[MediaWiki-CVS] SVN: [95921] trunk/phase3

[johnduhart]

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/95921

Revision: 95921
Author:   johnduhart
Date:     2011-08-31 23:15:16 +0000 (Wed, 31 Aug 2011)
Log Message:
-----------
(bug 4381) Magic quotes cleaning is not comprehensive, key strings not unescaped

Modified Paths:
--------------
    trunk/phase3/RELEASE-NOTES-1.19
    trunk/phase3/includes/WebRequest.php

Modified: trunk/phase3/RELEASE-NOTES-1.19
===================================================================
--- trunk/phase3/RELEASE-NOTES-1.19     2011-08-31 23:14:31 UTC (rev 95920)
+++ trunk/phase3/RELEASE-NOTES-1.19     2011-08-31 23:15:16 UTC (rev 95921)
@@ -74,6 +74,8 @@
 * (bug 28649) Avoiding half truncated multi-byte unicode characters when 
   truncating log comments.
 * Show --batch-size option in help of maintenance scripts that support it
+* (bug 4381) Magic quotes cleaning is not comprehensive, key strings not
+  unescaped
 
 === API changes in 1.19 ===
 * (bug 19838) siprop=interwikimap can now use the interwiki cache.

Modified: trunk/phase3/includes/WebRequest.php
===================================================================
--- trunk/phase3/includes/WebRequest.php        2011-08-31 23:14:31 UTC (rev 
95920)
+++ trunk/phase3/includes/WebRequest.php        2011-08-31 23:15:16 UTC (rev 
95921)
@@ -239,16 +239,21 @@
         * used for undoing the evil that is magic_quotes_gpc.
         *
         * @param $arr array: will be modified
+        * @param $recursion bool Used to modify behaviour based on recursion
         * @return array the original array
         */
-       private function &fix_magic_quotes( &$arr ) {
+       private function &fix_magic_quotes( &$arr, $recursion = false ) {
+               $clean = array();
                foreach( $arr as $key => $val ) {
                        if( is_array( $val ) ) {
-                               $this->fix_magic_quotes( $arr[$key] );
+                               $cleanKey = !$recursion ? stripslashes( $key ) 
: $key;
+                               $clean[$cleanKey] = $this->fix_magic_quotes( 
$arr[$key], true );
                        } else {
-                               $arr[$key] = stripslashes( $val );
+                               $cleanKey = stripslashes( $key );
+                               $clean[$cleanKey] = stripslashes( $val );
                        }
                }
+               $arr = $clean;
                return $arr;
        }
 


_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs