Pass $filter to remove_slashes (thanks to juzna)

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 9ea47fe95cc0cf205e017279b0d7e75853a526ae..6f2103519ce8a91f4ebc43947a51728ac783d87d 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -4,8 +4,8 @@ error_reporting(6135); // errors and warnings
 include "../adminer/include/coverage.inc.php";
 
 // disable filter.default
-$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
-if ($filter) {
+$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")));
+if ($filter || ini_get("filter.default_flags")) {
        foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
                $unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
                if ($unsafe) {
@@ -39,7 +39,7 @@ if (!defined("SID")) {
 }
 
 // disable magic quotes to be able to use database escaping function
-remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE), $filter);
 if (function_exists("set_magic_quotes_runtime")) { // removed in PHP 6
        set_magic_quotes_runtime(false);
 }

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index ff23d730facb5b1a42853d3dead4ba12a07db893..d6a6ffc9bb7fffb2007b4d0af62f92249aa30274 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -27,9 +27,10 @@ function escape_string($val) {
 
 /** Disable magic_quotes_gpc
 * @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @param bool whether to leave values as is
 * @return null modified in place
 */
-function remove_slashes($process) {
+function remove_slashes($process, $filter = false) {
        if (get_magic_quotes_gpc()) {
                while (list($key, $val) = each($process)) {
                        foreach ($val as $k => $v) {