diff options
| -rw-r--r-- | it.class | 38 |
1 files changed, 38 insertions, 0 deletions
@@ -1208,4 +1208,42 @@ static function readfile($filename, $use_include_path = false, $context = null) return readfile(it::safe_filename($filename), $use_include_path, $context); # NOPHPLINT } +/** + * Convert input ($_GET, $_POST, $_REQEST, $_COOKIE and relevant $_SERVER vars, argv) to utf-8 + * and remove all params that have numeric keys from $_GET and $_REQUEST + */ +static function params2utf8() +{ + if ($GLOBALS['argv']) + $GLOBALS['argv'] = it::any2utf8($GLOBALS['argv']); + + if ($_SERVER['argv']) + $_SERVER['argv'] = it::any2utf8($_SERVER['argv']); + + $_GET = it::any2utf8($_GET); + $_REQUEST = it::any2utf8($_REQUEST); + $_POST = it::any2utf8($_POST); + $_COOKIE = it::any2utf8($_COOKIE); + + foreach (['PHP_SELF', 'SCRIPT_NAME', 'SCRIPT_URL', 'SCRIPT_URI', 'HTTP_USER_AGENT'] as $var) + $_SERVER[$var] = it::any2utf8($_SERVER[$var]); + + $urlfix = function($m) { return urlencode(it::any2utf8(urldecode($m[0]))); }; + foreach (['QUERY_STRING', 'REQUEST_URI', 'HTTP_REFERER'] as $var) { + $_SERVER[$var.'_RAW'] = $_SERVER[$var]; + $_SERVER[$var] = it::any2utf8($_SERVER[$var]); + if (strpos($_SERVER[$var], '%') !== false) { + if (grapheme_strlen(urldecode($_SERVER[$var])) === null) # handle latin (double encodes correct utf8) + $_SERVER[$var] = preg_replace_callback('/%[89A-F][A-Z0-9]/i', $urlfix, $_SERVER[$var]); + while (preg_match('/%C3%8[23]%C2%[89ab][0-9a-f]/i', $_SERVER[$var]) && $iterations++ < 3) # handle doubly encoded utf8, UTF8SAFE + $_SERVER[$var] = preg_replace_callback('/%C3%8[23]%C2%[89ab][0-9a-f]/i', $urlfix, $_SERVER[$var]); + } + } + + $_SERVER['HTTP_REFERER'] = it::replace(['#[^#]*$' => ""], $_SERVER['HTTP_REFERER']); # safari sometimes puts anchor in referer + + foreach (array_filter(array_keys($_REQUEST), 'is_int') as $key) # remove numeric keys because they confuse U() + unset($_REQUEST[$key], $_GET[$key]); +} + } |