mirror of
https://github.com/Piwigo/Piwigo.git
synced 2025-04-26 19:29:58 +03:00
improvement: avoid the use of @ instead of a real test
git-svn-id: http://piwigo.org/svn/branches/2.0@5003 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
parent
d2872aacef
commit
f1f59e937a
8 changed files with 22 additions and 16 deletions
|
|
@ -69,7 +69,7 @@ function save_categories_order($categories)
|
|||
// | initialization |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID);
|
||||
check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
|
||||
|
||||
$categories = array();
|
||||
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
|||
// +-----------------------------------------------------------------------+
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
check_input_parameter('selection', @$_POST['selection'], true, PATTERN_ID);
|
||||
check_input_parameter('selection', $_POST, true, PATTERN_ID);
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | caddie management |
|
||||
|
|
|
|||
|
|
@ -44,10 +44,10 @@ check_status(ACCESS_ADMINISTRATOR);
|
|||
// +-----------------------------------------------------------------------+
|
||||
|
||||
// the $_POST['selection'] was already checked in element_set.php
|
||||
check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
|
||||
check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
|
||||
check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
|
||||
check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
|
||||
check_input_parameter('add_tags', $_POST, true, PATTERN_ID);
|
||||
check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
|
||||
check_input_parameter('associate', $_POST, false, PATTERN_ID);
|
||||
check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
|
||||
|
||||
if (isset($_POST['delete']))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
|||
// +-----------------------------------------------------------------------+
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID);
|
||||
check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID);
|
||||
check_input_parameter('image_id', $_GET, false, PATTERN_ID);
|
||||
check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | synchronize metadata |
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ if (!empty($_GET['author']))
|
|||
// notification email)
|
||||
if (!empty($_GET['comment_id']))
|
||||
{
|
||||
check_input_parameter('comment_id', $_GET['comment_id'], false, PATTERN_ID);
|
||||
check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
|
||||
|
||||
// currently, the $_GET['comment_id'] is only used by admins from email
|
||||
// for management purpose (validate/delete)
|
||||
|
|
@ -183,7 +183,7 @@ if (isset($_GET['delete']) or isset($_GET['validate']))
|
|||
|
||||
if (isset($_GET['delete']))
|
||||
{
|
||||
check_input_parameter('delete', $_GET['delete'], false, PATTERN_ID);
|
||||
check_input_parameter('delete', $_GET, false, PATTERN_ID);
|
||||
|
||||
$query = '
|
||||
DELETE
|
||||
|
|
@ -195,7 +195,7 @@ DELETE
|
|||
|
||||
if (isset($_GET['validate']))
|
||||
{
|
||||
check_input_parameter('validate', $_GET['validate'], false, PATTERN_ID);
|
||||
check_input_parameter('validate', $_GET, false, PATTERN_ID);
|
||||
|
||||
$query = '
|
||||
UPDATE '.COMMENTS_TABLE.'
|
||||
|
|
|
|||
2
feed.php
2
feed.php
|
|
@ -63,7 +63,7 @@ function ts_to_iso8601($ts)
|
|||
// | initialization |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i');
|
||||
check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i');
|
||||
|
||||
$feed_id= isset($_GET['feed']) ? $_GET['feed'] : '';
|
||||
$image_only=isset($_GET['image_only']);
|
||||
|
|
|
|||
|
|
@ -1503,14 +1503,20 @@ function get_comment_post_key($image_id)
|
|||
* pattern. This should happen only during hacking attempts.
|
||||
*
|
||||
* @param string param_name
|
||||
* @param mixed param_value
|
||||
* @param array param_array
|
||||
* @param boolean is_array
|
||||
* @param string pattern
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
function check_input_parameter($param_name, $param_value, $is_array, $pattern)
|
||||
function check_input_parameter($param_name, $param_array, $is_array, $pattern)
|
||||
{
|
||||
$param_value = null;
|
||||
if (isset($param_array[$param_name]))
|
||||
{
|
||||
$param_value = $param_array[$param_name];
|
||||
}
|
||||
|
||||
// it's ok if the input parameter is null
|
||||
if (empty($param_value))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ if (isset($_POST['submit']))
|
|||
|
||||
if (isset($_POST['tags']))
|
||||
{
|
||||
check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
|
||||
check_input_parameter('tags', $_POST, true, PATTERN_ID);
|
||||
|
||||
$search['fields']['tags'] = array(
|
||||
'words' => $_POST['tags'],
|
||||
|
|
@ -92,7 +92,7 @@ if (isset($_POST['submit']))
|
|||
|
||||
if (isset($_POST['cat']))
|
||||
{
|
||||
check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
|
||||
check_input_parameter('cat', $_POST, true, PATTERN_ID);
|
||||
|
||||
$search['fields']['cat'] = array(
|
||||
'words' => $_POST['cat'],
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue