<?php
/*
Check all the input. We are only using _REQUEST which may or may not
be a good idea. Unsetting GET and POST.
*/
$checkit = new checkit();
$short = $GLOBALS["config_vars"]["input_filter"]["keys"][$GLOBALS["config_vars"]["thisrequest"]];
unset($_GET);
unset($_POST);
foreach ($_REQUEST as $k=>$v) {
if (is_array($v)) {
foreach($v as $k1=>$v1) {
if(is_array($v1)) {
foreach($v1 as $k2=>$v2) {
if(is_array($v2)) {
$logger->setLog("Array too deep under $k>$k1>$k2",__LINE__,__FILE__);
} else {
// do something
$logger->setLog("IGNORE: $k>$k1>$k2",__LINE__,__FILE__);
}
}
} else {
if (isset($short[$k]['keys'][$k1])) {
$checkit->setConfig($short[$k]['keys'][$k1]);
$checkit->doCheck($v1);
$response = $checkit->getResponse();
if($response == UNSET_REPLACE) {
$newval = $checkit->getNewValue();
$_REQUEST[$k][$k1] = $newval;
$logger->setLog("REPLACE $v1 with $newval",__LINE__,__FILE__);
} else {
handle_response($response);
}
$logger->setLog("Acting on key:(".$short[$k]['keys'][$k1]['type'].") ($response) $k1",__LINE__,__FILE__);
} else {
unset($_REQUEST[$k]);
$logger->setLog("Unsetting [$k][$k1]",__LINE__,__FILE__);
}
}
}
} else {
if (isset($short[$k])) {
$checkit->setConfig($short[$k]);
$checkit->doCheck($v);
$response = $checkit->getResponse();
if($response == UNSET_REPLACE) {
$newval = $checkit->getNewValue();
$_REQUEST[$k] = $newval;
$logger->setLog("REPLACE $v1 with $newval",__LINE__,__FILE__);
} else {
handle_response($response);
}
$logger->setLog("Acting on key:(".$short[$k]['type'].") ($response) $k",__LINE__,__FILE__);
} else {
unset($_REQUEST[$k]);
$logger->setLog("Unsetting $k",__LINE__,__FILE__);
}
}
}
function handle_response($response)
{
if ($response == UNSET_CONTINUE) { /* Take no action. */ }
if ($response == UNSET_REQUEST) { unset($_REQUEST); }
if ($response == UNSET_KEY) { unset($_REQUEST[$k]); }
if ($response == UNSET_ACTION) { unset($_REQUEST["action"]); }
if ($response == UNSET_REPLACE) { unset($_REQUEST["action"]); }
}
?>
