improvement: avoid the use of @ instead of a real test

git-svn-id: http://piwigo.org/svn/branches/2.0@5003 68402e56-0260-453c-a942-63ccdbb3a9ee
2025-04-27 19:59:56 +03:00 · 2010-02-28 20:58:45 +00:00 · 2010-02-28 20:58:45 +00:00 · f1f59e937a
commit f1f59e937a
parent d2872aacef
8 changed files with 22 additions and 16 deletions
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@ -69,7 +69,7 @@ function save_categories_order($categories)
 // |                            initialization                             |
 // +-----------------------------------------------------------------------+
-check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID);
+check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
 $categories = array();
--- a/admin/element_set.php
+++ b/admin/element_set.php
@ -39,7 +39,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
-check_input_parameter('selection', @$_POST['selection'], true, PATTERN_ID);
+check_input_parameter('selection', $_POST, true, PATTERN_ID);
 // +-----------------------------------------------------------------------+
 // |                          caddie management                            |
--- a/admin/element_set_global.php
+++ b/admin/element_set_global.php
@ -44,10 +44,10 @@ check_status(ACCESS_ADMINISTRATOR);
 // +-----------------------------------------------------------------------+
 // the $_POST['selection'] was already checked in element_set.php
-check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
+check_input_parameter('add_tags', $_POST, true, PATTERN_ID);
-check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
+check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
-check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
+check_input_parameter('associate', $_POST, false, PATTERN_ID);
-check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
+check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
 if (isset($_POST['delete']))
 {
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@ -33,8 +33,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
-check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID);
+check_input_parameter('image_id', $_GET, false, PATTERN_ID);
-check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID);
+check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
 // +-----------------------------------------------------------------------+
 // |                          synchronize metadata                         |
--- a/comments.php
+++ b/comments.php
@ -117,7 +117,7 @@ if (!empty($_GET['author']))
 // notification email)
 if (!empty($_GET['comment_id']))
 {
-  check_input_parameter('comment_id', $_GET['comment_id'], false, PATTERN_ID);
+  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
  // currently, the $_GET['comment_id'] is only used by admins from email
  // for management purpose (validate/delete)
@ -183,7 +183,7 @@ if (isset($_GET['delete']) or isset($_GET['validate']))
    if (isset($_GET['delete']))
    {
-      check_input_parameter('delete', $_GET['delete'], false, PATTERN_ID);
+      check_input_parameter('delete', $_GET, false, PATTERN_ID);
      $query = '
 DELETE
@ -195,7 +195,7 @@ DELETE
    if (isset($_GET['validate']))
    {
-      check_input_parameter('validate', $_GET['validate'], false, PATTERN_ID);
+      check_input_parameter('validate', $_GET, false, PATTERN_ID);
      $query = '
 UPDATE '.COMMENTS_TABLE.'
--- a/feed.php
+++ b/feed.php
@ -63,7 +63,7 @@ function ts_to_iso8601($ts)
 // |                            initialization                             |
 // +-----------------------------------------------------------------------+
-check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i');
+check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i');
 $feed_id= isset($_GET['feed']) ? $_GET['feed'] : '';
 $image_only=isset($_GET['image_only']);
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@ -1503,14 +1503,20 @@ function get_comment_post_key($image_id)
 * pattern. This should happen only during hacking attempts.
 *
 * @param string param_name
- * @param mixed param_value
+ * @param array param_array
 * @param boolean is_array
 * @param string pattern
 *
 * @return void
 */
-function check_input_parameter($param_name, $param_value, $is_array, $pattern)
+function check_input_parameter($param_name, $param_array, $is_array, $pattern)
 {
  $param_value = null;
  if (isset($param_array[$param_name]))
  {
    $param_value = $param_array[$param_name];
  }
  // it's ok if the input parameter is null
  if (empty($param_value))
  {
--- a/search.php
+++ b/search.php
@ -71,7 +71,7 @@ if (isset($_POST['submit']))
  if (isset($_POST['tags']))
  {
-    check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
+    check_input_parameter('tags', $_POST, true, PATTERN_ID);
    $search['fields']['tags'] = array(
      'words' => $_POST['tags'],
@ -92,7 +92,7 @@ if (isset($_POST['submit']))
  if (isset($_POST['cat']))
  {
-    check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
+    check_input_parameter('cat', $_POST, true, PATTERN_ID);
    $search['fields']['cat'] = array(
      'words'   => $_POST['cat'],