Attachment #231904 for bug #262022




for ($i = 1; $i <= 23; $i++) {
    $tmpVar  = 'chkTfValue'.$i;
    $$tmpVar = filter_input(INPUT_POST, 'tfValue'.$i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
#    if (get_magic_quotes_gpc() == 0) {
    $$tmpVar = addslashes($$tmpVar);
#    }
    if (isset($$tmpVar)) {
        $$tmpVar = $myVisClass->tfSecure($$tmpVar);
    }

for ($i = 1; $i <= 8; $i++) {
    $tmpVar  = 'chkTfArg'.$i;
    $$tmpVar = filter_input(INPUT_POST, 'tfArg'.$i, FILTER_UNSAFE_RAW);
#    if (get_magic_quotes_gpc() == 0) {
    $$tmpVar = addslashes($$tmpVar);
#    }
    if (isset($$tmpVar)) {
        $$tmpVar = $myVisClass->tfSecure($$tmpVar);
    }

for ($i = 1; $i <= 8; $i++) {
    $tmpVar  = 'chkTaArg'.$i.'Info';
    $$tmpVar = filter_input(INPUT_POST, 'taArg'.$i.'Info', FILTER_UNSAFE_RAW);
#    if (get_magic_quotes_gpc() == 0) {
    $$tmpVar = addslashes($$tmpVar);
#    }
    if (isset($$tmpVar)) {
        $$tmpVar = $myVisClass->tfSecure($$tmpVar);
    }

    $tmpVar2 = 'intMselValue'.$i;
    $$tmpVar = filter_input(INPUT_POST, 'mselValue'.$i, FILTER_SANITIZE_STRING, FILTER_FORCE_ARRAY);
    // Multiselect data processing
    if (isset(${$tmpVar}[0])) {
        if ((${$tmpVar}[0] == '') || (${$tmpVar}[0] == '0')) {
            $$tmpVar2 = 0;
        } elseif (${$tmpVar}[0] == '*') {
            $$tmpVar2 = 2;
        } else {
            $$tmpVar2 = 1;
        }
    }
}
// Common select field value

//
// Quote special characters
// ==========================
#if (get_magic_quotes_gpc() == 0) {
$chkTfSearchRaw    = addslashes($chkTfSearchRaw);
$chkTaValue1Raw    = addslashes($chkTaValue1Raw);
$chkTaFileTextRaw  = addslashes($chkTaFileTextRaw);
$chkTfSpValue1     = addslashes($chkTfSpValue1);
#}
//
// Security function for text fields
// =================================

Return to bug 262022

Lines 64-72 Link Here

(-)functions/prepend_content.php (-21 / +23 lines)
64	for ($i = 1; $i <= 23; $i++) {	64	for ($i = 1; $i <= 23; $i++) {
65	$tmpVar = 'chkTfValue'.$i;	65	$tmpVar = 'chkTfValue'.$i;
66	$$tmpVar = filter_input(INPUT_POST, 'tfValue'.$i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);	66	$$tmpVar = filter_input(INPUT_POST, 'tfValue'.$i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
67	if (get_magic_quotes_gpc() == 0) {	67	# if (get_magic_quotes_gpc() == 0) {
68	$$tmpVar = addslashes($$tmpVar);	68	$$tmpVar = addslashes($$tmpVar);
69	}	69	# }
70	if (isset($$tmpVar)) {	70	if (isset($$tmpVar)) {
71	$$tmpVar = $myVisClass->tfSecure($$tmpVar);	71	$$tmpVar = $myVisClass->tfSecure($$tmpVar);
72	}	72	}
Lines 75-83 Link Here
75	for ($i = 1; $i <= 8; $i++) {	75	for ($i = 1; $i <= 8; $i++) {
76	$tmpVar = 'chkTfArg'.$i;	76	$tmpVar = 'chkTfArg'.$i;
77	$$tmpVar = filter_input(INPUT_POST, 'tfArg'.$i, FILTER_UNSAFE_RAW);	77	$$tmpVar = filter_input(INPUT_POST, 'tfArg'.$i, FILTER_UNSAFE_RAW);
78	if (get_magic_quotes_gpc() == 0) {	78	# if (get_magic_quotes_gpc() == 0) {
79	$$tmpVar = addslashes($$tmpVar);	79	$$tmpVar = addslashes($$tmpVar);
80	}	80	# }
81	if (isset($$tmpVar)) {	81	if (isset($$tmpVar)) {
82	$$tmpVar = $myVisClass->tfSecure($$tmpVar);	82	$$tmpVar = $myVisClass->tfSecure($$tmpVar);
83	}	83	}
Lines 86-94 Link Here
86	for ($i = 1; $i <= 8; $i++) {	86	for ($i = 1; $i <= 8; $i++) {
87	$tmpVar = 'chkTaArg'.$i.'Info';	87	$tmpVar = 'chkTaArg'.$i.'Info';
88	$$tmpVar = filter_input(INPUT_POST, 'taArg'.$i.'Info', FILTER_UNSAFE_RAW);	88	$$tmpVar = filter_input(INPUT_POST, 'taArg'.$i.'Info', FILTER_UNSAFE_RAW);
89	if (get_magic_quotes_gpc() == 0) {	89	# if (get_magic_quotes_gpc() == 0) {
90	$$tmpVar = addslashes($$tmpVar);	90	$$tmpVar = addslashes($$tmpVar);
91	}	91	# }
92	if (isset($$tmpVar)) {	92	if (isset($$tmpVar)) {
93	$$tmpVar = $myVisClass->tfSecure($$tmpVar);	93	$$tmpVar = $myVisClass->tfSecure($$tmpVar);
94	}	94	}
Lines 99-110 Link Here
99	$tmpVar2 = 'intMselValue'.$i;	99	$tmpVar2 = 'intMselValue'.$i;
100	$$tmpVar = filter_input(INPUT_POST, 'mselValue'.$i, FILTER_SANITIZE_STRING, FILTER_FORCE_ARRAY);	100	$$tmpVar = filter_input(INPUT_POST, 'mselValue'.$i, FILTER_SANITIZE_STRING, FILTER_FORCE_ARRAY);
101	// Multiselect data processing	101	// Multiselect data processing
102	if ((${$tmpVar}[0] == '') \|\| (${$tmpVar}[0] == '0')) {	102	if (isset(${$tmpVar}[0])) {
103	$$tmpVar2 = 0;	103	if ((${$tmpVar}[0] == '') \|\| (${$tmpVar}[0] == '0')) {
104	} elseif (${$tmpVar}[0] == '*') {	104	$$tmpVar2 = 0;
105	$$tmpVar2 = 2;	105	} elseif (${$tmpVar}[0] == '*') {
106	} else {	106	$$tmpVar2 = 2;
107	$$tmpVar2 = 1;	107	} else {
		108	$$tmpVar2 = 1;
		109	}
108	}	110	}
109	}	111	}
110	// Common select field value	112	// Common select field value
Lines 157-168 Link Here
157	//	159	//
158	// Quote special characters	160	// Quote special characters
159	// ==========================	161	// ==========================
160	if (get_magic_quotes_gpc() == 0) {	162	#if (get_magic_quotes_gpc() == 0) {
161	$chkTfSearchRaw = addslashes($chkTfSearchRaw);	163	$chkTfSearchRaw = addslashes($chkTfSearchRaw);
162	$chkTaValue1Raw = addslashes($chkTaValue1Raw);	164	$chkTaValue1Raw = addslashes($chkTaValue1Raw);
163	$chkTaFileTextRaw = addslashes($chkTaFileTextRaw);	165	$chkTaFileTextRaw = addslashes($chkTaFileTextRaw);
164	$chkTfSpValue1 = addslashes($chkTfSpValue1);	166	$chkTfSpValue1 = addslashes($chkTfSpValue1);
165	}	167	#}
166	//	168	//
167	// Security function for text fields	169	// Security function for text fields
168	// =================================	170	// =================================