Resolve remote subscribe and omb problems with quotes (Tickets #604 and #567)

darcs-hash:20080904065504-f6e2c-f0c770f52624e7151a93f2ed2b8813657ca88c14.gz
2008-09-04 02:55:04 -04:00 · 2008-09-04 02:55:04 -04:00 · fff677e6c4
commit fff677e6c4
parent 4d1528734d
7 changed files with 17 additions and 1 deletions
--- a/actions/accesstoken.php
+++ b/actions/accesstoken.php
@ -26,6 +26,7 @@ class AccesstokenAction extends Action {
 		parent::handle($args);
 		try {
 			common_debug('getting request from env variables', __FILE__);
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			common_debug('getting a server', __FILE__);
 			$server = omb_oauth_server();
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@ -41,6 +41,8 @@ class FinishremotesubscribeAction extends Action {

 		common_debug('stored request: '.print_r($omb,true), __FILE__);

+
+		commom_remove_magic_from_request();
 		$req = OAuthRequest::from_request();

 		$token = $req->get_parameter('oauth_token');
@ -248,4 +250,4 @@ class FinishremotesubscribeAction extends Action {

 		return array($return['oauth_token'], $return['oauth_token_secret']);
 	}
-}
+}
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@ -25,6 +25,7 @@ class PostnoticeAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			# Note: server-to-server function!
 			$server = omb_oauth_server();
--- a/actions/requesttoken.php
+++ b/actions/requesttoken.php
@ -30,6 +30,7 @@ class RequesttokenAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			$server = omb_oauth_server();
 			$token = $server->fetch_request_token($req);
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@ -26,6 +26,7 @@ class UpdateprofileAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			# Note: server-to-server function!
 			$server = omb_oauth_server();
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@ -350,6 +350,7 @@ class UserauthorizationAction extends Action {
 	}

 	function get_new_request() {
+		common_remove_magic_from_request();
 		$req = OAuthRequest::from_request();
 		return $req;
 	}
--- a/lib/util.php
+++ b/lib/util.php
@ -1424,6 +1424,15 @@ function common_copy_args($from) {
 	return $to;
 }

+// Neutralise the evil effects of magic_quotes_gpc in the current request.
+// This is used before handing a request off to OAuthRequest::from_request.
+function common_remove_magic_from_request() {
+	if(get_magic_quotes_gpc()) {
+		$_POST=array_map('stripslashes',$_POST);
+		$_GET=array_map('stripslashes',$_GET);
+	}
+}
+
 function common_user_uri(&$user) {
 	return common_local_url('userbyid', array('id' => $user->id));
 }