/usr/share/php/PHP/Compat/Environment/_magic_quotes_inputs.php is in php-compat 1.6.0a3-2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | <?php
/**
* Common include for magic quotes files
*
* "Correct" behaviour is defined as that of PHP 5.2.2 and (so far) above:
* - $_GET, $_POST, $_COOKIE and $_REQUEST are treated
* - All of the above variables's keys and values are treated
*
* Fixed exceptions:
* - PHP < 5.2.2 keys of order 1 array values are not escaped
* - 5.0.0 >= PHP < 5.1.0 keys are escaped even when magic quotes is off
* - PHP < 5.0.0 keys of order 1 scalar values are not escaped
* - PHP < 4.3.4 keys of all scalar values are not escaped
*
* @category PHP
* @package PHP_Compat
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
* @link http://php.net/magic_quotes
* @author Arpad Ray <arpad@php.net>
* @version $Revision: 274851 $
*/
// version tests
$phpLt522 = version_compare(PHP_VERSION, '5.2.2', '<');
$phpLt51 = version_compare(PHP_VERSION, '5.1.0', '<');
$phpLt50 = version_compare(PHP_VERSION, '5.0.0', '<');
$phpLt434 = version_compare(PHP_VERSION, '4.3.4', '<');
$phpLt41 = version_compare(PHP_VERSION, '4.1.0', '<');
// so far, so good
$allWorks = !$phpLt522;
// build the array of variables to process
if ($phpLt41) {
$inputs = array();
} else {
// superglobals were added in PHP 4.1.0
$inputs = array(&$_POST, &$_GET, &$_COOKIE, &$_REQUEST);
}
if ($phpLt50 || ini_get('register_long_arrays')) {
// the old style globals are toggled by register_long_arrays since PHP 5.0.0
// note the need for $GLOBALS here, since this file is included inside functions
$inputs[] = &$GLOBALS['HTTP_GET_VARS'];
$inputs[] = &$GLOBALS['HTTP_POST_VARS'];
$inputs[] = &$GLOBALS['HTTP_COOKIE_VARS'];
$inputs[] = &$GLOBALS['HTTP_SERVER_VARS'];
$inputs[] = &$GLOBALS['HTTP_ENV_VARS'];
if ($phpLt50 // these superglobals haven't been escaped since PHP 5.0.0
&& !$phpLt41 // and didn't exist before PHP 4.1.0
&& $stripping) // so we only want them if we're stripping the inputs
{
$inputs[] = &$_SERVER;
$inputs[] = &$_ENV;
}
}
$compatMagicOn = !empty($GLOBALS['__PHP_Compat_ini']['magic_quotes_gpc']);
$compatMagicOff = isset($GLOBALS['__PHP_Compat_ini']['magic_quotes_gpc']) && !$GLOBALS['__PHP_Compat_ini']['magic_quotes_gpc'];
$magicOn = get_magic_quotes_gpc() || $compatMagicOn;
$allWorks = $allWorks || $compatMagicOn;
$compatSybaseOn = !empty($GLOBALS['__PHP_Compat_ini']['magic_quotes_sybase']);
$sybaseOn = ini_get('magic_quotes_sybase') || $compatSybaseOn;
|