summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/accesstoken.php1
-rw-r--r--actions/finishremotesubscribe.php4
-rw-r--r--actions/postnotice.php1
-rw-r--r--actions/requesttoken.php1
-rw-r--r--actions/updateprofile.php1
-rw-r--r--actions/userauthorization.php1
-rw-r--r--lib/util.php9
7 files changed, 17 insertions, 1 deletions
diff --git a/actions/accesstoken.php b/actions/accesstoken.php
index 80c4477d0..4907749ce 100644
--- a/actions/accesstoken.php
+++ b/actions/accesstoken.php
@@ -26,6 +26,7 @@ class AccesstokenAction extends Action {
parent::handle($args);
try {
common_debug('getting request from env variables', __FILE__);
+ common_remove_magic_from_request();
$req = OAuthRequest::from_request();
common_debug('getting a server', __FILE__);
$server = omb_oauth_server();
diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index c9bdf26da..80c259c3d 100644
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -41,6 +41,8 @@ class FinishremotesubscribeAction extends Action {
common_debug('stored request: '.print_r($omb,true), __FILE__);
+
+ commom_remove_magic_from_request();
$req = OAuthRequest::from_request();
$token = $req->get_parameter('oauth_token');
@@ -248,4 +250,4 @@ class FinishremotesubscribeAction extends Action {
return array($return['oauth_token'], $return['oauth_token_secret']);
}
-} \ No newline at end of file
+}
diff --git a/actions/postnotice.php b/actions/postnotice.php
index a04fca20a..c1a5e0d5b 100644
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@@ -25,6 +25,7 @@ class PostnoticeAction extends Action {
function handle($args) {
parent::handle($args);
try {
+ common_remove_magic_from_request();
$req = OAuthRequest::from_request();
# Note: server-to-server function!
$server = omb_oauth_server();
diff --git a/actions/requesttoken.php b/actions/requesttoken.php
index 4a2321532..76019a929 100644
--- a/actions/requesttoken.php
+++ b/actions/requesttoken.php
@@ -30,6 +30,7 @@ class RequesttokenAction extends Action {
function handle($args) {
parent::handle($args);
try {
+ common_remove_magic_from_request();
$req = OAuthRequest::from_request();
$server = omb_oauth_server();
$token = $server->fetch_request_token($req);
diff --git a/actions/updateprofile.php b/actions/updateprofile.php
index 7e604f6b1..921e88e63 100644
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@@ -26,6 +26,7 @@ class UpdateprofileAction extends Action {
function handle($args) {
parent::handle($args);
try {
+ common_remove_magic_from_request();
$req = OAuthRequest::from_request();
# Note: server-to-server function!
$server = omb_oauth_server();
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 620811398..111b54085 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -350,6 +350,7 @@ class UserauthorizationAction extends Action {
}
function get_new_request() {
+ common_remove_magic_from_request();
$req = OAuthRequest::from_request();
return $req;
}
diff --git a/lib/util.php b/lib/util.php
index 153009212..df64e74be 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1424,6 +1424,15 @@ function common_copy_args($from) {
return $to;
}
+// Neutralise the evil effects of magic_quotes_gpc in the current request.
+// This is used before handing a request off to OAuthRequest::from_request.
+function common_remove_magic_from_request() {
+ if(get_magic_quotes_gpc()) {
+ $_POST=array_map('stripslashes',$_POST);
+ $_GET=array_map('stripslashes',$_GET);
+ }
+}
+
function common_user_uri(&$user) {
return common_local_url('userbyid', array('id' => $user->id));
}