09 Mar 2015 08:03:15 +0200 |
parents | ffacd904fd1f |
children | cb23b23a2d8b |
comparison
equal
deleted
inserted
replaced
1002:13b15cef7028 | 1003:668fd0ea4e08 |
---|---|
514 if ($sres !== TRUE) $sfail = FALSE; | 514 if ($sres !== TRUE) $sfail = FALSE; |
515 return $sres; | 515 return $sres; |
516 } | 516 } |
517 | 517 |
518 | 518 |
519 function stTrimIfString($val) | |
520 { | |
521 if (is_string($val)) | |
522 return trim($val); | |
523 else | |
524 return $val; | |
525 } | |
526 | |
527 | |
519 function stGetRequestItem($name, $default = "", $allowGet = FALSE) | 528 function stGetRequestItem($name, $default = "", $allowGet = FALSE) |
520 { | 529 { |
521 if ($allowGet || stGetSetting("debug")) | 530 if ($allowGet || stGetSetting("debug")) |
522 return isset($_REQUEST[$name]) ? trim($_REQUEST[$name]) : $default; | 531 return isset($_REQUEST[$name]) ? stTrimIfString($_REQUEST[$name]) : $default; |
523 else | 532 else |
524 return isset($_POST[$name]) ? trim($_POST[$name]) : $default; | 533 return isset($_POST[$name]) ? stTrimIfString($_POST[$name]) : $default; |
525 } | 534 } |
526 | 535 |
527 | 536 |
528 function stConnectSQLDBSpec($dbspec) | 537 function stConnectSQLDBSpec($dbspec) |
529 { | 538 { |