Function parse_str respects magic_quotes_gpc (bug #3034575)

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index e8009b90e2ced79b4b81389119f8d23b821ed657..bbf9b90faacf4d9c4ec184e95c406180665f38d1 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -38,21 +38,7 @@ if (!ini_bool("session.auto_start")) {
 }
 
 // disable magic quotes to be able to use database escaping function
-if (get_magic_quotes_gpc()) {
-       $process = array(&$_GET, &$_POST, &$_COOKIE);
-       while (list($key, $val) = each($process)) {
-               foreach ($val as $k => $v) {
-                       unset($process[$key][$k]);
-                       if (is_array($v)) {
-                               $process[$key][stripslashes($k)] = $v;
-                               $process[] = &$process[$key][stripslashes($k)];
-                       } else {
-                               $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
-                       }
-               }
-       }
-       unset($process);
-}
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
 if (function_exists("set_magic_quotes_runtime")) {
        set_magic_quotes_runtime(false);
 }

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 5f475232a78e6253a2b6d217d4565979c378f8c5..ed847f134099a7ea0f3d5be77a69a35cc4a2d569 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -26,6 +26,26 @@ function escape_string($val) {
        return substr($connection->quote($val), 1, -1);
 }
 
+/** Disable magic_quotes_gpc
+* @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @return null modified in place
+*/
+function remove_slashes($process) {
+       if (get_magic_quotes_gpc()) {
+               while (list($key, $val) = each($process)) {
+                       foreach ($val as $k => $v) {
+                               unset($process[$key][$k]);
+                               if (is_array($v)) {
+                                       $process[$key][stripslashes($k)] = $v;
+                                       $process[] = &$process[$key][stripslashes($k)];
+                               } else {
+                                       $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
+                               }
+                       }
+               }
+       }
+}
+
 /** Escape or unescape string to use inside form []
 * @param string
 * @param bool
@@ -214,6 +234,7 @@ function where($where) {
 */
 function where_check($val) {
        parse_str($val, $check);
+       remove_slashes(array(&$check));
        return where($check);
 }