Resolve remote subscribe and omb problems with quotes (Tickets #604 and #567)

darcs-hash:20080904065504-f6e2c-f0c770f52624e7151a93f2ed2b8813657ca88c14.gz

7 files changed, 17 insertions, 1 deletions

diff --git a/actions/accesstoken.php b/actions/accesstoken.php
index 80c4477d0..4907749ce 100644
--- a/actions/accesstoken.php
+++ b/actions/accesstoken.php
@@ -26,6 +26,7 @@ class AccesstokenAction extends Action {
 		parent::handle($args);
 		try {
 			common_debug('getting request from env variables', __FILE__);
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			common_debug('getting a server', __FILE__);
 			$server = omb_oauth_server();
diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index c9bdf26da..80c259c3d 100644
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -41,6 +41,8 @@ class FinishremotesubscribeAction extends Action {
 
 		common_debug('stored request: '.print_r($omb,true), __FILE__);
 
+
+		commom_remove_magic_from_request();
 		$req = OAuthRequest::from_request();
 
 		$token = $req->get_parameter('oauth_token');
@@ -248,4 +250,4 @@ class FinishremotesubscribeAction extends Action {
 
 		return array($return['oauth_token'], $return['oauth_token_secret']);
 	}
-}
\ No newline at end of file
+}
diff --git a/actions/postnotice.php b/actions/postnotice.php
index a04fca20a..c1a5e0d5b 100644
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@@ -25,6 +25,7 @@ class PostnoticeAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			# Note: server-to-server function!
 			$server = omb_oauth_server();
diff --git a/actions/requesttoken.php b/actions/requesttoken.php
index 4a2321532..76019a929 100644
--- a/actions/requesttoken.php
+++ b/actions/requesttoken.php
@@ -30,6 +30,7 @@ class RequesttokenAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			$server = omb_oauth_server();
 			$token = $server->fetch_request_token($req);
diff --git a/actions/updateprofile.php b/actions/updateprofile.php
index 7e604f6b1..921e88e63 100644
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@@ -26,6 +26,7 @@ class UpdateprofileAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		try {
+			common_remove_magic_from_request();
 			$req = OAuthRequest::from_request();
 			# Note: server-to-server function!
 			$server = omb_oauth_server();
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 620811398..111b54085 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -350,6 +350,7 @@ class UserauthorizationAction extends Action {
 	}
 
 	function get_new_request() {
+		common_remove_magic_from_request();
 		$req = OAuthRequest::from_request();
 		return $req;
 	}
diff --git a/lib/util.php b/lib/util.php
index 153009212..df64e74be 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1424,6 +1424,15 @@ function common_copy_args($from) {
 	return $to;
 }
 
+// Neutralise the evil effects of magic_quotes_gpc in the current request.
+// This is used before handing a request off to OAuthRequest::from_request.
+function common_remove_magic_from_request() {
+	if(get_magic_quotes_gpc()) {
+		$_POST=array_map('stripslashes',$_POST);
+		$_GET=array_map('stripslashes',$_GET);
+	}
+}
+
 function common_user_uri(&$user) {
 	return common_local_url('userbyid', array('id' => $user->id));
 }