create a generic bool_escape function, use that

This commit is contained in:
Shish 2011-12-25 15:11:26 +00:00
parent d167849ffc
commit 67e0c87b20
2 changed files with 21 additions and 7 deletions

View File

@ -47,6 +47,25 @@ function sql_escape($input) {
return $database->db->Quote($input);
}
/**
* Turn all manner of HTML / INI / JS / DB booleans into a PHP one
*
* @retval boolean
*/
function bool_escape($input) {
$input = strtolower($input);
return (
$input == "y" ||
$input == "yes" ||
$input == "t" ||
$input == "true" ||
$input == "on" ||
$input == 1 ||
$input == true
);
}
/**
* Some functions require a callback function for escaping,
* but we might not want to alter the data

View File

@ -313,12 +313,7 @@ class Upload implements Extension {
// Checks if user is admin > check if you want locked.
if($user->is_admin()){
// There must be a less messy way to do this..
if($_GET['locked'] == "y" || $_GET['locked'] == "yes" || $_GET['locked'] == "true" || $_GET['locked'] == "on" || $_GET['locked'] == "n" || $_GET['locked'] == "no" || $_GET['locked'] == "false" || $_GET['locked'] == "off"){
if($_GET['locked'] == "y" || $_GET['locked'] == "yes" || $_GET['locked'] == "true" || $_GET['locked'] == "on"){
$locked = "on";
}
}
$locked = bool_escape($_GET['locked']);
}
// Checks if url contains rating, also checks if the rating extension is enabled.
@ -391,7 +386,7 @@ class Upload implements Extension {
/* check for locked > adds to metadata if it has */
if(!empty($locked)){
$metadata['locked'] = $locked;
$metadata['locked'] = $locked ? "on" : "";
}
/* check for rating > adds to metadata if it has */